Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ Paper 5 — Auditing & Ethics/ Core Audit Concepts
Microlesson · 5-min read

Controls Relevant to the Audit and Nature of Understanding IC

## Controls Relevant to the Audit

### Direct Relationship: Objectives ↔ Controls

There is a direct relationship between an entity's objectives and the controls it implements to achieve them.

### Factors Determining Whether a Control Is Relevant to the Audit

FactorWhat the Auditor Considers
MaterialityIs the related transaction/balance material?
Significance of related riskHigher risk → more likely relevant
Size of entityAffects formality and nature of controls
Nature of businessIndustry-specific risks need specific controls
Diversity and complexity of operationsComplex operations require more robust controls
Legal/regulatory requirementsCompliance controls may be audit-relevant
Nature/complexity of systemsIT vs. manual systems differ significantly
Whether control prevents, detects, or corrects MMA control that catches material misstatement is more relevant

---

## Nature and Extent of Understanding IC

### Design vs. Implementation

ConceptMeaning
Evaluating designAssessing whether the control is capable of preventing/detecting/correcting material misstatements
ImplementationThe control exists and the entity is actually using it

> An improperly designed control may represent a significant deficiency in internal control — even if operated consistently.

> Understanding design and implementation is NOT sufficient to test operating effectiveness.

### Risk Assessment Procedures to Obtain Understanding of IC

  • Inquiring of entity personnel
  • Observing the application of specific controls
  • Inspecting documents and reports
  • Tracing transactions through the information system relevant to financial reporting

Worked example

### Example 1

Applying relevance factors: An auditor auditing a bank notes that loan approvals above ₹1 crore require Board committee approval. This control is relevant because: the related risk (large loans) is significant, the amount is material, and the control directly prevents unauthorized large-exposure lending that could cause material misstatement in loan assets.

### Example 2

Design vs. implementation: A company claims to perform 3-way matching (PO × GRN × invoice) before payment. The auditor evaluates design: Can this control detect payments for goods not received? Yes. Then evaluates implementation: Is the company actually doing it? The auditor inspects 10 recent payment vouchers for evidence of 3-way matching. Understanding design + implementation ≠ testing whether it worked consistently throughout the year (that would be a test of operating effectiveness).

⚠️ Common exam mistakes

  • Confusing 'design evaluation' with 'testing operating effectiveness' — design asks 'can it work?'; operating effectiveness asks 'did it work consistently over the period?'
  • Believing that understanding IC means no substantive procedures are needed — understanding IC only informs risk assessment and the design of further procedures
  • Thinking a consistently operated but badly designed control is acceptable — an improperly designed control is a significant deficiency regardless of how consistently it is applied
Reference:
← Previous
Control Activities Relevant to
Next →
Cooperative Society — Restrict
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic