Add to collection(s) Add to saved
  1. Business
  2. Finance

Tests of controls

advertisement 
BA 427 – Assurance and
Attestation Services
Lecture 21
Tests of Controls
Lecture 21 – Tests of Controls

Management’s assertions:





Existence or occurrence.
Completeness.
Rights and obligations.
Valuation or allocation.
Presentation and disclosure.
Lecture 21 – Tests of Controls

Audit risk:



Inherent Risk
Control Risk
Detection Risk
Lecture 21 – Tests of Controls

Audit risk:

Inherent Risk:



The susceptibility of an assertion to a
material misstatement assuming no
related controls exist.
Control Risk
Detection Risk
Lecture 21 – Tests of Controls

Audit risk:


Inherent Risk
Control Risk:


The risk that a material misstatement that
could occur in an assertion will not be
prevented or detected on a timely basis by
the entity’s internal control system.
Detection Risk
Lecture 21 – Tests of Controls

Audit risk:



Inherent Risk
Control Risk
Detection Risk:


The risk that the external auditor will not
detect a material misstatement that exists in
an assertion.
Can be broken down into TD x AP:
 TD = the risk for tests of details
 AP = the risk for analytical procedures and
other procedures
Lecture 21 – Tests of Controls
The audit risk model:
AR = Audit Risk
AR = IR x CR x DR
The auditor establishes AR as an overall
goal, assesses IR, and then plans the audit
to achieve levels of CR and DR that results
in the targeted AR.
Lecture 21 – Tests of Controls


Control risk: An evaluation of the effectiveness
of internal controls in preventing or detecting
material misstatements.
Control risk is stated in terms of the financial
statement assertions:





Existence or occurrence.
Completeness.
Rights and obligations.
Valuation or allocation.
Presentation and disclosure.
Lecture 21 – Tests of Controls

Reasons to set control risk at 100%
(primarily pertains to nonpublic
companies):



Controls are unlikely to pertain to an
assertion.
Controls are unlikely to be effective.
Evaluating effectiveness would be inefficient.
Lecture 21 – Tests of Controls

Procedures necessary to set control risk
below 100%:

Identify specific controls relevant to specific
assertions.



Some controls have pervasive effects, whereas
other controls affect only a specific assertion.
Test controls.
Reach a conclusion on the assessed level of
control risk.
Lecture 21 – Tests of Controls

Test controls



There are procedures to evaluate the
effectiveness of a control’s design, which
are concerned with whether the control is
suitably designed to prevent or detect
material misstatements.
There are procedures to evaluate the
operating effectiveness of controls.
In some cases, the same procedure can
serve either or both purposes.
Lecture 21 – Tests of Controls

Test controls


In general, sample sizes will be larger when
testing the operating effectiveness of
controls than when obtaining evidence
about the design of controls.
Also, tests of the operating effectiveness of
controls need to cover an adequate time
period. Tests of the design of controls can
be drawn from a single point in time.
Lecture 21 – Tests of Controls

Test controls

The following procedures can be used to
evaluate the design of controls:
 Inquiry of entity personnel
 Inspection of documents and reports
 Observation of the application of the
control
 Narratives
 Internal control questionnaires
 Flowcharts
Lecture 21 – Tests of Controls

Test controls

The following procedures can be used to test
the operating effectiveness of controls:
 Inquiry of entity personnel
 Inspection of documents and reports
 Observation of the application of the
control
 Reperformance by the auditor
Lecture 21 – Tests of Controls

Inquiry of entity personnel

This procedure is legitimate, although it
provides relatively weak evidence that the
control is operating as described.
Lecture 21 – Tests of Controls

Inspection of documents and reports


This procedure provides strong
evidence that the control is operating.
Requires that the control leaves an
audit trail.
Lecture 21 – Tests of Controls

Observation of the application of the
control:


Particularly helpful if there is an
identified control that does not leave
an audit trail.
Example: segregation of duties.
Lecture 21 – Tests of Controls

Reperformance by the auditor:


Particularly helpful if there is an
identified control that does not leave
an audit trail.
Example: Trace sales prices to an
authorized price list.
Lecture 21 – Tests of Controls

Walkthroughs

The auditor
 selects one or a few documents for the
initiation of a transaction type.
 traces the documents through the entire
accounting process.
 makes inquiries and observes current
activities at each stage of the processing
of the transaction.
 examines completed documentation for
the transactions.
Lecture 21 – Tests of Controls

Walkthroughs

PCAOB Auditing Standard No. 2 requires
walkthroughs for each major class of
transactions.
Lecture 21 – Tests of Controls

Sarbanes-Oxley Section 404

There is an obvious and close connection
between tests of controls in support of the
auditor’s assessment of control risk in the
Audit Risk Model, and tests of controls in
connection with the auditor’s reporting
requirements under Section 404.
Nonpublic Company
Sufficient to
audit financial
statements
Public Company
Obtain an
understanding of
internal control:
design and operation
Sufficient to audit
internal control
over financial
reporting
Nonpublic Company
Public Company
Sufficient to
audit financial
statements
Obtain an
understanding of
internal control:
design and operation
Low,
medium
or high
Decide on control
risk for each
transaction type
Sufficient to audit
internal control
over financial
reporting
Select “low”
Nonpublic Company
Public Company
Sufficient to
audit financial
statements
Obtain an
understanding of
internal control:
design and operation
Low,
medium
or high
Decide on control
risk for each
transaction type
Extent of
Plan and perform
testing depends tests of controls and
on cost-benefit evaluate results
analysis
Sufficient to audit
internal control
over financial
reporting
Select “low”
Extensive tests
for all objectives
Nonpublic Company
Public Company
Extent of
Plan and perform
testing depends tests of controls and
on cost-benefit evaluate results
analysis
Revise assessed control
risk, if necessary
Extensive tests
for all objectives
Nonpublic Company
Public Company
Extent of
Plan and perform
testing depends tests of controls and
on cost-benefit evaluate results
analysis
Extensive tests
for all objectives
Revise assessed control
risk, if necessary
Likely to be more
substantive
testing, depending
on control risk
Plan detection risk and
perform substantive
tests in accordance with
the A.R.M.
Likely to be less
substantive testing
Nonpublic Company
Must communicate,
preferably in writing,
to the audit
committee or its
equivalent,
describing significant
deficiencies and
material weaknesses.
Issue internal
control report
or letter
Public Company
Must issue a report on
internal control over
financial reporting and
issue a written
communication to the
audit committee
describing significant
deficiencies and
material weaknesses.
Related documents
Marketing Plan Rubric
Marketing Plan Rubric
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
system audit - Study Channel
system audit - Study Channel
As the 2nd largest business support solutions (BSS) provider, CSG
As the 2nd largest business support solutions (BSS) provider, CSG
Internal Auditor Job Description
Internal Auditor Job Description
Accounting 241 Outline
Accounting 241 Outline
Senior Financial and Operational Auditor
Senior Financial and Operational Auditor
Download
advertisement