11-21 (Assessing control risk) An auditor is required to obtain a sufficient understanding of each of the components of an entity’s system of internal control to plan the audit of the entity’s financial statements and to assess control risk for the assertions embodied in the account balance, transaction class, and disclosure components of the financial statements.
a. Explain the reasons an auditor may assess control risk at the maximum level for one or more assertions embodied in an account balance.
b. What must an auditor do to support assessing control risk at less than the maximum level when the auditor has determined that controls have been placed in operation?
c. What should an auditor consider when seeking a further reduction in the planned assessed level of control risk?
d. What are an auditor’s documentation requirements concerning an entity’s system of internal control and the assessed level of control risk?