Flashcards in Lecture 6 Deck (30):
Includes various control/ substantive tests for a significant risk. Each programme addresses signif risk
Elements of systems/ processes (designed by management) to safeguard assets and maintain accurate financial records so financial statements can be prepared
Controls are designed to
Reduce the risk of fraud/ error in FSs by detecting, preventing and correcting certain actions on significant risk areas
Auditors test controls to see if (2)
- Designed to detect fraud/ error
- Operating effectively
If controls designed and appropriately and operating effectively..
Auditor relies on them to detect fraud/ error and reduces substantive testing
Entity level controls =
Controls that cover whole company
Auditors test entity level controls to
Assess strength of control environment
According to ISA 315 > entity level controls > auditors should test: (3)
- Communication and enforcement of ethical values
- Management philosophy (tone at the top)
- Organisational structure
How to test entity level controls (3 steps)
1) Understand and document control environment
2) Test controls management have asserted exist
3) Conclude on effectiveness and impact on audit approach
Process level controls =
Controls embedded in specific process company has put in place to prevent, detect and correct errors/ fraud
Categories of process level controls (4)
- Performance reviews
- Information processing controls
- Physical controls
- Segregation of duties
Testing design and implementation =
Auditor confirms what they have learnt, may need walkthrough
Check that system is operating as noted in process notes by following transaction through system
Test of operating effectiveness =
Testing to see if control is actually working
Effective control >
Can rely on > reduces substantive testing
Ineffective control >
No reliance > increase substantive testing, and communicate to audit committee
When testing TOE, must consider...
NET of audit procedures
Type of testing to perform, and how going to perform
Nature of testing egs (4)
- Inspection records/ docs
- Observation/ inquiry
- Re-calculation/ re-performance
When you are going to do testing
Testing of TOE usually takes place..
At interim, may need to top up at YE
How much testing going to do and on what population
Level of TOE testing depends on (2)
- Frequency of control
- Risk of failure
TOE population to test depends on (2)
Directional testing =
Testing what's not there
HORNET used to..
Work out risk the control will fail
How is control performed?
how Often is control performed?
Risk the control mitigates
Nature and size of misstatement control likely to detect
how Experienced and competent is person performing control?
is there a Technology component?
Sample sizes determined based on: (3)
- Risk of failure
- Whether IT component
If IT general controls testing has been completed...
Test of one required