The auditor may obtain this level of assurance by performing audit procedures. The audit procedures to be performed are designed in the light of size and complexity of the entity. These are also affected by the auditor’s assessment of the risk of material misstatement and the auditor focuses on the areas where the risk of material misstatement may be present. The risk of material misstatement is the function of the inherent risk and the control risk. Inherent risk is defined as the susceptibility of financial statements and assertions therein to misstatements which are material in the context of the financial statements. On the other hand, control risk is defined as a risk that the financial statements and assertion therein may susceptible to a material misstatement which are not prevented, or remain undetected and uncorrected by the internal controls of the entity. To respond to the assessed control risks, the auditor performs test of controls. The understanding of the designed suitability and functioning of the internal controls helps the auditor in responding to those risks. It also helps the auditor to obtain reasonable assurance that the entity is achieving the financial reporting objectives. Thus, to assess the risk of material misstatement at overall financial statements level and at assertion level, it is essential for the auditor to obtain an understanding of the internal controls of the entity.
Internal control is defined as a process designed to provide the auditor, whether internal or external to the firm, with a reasonable assurance that the company is achieving its objectives. The internal controls are affected by management, those charged with governance and other personnel of the entity. (Koutoupis & Andreas, 2007, p. 23, 25, 27). The implementation and maintenance of effective internal controls is the responsibility of the management. It is also the responsibility of the management to ensure that the controls designed and implemented by the management are achieving the desired objectives. The management should also assess whether the controls over financial reporting are reliable and whether any frauds may be detected by the internal controls in operation. The management shall also assess whether the employees of the organization comply with laws and regulations relevant to the entity. This usefulness of internal controls makes it necessary for the entity to continuously and consciously evaluate the effectiveness and appropriateness of internal controls. A good and effective management always assess the effectiveness of internal controls on a periodic basis. Such evaluations help to pinpoint any deficiencies occurred in the controls during the period. It also helps to improve the internal controls efficiency and effectiveness in the changing circumstances. The practice of self-assessment of controls has emerged in the past decade. (Dietz & Donna & Snyder & Herbert, 2011, p. 35-40). Through this tool, the management has taken the responsibility for evaluating and improving internal controls. This evaluation is also considered important while designing new or additional internal controls. However, the method of designing of new controls is more or less same with the evaluation of the entity’s existing controls. Firstly, the entity identifies the reporting