Part Three
Tests of Controls
and
Tests of Details
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-1
Chapter 9
Tests of controls
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-2
Learning objective 1:
Tests of controls
• When control risk is assessed at less than high,
it is necessary to gather evidence that controls
are working.
• This evidence is gathered via a test of controls.
– If control risk is assessed at high, the auditor will
not undertake test of controls.
– Auditor selects most efficient and effective
combination of tests of controls, and substantive
tests of transactions, balances and disclosures.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-3
Assessing control risk
• To assess control risk as high, auditor must
expect not to rely on evidence from the internal
control system and that substantive procedures
alone will provide sufficient appropriate evidence.
• Areas where substantive procedures alone
may not provide sufficient appropriate evidence
include routine recording of significant classes
of transactions, such as revenue or purchases.
These systems are often highly automated with
little or no manual intervention.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-4
Planning the scope of tests of controls
• Nature: refers to type of tests, tests of controls or
substantive testing. Also refers to type of evidencegathering procedures (e.g. inspection, observation).
• Timing: to aid ability to meet deadlines and
scheduling of staff, tests of controls sometimes
scheduled before year-end. Testing then extended
(rolled forward) until year-end.
• Extent: the more the auditor relies on controls,
the greater the extent of tests of controls. For tests
of controls related to documents, extent determined
by reference to sampling theory. Controls related
to accounting routines (e.g. bank reconciliations)
usually tested by re-performing a small number.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-5
Learning objective 2:
Existence, effectiveness and
continuity of controls
• For internal controls to provide audit evidence
about risk of material misstatements at the
assertion level, the auditor must collect audit
evidence about the existence, effectiveness
and continuity of controls.
• Evidence of existence of controls is usually gained
when auditor is assessing control risk.
• Tests of controls are aimed at establishing their
effectiveness and continuity.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-6
Aspects of internal control
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-7
Learning objective 3:
Sufficiency and appropriateness
• ASA/ISA 500.6 requires the auditor to consider the
sufficiency (quantity) and appropriateness (quality)
of audit evidence.
• Dependent on the level of control risk the tests
must support.
• The lower the planned assessed level of control
risk, the greater the amount of testing that is
required.
• Auditor should also consider:
–
–
Type and source of evidence
Interrelationship of evidence.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-8
Effect of documentation of controls:
audit trail
• Method used by auditor is dependent on whether a
documentary audit trail (discussed chapter 8) exists.
• Where no audit trail exists, greater emphasis is
placed on:
– Observation
– Inquiry of the control.
• If audit trail does exist:
–
Inspect documentation associated with the
transaction for evidence of the control.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-9
Relationship between tests
of controls and assertions
• Auditor is required to assess risk of material
misstatement at the assertion level for classes
of transactions, account balances and disclosures.
• When auditor’s assessment of material
misstatement at assertion level includes an
expectation that controls are operating effectively,
the auditor should perform tests of controls to
obtain evidence that the controls were operating
effectively during the audit.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-10
Assertions and testing control elements
• For first two elements of IC (control environment
and entity’s risk assessment process), controls
relate less directly to financial report assertions.
• For remaining three elements of IC (information
system, control activities and monitoring of
controls), controls are built around major flows of
transactions and events and related accounts (e.g.
sales, receivables and cash receipts). For these
elements it is possible to link many controls to
assertions (e.g. occurrence — control related to
occurrence of sales transactions is an authorisation
of the terms of the sale).
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-11
Learning objective 4:
Revenues, receivables and receipts
(sales cycle)
• Sales cycle involves all those transactions
and events that are initiated when an entity
makes a sale. It is commonly characterised
by a high volume of routine transactions.
• Risks of material misstatement are commonly
related to high-volume clerical processing rather
than complex accounting problems.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-12
Key functions in typical revenue,
receivables and cash receipts cycle
• Sales/Accounts Receivable
–
Order entry and order approval by credit department
–
Shipping
–
Invoicing
–
Accounting: sales journal, accounts receivable master file.
• Accounts receivable/Cash receipts
–
Mail opening
–
Accounting: accounts receivable master file, cash receipts
journal.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-13
Typical credit sales flowchart
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-14
Typical cash collection flowchart
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-15
Sales cycle: routine and non-routine
transactions
Routine transactions:
• Usually well controlled, and well suited to tests of
controls (such as sales and cash collections).
Non-routine transactions:
• Such as the return of goods or the estimates of the
doubtful debts provisions: internal control systems
not usually as well developed, and therefore less
likely to test controls and more likely to undertake
substantive tests of transactions.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-16
Primary control-related features
• The primary control-related features of a sales
accounting system are:
–
–
–
Segregation of duties – separation of the departments or
functions is usually an integral part of the plan of
organisation.
Control over sources documents and inputs – the source
documents created during processing, such as shipping
documents, invoices and credit notes, should be printed on
pre-numbered forms.
Checks, approvals and reconciliations – additional overlays
for control purposes.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-17
Control objectives for sales system
• Controls are in place to ensure that:
–
–
–
–
–
Occurrence — all sales recorded are bona fide
transactions for merchandise actually shipped
to customers.
Completeness — all sales shipped are invoiced
and recorded in accounting records.
Accuracy — invoices have been recorded correctly
as to amount and summarised correctly.
Cut-off — invoices have been recorded in correct period.
Classification — sales classified in accordance with
written policies.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-18
Example of linking objectives to control
policies and tests of controls for sales
(Ref. Table 9.4)
Special control
objectives
Common control
policies and
procedures
• Occurrence — all
• Policy of
sales recorded are
authorisation of
bona fide
credit and terms
transactions for
• Evidence of
merchandise actually
quantities shipped
shipped
reconciled to
to customers.
quantities invoiced
• Monthly statements
mailed to customers
and queries
followed up
Tests of controls
• Select sample of
sales transactions
from sales journal
(daily activity
report), check for
authorisation and
trace to shipping
document file
• Inspect
reconciliation of
shipments to
invoices
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-19
Control objectives for cash
receipt system
• Controls are in place to ensure:
–
–
–
–
–
Occurrence — recorded cash receipts are for
collection of receivables resulting from sales
to customers of the entity.
Completeness — all cash receipts are recorded
and deposited.
Accuracy — cash receipts have been recorded
correctly as to amount.
Cut-off — cash receipts have been recorded in
correct period.
Classification — cash receipts are classified in
accordance with company policy.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-20
Example of linking control objectives
to control policies to tests of controls:
cash receipts (Ref. Table 9.5)
Special control
objectives
• Occurrence —
recorded cash
receipts are for
collection of
receivables resulting
from sales to
customers of the
entity.
Common control
policies and
procedures
• Cash receipts
matched to specific
sales invoices in
posting to accounts
receivable master
file.
Test of controls
• Select a sample of
entries in cash
receipts journal and
review evidence that
they were matched
to specific sales
invoices.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-21
Types of potential misstatements
• Generally result of:
–
Clerical mistakes
–
Employee fraud
–
Misapplied accounting principles, especially
around some revenue recognition issues.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-22
Learning objective 5:
Expenditures, payables and
disbursements
• Expenditure cycle: all transactions and events
initiated when an entity acquires assets or
services used for cash or credit.
• This cycle often separated into a number of subcycles, reflecting the various types of services and
assets that can be acquired, including:
–
–
–
–
–
–
Payroll
Property, plant and equipment
Inventory
Income taxes
Selling and administrative expenses
Miscellaneous expenses paid from petty cash.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-23
Key functions within the inventory
sub-cycle
• Purchasing from approved suppliers
• Receiving
• Accounts payable, including recording the
purchase and the account payable
• Payments department, including recording the
payment and reducing the account payable.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-24
Typical purchases and cash payments
flowchart
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-25
Functions, documents, inputs and
accounting systems
• A type of expenditures accounting system is called
a voucher system.
–
A voucher system is designed to improve control over
disbursements by establishing a sequential pre-numbered
record of suppliers’ invoices and to improve efficiency by
eliminating inessential record keeping and facilitating
timing of payments.
• The documents that form the voucher package are
the purchase order, receiving report and supplier’s
invoice. Once these three documents are received
and reviewed, the voucher can be processed for
payment.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-26
Primary control-related features
• The primary control-related features of the
expenditures cycle are concerned with:
–
–
–
Segregation of duties – especially between the handling
and recording of assets, such as handling of inventory and
the recording of inventory and cash payments.
Control over source documents – the source documents
used in accounts payable processing should be prenumbered, (including vouchers) and these sequences
should be accounted for.
Checks, approvals and reconciliations – includes
comparing source documents, such as purchase order,
receiving report and sales invoice; and the periodic
reconciliation of physical holdings of assets to accounting
records, such as stocktake.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-27
Control objectives for purchases
of inventory
• Controls are in place to ensure:
–
–
–
–
–
Occurrence — all recorded purchases are bona fide
transactions in that they relate to goods or services
authorised or received.
Completeness — all purchases for the period of inventory
received are recorded.
Accuracy — purchases of inventory are recorded
correctly as to amount and summarised correctly.
Cut-off — purchase invoices have been recorded
in correct period.
Classification — purchases are classified in accordance
with classification policies.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-28
Example of linking control objectives,
controls and test of controls: purchases
Special control
objectives
• Occurrence — all
recorded purchases
are bona fide
transactions in that
they relate to goods
or services
authorised or
received.
Common controls
Tests of controls
• Approval of purchase
order
• Goods received are
counted, inspected and
compared to purchase
order before acceptance
• Comparison of purchase
order, receiving report
and supplier’s invoice
and recomputation of
supplier’s invoice before
recording liability
• Examine evidence of
approved purchase and
service orders
• Select a sample of order
entries in purchases
journal, trace back to
vouchers and inspect
supporting
documentation including
receiving report,
ensuring agreement of
details and indication of
approval
From Table 9.6
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-29
Control objectives in a cash
disbursements system
• Controls are in place to ensure:
–
Occurrence — recorded cash disbursements are for goods
or services authorised and received.
–
Completeness — all cash disbursements are recorded.
–
Accuracy — cash disbursements are recorded correctly as
to amount.
–
Cut-off — cash disbursements recorded in correct period.
–
Classification — cash disbursements are recorded correctly
as to account.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-30
Example of linking control objectives, controls
and test of controls cash disbursements
(Ref: Table 9.7)
Special control
objectives
Common control policies
and procedures
Tests of controls
• Occurrence —
recorded cash
disbursements
are for goods or
services
authorised and
received.
• Cheques printed or prepared
only when receipt of goods or
services and approval are
documented (e.g. supporting
documents compared,
recomputed and voucher
approved)
• Cheques signed only after
viewing supporting
documentation and prior
approval
• Supporting documentation
cancelled and reference to
cheque number
• Select a sample of cash
disbursement transactions
from cash payments journal
and inspect supporting
documentation for indication
of checking, review and
approval
• Observe and inquire about
cheque preparation and
signing and protection of
unissued cheques
• For the sample of cash
disbursement transactions
inspect supporting
documents for cancellation,
cheque number and
endorsement
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-31
Potential fraud in expenditure cycle
• As expenditure cycle involves disbursements of
cash there is a greater risk of fraud or irregularity,
including:
– Classic disbursements fraud
– Kickbacks
– Illegal acts
– Unauthorised executive perks
– Kiting.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-32
Learning objective 6:
Selling and administrative expenses
• Processing and related control policies and
procedures for selling and administrative expenses
are similar to those for purchases of inventory.
• Auditor will normally obtain comfort from cash
disbursement testing for inventory purchases and
perform minimal testing in this area.
• Analytical procedures (e.g. comparing various
expenditure balances with budgets and prior periods)
widely used as a key type of testing.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-33
Petty cash disbursements
• Petty cash disbursements are usually immaterial
in amount and therefore few, if any, audit
procedures are applied to this area.
• Where the area is significant, emphasis
is on ensuring appropriate procedures are
in place to safeguard cash.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-34
Payroll
•
The payroll function is usually audited in
either of two ways (or best combination):
1.
Focusing on analytical procedures (disaggregated
and strong relationships in this area, e.g. comparing
fortnightly payrolls).
2.
Tests of transactions over the payroll area with a
key control being appropriate segregation of duties
in the hiring, approval of time worked, payroll
preparation and payroll distribution functions.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-35
Payroll (cont.)
•
If tests of controls are necessary, the following
audit procedures may be undertaken:
–
Authorisation by supervisors of time worked
–
Check signed time cards/sheets
–
Check use of approved pay rates (personnel department)
–
Check for reasonableness, compared with awards.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-36
Interest, rent, lease and insurance
payments
• Auditor usually takes a more substantive approach,
which includes checking terms and conditions of
contracts (these transactions usually involve
contractual agreements).
• Auditor interested in the key control of authorisation
of the contract.
• Accounting treatment of leases is complex, and
auditor may check controls that ensure leases
are properly accounted for in accordance with
accounting standards.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-37
Learning objective 7:
Testing controls in client computer
programs
• Separate techniques have to be developed
for testing programmed controls (discussed in
chapter 8). These are:
–
Test data
–
Integrated test facility
–
Processing client data
–
Reviewing program code or results of job processing.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-38
Processing of test data
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-39
Integrated test facility
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-40
Processing client data
• Controlled processing: auditor establishes control
over processing of client’s data.
• Controlled reprocessing: auditor reprocesses client
data.
• Parallel processing: simultaneous processing of
client’s data through client and auditor programs.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-41
Review clients’ program code or the
results of job processing
• Program code review involves the auditor reviewing
the client’s program documentation and the source
code.
–
The auditor goes over the relevant code and considers
whether the processing steps and control activities are
properly coded and logically correct.
• Review of job (batch) accounting data involves the
auditor reviewing the printed log produced as jobs
(batches of transactions) are processed, and
considers any excessive processing time, error
conditions or abnormal halts which may indicate
problems.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-42
Advanced computer-assisted audit
techniques (CAATs)
• Systems control audit review file (SCARF)
–
Audit modules embedded in programs to monitor
transaction activity.
• Snapshot
–
Transactions are tagged and then identified
at certain points during processing to see how
program is treating them.
• Audit hooks
–
Points in program that allow auditor to insert
commands for special processing.
Copyright  2010 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia 4e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett
9-43