Auditor’s Application of High Level Internal Controls

Jens Serup & Jakob Hansen

Student thesis: Master thesis


This thesis investigates whether a more substantial application of high level controls can contribute to a more efficient audit with improved quality. The definition of high level controls is based on the COSO framework, stating that: “High level controls are characterised to be more general for the company in its nature and extent opposed to operational controls that are designed with the purpose to mitigate specific risks”. The empirical data of the thesis comprise survey answers from 92 state authorised public accountants, including interviews with two specialists and the Head of the Danish Supervisory Authority on Auditing. The thesis finds that in general Danish companies in general have implemented strong high level controls which contribute to decreased inherent risks and which can provide auditors with assurance that risks of material misstatements are mitigated. Through analysis of the international standards of auditing and interviews with specialists the thesis finds that strong high level controls can be applied when evaluating inherent risks which could lead to fewer identified risks of material misstatements. High level controls will also contribute by mitigating identified risks of material misstatement. Auditors must establish that the control in fact diminishes the risk and has been functioning effectively throughout the period. To some extent auditors are already applying high level controls, yet believe that both the effectiveness and quality of the audit will be influenced positively if high level controls are fully utilised. The thesis finds that a shift towards obtaining greater assurance of internal controls, including high level controls and internally composed audit evidence opposed to obtaining evidence through substantial testing procedures will improve the audit quality whilst also improving effectiveness, though the benefits will increase in line with the complexity of the company.

EducationsMSc in Auditing, (Graduate Programme) Final Thesis
Publication date2016
Number of pages122