How does the auditor’s understanding of internal control differ for assertions where the auditor plans a lower assessed level of control risk approach vs a primarily substantive approach? How would you as the auditor document this understanding of an entity’s internal controls? Is there such a thing as a “good” control or a “bad” control other than being effective?What are the primary objectives or conclusions that should be reached when testing controls? What procedures would you use as an auditor in performing a test of controls? What is indicated to the auditor if the test of controls results in exceptions (in other words, within the samples tested, there were exceptions to the implemented controls)?