Why might an auditor assess control risk at the maximum level?

Assessing control risk at the maximum level suggests that the auditor has determined that the internal controls in place are not effectively mitigating the risk of material misstatement in the financial statements. One reason an auditor might come to this conclusion is that the controls are unlikely to be related to the assertions made in the financial statements. This means that the auditor believes the controls do not adequately address the specific risks associated with the financial statement assertions, such as existence, completeness, rights and obligations, valuation and allocation, or presentation and disclosure.

When controls do not have a relevant relationship to the assertions, it indicates a higher likelihood that misstatements could occur and not be prevented or detected in a timely manner by those controls. Therefore, in this situation, the auditor decides to set the control risk at its maximum level, leading to the need for more substantive tests to ensure that the financial statements are free from material misstatements.

The other options do not adequately explain why control risk would be assessed at maximum. Disregarding evidence from previous audits does not specifically relate to the effectiveness of controls. Management confirmation of control effectiveness does not ensure that the controls are truly effective, as management’s perspective may be biased. Lastly, complexity in assertions does not automatically translate to the need to