Add to collection(s) Add to saved
  1. Business
  2. Finance

Slide 1

advertisement 
Modern Auditing:
Assurance Services and the Integrity
of Financial Reporting, 8th Edition
William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University
Chapter 11 – Audit Procedures in Response to Assessed
Risks: Tests of Controls
Chapter 11 Overview
Assessing Control Risk
In assessing control risk, the auditor
must evaluate the effectiveness of :
• Design of internal controls
• Operation of internal controls
Steps in Assessing Control Risk
Process for Assessing Control
Risk
• Consider Knowledge Acquired from
Procedures to Obtain an
Understanding
• Identify Potential Misstatements
Process for Assessing Control
Risk
• Identify Necessary Controls
– Nature of controls to prevent or detect and
correct misstatements
– Nature of controls implemented by
management
– Significance of each control
– Risk that designed controls may not operate
effectively
Control Design for Specific
Assertions
• Completeness Assertion
• Existence or Occurrence Assertion
• Valuation and Allocation Assertion
• Presentation and Disclosure
Assertion
Identify Necessary Controls
Process for Assessing Control
Risk
• Perform Tests of Controls
– Evidence about effectiveness of the
design and operation of controls
• Evaluate Evidence and Make
Assessment
– Matter of professional judgment
– Identify strengths and deficiencies
– Express quantitatively or qualitatively
Strategies for Performing Tests
of Controls in an IT Environment
• User Controls
• Application Controls
• General Controls and Manual
Followup Procedures
Overview of Computer Controls
Computer-Assisted Audit
Techniques (CAATs)
• Auditing through the computer
• Advantageous when:
– Significant part of internal controls is
imbedded in a computer program
– Significant gaps in visible audit trail
– Large volumes of records to be tested
Types of CAATs
• Parallel Simulation
• Test Data
• Integrated Test Facility
• Continuous Monitoring of On-line
Real-time Systems
Parallel Simulation versus Test
Data
Continuous Monitoring of OnLine Real-Time Systems
• Continuous Monitoring
• Audit Hook
• Tagging Transactions
• Audit Log
Methodologies for Meeting the
Second Standard of Fieldwork
Study Break
1. This step in assessing control risk
allows the auditor to consider the
points at which errors or fraud could
occur.
A. Evaluate Evidence
B. Perform Tests of Controls
C. Identify Potential Misstatements
D. Identify Necessary Controls
C. Identify Potential Misstatements
Study Break
2. This CAAT uses dummy transactions
that are processed under auditor
control by the client’s computer
system and the output is evaluated
against expectations.
A. Parallel Simulation
B. Test Data
C. Integrated Test Facility
D. None of the above
B. Test Data
Effects of Preliminary Audit
Strategies
• Primarily Substantive Approaches
• Lower Assessed Level of Control Risk
Designing Tests of Controls
Designed to evaluate the operating
effectiveness of a control concerned
with:
• How the control was applied
• Consistency with which it was applied
• By whom it was applied
Nature of Tests of Controls
• Inquiries of entity personnel
• Inspection of items indicating
performance of the control
• Observation of the application of the
control
• Reperformance of the application of the
control by the auditor
Timing of Tests of Controls
• One Occasion versus Multiple
Occasions
• Timing Issues
– Interim Period
– Remaining Period
– Results from Prior Periods
Extent of Tests of Controls
• Nature of the Control
• Frequency of Operation
• Importance of the Control
Designing Tests of Controls
• Staffing Tests of Controls
• Audit Programs for Tests of Controls
• Dual-Purpose Tests
Additional Considerations
• Assessing Control Risk for Account
Balance Assertions Affected by a
Single Transaction Class
• Assessing Control Risk for Account
Balance Assertions Affected by
Multiple Transaction Classes
Account Balance Assertions and
Transaction Class Assertions
Account Balance Assertions and
Transaction Class Assertions
Documenting the Assessed Level
of Control Risk
• Control Risk Assessed at the
Maximum
– Only the conclusion is documented
• Control Risk Assessed at Below the
Maximum
– Basis for assessment must be
documented
Communicating Internal Control
Matters
• Internal Control Deficiency
• Significant Deficiency
• Material Weakness
Study Break
3. While evaluating the operating
effectiveness of a control, the tests of
controls are concerned with all of the
following except:
A. How the control was applied
B. The consistency with which it was applied
C. When it was applied
D. By whom it was applied
C. When it was applied
Study Break
4. Auditors are required to report a
deficiency in internal controls to
management and the audit committee
when there is a(n):
A. Internal Control Deficiency
B. Significant Deficiency
C. Material Weakness
D. No Deficiencies
B. Significant Deficiency and C. Material
Weakness
Related documents
Research Paper
Research Paper
Monroe's Motivated Sequence…
Monroe's Motivated Sequence…
MODERN AUDITING 7th Edition
MODERN AUDITING 7th Edition
Accounting 241 Outline
Accounting 241 Outline
Assessing Group Work - University of Sussex
Assessing Group Work - University of Sussex
Marketing Plan Rubric
Marketing Plan Rubric
nternationa Marketing
nternationa Marketing
Download
advertisement