After obtaining an understanding of IT internal control, if the auditor feels that control risk cannot be reduced, he or she will
A) expand the substantive testing portion of the audit.
B) issue a disclaimer.
C) issue an adverse opinion.
D) increase the sample size for tests of controls.

Question

Quizplus · Accepted Answer

If the auditor feels that control risk cannot be reduced, the best choice would be to expand the substantive testing portion of the audit. This means the auditor will need to rely more on testing the actual transactions and account balances to obtain sufficient and appropriate audit evidence. This approach will help to compensate for the lack of reliance on internal controls and increase the overall level of assurance in the financial statements. Issuing a disclaimer or adverse opinion may not be warranted if the financial statements are fairly presented, and increasing the sample size for tests of controls may not be effective if the controls are deemed ineffective.

After Obtaining an Understanding of IT Internal Control, If the Auditor