Académique Documents
Professionnel Documents
Culture Documents
Lecture Summary
This lecture covers the techniques that auditors use to test controls We will cover
General control testing requirements in ASA 330 Specific control tests in for manual controls. Links between tests of controls and assertions Differences in errors between manual and computer systems Specific control tests for computerised controls.
2
The Objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement through designing and implementing appropriate responses to these risks.
(ASA 330.3)
4
Tests of Controls
Tests of controls means an audit procedure designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting material misstatements at the assertion level.
ASA 330.4(b)
Extent of Testing
In designing and performing tests of controls, the auditor shall obtain more pervasive audit evidence the greater the reliance the auditor places on the effectiveness of a control.
ASA 330.9
Nature of Tests
In designing and performing tests of controls, the auditor shall:
(a) Perform other audit procedures in combination with enquiry to obtain audit evidence about the operating effectiveness of controls, including:
(i) How the controls were applied at relevant times during the period under audit; (ii) The consistency with which they were applied; and (iii) By whom and by what means they were applied. ASA 330.10
8
10
Reperform the reconciliation Check that any adjusting entries have been made in the relevant journal.
12
Check that any adjusting entries have been made in the relevant journal.
13
Segregation of duties is often not explicitly stated so the auditor will need to analyse tasks to see if they should be segregated.
15
19
20
Account
Interest Expense Inventory
Internal Control
Before interest expense is calculated, the clerk confirms the interest rate with the bank. Stock is periodically reviewed for evidence of obsolescence and obsolete stock is written down The sales order number is entered next to each debit in the receivables sub-ledger
25
Accounts Receivable
Fewer Errors
The most common sources of errors, in manual account systems, are idiosyncratic errors in:
Input, such as entering the wrong amount/details and, Processing, such as poor arithmetic, failure to post from journal to ledger.
The controls, discussed in the previous lecture, go a long way to eliminating these,
if they are well designed and if they work.
Patterns in Errors
Computers are consistent. They are either always right or always wrong. Thus, errors come in groups.
All transactions from a particular state might be processed incorrectly.
Routine Transactions
Some transactions are processed all the time; sales, purchases, payroll, cash. They follow a few standard patterns.
Cash sales, credit sales, sales returns. Salaries, wages, terminations.
Because of this, they generally have good controls. Errors in these transactions can be very rare, in well designed systems.
30
As these are uncommon and have no standard structure, they will often have less good controls. Errors are more common here.
31
Testing Strategy
For routine transactions
Errors are rare unless controls are poor
A greater focus on control testing. Substantive testing is limited except where control weaknesses are found.
Control Testing
The same categories of tests are used as in manual systems
Observation Inquiry Inspection Re-performance
Test Data
This is a very simple approach for testing input controls. It involves
Inputting data that should be rejected and seeing if it is. Inputting data that should be accepted and seeing if it is.
34
These three techniques are ways of reprocessing the clients data to see if the same result is obtained. If not, there must be something wrong with the clients system.
39
The most direct way to test these is to examine the code or settings. This can be done by hand or it can be automated.
40
Advanced Techniques
One of the major limitations of computerised accounting systems is lack of an audit trail.
No source documents No record of changes to data No record of how items were processed
SCARF
SCARF (System control audit review file) is a module in the accounting computer system
It is added where errors are most likely to occur It keeps a record of transactions that meet certain criteria, determined by the auditor. The auditor can then use his or her own software to test these transactions
42
Snapshots
Transactions are electronically tagged Randomly Criteria set by auditor When the transaction passes certain points in the program, the time and transaction data are logged. This information can be analysed by the auditor to see how the program processes the transaction.
43
Audit Hooks
Audit hooks are exit points in programs that allow the auditor to insert additional program code
Often supplied by the software manufacturer
Code allows auditor to carry out additional tests without affecting the transaction flow.
Calculation of control totals Flagging unusual transactions
44
Summary
If controls work, the auditor can rely on them to reduce error and perform fewer substantive tests. Before a control can be relied upon the auditor must perform tests of controls.
More reliance requires more tests