Audit Risk Assessment ToolStep 1: Obtain an Understanding of Your Client and its Environment Step 2Obtain an Understanding of lntemal Control Obtain an understanding of internal control that is sufcient to enable you to {a} evaluate the design of controls that are re levarrt to the audit and determine Irrrrheth er the control, either individually or in combination, is capable of effectively preventing or detecting and correcting material misstatements and {1)} determine that the control has been implemented (that is, that the control exists and that the entity is using it}. A topdown approach of tocu sing on nancial statement assertions that are material to the entity's financial statements will help you I'IaI'I'D'W your understanding of controls that are relevant to the audit. Because control objectives are based on assertions, you want to focus on understanding and evaluating the following: . What are the controls, either individually or in combination, that mitigate the risks of not achieving the control objective? . Would the control or combination of controls, if operating as designed, likely mitigate the risk of not meeting the control objective? - Are the controls necessary to meet the control objective in place? Your assessment of a control may also bring to your attention risks that result from an ineffective or improperly designed control. These additional risks may need to be considered in your audit plan. In May 2013, the Committee of Sponsoring Organizations of the Treadway Commission (C050) published the internal Condorintegrated Framework [2013 C050 framework]. Although the auditing standards do not require a specic internal control framework, the C050 framework is widely used by entities for designing, implementing, and conducting internal control. The 2013 C050 framework provides guidance useful to auditors in understanding and evaluating intemal control