Chapter 9
Tests of Controls
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-1
Learning Objective 1:
Tests of Controls
•
Provides auditor with evidence to support their
assessment of control risk. When control risk assessed
at less than high, necessary to gather evidence that
controls are working. This evidence is gathered via test
of controls.
• If control risk is assessed at high, auditor will not
undertake test of controls.
• Auditor selects most efficient and effective combination
of tests of controls, and substantive tests of
transactions and balances.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-2
Assessing control risk
•
To assess control risk as high, auditor must expect that
substantive procedures alone will provide sufficient
appropriate evidence.
• Areas where substantive procedures alone may not
provide sufficient appropriate evidence include routine
recording of significant classes of transactions, such as
revenue or purchases. These areas often highly
automated with little or no manual intervention.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-3
Planning the scope of tests of controls
•
•
•
•
Nature – if controls exist that the auditor expects to rely upon,
undertake tests of these controls, otherwise undertake
substantive testing.
Timing – to aid ability to meet deadlines and scheduling of
staff, tests of controls sometimes scheduled before year-end.
Testing then extended (rolled forward) until year-end.
Extent – the more the auditor relies on controls, the greater
the extent of tests of controls. For tests of controls related to
documents, extent determined by reference to sampling
theory.
Controls related to accounting routines (e.g. bank
reconciliations) usually tested by re-performing a small
number.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-4
Learning Objective 2:
Existence, Effectiveness and Continuity of
Controls
•
For internal controls to provide audit evidence about
risk of material misstatements at the assertion level, the
auditor must collect audit evidence about the existence,
effectiveness and continuity of controls.
• Evidence of existence of controls is usually gained
when auditor is evaluating control risk.
• Tests of controls are aimed at establishing their
effectiveness and continuity.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-5
Aspects of internal control
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-6
Learning Objective 3:
Sufficiency and Appropriateness
•
Dependent on the level of control risk the tests must
support.
• The lower the planned assessed level of control risk,
the greater the amount of testing that is required.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-7
Others factors affecting sufficiency and
appropriateness
•
Auditor should also consider:
–
–
–
type and source of evidence
timeliness
interrelationship of evidence.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-8
Effect of documentation of controls:
audit trail
•
Methods used by auditor is dependent on whether a
documentary audit trail exists.
• Where no audit trail exists, greater emphasis is placed
on:
–
–
•
observation
inquiry of the control.
If audit trail does exist:
–
Inspect documentation for evidence of the control.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-9
Relationship between tests of controls
and assertions
When auditor’s assessment of material misstatement at
assertion level includes an expectation that controls are
operating effectively, the auditor should perform tests of
controls to obtain evidence that the controls were
operating effectively at relevant times during the audit.
• Controls that relate to the control environment of a
company’s internal control system relate less directly to
specific financial report assertions.
•
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-10
Assertions and testing control activities
•
The information system, control activities and monitoring of
controls are built around major flows of transactions and
events. Possible to relate most tests of controls for these
elements to assertions about classes of transactions and
events:
(i) Occurrence – transactions and events that have been recorded,
have occurred and pertain to the entity;
(ii) Completeness – all transactions and events that should have
been recorded have been recorded;
(iii) Accuracy – amounts and other data relating to recorded
transactions and events have been recorded appropriately
(iv) Cutoff – transactions and events have been recorded in the
correct accounting period; and
(v) Classification – transactions and events have been recorded in
the proper accounts.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-11
Learning Objective 4:
Revenues, Receivables and Receipts
(Sales Cycle)
•
Sales cycle involves all those transactions and events
that are initiated when an entity makes a sale. It is
commonly characterised by a high volume of routine
transactions.
• Audit problems commonly related to clerical processing
rather than complex accounting problems.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-12
Key functions in typical sales cycle
•
•
•
•
•
•
•
Order entry and order approval by credit department
Shipping
Invoicing
General ledger entry
Accounts receivable
Mail opening
Cashier functions.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-13
Typical credit sales flowchart
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-14
Typical cash collection flowchart
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-15
Sales cycle — routine and non-routine
transactions
•
Routine transactions:
–
•
credit sales to customers, cash collections from
customers (flowcharts), usually strong control system,
auditor considers (and usually undertakes) tests of
controls.
Non-routine transactions:
–
adjustments to sales, and provisions for doubtful debts.
Less well controlled. Where material, auditor undertakes
substantive testing.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-16
Control objectives for sales system
•
Controls are in place to ensure that:
–
–
–
–
–
Occurrence – all sales recorded are bona fide
transactions for merchandise actually shipped to
customers;
Completeness – all sales shipped are invoiced and
recorded in accounting records;
Accuracy – invoices have been recorded correctly as to
amount and summarised correctly;
Cutoff – invoices have been recorded in correct period;
Classification – sales classified in accordance with written
policies.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-17
Example of linking objectives to control policies and
tests of controls for sales (Ref. Table 9.4 p. 411)
top of table 9.4
Special control
objectives
• Occurrence – All sales
recorded are bona fide
transactions for
merchandise actually
shipped to customers.
Common control
policies and
procedures
Tests of controls
• Policy of authorisation
of credit and terms
• Evidence of quantities
shipped reconciled to
quantities invoiced
• Select sample of sales
transactions from sales
journal (daily activity
report), check for
authorisation and trace
to shipping document
file
• Inspect reconciliation
of shipments to
invoices
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-18
Control objectives for cash receipt system
•
Controls are in place to ensure:
–
–
–
–
–
Occurrence – recorded cash receipts are for collection of
receivables resulting from sales to customers of the entity;
Completeness – all cash receipts are recorded and
deposited;
Accuracy – cash receipts have been recorded correctly as
to amount;
Cutoff – cash receipts have been recorded in correct
period;
Classification – cash receipts are classified in accordance
with company policy.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-19
Example of linking control objectives to control
policies to tests of controls: cash receipts (Ref.: Table
9.5 p. 413)
Special control
objectives
Common control
policies and
procedures
• Occurrence – Recorded
• Cash receipts matched
cash receipts are for
collection of receivables
resulting from sales to
customers of the entity.
to specific sales
invoices in posting to
accounts receivable
master file.
Test of controls
• Select a sample of
entries in cash receipts
journal and review
evidence that matched
to specific sales
invoices.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-20
Types of misstatement in sales cycle
•
Generally result of:
–
–
–
–
clerical mistakes;
employee fraud;
misapplied accounting principles, especially around some
revenue recognition issues;
management fraud.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-21
Learning Objective 5:
Expenditures, Payables and
Disbursements
Expenditure cycle — all transactions and events
initiated when an entity acquires assets or services
used for cash or credit.
• Auditors (and many entities) often separate this cycle
into a number of sub-cycles, which reflect various types
of services and assets that can be acquired.
•
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-22
Sub-cycles in expenditures,
payables and disbursements
•
These sub-cycles are:
–
–
–
–
–
–
payroll
property, plant and equipment
inventory
income taxes
selling and administrative expenses
miscellaneous expenses paid from petty cash.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-23
Key functions within the inventory
sub-cycle
•
Purchasing
• Receiving
• Accounts payable
• Cash disbursements function.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-24
Typical purchases and cash payments
flowchart
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-25
Control objectives for purchases
of inventory
•
Controls are in place to ensure:
–
–
–
–
–
Occurrence – all recorded purchases are bona fide
transactions in that they relate to goods or services
authorised or received;
Completeness – all purchases for the period of inventory
received are recorded;
Accuracy – purchases of goods or services for inventory
are recorded correctly as to amount and summarised
correctly;
Cutoff – purchase invoices have been recorded in correct
period;
Classification – purchase are classified in accordance
with classification policies.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-26
Example of Linking Control Objectives, Controls and
Test of Controls: Purchases
Special control
objectives
• Occurrence – All
recorded purchases are
bona fide transactions
in that they relate to
goods or services
authorised or received.
Common controls
Tests of controls
• Approval of purchase
• Examine evidence of
order
• Goods received are
counted, inspected and
compared to purchase
order before acceptance
• Comparison of purchase
order, receiving report and
supplier’s invoice and
recomputation of
supplier’s invoice before
recording liability
approved purchase and
service orders
• Select a sample of order
entries in purchases
journal, trace back to
vouchers and inspect for
existence of supporting
document including
receiving report, ensuring
agreement of details and
indication of approval
From Table 9.6 (p. 422-3)
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-27
Control objectives in a cash
disbursements system
•
Controls are in place to ensure:
–
–
–
–
–
Occurrence – recorded cash disbursements are for goods
or services authorised and received;
Completeness – all cash disbursements are recorded;
Accuracy – cash disbursements are recorded correctly as
to amount;
Cutoff – cash disbursements recorded in correct period;
Classification – cash disbursements are recorded
correctly as to account.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-28
Example of linking control objectives, controls and test of
controls: purchases : cash disbursements (Ref.: Table 9.7 p. 423)
Special control
objectives
• Occurrence –
Recorded cash
disbursements are
for goods or
services authorised
and received.
Common control policies
and procedures
Tests of controls
• Cheques printed or prepared
• Select a sample of cash
only when receipt of goods or
services and approval are
documented (e.g. supporting
documents compared,
recomputed and voucher
approved)
• Cheques signed only after
viewing supporting
documentation and prior
approval
• Supporting documentation
cancelled and reference to
cheque number
disbursement transactions from
cash payments journal and
inspect supporting
documentation for indication of
checking, review and approval
• Observe and inquire about
cheque preparation and signing
and protection of unissued
cheques
• For the sample of cash
disbursement transactions
inspect supporting documents
for cancellation, cheque
number and endorsement
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-29
Potential misstatements in
expenditure cycle
•
As expenditure cycle involves disbursements of cash
there is a greater risk of fraud or irregularity, including:
–
–
–
–
–
classic disbursements fraud
kickbacks
illegal acts
unauthorised executive perks
kiting.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-30
Learning Objective 6:
Selling and Administrative Expenses
•
Processing and related control policies and procedures
for selling and administrative expenses are similar to
those for purchases of inventory.
• Auditor will normally obtain comfort from cash
disbursement testing for inventory purchases and
perform minimal testing in this area.
• Analytical procedures (e.g. comparing balance with
prior periods) widely used as a key type of testing.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-31
Petty cash disbursements
•
Petty cash disbursements are usually immaterial in
amount and therefore few, if any, audit procedures are
applied to this area.
• Where the area is significant, emphasis is on ensuring
appropriate procedures are in place to safeguard cash.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-32
Payroll
•
The payroll function is usually audited in either of two
ways (or best combination):
–
–
focusing on analytical procedures (there are
disaggregated and strong relationships in this area, e.g.
comparing fortnightly payrolls);
an emphasis is placed on tests of transactions over the
payroll area with the key control being appropriate
segregation of duties in the hiring function, approval of
time worked, payroll preparation and payroll distribution.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-33
Tests of controls in payroll
•
If tests of controls are necessary the following audit
procedures may be undertaken:
–
–
–
–
authorisation by supervisors of time worked;
check signed time cards/sheets;
check use of approved pay rates (personnel department);
check for reasonableness, compared with awards.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-34
Interest, rent, lease and insurance
payments
•
Auditor usually takes a more substantive approach,
which includes checking terms and conditions of
contracts;
• Auditor interested in the key control of authorisation of
the contract;
• Accounting treatment of leases is complex, and auditor
might check controls that ensure leases are properly
accounted for.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-35
Learning Objective 7:
Testing Controls in Client Computer
Programs
•
Separate techniques have to be developed for testing
programmed controls. These are:
–
–
–
–
test data
integrated test facility
controlled processing, reprocessing or parallel processing
review program code and results of job processing.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-36
Test data
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-37
Integrated test facility
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-38
Auditing through computer –
processing client data
Controlled processing – auditor establishes control over
processing of client’s data;
• Controlled reprocessing – auditor reprocesses client
data;
• Parallel processing – simultaneously processes client
data through client and auditor programs.
•
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-39
Auditing through computer –
other approaches
Program code review — involves reviewing relevant
code line by line, considering whether processing steps
and control procedures are properly coded and logically
correct.
• Review of job accounting data — involves reviewing
printed log of jobs, looking for excessive processing
time, abnormal halts, and etc.
•
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-40
Advanced CAATs
•
Systems control audit review file (SCARF)
–
•
Snapshot
–
•
audit modules embedded in programs to monitor
transaction activity.
transactions are tagged and then identified at certain
points during processing to see how program is treating
them.
Audit hooks
–
points in program that allow auditor to insert commands
for special processing.
Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-41