Internal Control and Audit

ACC402E Internal Control and Audit

Spring 2024

Autumn 2024
  • Topics

    •The company's responsibility for establishing good internal control and documentation of financial reporting

    • Mapping, risk assessment and establishment of internal control for revenue, purchasing and inventory areas.

    • Use of data analyzes and samples for testing of internal control for the company and in auditing

    • Documentation of annual accounts for the company

    • The background for the audit and the content of the audit

    • Auditing in a societal perspective, the auditing profession and regulations

    • Audit planning, including determination of materiality

    • Risk assessments, including assessment of fraud risk

    • Assessment of internal control and the significance for the audit

    • Obtaining and evaluating audit evidence

    • Auditor's conclusion and reporting in the auditor's report

  • Learning outcome


    The candidate

    • has knowledge of the company vs. the auditor's responsibility for establishing internal control over and documentation of financial reporting

    • has a good conceptual and practical understanding of modern internal control, including the COSO framework and knowledge of SOX

    • has in-depth knowledge of risk assessment and proposing good internal controls for the revenue, purchasing and inventory areas

    • has knowledge of different types of data analyses and samples for testing of internal control and for use in auditing

    • has knowledge of the demand for auditing and the auditor's fundamental role in capital markets

    • has insight into auditing in an international perspective, the background for regulations and key factors that shape the content of a modern audit

    • has an understanding of society's, the authorities', investors' and other stakeholders' expectations of the auditor, and knowledge of the tasks and duties of an auditor

    • has knowledge of the basic audit concepts: materiality, audit risk and audit evidence

    • has knowledge of how the auditor concludes and expresses his opinion on the accounts in the auditor's report



    The candidate

    • can assess the risk of material misstatement of the financial statements, including fraud risk

    • can assess risk and propose good internal controls for the revenue, purchasing and inventory areas

    • can plan an audit, including determining materiality

    • understands the importance of the company's internal control for the audit and understands how the audit can build on the internal control

    • understands how audit evidence is obtained to deal with the estimated risks and how audit evidence is evaluated

    • can design and evaluate the result of simple data analyses for use in auditing

    - can evaluate, conclude and report on the result of the audit



    The candidate

    • has good insight into the basic theoretical and practical foundation of modern internal control, including the frameworks that Norwegian and international companies follow

    • has good insight into the basic theoretical foundation, as well as the regulatory and practical understanding, which is necessary to carry out a modern and effective audit

    • has developed the ability to reason independently about key internal control and audit issues

    • can communicate professionally within the topic in English

  • Teaching

    The teaching follows the conceptual approach and content of the textbook, which is adapted to the content of the Norwegian and international auditing standards (ISAs). Students' insights into auditing and internal control are developed on the basis of basic auditing concepts and frameworks. These are applied to key audit and internal control issues, and are illustrated with practical cases and examples.

    Lectures, exercises, assignments and self studying. 

  • Required prerequisites


  • Credit reduction due to overlap

    ACC402E is a continuation of MRR411 Revision I, and cannot be taken in combination with ACC402N, MRR411, MRR411E or BUS426E.

    ACC402N is the Norwegian equivalent

  • Compulsory Activity

    One group-based (2 to 4 students) assignment with a passing grade.

    Previous compulsory activities (work requirements) will still be valid even if the compulsory activities (work requirements) have been changed later. This also applies to previous courses with course codes BUS426N and BUS426E. Valid compulsory activities (work requirements) in MRR411E Auditing I is valid as compulsory activities (work requirements) for MRR411 Revision I, and vice versa.

    In the event of repetition under the right to postal studies pursuant to the Regulations on full-time studies at the Norwegian School of Economics § 2-10, no requirement for compulsory activities (work requirements) applies.

  • Assessment

    Four hour digital written individual school exam in English that covers the syllabus, including content in lectures and exercises.

  • Grading Scale

    A - F

  • Literature


    Eilifsen, Aa., W. F. Messier Jr., S. M. Glover and D. F. Prawitt. (EMGP) 2014. Auditing & Assurance Services Third International Edition, McGraw-Hill.

    See also the book's website:

    Supplemental reading:

    Hayes, R., P. Wallage and P. Eimers. 2021. Principles of International Auditing and Assurance Fourth Edition, Amsterdam University Press

    Other supplementary materials are available on Canvas.

    Lectures, exercises and assignments are an important part of the course syllabus.

  • Permitted Support Material

    Calculator according to the regulations.

    Digital exam: lock-mode


ECTS Credits
Teaching language

Autumn. Offered autumn of 2023.

Course responsible

Main course responsible:

Xiang Zheng, Assistant Professor, Department of Accounting, Auditing and Law, NHH

Ulf Mohrmann, Assistant Professor, Department of Accounting, Auditing and Law, NHH