Management asserts that entitylevel controls are designed adequately and operating effectively to reduce to an

Question

Management asserts that entity-level controls are designed adequately and operating effectively to reduce to an

acceptably low level the risk of managers and employees embellishing performance results or misusing company resources.

What specific procedures would you as the auditor use to obtain audit evidence about the design and implementation of the client’s internal control system? What key controls would you expect to find in place if management’s assertion is true? What are the inherent limitations of internal control?

Business