search

Which of the following is correct concerning the relevance of various types of controls to a financial audit?

1 Jahrs vor
Kommentare: 0
Ansichten: 200

[toc-this]

Show

Principles

Placing reliance on controls

If the selected approach is to rely on controls to reduce the extent of substantive procedures, the objective of tests of controls ito evaluate whether the key controls, or relevant

[a-glossary term="compensating%20controls"]compensating controls)[/a-glossary] 

, operated effectively and continuously during the period under review (phase 3 in the diagram below).

Not placing reliance on controls

Even if in the planning phase it is decided not to rely on controls (audit objective), the auditor should still examine the design of key controls (and may perform tests of controls) so as to support findings and identify and report on weaknesses and propose recommendations for improvement.

Nature of tests of controls

The nature of a particular control influences the type of audit procedure required to obtain audit evidence about whether the control was operating effectively at relevant times during the period under audit. There are two levels of controls: high-level controls, such as monitoring controls, and low-level controls, such as authorisation controls, operational controls, physical controls, etc. These can be manual, semi-automated or fully automated. Reliance should be placed on the highest-level control possible. Tests of controls can be divided into three main categories, as follows.

  1. Tests of key controls over individual transactions processed by a system. Key controls are part of transactions processing, often manual or semi-automated.
  2. Tests of automated application controls. Application controls are built into the auditee’s systems and are applied to individual transactions or to batches of similar transactions. The auditor should have a good understanding of the auditee’s IT environment. The key application controls are tested since they play a key role in the generation of key reports and the protection of electronic data, and have a significant impact on the financial statements.
  3. Tests of management and monitoring controls. Additional audit evidence may be obtained by testing monitoring controls, which focus on internal control system outputs and are performed on a regular basis. These detection controls are performed after transaction processing and provide management with assurance that a group or class of transactions has been processed completely, accurately and in accordance with the rules.

Timing of tests of controls

The timing of tests of controls depends on the auditor’s objective and determines the period of reliance on those controls. The timing of tests refers both to the period to cover (at a particular time or throughout a period) and to the time when the auditor will perform the test (interim period or period end) or not (reliance obtained in prior audits). For significant risks, the auditor should test the controls in the current period. If substantially different controls were used at different times during the period under audit, the auditor should consider each one separately.

Tests of Controls carried out Evidence to obtain
at a point in time the auditor only obtains audit evidence that the controls operated effectively at that time.
throughout the period the auditor obtains audit evidence that the control operated effectively at relevant times.
during an interim period additional audit evidence should be obtained for the remaining period about the nature and extent of any significant changes in internal control, e.g. changes in IT or processes.
in prior audits the auditor should obtain audit evidence whether changes in those specific controls have occurred after the prior audit through enquiry, in combination with observation or inspection.
in prior audits - controls over significant risks the auditor may not rely on evidence obtained in prior audits for controls that mitigate a significant risk: those controls should be tested in the current period.
in a prior audit, if controls changed since last tested the operating effectiveness of such controls should be tested in the current audit. Changes may mean there is no basis for continued reliance.
in a prior audit, if controls unchanged since last tested the auditor should test the operating effectiveness of such controls at least once every third audit, but avoid testing all controls in one audit period with no testing in the others.

Extent of tests of controls

The auditor designs tests of controls to obtain sufficient, relevant and reliable audit evidence that they operated effectively throughout the period of reliance. The more (s)he relies on the operating effectiveness of controls in the risk assessment, the greater the extent of tests of controls. The auditor may consider the following when determining the extent of tests of controls:

  • the frequency of the performance of the control by the entity during the period;
  • the length of time during the audit period that the auditor is relying on the control;
  • the relevance and reliability of the audit evidence of the control's effectiveness;
  • the extent of audit evidence from tests of other controls related to the assertion;
  • the extent of planned reliance on the control (reducing substantive procedures);
  • the expected deviation from the control, an increase in which leads to increased testing of the control: if deviation is expected to be too high, tests of control may not be effective.

In cases where the auditor decides to increase the extent of the audit procedure, the extent of tests of automated controls does not necessarily need to be increased, because of the inherent consistency of IT processing. Once the auditor determines that an automated control is functioning as intended, (s)he will then consider performing tests to establish whether the control still functions effectively.

Tests of controls providing positive evidence

When evaluating and testing controls, the auditor should carefully consider the

[link title="inherent%20limitations%20of%20internal%20controls" link="%2Faware%2FGAP%2FPages%2FCA-FA%2FPlanning%2FInternal-control.aspx%23Inherent-limitations-of-internal-controls" /] 

, as well as the cost-effectiveness of testing controls. The weakly persuasive and negative nature of evidence is a general problem affecting tests of controls. However, tests of controls can be devised that provide positive evidence that a control is operating as expected, e.g. lists of transactions that were rejected as a result of the key controls, along with the record of the correction and reprocessing of the transactions concerned or periodic reconciliation of bank records to accounting data.

Instructions

The techniques that are generally used to test key controls are observation and enquiry, inspection and computation, or a combination thereof. The following overview gives an indication of how to test the operating effectiveness of key controls. Testing application controls

  • Based on mapping of application controls, identify the key processes, master files, interfaces with other modules and systems, the link to the accounting records and management reports. The control objectives (completeness, accuracy, validity, restricted access) addressing the specific risks (access, input, rejection, processing) for each component should be determined. The key controls designed to meet these control objectives should be tested through enquiry, observation, inspection and some re-performance.

Testing the assertions addressed

  • Identify key controls that ensure completeness and reliability of transactions and ensure they are effective through re-performance if needed.

Walkthrough testing of controls

  • Understand/document the transaction flow and policies & procedures of the control.
  • Confirm the process, data used for controls and time the control is in place.
  • Interview individuals performing the control on the type of information they look for, how they detect errors, deviations and/or anomalies, and how they treat them.

Testing individual items

  • If the auditor cannot obtain sufficient audit evidence using walkthrough testing, then (s)he can use sampling procedures to test individual items. The sample used is either drawn for controls alone (single purpose testing) or is the same as for substantive testing (multipurpose testing).
  • Review of corrective actions and enquiry about their follow-up.

Reviewing evidence of controls

  • Evidence of authorisation of a selected transaction (signature of the authorising officer, the ex-ante unit, etc.),
  • Evidence of review by another official (of correct data computation, etc.),
  • Evidence of check of compliance with budgetary rules, legality/regularity, and documentation.

Testing management and monitoring controls

  • Ensure that management and monitoring controls have been operating regularly and consistently during the period under review.Review of management information systems.
  • Review of management information systems.
  • Check that management analysed results of the controls and took corrective action.

Resources

[toggles]

[toggle title="Tests%20of%20controls%20typically%20performed%20when%20auditing%20the%20reliability%20of%20the%20accounts"]

  • the accounting control environment (including risk analysis, review activity and accounting manual);
  • analysis of the systems for recording data (e.g. ABAC and local systems for recording, pre-financing, guarantees);
  • the functioning of key budgetary and accounting procedures;
  • the accounts closing process, especially relating to cut-off, invoices, pre-financing, guarantees, RAL (reste à liquider), commitments, payments, off-balance sheet items;
  • reconciliations;
  • DGs' controls of closure files supporting the final beneficiaries;
  • review of applicable IAS reports (Internal Audit Service) and APC (Audit Progress Committee).

[/toggle] 

[/toggles] 

[toggles]

[toggle title="Examples%20of%20key%20high-level%20controls%20that%20may%20be%20tested%20in%20compliance%20audit"]

  • ex-ante controls;
  • audit certificates and reliability of the certification process (e.g. certifying bodies and audit authorities);
  • ex-post controls, e.g. clearance of accounts procedures, conformity decisions; ex-post controls on projects for Transport, Research and Energy;
  • information systems, such as the Integrated Administrative and Control System (IACS);
  • monitoring performed by the Commission.

[/toggle] 

[/toggles] 

[/toc-this] 

Which of the following is true about the auditors Consideration of internal control in a Financial Statement Audit?

Which of the following is true about the auditors' consideration of internal control in a financial statement audit? The auditors must assess control risk at a level lower than the maximum.

When obtaining an understanding of internal control relevant to planning of a financial statement audit the auditor should obtain adequate knowledge about the?

In obtaining an understanding of controls that are relevant to audit planning, the auditor should perform procedures to obtain sufficient knowledge about the design of the relevant controls pertaining to each of the five internal control components and determine whether they have been placed in operation.

Which statement is correct regarding the audit evidence?

The correct answer is c. The auditor must obtain a sufficient amount of relevant and reliable evidence to form an opinion on the fairness of the...

What are the 4 internal controls?

At a minimum, an entity should consider how its internal controls program will: 1) assess activity and process-level risk, 2) design and implement internal controls, 3) monitor whether controls are operating as designed, and 4) evaluate control efficacy. These program elements are the four pillars of internal controls.

correct relevance types controls financial audit

zusammenhängende Posts

Which of the following statements is correct concerning the use of negative confirmation requests?
Which of the following statements is correct concerning the use of negative confirmation requests?

Which of the following statements is correct about an auditors required communication with management and those charged with governance?
Which of the following statements is correct about an auditors required communication with management and those charged with governance?

Of the choices listed which is the correct protocol to access a remote computer and execute commands
Of the choices listed which is the correct protocol to access a remote computer and execute commands

What is the correct sequence of steps for enabling automatic virtual memory management in MS Windows?
What is the correct sequence of steps for enabling automatic virtual memory management in MS Windows?

Werbung

NEUESTEN NACHRICHTEN

Borderline wer ist schuld
1 Jahrs vor . durch LunarLine-up
Wer hat mich auf Instagram blockiert
1 Jahrs vor . durch IncipientHeader
Wie geht es dir was soll ich antworten?
1 Jahrs vor . durch SolubleAuthority
Kind 1 Jahr wie oft Fleisch
1 Jahrs vor . durch ThirstyRepublic
Was müssen Sie bei der Beladung von Fahrzeugen zu beachten?
1 Jahrs vor . durch WaxedHeadquarters
Schütz Die Himmel erzählen die Ehre Gottes
1 Jahrs vor . durch ExtrinsicSaucer
In planning an IS audit, the MOST critical step is the identification of the
1 Jahrs vor . durch SteepPanther
Wie lange darf eine Kaution einbehalten werden?
1 Jahrs vor . durch SeasonalBanjo
Sarah connor nicht bei voice of germany
1 Jahrs vor . durch FloridIceberg
Kann man mit dem Fachabitur Jura studieren?
1 Jahrs vor . durch PolarIndecency

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjpkoptzhhiitthtr
Urheberrechte © © 2024 ketiadaan Inc.