Chapter 8

Question 1

Controls are classified as one of four types

Answer 1

1. manual
2. automated (otherwise known as application controls)
3. information technology (IT) general controls (ITGCs) (the overall controls put in place to manage changes to applications and programs, as well as to limit access to appropriate users of those IT applications only)
4. a combination of control types referred to as IT-dependent manual controls.

Question 2

Two Types of controls

Answer 2

Preventive controls

Detective controls

Question 3

Examples of preventive controls

Sales occur that are not collectable.

Answer 3

The computerized accounting program will not allow a sale to be processed if a customer has exceeded its credit limit.

Question 4

Examples of preventive controls

Fictitious employees are paid.

Answer 4

Amounts cannot be paid to employees without first matching a valid social insurance number to the employee master file.

Question 5

Examples of preventive controls

Sales are recorded at the wrong amount.

Answer 5

Sales invoices are automatically priced using a master pricing file.

Question 6

Examples of preventive controls

Transactions are classified and coded to incorrect accounts.

Answer 6

The account coding on each purchase order is checked by the computer using a table of valid account numbers, and then various logic tests are performed by the computer.

Question 7

It is important that detective controls:

Answer 7

1. completely and accurately capture all relevant data
2. identify all potentially significant errors
3. are performed consistently and regularly
4. include timely follow-up and correction for any misstatements or issues detected.

Question 8

There are many examples of detective controls, including the following:

Answer 8

Management-level reviews are made of actual performance versus budgets, forecasts, prior periods, competitors (if available), and industry averages (if available). Management’s actions in analyzing and following up on unexpected variances is a detective control. For example, the financial controller may review the monthly results and compare the number of days’ sales outstanding to previous periods to ensure any allowance for doubtful accounts is reasonable.

Question 9

Examples of detective controls

Cash is received but not recorded in the general ledger, payments are made but not recorded, cash receipts or cash payments are not real or not recorded on a timely basis.

Answer 9

Bank reconciliation and follow-up of unexpected outstanding items (e.g., unexpected or large deposits not yet cleared by the bank, cheques presented by the bank but not recorded in the general ledger).

Question 10

Examples of detective controls

Shipments are not billed and recorded, or billings are not related to actual shipments of product.

Answer 10

The computer performs a daily comparison of quantities shipped to quantities billed. If differences are revealed, a report is generated for review and follow-up by the billing supervisor.

Question 11

Examples of detective controls

Unrecorded billings and errors in classifying sales or cash receipts.

Answer 11

Quarterly reviews of credit balances in accounts receivable to determine their causes.

Question 12

Examples of detective controls

Errors in the number of units or unit prices being calculated or applied incorrectly.

Answer 12

The sales manager reviews daily shipments, total sales, and sales per unit shipped.

Question 13

What is the difference between an application control and an IT general control?

Answer 13

Application controls are the fully automated controls that apply to the processing of individual transactions.

ITGCs are the client’s controls over the hardware and software it uses, including acquisition and maintenance of equipment, backup and recovery procedures, and the organization of the IT department to ensure the appropriate segregation of duties.

Question 14

Tests of controls, described in this section, include

Answer 14

enquiry, observation, inspection of physical evidence, and re-performance.

Question 15

Identification of WCGW with related assertion and control testing selection

Goods are shipped but not invoiced
(Related assertion, Control, What Control to Test)

Answer 15

Completness

Use of sequential shipping documents. Monthly reconciliations of missing shipping documents performed.
Three-way match of order, shipping document, and invoice.

Review sequence of shipping documents and reconciliations.
Trace a sample of shipping documents to the invoice.

Question 16

Identification of WCGW with related assertion and control testing selection

Fictitious sales recorded in accounts.
(Related assertion, Control, What Control to Test)

Answer 16

Completness, Existence

Approved sales order and shipping document required before invoicing.

Match invoices and shipping documents to approved sales orders.

Question 17

Identification of WCGW with related assertion and control testing selection

Goods are shipped/services provided to customers that are a bad credit risk.
(Related assertion, Control, What Control to Test)

Answer 17

Valuation

Credit approval required for all new customers before order forwarded to shipping.
Customer credit limits checked for existing customers before order forwarded to shipping.

Select a sample of new customers and review the credit file for evidence of review of credit history and approval.
Review aging receivables for customers exceeding credit limits. Review file to determine if special approval documented.

Question 18

Identification of WCGW with related assertion and control testing selection

Receipts are only partially or not at all deposited.
(Related assertion, Control, What Control to Test)

Answer 18

Completness, Accuracy

Independent verification of pre-listing of cash and cheques to deposit slip.

Select a sample and verify pre-listing to deposit slip.

Question 19

Identification of WCGW with related assertion and control testing selection

Cash receipts are credited to the wrong account (fraud or error).
(Related assertion, Control, What Control to Test)

Answer 19

Accuracy

Statements are mailed to customers each month.

Observe mailing of monthly statements to credit customers.

Question 20

Identification of WCGW with related assertion and control testing selection

Errors are made when recording cash receipts.
(Related assertion, Control, What Control to Test)

Answer 20

Completeness, Existence, Accuracy

Preparation of monthly bank reconciliations.

Examine bank reconciliations and follow up on reconciling items.

Question 21

Identify the different types of controls.

Answer 21

There are four different types of controls: manual, automated (otherwise known as application controls), IT general controls (ITGCs), or a combination of control types referred to as IT-dependent manual controls. Each of these types can be described as either a preventive control or a detective control. Preventive controls, as the name suggests, prevent errors from occurring. Detective controls detect the error after it has occurred and rectify the error on a timely basis.

Question 22

Understand the different techniques for testing controls.

Answer 22

There are four key techniques used for testing controls: enquiry (questions are asked regarding the operation of the control), observation (the operation of the control is observed to be occurring), inspection (of physical evidence resulting from the performance of the control), and re-performance (when the auditor re-performs the control to test its effectiveness).

Question 23

Explain how to select and design tests of controls.

Answer 23

The selection of which controls to test is a matter of professional judgement. Deciding which controls to test will be influenced by the control objective, the type of control, the frequency at which the control is performed, and the level of assurance the auditor plans to gain from determining the control is designed and implemented effectively. As a general rule, the best controls to test are those that address the WCGWs most effectively with the least amount of testing required.
The extent of testing of controls (that is, deciding how many to test) is also a matter of professional judgement, although there are sampling techniques available (discussed in chapter 6). The extent of testing is affected by many factors, including how often the control is performed, the degree to which reliance will be placed on the control as part of the audit, the persuasiveness of the evidence produced by the control, the need to be satisfied that the control operated as intended throughout the period of reliance, the existence of a combination of controls that may reduce the level of assurance that might be needed from any one control, the relative importance of the WCGW questions or statements being considered, and any other factors such as the competence of the person carrying out the control, the quality of the control environment, and any changes in the accounting system.

Question 24

Understand how to interpret the results of testing of controls.

Answer 24

If the controls tested are considered to be effective and can be relied on for the purposes of reducing overall audit risk for a particular significant account and assertion, the level of additional substantive testing required is reduced. If the controls tested are considered to be ineffective and are not able to provide any audit evidence that reduces overall audit risk for a particular significant account and assertion, the level of additional substantive testing that is required is increased.

Question 25

Explain how to document tests of controls.

Answer 25

The purpose of the test of controls, the selection of controls to test, the results of the controls testing performed, and the conclusion regarding the design and implementation of the controls are all documented in the audit working papers. The working papers are then reviewed by more experienced auditors to determine if sufficient work was performed and if the appropriate conclusion was reached.