Control risk is very important in auditing as it can prevent the misstatement of financial information. There can be many reasons for control risk to arise and why it cannot be eliminated absolutely. But some of them are as follows: Cost-benefit constraints, Inappropriate application of controls, Lack of control environment and accountability, Outdated controls, Inappropriate segregation of duties etc.
Four specific assessments must be made to arrive at the initial assessment.
Assess whether the financial statement is auditable: The first assessment is whether the entity is auditable. Two primary factors determine audit ability: the integrity of management and the adequacy of accounting records.
Determine Assessed control risk supported by the understanding obtaining: After obtaining an understanding of internal control, the auditor makes an initial assessment of control risk. This assessment is a measure of the auditor’s expectation that internal control will neither prevent material misstatements from occurring nor detects and correct them if they have occurred.
Assess whether it is likely that a lower Assessed control risk could be supported: When the auditor believes that actual control risk may be significantly lower than the initial assessment, he or she may decide to support a lower assessed control risk.
Determine the appropriate assessed control risk: After the auditor completes the initial assessment and considers whether a lower assessed control risk is likely, he or she is in a position to decide which assessed control risk should be used.