In performing tests of controls, the auditor will normally find that:
[toc-this] Show
PrinciplesPlacing reliance on controlsIf the selected approach is to rely on controls to reduce the extent of substantive procedures, the objective of tests of controls ito evaluate whether the key controls, or relevant [a-glossary term="compensating%20controls"]compensating controls)[/a-glossary] , operated effectively and continuously during the period under review (phase 3 in the diagram below).Not placing reliance on controlsEven if in the planning phase it is decided not to rely on controls (audit objective), the auditor should still examine the design of key controls (and may perform tests of controls) so as to support findings and identify and report on weaknesses and propose recommendations for improvement. Nature of tests of controlsThe nature of a particular control influences the type of audit procedure required to obtain audit evidence about whether the control was operating effectively at relevant times during the period under audit. There are two levels of controls: high-level controls, such as monitoring controls, and low-level controls, such as authorisation controls, operational controls, physical controls, etc. These can be manual, semi-automated or fully automated. Reliance should be placed on the highest-level control possible. Tests of controls can be divided into three main categories, as follows.
Timing of tests of controlsThe timing of tests of controls depends on the auditor’s objective and determines the period of reliance on those controls. The timing of
tests refers both to the period to cover (at a particular time or throughout a period) and to the time when the auditor will perform the test (interim period or period end) or not (reliance obtained in prior audits). For significant risks, the auditor should test the controls in the current period. If substantially different controls were used at different times during the period under audit, the auditor should consider each one separately.
Extent of tests of controlsThe auditor designs tests of controls to obtain sufficient, relevant and reliable audit evidence that they operated effectively throughout the period of reliance. The more (s)he relies on the operating effectiveness of controls in the risk assessment, the greater the extent of tests of controls. The auditor may consider the following when determining the extent of tests of controls:
In cases where the auditor decides to increase the extent of the audit procedure, the extent of tests of automated controls does not necessarily need to be increased, because of the inherent consistency of IT processing. Once the auditor determines that an automated control is functioning as intended, (s)he will then consider performing tests to establish whether the control still functions effectively. Tests of controls providing positive evidenceWhen evaluating and testing controls, the auditor should carefully consider the [link title="inherent%20limitations%20of%20internal%20controls" link="%2Faware%2FGAP%2FPages%2FCA-FA%2FPlanning%2FInternal-control.aspx%23Inherent-limitations-of-internal-controls" /] , as well as the cost-effectiveness of testing controls. The weakly persuasive and negative nature of evidence is a general problem affecting tests of controls. However, tests of controls can be devised that provide positive evidence that a control is operating as expected, e.g. lists of transactions that were rejected as a result of the key controls, along with the record of the correction and reprocessing of the transactions concerned or periodic reconciliation of bank records to accounting data.InstructionsThe techniques that are generally used to test key controls are observation and enquiry, inspection and computation, or a combination thereof. The following overview gives an indication of how to test the operating effectiveness of key controls. Testing application controls
Testing the assertions addressed
Walkthrough testing of controls
Testing individual items
Reviewing evidence of controls
Testing management and monitoring controls
Resources[toggles] [toggle title="Tests%20of%20controls%20typically%20performed%20when%20auditing%20the%20reliability%20of%20the%20accounts"]
[/toggle] [/toggles] [toggles] [toggle title="Examples%20of%20key%20high-level%20controls%20that%20may%20be%20tested%20in%20compliance%20audit"]
[/toggle] [/toggles] [/toc-this] What are the test of controls in an audit?What are tests of internal controls? A test of control describes any auditing procedure used to evaluate a company's internal controls. The aim of tests of control in auditing is to determine whether these internal controls are sufficient to detect or prevent risks of material misstatements.
Which audit procedure is most likely to be considered a test of controls?a. Risk assessment procedures performed to obtain an understanding of an entity's internal control also may serve as tests of controls.
What control function is performed by auditors?Internal controls are policies and procedures put in place by management to ensure that, among other things, the company's financial statements are reliable. Some internal controls relevant to an audit include bank reconciliations, password control systems for accounting software, and inventory observations.
What is the purpose of a controls examination?A test of controls is an audit procedure to test the effectiveness of a control used by a client entity to prevent or detect material misstatements. Depending on the results of this test, auditors may choose to rely upon a client's system of controls as part of their auditing activities.
|