Scribd
Upload
20 views27 pages

Chapter 11

This chapter discusses audit procedures for testing internal controls to assess control risk. It covers evaluating control design and operation, identifying necessary controls, performing tests of controls through methods like inquiries and reperforming controls. Timing and extent of control tests are also discussed. The chapter explores assessing control risk for different account balances and transaction classes and documenting the assessed control risk level.

Uploaded by

Farhan Ari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
20 views27 pages

Chapter 11

This chapter discusses audit procedures for testing internal controls to assess control risk. It covers evaluating control design and operation, identifying necessary controls, performing tests of controls through methods like inquiries and reperforming controls. Timing and extent of control tests are also discussed. The chapter explores assessing control risk for different account balances and transaction classes and documenting the assessed control risk level.

Uploaded by

Farhan Ari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 27

Modern

Modern Auditing:
Auditing:
Assurance
Assurance Services
Services and
and the
the Integrity
Integrity
of
of Financial Reporting, 8th Edition
Financial Reporting, 8 th
Edition

William C. Boynton
California Polytechnic State
University at San Luis Obispo
Raymond N. Johnson
Portland State University

Chapter 11 – Audit Procedures in Response to Assessed


Risks: Tests of Controls
Chapter
Chapter 11
11 Overview
Overview
Assessing
Assessing Control
Control Risk
Risk
In assessing control risk, the auditor
must evaluate the effectiveness of :

• Design of internal controls

• Operation of internal controls


Steps
Steps in
in Assessing
Assessing Control
Control Risk
Risk
Process
Process for
for Assessing
Assessing Control
Control
Risk
Risk
• Consider Knowledge Acquired from
Procedures to Obtain an
Understanding

• Identify Potential Misstatements


Process
Process for
for Assessing
Assessing Control
Control
Risk
Risk
• Identify Necessary Controls
– Nature of controls to prevent or detect and
correct misstatements

– Nature of controls implemented by


management

– Significance of each control

– Risk that designed controls may not operate


effectively
Control
Control Design
Design for
for Specific
Specific
Assertions
Assertions
• Completeness Assertion

• Existence or Occurrence Assertion

• Valuation and Allocation Assertion

• Presentation and Disclosure


Assertion
Identify
Identify Necessary
Necessary Controls
Controls
Process
Process for
for Assessing
Assessing Control
Control
Risk
Risk
• Perform Tests of Controls
– Evidence about effectiveness of the
design and operation of controls

• Evaluate Evidence and Make


Assessment
– Matter of professional judgment
– Identify strengths and deficiencies
– Express quantitatively or qualitatively
Strategies
Strategies for
for Performing
Performing Tests
Tests
of
of Controls
Controls in
in an
an IT
IT Environment
Environment
• User Controls

• Application Controls

• General Controls and Manual


Followup Procedures
Overview
Overview of
of Computer
Computer Controls
Controls
Computer-Assisted
Computer-Assisted Audit
Audit
Techniques
Techniques (CAATs)
(CAATs)
• Auditing through the computer

• Advantageous when:
– Significant part of internal controls is
imbedded in a computer program
– Significant gaps in visible audit trail
– Large volumes of records to be tested
Types
Types of
of CAATs
CAATs
• Parallel Simulation

• Test Data

• Integrated Test Facility

• Continuous Monitoring of On-line


Real-time Systems
Parallel
Parallel Simulation
Simulation versus
versus Test
Test
Data
Data
Continuous
Continuous Monitoring
Monitoring of
of On-
On-
Line
Line Real-Time
Real-Time Systems
Systems
• Continuous Monitoring

• Audit Hook

• Tagging Transactions

• Audit Log
Methodologies
Methodologies for
for Meeting
Meeting the
the
Second
Second Standard
Standard ofof Fieldwork
Fieldwork
Effects
Effects of
of Preliminary
Preliminary Audit
Audit
Strategies
Strategies
• Primarily Substantive Approaches

• Lower Assessed Level of Control Risk


Designing
Designing Tests
Tests of
of Controls
Controls
Designed to evaluate the operating
effectiveness of a control concerned
with:

• How the control was applied


• Consistency with which it was applied
• By whom it was applied
Nature
Nature of
of Tests
Tests of
of Controls
Controls
• Inquiries of entity personnel

• Inspection of items indicating


performance of the control

• Observation of the application of the


control

• Reperformance of the application of the


control by the auditor
Timing
Timing of
of Tests
Tests of
of Controls
Controls
• One Occasion versus Multiple
Occasions

• Timing Issues
– Interim Period

– Remaining Period

– Results from Prior Periods


Extent
Extent of
of Tests
Tests of
of Controls
Controls
• Nature of the Control

• Frequency of Operation

• Importance of the Control


Designing
Designing Tests
Tests of
of Controls
Controls
• Staffing Tests of Controls

• Audit Programs for Tests of Controls

• Dual-Purpose Tests
Additional
Additional Considerations
Considerations
• Assessing Control Risk for Account
Balance Assertions Affected by a
Single Transaction Class

• Assessing Control Risk for Account


Balance Assertions Affected by
Multiple Transaction Classes
Account
Account Balance
Balance Assertions
Assertions and
and
Transaction
Transaction Class
Class Assertions
Assertions
Account
Account Balance
Balance Assertions
Assertions and
and
Transaction
Transaction Class
Class Assertions
Assertions
Documenting
Documenting the
the Assessed
Assessed Level
Level
of
of Control
Control Risk
Risk
• Control Risk Assessed at the
Maximum
– Only the conclusion is documented

• Control Risk Assessed at Below the


Maximum
– Basis for assessment must be
documented
Communicating
Communicating Internal
Internal Control
Control
Matters
Matters
• Internal Control Deficiency

• Significant Deficiency

• Material Weakness

You might also like