J. K.
SHAH CLASSES
CHAPTER 4 RISK ASSESSMENT AND INTERNAL CONTROL
Q.no Reference Question
1 ICAI XYZ Ltd is engaged in the business
Module and running several stores dealing
in variety of items such as ready
made garments for all seasons,
shoes, gift items, watches etc.
There are security tags on each
and every item. Moreover,
inventory records are physically
verified on monthly basis.
Discuss the types of inherent,
control and detection risks as
perceived by the auditor.
2 ICAI The auditor of ABC Textiles Ltd
Module chalks out an audit plan without
understanding the entity’s
business. Since he has carried out
many audits of textile companies,
there is no need to understand
the nature of business of ABC Ltd.
Advise the auditor how he should
proceed
3 ICAI Prince Blankets is engaged in
Module business of blankets. Its major
portion of sales is taking place
through internet. Advise the
auditor how he would proceed in
this regard as to understanding
the entity and its environment.
4 ICAI Auditor GR and Associates,
Module appointed for audit of PNG Ltd, a
manufacturing company engaged
in manufacturing of various food
items. While planning an audit,
the auditor does not think that it
would be necessary to
understand internal controls.
Advise the auditor in this regard
5 ICAI “The auditor shall obtain an
Module understanding of the major
activities that the entity uses to
monitor internal control over
INTER CA – AUDIT
Answer
Inherent Risk:
Because items may have been misappropriated
by employees, therefore, risk to the auditor is
that inventory records would be inaccurate.
Control Risk:
There is a security tag on each item displayed.
Moreover, inventory records are physically
verified on monthly basis. Despite various
controls being implemented at the stores, still
collusion among employees may be there and
risk to auditor would again be that inventory
records would be inaccurate.
Detection Risk:
Auditor checks the efficiency and effectiveness
of various control systems in place. He would
do that by making observation, inspection,
enquiry, etc.
In addition to these, the auditor would also
employ sampling techniques to check few sales
transactions from beginning to end. However,
despite all these procedures, the auditor may
not detect the items which have been stolen or
misappropriated
Obtaining an understanding of the entity and
its environment, including the entity’s internal
control (referred to hereafter as an
“understanding of the entity”), is a continuous,
dynamic process of gathering, updating and
analysing information throughout the audit.
The auditor should proceed accordingly
While understanding entity and its
environment, internet sales is being perceived
as risky area by the auditor and thereby would
be spending substantial time and extensive
audit procedures on this particular area
The auditor shall obtain an understanding of
internal control relevant to the audit. Although
most controls relevant to the audit are likely to
relate to financial reporting, not all controls
that relate to financial reporting are relevant to
the audit. It is a matter of the auditor’s
professional judgment whether a control,
individually or in combination with others, is
relevant to the audit
(i) Monitoring of controls Defined: Monitoring
of controls is a process to assess the
effectiveness of internal control performance
over time.
 J. K. SHAH CLASSES INTER CA – AUDIT
financial reporting” Explain (ii) Helps in assessing the effectiveness of
controls on a timely basis: It involves assessing
the effectiveness of controls on a timely basis
and taking necessary remedial actions.
(iii) Management accomplishes through
ongoing activities, separate evaluations etc.:
Management accomplishes monitoring of
controls through ongoing activities, separate
evaluations, or a combination of the two.
Ongoing monitoring activities are often built
into the normal recurring activities of an entity
and include regular management and
supervisory activities.
(iv) Management’s monitoring activities
include: Management’s monitoring activities
may include using information from
communications from external parties such as
customer complaints and regulator comments
that may indicate problems or highlight areas in
need of improvement.
(v) In case of Small Entities: Management’s
monitoring of control is often accomplished by
management’s or the owner-manager’s close
involvement in operations. This involvement
often will identify significant variances from
expectations and inaccuracies in fi nancial data
leading to remedial action to the control.
6 ICAI “Risk of material misstatement Q10 Chap 3
Module consists of two components”
Explain clearly defining risk of
material misstatement
7 ICAI “The SAs do not ordinarily refer to Q10 Chap 3
Module inherent risk and control risk
separately, but rather to a
combined assessment of the
“risks of material misstatement””
Explain
8 ICAI “The auditor shall obtain an The control environment includes: (i) the
Module understanding of the control governance and management functions and (ii)
environment” Explain stating the attitudes, awareness, and actions of those
what is included in control charged with governance and management .
environment. (iii) the control environment sets the tone of
an organization, influencing the control
consciousness of its people.
Elements of the Control Environment:
(a) Communication and enforcement of
integrity and ethical values
(b) Commitment to competence
(c) Participation by those charged with
governance
(d) Management’s philosophy and operating
style
(e) Organisational structure
(f) Human resource policies and practices