Auditing and Attestation - Certified Public Accountant (CPA) Practice Exam 2026 - Free CPA Practice Questions and Study Guide

When an auditor assesses control risk as too low, the focus is primarily on the implications this assessment has for the nature and extent of substantive testing required. Control risk relates to the risk that a material misstatement could occur in an account or disclosure and not be prevented or detected by the internal control system. If the auditor believes that control risk is low, it implies a higher level of reliance on the effectiveness of those controls. However, if the auditor suspects that this assessment might be overly optimistic, or if there might be underlying issues not addressed by the controls, the auditor must then increase substantive testing to gather sufficient evidence and assurance regarding the account balances or disclosures.

This heightened focus on substantive testing ensures that any potential misstatements or errors are detected, even if the initial assessment of control risk suggests that misstatements are unlikely. It recognizes that relying too heavily on controls without appropriate verification can lead to significant audit risks. Thus, increasing substantive testing is a necessary response when control risk is thought to be understated.