Launch offer — 25% off with code LAUNCH-25 See plans →
Try now → N
📚 Learn/ Paper 5 — Auditing & Ethics/ Core Audit Concepts
Microlesson · 5-min read

Relevance of Internal Controls in Auditor's Risk Assessment

## Relevance of Internal Controls in Audit

### Key Principle

Auditors use professional judgment to determine which internal controls are relevant to the audit. Not all of an entity's controls need to be assessed.

### Why Not All Controls Are Relevant

An entity implements controls for three broad objectives:

1. Financial reporting

2. Operational efficiency

3. Compliance

The auditor is primarily concerned with controls relevant to preventing or detecting material misstatement in the financial statements.

### Factors Influencing the Auditor's Relevance Judgment

FactorHow It Affects Relevance
MaterialityHigher materiality areas make controls more relevant
Significance of the related riskHigh-risk areas require assessment of associated controls
Size of the entityLarger entities have more complex control environments
Nature of business (incl. organisation and ownership)Industry-specific controls may carry different relevance
Diversity and complexity of operationsMore complex operations expand the scope of relevant controls
Applicable legal and regulatory requirementsCompliance controls may or may not address financial reporting risk
Nature and complexity of IT systems (incl. service organisations)Automated controls carry high relevance in IT-dependent environments
Whether the control prevents, detects, or corrects material misstatementThe most direct test of relevance

### Conclusion

Auditors assess only those controls relevant to the risk of material misstatement — a complete assessment of all entity controls is neither required nor practical.

Worked example

### Example 1

Q22 (MD 6 – 5 Marks): KR & Associates auditing FDP Ltd. CA Karan says all controls should be assessed; CA Rajat says only relevant controls. Who is correct?

Answer: CA Rajat is correct.

FDP Ltd. has implemented internal controls addressing financial reporting, operational efficiency, and compliance. However, not all of these are relevant to the auditor's risk assessment. The auditor exercises professional judgment to determine relevance based on factors including:

  • Materiality
  • Significance of the related risk
  • Size and nature of the entity
  • Diversity and complexity of operations
  • Applicable legal/regulatory requirements
  • Nature and complexity of IT systems
  • Whether the control prevents, detects, or corrects material misstatement

Based on these factors, only controls relevant to mitigating the risk of material misstatement in FDP Ltd.'s financial statements need to be assessed.

⚠️ Common exam mistakes

  • Agreeing with CA Karan that all controls must be assessed — this is incorrect; only relevant controls need assessment
  • Not linking 'relevance' to the key criterion: whether the control prevents, detects, or corrects material misstatement
  • Providing only 3–4 factors in a 5-mark question — the full list of eight factors from SA 315 is needed for full marks
Reference: SA 315 — SA 315 — Identifying and Assessing the Risks of Material Misstatement
← Previous
Relevance and Reliability of A
Next →
Removal of Auditor Before Expi
Now that you've read this — what's next?
Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.
🔥 Drill 5 Qs on this → ✍️ Adaptive practice →
Start 15-min diagnostic