[toc-this] Show
PrinciplesPlacing reliance on controlsIf the selected approach is to rely on controls to reduce the extent of substantive procedures, the objective of tests of controls ito evaluate whether the key controls, or relevant [a-glossary term="compensating%20controls"]compensating controls)[/a-glossary] , operated effectively and continuously during the period under review (phase 3 in the diagram below).Not placing reliance on controlsEven if in the planning phase it is decided not to rely on controls (audit objective), the auditor should still examine the design of key controls (and may perform tests of controls) so as to support findings and identify and report on weaknesses and propose recommendations for improvement. Nature of tests of controlsThe nature of a particular control influences the type of audit procedure required to obtain audit evidence about whether the control was operating effectively at relevant times during the period under audit. There are two levels of controls: high-level controls, such as monitoring controls, and low-level controls, such as authorisation controls, operational controls, physical controls, etc. These can be manual, semi-automated or fully automated. Reliance should be placed on the highest-level control possible. Tests of controls can be divided into three main categories, as follows.
Timing of tests of controlsThe timing of tests of controls depends on the auditor’s objective and determines the period of reliance on those controls. The timing of
tests refers both to the period to cover (at a particular time or throughout a period) and to the time when the auditor will perform the test (interim period or period end) or not (reliance obtained in prior audits). For significant risks, the auditor should test the controls in the current period. If substantially different controls were used at different times during the period under audit, the auditor should consider each one separately.
Extent of tests of controlsThe auditor designs tests of controls to obtain sufficient, relevant and reliable audit evidence that they operated effectively throughout the period of reliance. The more (s)he relies on the operating effectiveness of controls in the risk assessment, the greater the extent of tests of controls. The auditor may consider the following when determining the extent of tests of controls:
In cases where the auditor decides to increase the extent of the audit procedure, the extent of tests of automated controls does not necessarily need to be increased, because of the inherent consistency of IT processing. Once the auditor determines that an automated control is functioning as intended, (s)he will then consider performing tests to establish whether the control still functions effectively. Tests of controls providing positive evidenceWhen evaluating and testing controls, the auditor should carefully consider the [link title="inherent%20limitations%20of%20internal%20controls" link="%2Faware%2FGAP%2FPages%2FCA-FA%2FPlanning%2FInternal-control.aspx%23Inherent-limitations-of-internal-controls" /] , as well as the cost-effectiveness of testing controls. The weakly persuasive and negative nature of evidence is a general problem affecting tests of controls. However, tests of controls can be devised that provide positive evidence that a control is operating as expected, e.g. lists of transactions that were rejected as a result of the key controls, along with the record of the correction and reprocessing of the transactions concerned or periodic reconciliation of bank records to accounting data.InstructionsThe techniques that are generally used to test key controls are observation and enquiry, inspection and computation, or a combination thereof. The following overview gives an indication of how to test the operating effectiveness of key controls. Testing application controls
Testing the assertions addressed
Walkthrough testing of controls
Testing individual items
Reviewing evidence of controls
Testing management and monitoring controls
Resources[toggles] [toggle title="Tests%20of%20controls%20typically%20performed%20when%20auditing%20the%20reliability%20of%20the%20accounts"]
[/toggle] [/toggles] [toggles] [toggle title="Examples%20of%20key%20high-level%20controls%20that%20may%20be%20tested%20in%20compliance%20audit"]
[/toggle] [/toggles] [/toc-this] Which of the following is true about the auditors Consideration of internal control in a Financial Statement Audit?Which of the following is true about the auditors' consideration of internal control in a financial statement audit? The auditors must assess control risk at a level lower than the maximum.
When obtaining an understanding of internal control relevant to planning of a financial statement audit the auditor should obtain adequate knowledge about the?In obtaining an understanding of controls that are relevant to audit planning, the auditor should perform procedures to obtain sufficient knowledge about the design of the relevant controls pertaining to each of the five internal control components and determine whether they have been placed in operation.
Which statement is correct regarding the audit evidence?The correct answer is c. The auditor must obtain a sufficient amount of relevant and reliable evidence to form an opinion on the fairness of the...
What are the 4 internal controls?At a minimum, an entity should consider how its internal controls program will: 1) assess activity and process-level risk, 2) design and implement internal controls, 3) monitor whether controls are operating as designed, and 4) evaluate control efficacy. These program elements are the four pillars of internal controls.
|