acct3708 - lecture 6 - semester two 2013

7/27/2019 ACCT3708 - Lecture 6 - Semester Two 2013

1/45


2/45

Lecture Summary

This lecture covers the techniques that auditors

use to test controls

We will cover General control testing requirements in ASA 330

Specific control tests in for manual controls.

Links between tests of controls and assertions

Differences in errors between manual and computer

systems

Specific control tests for computerised controls.

2


3/45

3

The Audit Process

An Audit consists of 3 basic steps:

Planning

Assessment of business risk

Assessment of the internal control environment

Evidence Gathering and Evaluation

Tests of controls Substantive tests

Formation of the Audit Opinion


4/45

Evidence Gathering and

Evaluation The framework for evidence gathering and

evaluation is covered in the following standard

ASA 330 The Auditors Responses to Assessed Risks The Objective of the auditor is to obtain sufficient

appropriate audit evidence regarding the assessed

risks of material misstatement through designing

and implementing appropriate responses to theserisks.

(ASA 330.3)

4


5/45

Tests of Controls

Tests of controls means an audit procedure

designed to evaluate the operating

effectiveness of controls in preventing ordetecting and correcting material

misstatements at the assertion level.

ASA 330.4(b)

5


6/45


7/45

Extent of Testing

In designing and performing tests of

controls, the auditor shall obtain more

pervasive audit evidence the greater thereliance the auditor places on the

effectiveness of a control.

ASA 330.9

7


8/45


9/45


10/45


11/45

Testing Review Controls

Determine who performs the review

From enquiry or policies and procedures

manuals, determine who does the review andhow frequently.

Observe the review

If it is practical (i.e. not frequent)

Reviews are often indicated by a signature.

Look for signature on sample of documents.

11


12/45

Testing Reconciliation Controls

Reconciliations (almost) always result in the

preparation of a reconciliation document.

View the document. Check signature of the person who performed it.

Reperform the reconciliation

Check that any adjusting entries have beenmade in the relevant journal.

12


13/45


14/45

Testing Physical Controls

Physical controls involve

Safes, locked storage rooms etc.

Locks, keys, swipe cards and access codes

CCTV and other monitoring devices

Alarm systems

Guards and use of (external) security services

Physical inspection and testing should be

used.

14


15/45


16/45


17/45

17

Tests of Controls Example

To test these controls

Check the policy manual to see if they are required

Enquire of the manager and other staff to see if they arecarried out in practice

Observe the receipt of inventory to see if the control

procedures are carried out

Examine the orders to see if a goods received note isattached and if the order is signed

Observe whether the warehouse is kept locked

These tests must be done throughout the year.


18/45

18

Tests of Controls Examples

How would you test the following controls?

All customer credit limit increases must be

authorised by the credit manager. All cash is banked on a daily basis.

A fixed asset stocktake is performed on an

annual basis and the results are reconciled withthe fixed assets register, to ensure that all

missing/extra items and write downs are

accounted for.


19/45

19

Tests of Controls Examples

How would you test the following controls?

All customer credit limit increases must be authorised bythe credit manager. How would you test the followingcontrols?

Look for credit managers signature on documents thatauthorise increases in credit limits.

All cash is banked on a daily basis

Look for daily deposits in the bank statement.


20/45


21/45

21

Internal Controls and Audit

Assertions Auditors are interested in internal controls because they

can reduce potential errors in the financial statements.

If a particular control works, it makes it more likely that a

given assertion will be correct. This means that less substantive testing needs to be carried

out for that assertion.

As noted previously,tests of controls are performed to

determine if the control is operating effectively. i.e: The control must exist, The control must be effective,

The control must be effective during all relevant time periods.


22/45


23/45


Assertions Example If sales invoices are prenumbered then there

is less chance of sales invoices going

missing. This control can be tested by sequence

testing.

If the control works the will need to be lesssubstantive testing directed at completeness

of sales

23


24/45


Assertions Example If all entries to the payroll journal are initiated by

a timesheet that is signed by the employees

supervisor then there is less chance that entrieswill be made for work that was not done.

This can be tested by checking that there is a

signed timesheet for each entry in the journal.

If this control works, there is less need to testoccurrence of wages expense.

24


25/45


26/45


27/45


28/45

28

Fewer Errors

The most common sources of errors, in manual

account systems, are idiosyncratic errors in:

Input, such as entering the wrong amount/details and, Processing, such as poor arithmetic, failure to post from

journal to ledger.

The controls, discussed in the previous lecture, go

a long way to eliminating these, if they are well designed and if they work.

Thus, there are fewer errors in computer systems.


29/45


30/45


31/45


32/45

32

Testing Strategy

For routine transactions

Errors are rare unless controls are poor

A greater focus on control testing. Substantive testing is limited except where control

weaknesses are found.

For non routine transactions

Errors can be more common as controls arelimited

Less control testing and more substantive testing


33/45


34/45

34

Test Data

This is a very simple approach for testing

input controls.

It involves Inputting data that should be rejected and

seeing if it is.

Inputting data that should be accepted andseeing if it is.


35/45


36/45

36

Test Data - Limitations

There are several problems with the testdata approach.

It can only be done periodically The client knows it is being done so they can

ensure that the control works at that time.

A large number of transactions may be needed

to test the controls in a complex system. It is inconvenient for the client and so they are

loath to allow it.


37/45

37

Integrated Test Facility

An integrated test facility involves:

Adding a fake entity (such as a fake customer

record) to the clients system. Adding fake transactions (such as fake sales) to

the regular set of transactions.

The fake transactions relate to the fake entity. The results can then be tested to see if these

transactions have been processed correctly.


38/45

38

Advantages and Disadvantages

It allows control testing to occur throughout theyear.

The transaction processors dont know thetransactions are fake so they cant alter their

behaviour

The auditor must be careful that the faketransactions dont result in real consequences.

Clients dont like having fake entities andtransactions in their system.


39/45


40/45


41/45


42/45


43/45

Snapshots

Transactions are electronically tagged

Randomly

Criteria set by auditor When the transaction passes certain points in the

program, the time and transaction data are logged.

This information can be analysed by the auditor tosee how the program processes the transaction.

43


44/45

Audit Hooks

Audit hooks are exit points in programs that

allow the auditor to insert additional

program code Often supplied by the software manufacturer

Code allows auditor to carry out additional

tests without affecting the transaction flow. Calculation of control totals

Flagging unusual transactions

44


45/45

Summary

If controls work, the auditor can rely on them to

reduce error and perform fewer substantive tests.

Before a control can be relied upon the auditormust perform tests of controls.

More reliance requires more tests

Tests of controls determine if a control

Exists

Is effective

Is continually effective

45

acct3708 - lecture 6 - semester two 2013

Documents