Overview of testing internal controls

AmandaLovesToAudit

11 Dec 202012:37

Summary

TLDRThis video focuses on the audit risk model and its role in shaping audit strategies, particularly through the testing of internal controls. Amanda, a university audit professor, walks viewers through identifying, selecting, and testing key internal controls, analyzing the results, and their impact on audit strategy. She explains how deviations in control effectiveness influence control risk and substantive testing. Amanda also discusses potential future audit trends, such as using AI for testing 100% of a population. The video provides insights for both beginners and those familiar with audit concepts.

Takeaways

📊 The audit risk model is crucial for determining detection risk, which in turn drives the audit strategy—whether it’s controls-based, substantive, or a mixed approach.
🔍 Detection risk is influenced by the inherent risk and control risk assessments, which require identifying and evaluating control activities.
⚙️ Step 1 of testing internal controls involves identifying the control activities, focusing on key controls rather than testing all of them.
📋 Step 2 is deciding which controls to test, prioritizing those that contribute most to ensuring transactions are correctly recorded and completed.
📝 The testing process is divided into two phases: designing the tests (defining sample size, procedures, etc.) and executing them to gather evidence.
❌ Deviations, instances where controls do not work, must be analyzed to assess whether controls are effective. High deviation rates indicate that controls are ineffective.
💡 Tolerable deviations help in determining whether control deviations are acceptable. If actual deviations exceed the tolerable rate, control risk increases.
🔄 An increase in control risk leads to a decrease in detection risk, resulting in the need for more substantive testing in areas where deviations are found.
📉 Testing internal controls may not be necessary in cases of low transaction volume or highly material transactions, where substantive testing is more efficient.
🤖 Future advancements in data analytics tools may eliminate the need for internal control tests by allowing 100% substantive testing, though this presents its own risks.

Q & A

What is the purpose of the audit risk model?
-The audit risk model helps auditors determine detection risk, which in turn guides the audit strategy, whether it be a controls-based approach, a substantive approach, or a mixed approach.
Why do auditors test internal controls?
-Auditors test internal controls to evaluate whether these controls are effective. This influences the audit strategy, as effective controls allow for limited substantive testing, while ineffective controls increase the need for more detailed substantive testing.
What are the key steps involved in testing internal controls?
-The key steps are: 1) Identifying control activities, 2) Deciding which controls to test, 3) Designing and executing the tests, and 4) Analyzing the results to determine if controls are working effectively.
How do auditors determine which controls to test?
-Auditors select key controls that are most significant in ensuring accurate financial reporting, focusing on those that address critical assertions like occurrence, accuracy, and completeness.
What is a deviation in the context of internal control testing?
-A deviation occurs when a control fails to operate as intended. Auditors track deviations to assess whether the control is functioning effectively or not.
How do auditors evaluate whether a control is operating effectively?
-Auditors compare the actual number or rate of deviations found during testing to a pre-determined tolerable deviation level. If actual deviations exceed the tolerable rate, the control is deemed ineffective.
What happens if the actual deviation rate is higher than the tolerable rate?
-If the actual deviation rate exceeds the tolerable rate, control risk increases, which results in a lower detection risk and a need for more extensive substantive testing.
In what situations might an auditor decide not to test internal controls?
-Auditors may choose not to test internal controls in cases of low transaction volume or highly material transactions, where substantive testing is faster or more reliable.
How could data analytics tools impact future internal control testing?
-Data analytics tools may allow auditors to test 100% of a population, potentially reducing the need for internal control testing. However, this raises questions about whether auditors will be expected to provide reasonable assurance or guarantees.
What impact could AI and data analytics have on audit risk and assurance in the future?
-As AI and data analytics tools improve, they may enable comprehensive testing of all transactions, potentially altering the scope of assurance provided by auditors. This could shift the audit from providing reasonable assurance to potentially offering guarantees.