Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Audit Procedures: Tests of Controls and Their Importance in Auditing, Study notes of Auditing

ESCP Europe (École supérieure de commerce de Paris)Auditing

The concept of tests of controls in auditing, their purpose, nature, extent, and timing. Tests of controls are procedures designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting material misstatements at the assertion level. The document also covers the importance of testing controls, the factors affecting the extent of testing, and the consequences of deviations from controls. relevant to students studying auditing, accounting, or management information systems.

Typology: Study notes

2021/2022

Uploaded on 09/27/2022

dreamingofyou
dreamingofyou 🇬🇧

4.5

(15)

233 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Tests of Controls
(Relevant to AAT Examination Paper 8 Principles of Auditing and Management
Information Systems)
David Chow, FCCA, FCPA, CPA (Practising)
Audit Approach for Designing Audit Procedures
In planning an audit, the auditor considers the appropriate audit approach for
designing and performing further audit procedures based on the auditor’s
assessment of the identified risks at the assertion level. These audit procedures are
referred to as (i) tests of controls and (ii) substantive procedures.
A test of controls is an audit procedure designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level. A substantive procedure is an audit
procedure designed to detect material misstatements at the assertion level.
The auditor ordinarily performs both tests of controls and substantive procedures to
express an opinion on the financial statements. The objective of performing tests of
controls is to assess control risk. The results obtained from a test of controls may
cause the auditor to alter the nature, timing, and extent of the substantive procedures
to be performed and to plan and perform further tests of controls, especially when the
auditor has identified control deficiencies.
The auditor shall design and perform tests of controls to test the internal controls set
up by an entity so as to obtain sufficient appropriate audit evidence on the operating
effectiveness of relevant controls if:
(a) the auditor intends to rely on the operating effectiveness of controls; or
(b) substantive procedures alone cannot provide sufficient appropriate audit
evidence at the assertion level.
However, if the auditor has not identified any effective controls relevant to the
assertion, or if testing controls would be inefficient, which occurs quite often in small
entities, then the auditor will not intend to rely on the operating effectiveness of
controls in determining the nature, timing and extent of substantive procedures. In
such cases, it may be more efficient for the auditor to rely primarily on performing
substantive procedures.
Regardless of the assessed level of control risk or the assessed risk of material
misstatement in connection with the audit of the financial statements, the auditor
should perform substantive procedures for all relevant assertions.
A higher level of assurance may be sought about the operating effectiveness of
controls when the approach adopted consists primarily of tests of controls, in
particular, where it is not possible or practicable to obtain sufficient appropriate audit
evidence only from substantive procedures.
pf3
pf4
pf5

Partial preview of the text

Download Audit Procedures: Tests of Controls and Their Importance in Auditing and more Study notes Auditing in PDF only on Docsity!

Tests of Controls (Relevant to AAT Examination Paper 8 — Principles of Auditing and Management Information Systems)

David Chow, FCCA, FCPA, CPA (Practising)

Audit Approach for Designing Audit Procedures

In planning an audit, the auditor considers the appropriate audit approach for designing and performing further audit procedures based on the auditor’s assessment of the identified risks at the assertion level. These audit procedures are referred to as (i) tests of controls and (ii) substantive procedures.

A test of controls is an audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. A substantive procedure is an audit procedure designed to detect material misstatements at the assertion level.

The auditor ordinarily performs both tests of controls and substantive procedures to express an opinion on the financial statements. The objective of performing tests of controls is to assess control risk. The results obtained from a test of controls may cause the auditor to alter the nature, timing, and extent of the substantive procedures to be performed and to plan and perform further tests of controls, especially when the auditor has identified control deficiencies.

The auditor shall design and perform tests of controls to test the internal controls set up by an entity so as to obtain sufficient appropriate audit evidence on the operating effectiveness of relevant controls if: (a) the auditor intends to rely on the operating effectiveness of controls; or (b) substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

However, if the auditor has not identified any effective controls relevant to the assertion, or if testing controls would be inefficient, which occurs quite often in small entities, then the auditor will not intend to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures. In such cases, it may be more efficient for the auditor to rely primarily on performing substantive procedures.

Regardless of the assessed level of control risk or the assessed risk of material misstatement in connection with the audit of the financial statements, the auditor should perform substantive procedures for all relevant assertions.

A higher level of assurance may be sought about the operating effectiveness of controls when the approach adopted consists primarily of tests of controls, in particular, where it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures.

Nature of Tests of Controls

The nature of an audit procedure refers to its purpose (i.e. is it a test of controls or confirmation, recalculation, reperformance, or analytical procedure). The nature of the audit procedures is of the greatest importance in responding to the assessed risks.

Inquiry alone is not sufficient to test the operating effectiveness of controls. Accordingly, other audit procedures are performed in combination with inquiry. In this regard, inquiry combined with inspection or reperformance may provide a higher degree of assurance than inquiry and observation, since an observation is pertinent only at the point in time at which it is made.

The nature of the particular control influences the type of test of controls required to obtain audit evidence about whether that control has been operating effectively. For example, if operating effectiveness is evidenced by documentation, the auditor may decide to inspect the document. However, documentation may not be available or relevant for other controls (such as the assignment of authority and responsibility), or for some types of control activities (such as control activities performed by a computer). In such circumstances, audit evidence about operating effectiveness may be obtained through inquiry in combination with other audit procedures (such as observation or the use of CAATs).

Extent of Tests of Controls

The extent of an audit procedure refers to the quantity to be performed, for example, a sample size or the number of observations of a control activity.

When more persuasive audit evidence is needed regarding the effectiveness of a control, it may be appropriate to increase the extent of testing of the control. As well as the degree of reliance on controls, the auditor may consider the following matters in determining the extent of tests of controls: (a) The frequency of performance of the control by the entity during the period. (b) The length of time during the audit period that the auditor is relying on the operating effectiveness of the control. (c) The expected rate of deviation from a control. (d) The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control at the assertion level. (e) The extent to which audit evidence is obtained from tests of other controls related to the assertion.

Timing of Tests of Controls

The timing of an audit procedure refers to when it is performed, or the period or date to which the audit evidence applies.

assessed by the auditor. An unexpectedly high sample deviation rate may lead to an increase in the assessed risk of material misstatement, unless further audit evidence substantiating the initial assessment is obtained.

For tests of controls, no explicit projection of deviations is necessary since the sample deviation rate is also the projected deviation rate for the population as a whole. If the results of tests of controls have indicated deviations from controls upon which the auditor intends to rely, then the auditor shall make specific inquiries to understand these matters and their potential consequences, and shall determine whether: (a) the tests of controls that have been performed provide an appropriate basis for reliance on the controls; (b) additional tests of controls are necessary; or (c) the potential risks of misstatement need to be addressed using substantive procedures.

In analyzing the deviations identified, the auditor may decide to identify all items in the population that possess the common feature, for example, type of transaction, location, product line or period of time, and extend audit procedures to those items. Such deviations may be intentional, and may indicate the possibility of fraud.

If the auditor concludes that audit sampling has not provided a reasonable basis for conclusions about the population that has been tested, the auditor may: (a) request management to investigate misstatements that have been identified and the potential for further misstatements and to make any necessary adjustments; or (b) tailor the nature, timing and extent of those further audit procedures to best achieve the required assurance. For example, the auditor might extend the sample size, test an alternative control or modify related substantive procedures.

With respect to an automated control, it may not be necessary to increase the extent of testing due to the inherent consistency of IT processing. An automated control can be expected to function consistently unless the program is changed. Once the auditor determines that an automated control is functioning as intended, the auditor may consider performing tests on program change controls and to determine that the control continues to function effectively.

Sampling Risk

Sampling risk is the risk that the auditor’s conclusion based on a sample may be different from the conclusion if the entire population were subjected to the same audit procedure.

There are two types of erroneous conclusions arising from sampling risk relating to a test of controls:

(a) Controls appear more effective than they actually are. The auditor is primarily concerned with this type of erroneous conclusion because it affects audit effectiveness. (b) Controls appear less effective than they actually are. This type of erroneous conclusion affects audit efficiency, as it would usually lead to additional work to establish that the initial conclusions were incorrect.

Reference:

HKSA 330 The Auditor’s Responses to Assessed Risks , issued June 2009, revised June 2017, Hong Kong Institute of Certified Public Accountants

HKSA 530 (Clarified) Audit Sampling , issued July 2009, revised July 2010, Hong Kong Institute of Certified Public Accountants