Tests of Controls
Summary
TLDRThis video lecture discusses tests of controls, also known as compliance tests, used in auditing to evaluate the effectiveness of internal controls in preventing, detecting, and correcting material misstatements. The lecture covers the purpose, timing, and extent of these tests, and explains when auditors use them alongside substantive procedures. It also details scenarios where auditors may rely on previous audit evidence, and highlights the process of testing internal controls, including inquiries, inspections, and observations. The importance of identifying deviations and potential deficiencies in internal controls is emphasized.
Takeaways
- 📝 Test of controls (also known as compliance tests) are audit procedures designed to evaluate the effectiveness of internal controls in preventing, detecting, and correcting material misstatements.
- ⚙️ These tests assess both the design and operational effectiveness of controls throughout the audit period.
- 🔍 Tests of controls are performed when auditors believe internal controls are effective, which can reduce the extent of substantive procedures needed.
- 📊 If internal controls are deemed ineffective, the auditor assesses control risk as high, and tests of controls may no longer be necessary.
- 🛠️ Tests of controls are necessary when substantive procedures alone cannot provide sufficient audit evidence, especially in IT environments with limited documentation.
- 🔄 Auditors may perform dual-purpose tests, assessing both control effectiveness and substantive accuracy on the same transaction.
- 👀 Inquiries, inspections, observations, and walkthroughs are common methods used in tests of controls to evaluate the implementation and operation of internal controls.
- 📅 Tests of controls may be performed at interim dates if controls are effective, but further testing might be required for the remaining audit period based on several risk factors.
- 📈 The extent of tests of controls depends on factors like the frequency of control performance, the expected rate of deviation, and the reliability of evidence obtained.
- ⚠️ If deviations are detected, auditors need to evaluate their significance and may increase substantive procedures or perform additional tests of controls.
Q & A
What is the purpose of a test of controls in an audit?
-A test of controls, also known as a compliance test, is performed to evaluate the operating effectiveness of internal controls in preventing, detecting, and correcting material misstatements at the assertion level.
When are tests of controls typically performed by an auditor?
-Tests of controls are typically performed when the auditor's risk assessment includes the expectation that internal controls are suitably designed and operating effectively. They are also conducted when substantive procedures alone are not sufficient to provide appropriate audit evidence.
What is the difference between a test of controls and substantive procedures?
-Tests of controls focus on evaluating the effectiveness of internal controls in preventing and detecting errors, while substantive procedures aim to gather evidence about the completeness, accuracy, and validity of financial information.
What should an auditor do if they find internal controls to be ineffective?
-If internal controls are found to be ineffective, the auditor assesses the control risk as high or maximum. In such cases, tests of controls are not necessary, and the auditor will increase substantive procedures to gather sufficient evidence.
What is a dual-purpose test in auditing?
-A dual-purpose test is when the auditor performs both tests of controls and substantive procedures on the same transaction. This allows the auditor to evaluate control effectiveness and detect material misstatements simultaneously.
What factors influence the timing of tests of controls?
-The timing of tests of controls depends on the auditor's risk assessment, the significance of risks, the specific controls tested during the interim period, and any significant changes to those controls during the period.
What happens if deviations from controls are found during the test of controls?
-If deviations from controls are detected, the auditor should investigate further to understand the causes and assess the consequences. They must determine whether the controls can still be relied upon or if additional tests or substantive procedures are necessary.
Why might an auditor perform additional tests of controls during the audit period?
-An auditor may perform additional tests of controls to gather more evidence if the initial test results are inconclusive or if the internal controls show signs of weakness, particularly over high-risk areas.
What is the importance of an audit trail in the context of tests of controls?
-An audit trail provides a chain of evidence connecting account balances and summary results to the original transactions and supporting documentation, allowing the auditor to trace the entire process and assess internal control effectiveness.
How often should controls be tested if the auditor relies on prior audit evidence?
-If the auditor relies on prior audit evidence, controls should be tested at least once every three audits, and some controls should be tested in each audit to ensure continued reliability without testing all controls in a single period.
Outlines
📋 Introduction to Tests of Controls in Audits
This paragraph introduces 'tests of controls,' also known as compliance tests. These are audit procedures that assess the operating effectiveness of internal controls in preventing, detecting, and correcting material misstatements at the assertion level. The auditor examines both the design and operational effectiveness of internal controls. If internal controls are effective, fewer substantive procedures are required, but if weak, controls are unreliable, and tests of controls are unnecessary. In some cases, substantive procedures alone may not provide sufficient audit evidence, especially in environments where documentation is scarce, such as IT systems.
📝 Concurrent Testing: Dual Purpose Test
This paragraph explains dual-purpose tests, where the auditor performs both tests of controls and substantive procedures on the same transactions to improve audit efficiency. The auditor gains an understanding of the design and implementation of controls while simultaneously testing their operational effectiveness. The concurrent performance of these procedures ensures that both control testing and substantive verification occur, especially in cases where IT systems complicate the availability of documentation.
🕵️ Key Factors in Evaluating Control Effectiveness
This paragraph delves into the detailed factors auditors consider when evaluating the operating effectiveness of internal controls. The factors include how consistently controls were applied during the relevant period and by whom. The auditor determines whether additional tests of controls are necessary, depending on factors such as risk significance and the reliability of previous audit evidence. If changes have occurred in the controls, further tests may be required to establish their effectiveness.
⏰ Timing of Tests of Controls
This paragraph discusses the timing of tests of controls, highlighting that they are usually conducted at an interim date. If controls are effective, the auditor might decide to perform additional tests for the remaining period based on several factors such as the significance of the risk of material misstatements and any changes in controls. The length of the remaining period and reliance on previous audit evidence also influence the timing and extent of testing.
🔍 Extent of Test of Controls and Dealing with Deviations
Here, the auditor is advised to increase the extent of testing, such as the number of samples, when more persuasive evidence is needed. Factors like the frequency of control performance, the length of time the auditor is relying on the controls, and expected deviation rates help determine the extent of testing. If deviations are found, the auditor must investigate to understand their significance and whether additional tests are necessary. This paragraph also highlights how the auditor must assess whether the controls are reliable and consider the risk of material misstatements.
🚨 Identifying and Communicating Deficiencies
In this final paragraph, the auditor is instructed to evaluate whether the internal controls have significant deficiencies. The auditor must use professional judgment to assess the severity of any deviations and communicate significant findings to the appropriate authorities. This step is crucial in determining the reliability of internal controls and ensuring that audit conclusions are based on sound evidence.
Mindmap
Keywords
💡Test of Controls
💡Internal Control
💡Substantive Procedures
💡Material Misstatement
💡Assertion Level
💡Risk of Material Misstatement
💡Control Risk
💡Operating Effectiveness
💡Dual Purpose Test
💡Audit Evidence
Highlights
Test of controls, also known as compliance tests, are audit procedures designed to evaluate the effectiveness of internal controls in preventing, detecting, and correcting material misstatements.
Test of controls are performed when the auditor's risk assessment includes the expectation that controls are suitably designed and operating effectively.
If internal controls are deemed effective, fewer substantive procedures are required, reducing the need for extensive testing at interim dates.
When internal controls are considered weak, the auditor assesses control risk as high or maximum, and test of controls are not necessary.
Test of controls are performed when substantive procedures alone cannot provide sufficient and appropriate audit evidence.
Auditors perform test of controls when no documentation of transactions is produced, such as when an entity uses IT systems.
Dual purpose tests allow auditors to perform test of controls and substantive procedures concurrently on the same transaction to enhance audit efficiency.
Inquiries, inspections, observations, and reperformance are common methods used in test of controls to assess internal control effectiveness.
Walkthrough tests involve the auditor performing a procedure alongside an employee to verify adherence to internal controls.
Audit trail refers to the chain of evidence connecting account balances with original transactions and calculations.
When evaluating the operating effectiveness of internal controls, auditors consider how, when, and by whom the controls were applied.
Auditors may rely on audit evidence from prior periods if internal controls remain unchanged, testing them at least once every third audit.
If deviations from controls are detected during testing, auditors must investigate further to determine their impact and assess the need for additional testing.
If internal controls are unreliable, auditors increase substantive procedures to address potential risks of misstatement.
Significant deviations or deficiencies in internal controls are communicated to relevant authorities after the auditor's evaluation.
Transcripts
okay so for this next video lecture so
we will be discussing about the tests of
controls
okay so test of controls or this is also
known as compliance test this is an
audit procedure that is designed to
evaluate the operating effectiveness of
the internal control
in preventing detecting and correcting
material misstatements at the assertion
level
so in particular
the test of controls are performed to
obtain
evidence about the effectiveness of
first
the design of the internal control
whether
they are suitably designed or not
second is its operation
uh
throughout the period
if it is working well
okay according to what is um
the purpose why internal controls are
established
so test of controls
are performed normally
when
first
the auditor's assessment of risk
of material misstatement at assertion
level
includes the expectation that controls
are suitably designed
and are operating effectively meaning um
a
test of controls will be conducted if
the internal controls are effective
so the auditor plans to test the
operating effectiveness of controls to
determine also the nature timing and
extent of
the substantive procedure so again if
the internal control is effective
so lesser substantive procedures will be
performed at
uh interrupt interim dates okay because
in this case the auditor will rely on
the internal control in preventing
detecting and correcting material
misstatements
so
if however the auditor believes that the
internal control is ineffective or weak
then the auditor
assesses control risk as
high or maximum level so test of
controls will no longer be necessary
because again
internal controls are
not reliable anymore
so
test of controls
also are performed when substantive
procedures alone cannot provide
sufficient appropriate audit evidence at
the assertion level meaning um
tests of controls
are needed to assist
at the auditor in gathering
appropriate and sufficient audit
evidences along with
substantive procedures
so
test of controls are also performed when
there may be instances that the auditor
may find it impossible to design
effective substantive procedures that
by themselves
provide
sufficient appropriate audit evidence
for example when an entity conducts its
business using id
and no documentation of transactions is
produced
so here substantive procedures are
considered to be less effective so
um this will be aided
or the the auditor will be aided in
gathering audit evidences using tests of
controls
another is in such cases the auditor is
required
to perform relevant tests of controls
related to id or using the computer
assisted audit techniques
so test of controls
this refers to the compliance procedures
as mentioned earlier
rather than substantive procedures so
while test of controls are performed
to determine if the internal controls
are effective
substantive procedures on the other hand
are performed to obtain
evidence as to the completeness accuracy
and validity of information that is
generated by
such system or information system so
this is how the auditor will perform
test of controls
and
substantive procedures
in
uh
an environment or entity which chooses
i.t
and with less
um
so there may be instances also where the
auditor may design
test of controls to be performed
concurrently or along with substantive
procedures on the same transaction so
this is known as the dual purpose test
so for instance um inspecting documents
may show evidence of improper
authorization of transaction
so that is for the test of control
and also to detect statements in
recording in terms of the amounts so
recalculating
or
determining the measurement of such
transaction if that is correct so this
is our substantive procedure okay so the
auditor performs this test of control
and substantive procedure at the same
transaction at the same time
okay so although obtaining an
understanding of the design and
implementation of control is different
from testing
uh the operating effectiveness of the
internal control so the auditor may
decide to perform them concurrently to
promote
audit efficiency so this is how the
auditor
will efficiently perform the audit
procedures
okay understanding
of the controls as well as testing its
effectiveness or operating effectiveness
at the same time
okay so in this video lecture we will
continue with the nature of the tests of
controls
so
test of controls uh usually they include
the following procedures
first um inquiries of
uh the client personnel okay so this is
to determine if
the implementation
and
the design is operating effectively
another is inspection of documents and
reports that is generally dead
so this will determine if
the internal controls are able to detect
prevent incorrect misstatements
another
type of test of control is observation
of the employees when they perform the
policy or the procedure
okay another is a reperformance of the
policies to determine if
um this is consistent
okay
that
was performed previously by the client
another is walk through test so meaning
um the auditor
will
perform
together with the employee of the entity
such a
procedure okay to determine if they
indeed follow
the
guidelines
so inquiries and observation are usually
performed on controls which has no audit
trail so audit trail meaning um there is
documentation
um recording and the preparation of uh
financial statements where
the auditor can
um
follow
the
process of the preparation of the fs
from
um
the occurrence of the transaction okay
so that is what we mean by audit trail
okay
so here
uh another trail is a chain of evidence
provided through coding
cross-referencing
and documentation
that connects the account balances and
other summary results with the original
transactions as well as calculations or
in other words and these are
the
document the source documents the
recording
um
up to the preparation of the financial
statement of a certain transaction okay
so you can follow through that
to determine if that is
um
performed in accordance with their
internal internal control and with the
standard
okay so when evaluating the operator
another is when evaluating the operating
effectiveness of internal controls the
auditor will consider the following
first how the controls were applied
at relevant times during the period
okay another is the consistency
okay which
the controls were applied
another is by whom or by what means
controls where
applied this is
the
areas or the factors
in which the auditor can use
evaluating the operating effectiveness
of the internal control
okay so we will continue with the timing
of
a test of controls
so the auditor will perform
testing controls for the particular
for the
particular time
or throughout the period so for which
the auditor intends to rely on those
controls again this design timing
and timing i mean i will depend on the
risk assessment
so test the controls are usually
performed at an interim date
if the internal controls are effective
however the auditor can decide to
perform additional test controls
to gather
further audit
evidence during the remaining period
that will depend on the following
factors
first if um the significance of the risk
of material statement
at the assertion level
okay
or
the level of the
uh risk of material statement as well
okay so this will
um
change the original plan
on the test of
controls another is the specific
controls that were tested during the
interim period and the significant
changes to them since they were tested
if
in this case if there are changes that
will be made okay another is the degree
to which the audit evidence about
operating effectiveness of controls was
obtained
if in this case the auditor was not
satisfied in the test of controls that
was performed in the interim date so he
will
do further
additional test controls
okay for the remaining period
another is the length of time or the
length of the remaining period
okay so if that is long enough
then the auditor may consider
a additional test of controls for the
remaining period
another is the extent to which the
auditor
intends to reduce
the substantive procedures based on the
reliance on control so this can only be
made if again
um our internal control is
effective
okay as well as the control environment
if that is strong
okay so if the auditor plans to use the
audit evidence from a previous audit
about the operating effectiveness of
specific controls
so in this case the auditor should
establish the continuing relevance and
reliability of that evidence so he will
or each must obtain audit evidence about
whether
significant changes in those controls
have occurred subsequent to the previous
or date meaning
in this case
if the auditor was the previous auditor
also and based on his assessment in the
previous audit he found out that
internal controls are strong or
effective so he can rely on that also in
the
current
period provided he will
establish the continuing relevance and
reliability so he will obtain again
evidence so it's like testing again the
internal control if it's
strong or
weak
okay so the auditor should obtain this
evidence by performing inquiry
combined with observation or he can do
inspection to confirm
the understanding of those specific
controls if that is still effective at
the current
period
so
if there have been changes
that uh
affect the continuing relevance of the
audit evidence from the previous audit
so the auditor should test the controls
so he he will perform the test of
controls for the current period
okay if there have been no changes so
or if there have not been such change or
no changes the auditor should test the
controls at least once
in every third audit
okay
and should test some controls
each audit to avoid the possibility of
testing all the controls on which the
auditor intends to rely
in a single audit period
so with no testing of controls in the
subsequent two periods meaning in this
case
he will do the testing once and every
three audits provided if he is still the
auditor
okay and he will do the testing of
uh the internal controls that is
different
from
the past uh
controls that he have tested
okay to avoid
testing all the controls
which he intends to rely on the single
audit
it's like and get getting sample of test
controls just to determine
and obtain evidence about
the reliability
of
the operating effectiveness of internal
control
okay so when the auditor plans to rely
on the controls over
a risk
so the auditor has determined to be
significant
and then he should test those controls
for the current period so that is very
important to avoid
[Music]
audit risk
okay
so
that is for the timing of test of
control so we will continue with
the extent
of the test of controls
okay so when more persuasive audit
evidence is needed regarding the
effectiveness of the internal control
so in this case the auditor may increase
the extent or the number of samples to
be tested to
determine if the internal controls are
effective or not so in determining the
extent
of the testo controls so the following
may be considered
first is the frequency of the
performance of control by the entity
using or during the period so in this
case
um
meaning
that the auditor will
determine if indeed the implementation
of the internal controls are followed
strictly
by the entity
okay another is the length of time
during the period that the auditor is
relying
on the effectiveness
of the internal control
so here
um
he will determine that
from the beginning as he do the audit
until the end probably okay so from time
to time he will do the testing okay so
to determine if that is really or indeed
uh effective
another is the expected rate of
deviation
from the control
okay so here this is from the assessment
as well as
um
[Music]
observation probably and
uh
checking of the documents okay to
determine if
the the entity its employees in the
management are daily
uh strictly following the guidelines and
the policies
okay another is the relevance also and
the reliability of the audit evidence to
be obtained
about the operating effectiveness of the
control
okay
assertion level
and um
also
the extent to which the audit evidence
is obtained from tests of controls are
related to
the assertion okay so these are the
uh different factors that needs to be
considered by the auditor in determining
the extent
or the number of samples
or
how much okay he should
do the test of controls
okay what about when there is deviation
found while performing the test of
controls
okay so in this case when the variations
from controls upon which the auditor
intends to rely are detected
so
the auditor here should make specific
enquiries to further understand these
matters
okay and also
its potential consequences on the audit
so the auditor should determine whether
first the test of controls that have
been performed provide an appropriate
basis for reliance
okay so
um
this is also part of the assessment of
the auditor
okay
if the test of control is relevant
okay the
the test of controls that he performed
is relevant
or appropriate basis if you will rely
on those controls
another is additional test of controls
are necessary
okay so meaning
uh in this case he the auditor should
make sure
okay double check if that
deviation
is
present also in other parts of the
internal
other parts i mean of
the process
or the procedure
or
to determine if that deviation occurred
only once and it's not recording so that
he will be able to determine if he will
rely on those
controls or not
another is the potential risk of
mistaken that needs to be addressed
using the substantive procedures okay so
if the auditor determines that the
internal control is unreliable so he
will do more or additional substantive
procedures
so in addition the auditor should also
evaluate whether on the basis of the
audit work performed the auditor has
identified a significant deficiency
in
the internal controls so here
he will use his professional judgment
to
determine if that is or if that
deviation is significant and he will
communicate it with the proper authority
okay so those are
for
the tests of controls
5.0 / 5 (0 votes)