The general controls seem to be effective but it is advisable to test the effectiveness of some of the application controls.
2. Control risk is defined as the risk that a misstatement in the organization's records will not be avoided, identified and corrected in time by the organization's internal control system. Some of the areas that control risk is assessed to be low include;
This is a very sensitive area of transaction because it involves making payments. It's nature has necessitated the management to be more thorough in drawing procedures that ensure that directives are followed. The control activities include approvals, verifications and segregation of roles. These have served to reduce the probability of material misstatement.
Generally this is the first in a long purchase process and due to the simplicity and nature of the transactions at this stage, both inherent risk and control risk is low. In this area employees are less likely to take advantage of the weakness and that reduces the control risk.