Tests of Controls

00:00

okay so for this next video lecture so

00:02

we will be discussing about the tests of

00:05

controls

00:07

okay so test of controls or this is also

00:10

known as compliance test this is an

00:13

audit procedure that is designed to

00:15

evaluate the operating effectiveness of

00:18

the internal control

00:20

in preventing detecting and correcting

00:22

material misstatements at the assertion

00:25

level

00:27

so in particular

00:28

the test of controls are performed to

00:30

obtain

00:31

evidence about the effectiveness of

00:34

first

00:35

the design of the internal control

00:38

whether

00:39

they are suitably designed or not

00:42

second is its operation

00:45

uh

00:46

throughout the period

00:48

if it is working well

00:50

okay according to what is um

00:53

the purpose why internal controls are

00:56

established

00:57

so test of controls

00:59

are performed normally

01:02

when

01:03

first

01:04

the auditor's assessment of risk

01:06

of material misstatement at assertion

01:09

level

01:10

includes the expectation that controls

01:12

are suitably designed

01:15

and are operating effectively meaning um

01:19

a

01:20

test of controls will be conducted if

01:24

the internal controls are effective

01:27

so the auditor plans to test the

01:29

operating effectiveness of controls to

01:32

determine also the nature timing and

01:35

extent of

01:36

the substantive procedure so again if

01:40

the internal control is effective

01:42

so lesser substantive procedures will be

01:45

performed at

01:47

uh interrupt interim dates okay because

01:50

in this case the auditor will rely on

01:53

the internal control in preventing

01:55

detecting and correcting material

01:57

misstatements

01:59

so

02:00

if however the auditor believes that the

02:03

internal control is ineffective or weak

02:06

then the auditor

02:10

assesses control risk as

02:12

high or maximum level so test of

02:15

controls will no longer be necessary

02:18

because again

02:20

internal controls are

02:22

not reliable anymore

02:25

so

02:27

test of controls

02:29

also are performed when substantive

02:31

procedures alone cannot provide

02:34

sufficient appropriate audit evidence at

02:36

the assertion level meaning um

02:40

tests of controls

02:42

are needed to assist

02:44

at the auditor in gathering

02:46

appropriate and sufficient audit

02:48

evidences along with

02:50

substantive procedures

02:53

so

02:54

test of controls are also performed when

02:57

there may be instances that the auditor

02:59

may find it impossible to design

03:01

effective substantive procedures that

03:05

by themselves

03:07

provide

03:08

sufficient appropriate audit evidence

03:10

for example when an entity conducts its

03:13

business using id

03:15

and no documentation of transactions is

03:18

produced

03:19

so here substantive procedures are

03:24

considered to be less effective so

03:26

um this will be aided

03:28

or the the auditor will be aided in

03:31

gathering audit evidences using tests of

03:34

controls

03:37

another is in such cases the auditor is

03:39

required

03:40

to perform relevant tests of controls

03:43

related to id or using the computer

03:46

assisted audit techniques

03:50

so test of controls

03:53

this refers to the compliance procedures

03:56

as mentioned earlier

03:58

rather than substantive procedures so

04:01

while test of controls are performed

04:04

to determine if the internal controls

04:06

are effective

04:08

substantive procedures on the other hand

04:10

are performed to obtain

04:12

evidence as to the completeness accuracy

04:17

and validity of information that is

04:19

generated by

04:21

such system or information system so

04:25

this is how the auditor will perform

04:28

test of controls

04:30

and

04:31

substantive procedures

04:33

in

04:34

uh

04:35

an environment or entity which chooses

04:38

i.t

04:39

and with less

04:41

um

04:44

so there may be instances also where the

04:46

auditor may design

04:48

test of controls to be performed

04:50

concurrently or along with substantive

04:53

procedures on the same transaction so

04:56

this is known as the dual purpose test

05:01

so for instance um inspecting documents

05:04

may show evidence of improper

05:06

authorization of transaction

05:08

so that is for the test of control

05:11

and also to detect statements in

05:14

recording in terms of the amounts so

05:17

recalculating

05:19

or

05:21

determining the measurement of such

05:23

transaction if that is correct so this

05:25

is our substantive procedure okay so the

05:29

auditor performs this test of control

05:32

and substantive procedure at the same

05:34

transaction at the same time

05:38

okay so although obtaining an

05:39

understanding of the design and

05:41

implementation of control is different

05:44

from testing

05:45

uh the operating effectiveness of the

05:47

internal control so the auditor may

05:50

decide to perform them concurrently to

05:53

promote

05:55

audit efficiency so this is how the

05:57

auditor

05:59

will efficiently perform the audit

06:02

procedures

06:03

okay understanding

06:05

of the controls as well as testing its

06:08

effectiveness or operating effectiveness

06:11

at the same time

06:13

okay so in this video lecture we will

06:16

continue with the nature of the tests of

06:18

controls

06:20

so

06:21

test of controls uh usually they include

06:24

the following procedures

06:26

first um inquiries of

06:28

uh the client personnel okay so this is

06:32

to determine if

06:33

the implementation

06:35

and

06:36

the design is operating effectively

06:39

another is inspection of documents and

06:42

reports that is generally dead

06:44

so this will determine if

06:47

the internal controls are able to detect

06:50

prevent incorrect misstatements

06:53

another

06:55

type of test of control is observation

06:58

of the employees when they perform the

07:01

policy or the procedure

07:03

okay another is a reperformance of the

07:05

policies to determine if

07:07

um this is consistent

07:09

okay

07:10

that

07:11

was performed previously by the client

07:15

another is walk through test so meaning

07:19

um the auditor

07:20

will

07:21

perform

07:23

together with the employee of the entity

07:26

such a

07:27

procedure okay to determine if they

07:30

indeed follow

07:31

the

07:33

guidelines

07:35

so inquiries and observation are usually

07:37

performed on controls which has no audit

07:41

trail so audit trail meaning um there is

07:44

documentation

07:46

um recording and the preparation of uh

07:49

financial statements where

07:52

the auditor can

07:53

um

07:54

follow

07:55

the

07:56

process of the preparation of the fs

07:58

from

07:59

um

08:00

the occurrence of the transaction okay

08:02

so that is what we mean by audit trail

08:06

okay

08:07

so here

08:08

uh another trail is a chain of evidence

08:11

provided through coding

08:14

cross-referencing

08:16

and documentation

08:18

that connects the account balances and

08:20

other summary results with the original

08:23

transactions as well as calculations or

08:25

in other words and these are

08:28

the

08:29

document the source documents the

08:31

recording

08:33

um

08:34

up to the preparation of the financial

08:36

statement of a certain transaction okay

08:39

so you can follow through that

08:42

to determine if that is

08:44

um

08:46

performed in accordance with their

08:48

internal internal control and with the

08:50

standard

08:52

okay so when evaluating the operator

08:54

another is when evaluating the operating

08:57

effectiveness of internal controls the

08:59

auditor will consider the following

09:02

first how the controls were applied

09:05

at relevant times during the period

09:08

okay another is the consistency

09:12

okay which

09:13

the controls were applied

09:16

another is by whom or by what means

09:18

controls where

09:20

applied this is

09:22

the

09:23

areas or the factors

09:26

in which the auditor can use

09:28

evaluating the operating effectiveness

09:30

of the internal control

09:33

okay so we will continue with the timing

09:36

of

09:37

a test of controls

09:40

so the auditor will perform

09:42

testing controls for the particular

09:44

for the

09:45

particular time

09:47

or throughout the period so for which

09:49

the auditor intends to rely on those

09:52

controls again this design timing

09:55

and timing i mean i will depend on the

09:58

risk assessment

10:00

so test the controls are usually

10:02

performed at an interim date

10:05

if the internal controls are effective

10:08

however the auditor can decide to

10:11

perform additional test controls

10:13

to gather

10:14

further audit

10:16

evidence during the remaining period

10:19

that will depend on the following

10:21

factors

10:22

first if um the significance of the risk

10:25

of material statement

10:27

at the assertion level

10:29

okay

10:30

or

10:31

the level of the

10:33

uh risk of material statement as well

10:37

okay so this will

10:39

um

10:40

change the original plan

10:43

on the test of

10:44

controls another is the specific

10:47

controls that were tested during the

10:49

interim period and the significant

10:51

changes to them since they were tested

10:54

if

10:55

in this case if there are changes that

10:58

will be made okay another is the degree

11:01

to which the audit evidence about

11:03

operating effectiveness of controls was

11:06

obtained

11:07

if in this case the auditor was not

11:09

satisfied in the test of controls that

11:12

was performed in the interim date so he

11:15

will

11:16

do further

11:18

additional test controls

11:20

okay for the remaining period

11:23

another is the length of time or the

11:26

length of the remaining period

11:28

okay so if that is long enough

11:31

then the auditor may consider

11:34

a additional test of controls for the

11:37

remaining period

11:40

another is the extent to which the

11:42

auditor

11:43

intends to reduce

11:45

the substantive procedures based on the

11:47

reliance on control so this can only be

11:49

made if again

11:51

um our internal control is

11:54

effective

11:56

okay as well as the control environment

11:59

if that is strong

12:02

okay so if the auditor plans to use the

12:04

audit evidence from a previous audit

12:06

about the operating effectiveness of

12:09

specific controls

12:11

so in this case the auditor should

12:12

establish the continuing relevance and

12:15

reliability of that evidence so he will

12:18

or each must obtain audit evidence about

12:21

whether

12:22

significant changes in those controls

12:24

have occurred subsequent to the previous

12:27

or date meaning

12:29

in this case

12:30

if the auditor was the previous auditor

12:33

also and based on his assessment in the

12:35

previous audit he found out that

12:37

internal controls are strong or

12:40

effective so he can rely on that also in

12:42

the

12:43

current

12:44

period provided he will

12:47

establish the continuing relevance and

12:50

reliability so he will obtain again

12:53

evidence so it's like testing again the

12:55

internal control if it's

12:58

strong or

12:59

weak

13:01

okay so the auditor should obtain this

13:03

evidence by performing inquiry

13:07

combined with observation or he can do

13:10

inspection to confirm

13:12

the understanding of those specific

13:15

controls if that is still effective at

13:18

the current

13:19

period

13:21

so

13:22

if there have been changes

13:24

that uh

13:25

affect the continuing relevance of the

13:28

audit evidence from the previous audit

13:31

so the auditor should test the controls

13:33

so he he will perform the test of

13:36

controls for the current period

13:39

okay if there have been no changes so

13:45

or if there have not been such change or

13:47

no changes the auditor should test the

13:50

controls at least once

13:52

in every third audit

13:54

okay

13:56

and should test some controls

13:58

each audit to avoid the possibility of

14:01

testing all the controls on which the

14:03

auditor intends to rely

14:05

in a single audit period

14:07

so with no testing of controls in the

14:09

subsequent two periods meaning in this

14:11

case

14:13

he will do the testing once and every

14:15

three audits provided if he is still the

14:18

auditor

14:20

okay and he will do the testing of

14:23

uh the internal controls that is

14:25

different

14:26

from

14:28

the past uh

14:30

controls that he have tested

14:33

okay to avoid

14:35

testing all the controls

14:37

which he intends to rely on the single

14:40

audit

14:41

it's like and get getting sample of test

14:44

controls just to determine

14:47

and obtain evidence about

14:49

the reliability

14:51

of

14:52

the operating effectiveness of internal

14:55

control

14:56

okay so when the auditor plans to rely

14:58

on the controls over

15:00

a risk

15:02

so the auditor has determined to be

15:04

significant

15:05

and then he should test those controls

15:07

for the current period so that is very

15:11

important to avoid

15:13

[Music]

15:14

audit risk

15:16

okay

15:18

so

15:19

that is for the timing of test of

15:20

control so we will continue with

15:23

the extent

15:24

of the test of controls

15:26

okay so when more persuasive audit

15:28

evidence is needed regarding the

15:31

effectiveness of the internal control

15:33

so in this case the auditor may increase

15:36

the extent or the number of samples to

15:38

be tested to

15:41

determine if the internal controls are

15:43

effective or not so in determining the

15:45

extent

15:47

of the testo controls so the following

15:49

may be considered

15:52

first is the frequency of the

15:54

performance of control by the entity

15:57

using or during the period so in this

16:01

case

16:03

um

16:06

meaning

16:08

that the auditor will

16:10

determine if indeed the implementation

16:13

of the internal controls are followed

16:16

strictly

16:17

by the entity

16:19

okay another is the length of time

16:21

during the period that the auditor is

16:23

relying

16:24

on the effectiveness

16:26

of the internal control

16:28

so here

16:30

um

16:30

he will determine that

16:34

from the beginning as he do the audit

16:37

until the end probably okay so from time

16:40

to time he will do the testing okay so

16:43

to determine if that is really or indeed

16:46

uh effective

16:48

another is the expected rate of

16:50

deviation

16:51

from the control

16:53

okay so here this is from the assessment

16:57

as well as

16:58

um

16:58

[Music]

17:00

observation probably and

17:02

uh

17:04

checking of the documents okay to

17:06

determine if

17:08

the the entity its employees in the

17:10

management are daily

17:12

uh strictly following the guidelines and

17:15

the policies

17:16

okay another is the relevance also and

17:19

the reliability of the audit evidence to

17:21

be obtained

17:23

about the operating effectiveness of the

17:25

control

17:26

okay

17:27

assertion level

17:30

and um

17:32

also

17:34

the extent to which the audit evidence

17:36

is obtained from tests of controls are

17:38

related to

17:39

the assertion okay so these are the

17:43

uh different factors that needs to be

17:46

considered by the auditor in determining

17:49

the extent

17:51

or the number of samples

17:53

or

17:55

how much okay he should

17:57

do the test of controls

18:01

okay what about when there is deviation

18:05

found while performing the test of

18:07

controls

18:08

okay so in this case when the variations

18:10

from controls upon which the auditor

18:12

intends to rely are detected

18:15

so

18:16

the auditor here should make specific

18:18

enquiries to further understand these

18:21

matters

18:22

okay and also

18:24

its potential consequences on the audit

18:28

so the auditor should determine whether

18:30

first the test of controls that have

18:32

been performed provide an appropriate

18:35

basis for reliance

18:37

okay so

18:39

um

18:40

this is also part of the assessment of

18:43

the auditor

18:44

okay

18:46

if the test of control is relevant

18:50

okay the

18:51

the test of controls that he performed

18:53

is relevant

18:54

or appropriate basis if you will rely

18:58

on those controls

19:00

another is additional test of controls

19:03

are necessary

19:05

okay so meaning

19:08

uh in this case he the auditor should

19:11

make sure

19:12

okay double check if that

19:15

deviation

19:17

is

19:18

present also in other parts of the

19:20

internal

19:22

other parts i mean of

19:24

the process

19:26

or the procedure

19:28

or

19:29

to determine if that deviation occurred

19:31

only once and it's not recording so that

19:34

he will be able to determine if he will

19:37

rely on those

19:39

controls or not

19:41

another is the potential risk of

19:44

mistaken that needs to be addressed

19:47

using the substantive procedures okay so

19:51

if the auditor determines that the

19:54

internal control is unreliable so he

19:56

will do more or additional substantive

19:58

procedures

20:00

so in addition the auditor should also

20:02

evaluate whether on the basis of the

20:05

audit work performed the auditor has

20:07

identified a significant deficiency

20:11

in

20:11

the internal controls so here

20:15

he will use his professional judgment

20:18

to

20:19

determine if that is or if that

20:21

deviation is significant and he will

20:23

communicate it with the proper authority

20:28

okay so those are

20:30

for

20:31

the tests of controls