The objective of understanding internal control and assessing control risk in an IT system is:
A) to gain an understanding of the computer hardware and software.
B) to evaluate management's efficiency in designing and using the IT system.
C) to determine if the audit firm must have an IT auditor on the team.
D) to aid in determining the audit evidence that should be accumulated.

Question

Quizplus · Accepted Answer

The objective of understanding internal control and assessing control risk in an IT system is to aid in determining the audit evidence that should be accumulated. This is because understanding the IT system and its internal controls helps the auditor identify areas of higher or lower risk, which in turn helps them determine the nature, timing, and extent of audit procedures that should be performed. While the other options may be related to the objective, they are not the primary purpose of assessing control risk in an IT system.

The Objective of Understanding Internal Control and Assessing Control Risk