An auditor is required to obtain sufficient understanding of each component of an entity's internal control system to plan the audit of the entity's financial statements and to assess control risk for the assertions embodied in the account balance, transaction class, and disclosure components of the financial statements.

Required:

a. Define Internal Control.

b. For what purpose should an auditor's understanding of the internal control components be used in planning an audit?

c. What are an auditor's documentation requirements concerning an entity's internal control system and the assessed level of control risk?