Lecture 6 Flashcards Preview

Auditing > Lecture 6 > Flashcards

Flashcards in Lecture 6 Deck (30):
1

Audit programme

Includes various control/ substantive tests for a significant risk. Each programme addresses signif risk

2

Controls =

Elements of systems/ processes (designed by management) to safeguard assets and maintain accurate financial records so financial statements can be prepared

3

Controls are designed to

Reduce the risk of fraud/ error in FSs by detecting, preventing and correcting certain actions on significant risk areas

4

Auditors test controls to see if (2)

- Designed to detect fraud/ error
- Operating effectively

5

If controls designed and appropriately and operating effectively..

Auditor relies on them to detect fraud/ error and reduces substantive testing

6

Entity level controls =

Controls that cover whole company

7

Auditors test entity level controls to

Assess strength of control environment

8

According to ISA 315 > entity level controls > auditors should test: (3)

- Communication and enforcement of ethical values
- Management philosophy (tone at the top)
- Organisational structure

9

How to test entity level controls (3 steps)

1) Understand and document control environment
2) Test controls management have asserted exist
3) Conclude on effectiveness and impact on audit approach

10

Process level controls =

Controls embedded in specific process company has put in place to prevent, detect and correct errors/ fraud

11

Categories of process level controls (4)

- Performance reviews
- Information processing controls
- Physical controls
- Segregation of duties

12

Testing design and implementation =

Auditor confirms what they have learnt, may need walkthrough

13

Walkthrough =

Check that system is operating as noted in process notes by following transaction through system

14

Test of operating effectiveness =

Testing to see if control is actually working

15

Effective control >

Can rely on > reduces substantive testing

16

Ineffective control >

No reliance > increase substantive testing, and communicate to audit committee

17

When testing TOE, must consider...

NET of audit procedures

18

Nature =

Type of testing to perform, and how going to perform

19

Nature of testing egs (4)

- Inspection records/ docs
- Observation/ inquiry
- Confirmation
- Re-calculation/ re-performance

20

Timing =

When you are going to do testing

21

Testing of TOE usually takes place..

At interim, may need to top up at YE

22

Extent =

How much testing going to do and on what population

23

Level of TOE testing depends on (2)

- Frequency of control
- Risk of failure

24

TOE population to test depends on (2)

- Assertions
- Balances

25

Directional testing =

Testing what's not there

26

HORNET used to..

Work out risk the control will fail

27

HORNET

How is control performed?
how Often is control performed?
Risk the control mitigates
Nature and size of misstatement control likely to detect
how Experienced and competent is person performing control?
is there a Technology component?

28

Sample sizes determined based on: (3)

- Risk of failure
- Frequency
- Whether IT component

29

If IT general controls testing has been completed...

Test of one required

30

If one occurrence fails..

Control deemed to be operating ineffectively