Internal Control Frameworks, IT Controls, and Control Documentation

This chapter builds the internal-control framework that supports audit planning and later control testing. It is one of the most important routing chapters in AUD because many later decisions depend on whether the control system is understood correctly.

In This Chapter

• Applying the COSO Internal Control Framework in Audit Planning explains the main internal-control structure.
• Evaluating Entity-Level Controls and the Control Environment covers top-level governance and oversight controls.
• Understanding IT General Controls and Application Controls introduces the control architecture inside technology-enabled systems.
• Using Walkthroughs, Flowcharts, and Narratives to Document Controls shows how control understanding is documented.
• Recognizing the Limits of Internal Control and Management Override explains why strong controls still have failure risk.

How to Use This Chapter

• Read this chapter carefully before moving to formal risk assessment.
• Focus on what each control layer does and why no control system eliminates risk completely.
• Return here when an AUD miss stems from weak control terminology or confusion about walkthrough, ITGC, or override concepts.

In this section

• Applying the COSO Internal Control Framework in Audit Planning
  How the COSO framework supports internal-control understanding in AUD.
• Evaluating Entity-Level Controls and the Control Environment
  How entity-level controls and control environment design influence audit planning.
• Understanding IT General Controls and Application Controls
  How IT general controls and application controls affect data reliability and audit strategy.
• Using Walkthroughs, Flowcharts, and Narratives to Document Controls
  How auditors document control understanding through walkthroughs, flowcharts, and narratives.
• Recognizing the Limits of Internal Control and Management Override
  Why internal control has unavoidable limits and how management override affects risk.