Which of the following statements is true regarding internal controls?
A.
For assurance engagements, internal auditors should plan to assess the effectiveness of all entity-level controls.
B.
Poorly designed or deficient entity-level controls can prevent well-designed process controls from working as intended.
C.
During engagement planning, internal auditors should not discuss the identified key risks and controls with management of the area under review, to prevent tipping off probable audit tests.
D.
Reviewing process maps and flowcharts is an appropriate method for the internal auditor to identify all key risks and controls during engagement planning.
Entity-level controls provide the foundation for effective process controls. If these controls are poorly designed, they can undermine the effectiveness of process-level controls (COSO Framework, 2013). Internal auditors assess entity-level controls during risk assessments, as emphasized in CIA Part 2 (Section II). Option A is incorrect as auditors prioritize high-risk controls rather than all controls. Options C and D contradict best practices in engagement planning (Standard 2200), which encourage transparency and comprehensive evaluation of key risks.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit