Integrated Audit Practice Case

SEVENTH EDITION

Assignment FOUR Discussion Questions

1. After obtaining an understanding of the client's internal controls, the auditor may choose

to test some of the controls. If the results of those tests are satisfactory, the auditor may then rely on those controls. What is the primary reason for relying on controls? What are other potential benefits from testing controls?

2.On some audits, the auditor may choose not to rely on controls, and no tests of controls are performed. Indicate circumstances in which the auditor would choose not to test controls.

3.What is the purpose of a system walkthrough? What is the effect on the auditor's tests

of controls if the results of the walkthrough indicate that the controls have not been

implemented effectively by the client?

4.Oceanview Marine Company's internal controls were evaluated using both a flowchart

and a questionnaire. Discuss the relative advantages and disadvantages of using each

type of control documentation.

5.During the audit, the auditor may discover deficiencies in the client's system of internal

control. Some of these deficiencies may be considered significant deficiencies or material

weaknesses as defined by auditing standards. Describe significant deficiencies and material weaknesses and the auditor's responsibility for communicating them to the client. Do you consider any of the weaknesses in Oceanview's controls over acquisitions to be significant deficiencies or material weaknesses?

6.A company's management and its independent auditor both have responsibilities related to the company's system of internal control. In the context of the audit of a private company,

discuss (1) management's responsibilities related to internal controls and (2) the auditor's

responsibilities related to internal controls.

7. COSO's Internal ControlIntegrated Framework is used by many companies as a tool to

design and improve their internal control systems. COSO also issued Enterprise Risk

Management - Integrated Framework, which extends the Internal ControlIntegrated Framework to the more encompassing topic of enterprise risk management (see https://www.coso. org/Publications/ERM/COSO_ERM_ExecutiveSummary.pdf). Compare and contrast these two frameworks by discussing (1) the components they have in common, and (2) the components added to the Enterprise Risk Management - Integrated Framework that are not part of the Internal ControlIntegrated Framework.