Auditing Test of Controls

Questions and Answers

What defines a deviation in the context of auditing controls?

A deviation is defined as any instance where a control did not achieve its objective to prevent or detect and correct a misstatement.

What is meant by tolerable deviation rate (TDR)?

The tolerable deviation rate (TDR) is the maximum rate of deviation that an auditor finds acceptable to conclude that a control is operating effectively.

Under what circumstances does the number of items to be tested usually increase?

The number of items to be tested increases as the risk of material misstatement increases and the auditor's reliance on the effectiveness of controls grows.

What happens if the actual deviation rate exceeds the tolerable deviation rate?

If the actual deviation rate exceeds the TDR, it indicates that the control is not operating effectively.

Why is it important for the auditor to establish expectations of the rate of deviation?

Establishing expectations of the rate of deviation allows auditors to design an appropriate sample and determine the sample size necessary for effective testing.

What is the role of the financial controller in reviewing customer credit limits?

The financial controller reviews customer credit limits based on their payment history every quarter.

How does the sales ordering system enforce customer credit limits?

The system is configured to prevent processing an order if it exceeds the customer's credit limit.

What evidence is required to show that the financial controller has reviewed the credit limits?

A listing of customer credit limits that includes evidence of the financial controller's review is required.

Describe the method for testing the credit limit enforcement in the sales ordering process.

Create a dummy customer with a specific credit limit and place an order that exceeds that limit to observe if it is rejected.

What could happen if the customer credit limits are not reviewed accurately and regularly?

Failure to review credit limits can lead to excessive credit being extended, resulting in bad debts and financial losses.

Why is enquiry alone not sufficient to test the operating effectiveness of controls?

Enquiry alone lacks reliability; it must be combined with other procedures like reperformance or inspection for enhanced assurance.

How does observation, when performed during an audit, limit its effectiveness?

Observation is only relevant at a specific moment and can be biased if individuals know they are being watched.

Identify two key assertions related to fictitious sales occurring in an audit.

The key assertions are Occurrence and Existence.

What are the three main methods for selecting testing items?

Testing 100% of items, testing specific items, and audit sampling.

What is the purpose of generating an exception report in the control process?

An exception report is generated to highlight discrepancies in sales details that need investigation.

What does the ISA 530 standard pertain to?

The ISA 530 standard pertains to audit sampling.

Explain why combining enquiry with reperformance or inspection is more effective than combining it with observation.

Combining enquiry with reperformance or inspection provides a more thorough verification of control effectiveness compared to observation.

What action does the financial controller take regarding exception reports?

The financial controller reviews the exception reports weekly and investigates any discrepancies.

What causes detection risk in auditing?

Detection risk arises from sampling risk and non-sampling risk.

Explain the risk of over-reliance in audit sampling.

The risk of over-reliance occurs when controls are deemed more effective than they actually are, leading to incorrect audit opinions.

Describe one method auditors can use to test the accuracy of recorded sales transactions.

Auditors can select a sample of sales transactions from the sales ledger and verify that the details match supporting documents.

What does the test of control involve regarding sales invoices and customer orders?

The test of control involves ensuring that the details on the sales invoice, shipping document, and customer order match.

How can sampling risk be reduced in an audit?

Sampling risk can be reduced by increasing sample size and using stratification.

What is non-sampling risk and how can it be minimized?

Non-sampling risk is the risk of erroneous conclusions for reasons unrelated to sample size, minimized by proper planning and supervision.

What is the relation between audit sampling and the rate of deviation from controls?

When using sampling in tests of controls, auditors are concerned with the rate of deviation from those internal controls.

What is the primary application of audit sampling in testing controls?

Audit sampling is primarily applied to test recurring manual controls over routine, high-volume transactions.

How does an increase in the auditor's reliance on the effectiveness of controls affect sample size?

It increases the sample size because greater reliance requires more tests of controls.

What is the relationship between the expected rate of deviation in a population and the sample size required for testing?

As the expected rate of deviation increases, the sample size also needs to increase.

Explain why a larger sample size leads to lower sampling risk.

A larger sample size reduces sampling risk by providing more evidence from a bigger subset of the population.

What factors might auditors consider regarding the expected rate of deviation?

Auditors consider their understanding of the business, personnel changes, and results of previous audits.

How does the desired level of assurance affect sample size during an audit?

An increased desired level of assurance necessitates a larger sample size to ensure the results are indicative of the population.

What is the importance of using a larger subset of the population in sampling?

Using a larger subset enhances the accuracy and reliability of the conclusions drawn from the sample.

Why might an auditor increase their sample size from one audit period to another?

An auditor may increase the sample size due to changes in internal controls or an increased expected rate of deviation.

In what way does the auditor's previous experience with audit procedures affect sample size decisions?

Previous audit results inform the auditor's assessment of the appropriate sample size needed for current audits.

What effects does an increase in the tolerable deviation rate (TDR) have on sample size requirements?

An increase in the TDR requires less evidence from the sample to reach a conclusion, meaning a smaller sample size is needed.

Explain how an auditor should respond if the selected item for testing is not applicable to the audit procedure.

The auditor should perform the procedure on a replacement item that is relevant to the controls being tested.

What conclusion can an auditor draw if no deviations are found during controls testing?

The auditor can conclude that the control is operating effectively, allowing the planned audit approach to continue as intended.

What should an auditor do if documentation for a selected item is lost?

The auditor should perform a suitable alternative procedure to gather evidence regarding that item.

In what scenario would an auditor treat an item as a deviation from prescribed controls?

An item would be treated as a deviation if the auditor cannot perform the audit procedure and lacks a suitable alternative.

How does a lower tolerable deviation rate (TDR) influence the required sample size in audits?

A lower TDR requires a larger sample size to ensure that sufficient evidence is obtained to support the audit's conclusions.

What factors could lead to a determination that a control is not operating effectively?

Factors such as identified deviations or breakdowns in control processes can indicate that a control is not functioning as designed.

Why is it necessary for auditors to evaluate the results of controls testing?

Evaluating the results allows auditors to confirm whether their initial assessment of control risk is accurate and to adjust their audit approach as necessary.

Study Notes

Test of Control

• A test of control is an audit procedure used to evaluate the effectiveness of controls in preventing or detecting material misstatements at the assertion level.
• Tests of controls do not directly measure monetary errors in accounting records. Instead, they determine if a control activity is performed as designed.
• Control risk assessment is based on the auditor's assessment of the operating effectiveness of the controls.

Designing Tests of Controls

• Auditors design tests of controls to gather evidence regarding the effectiveness of the controls.
• The results of control testing confirm the auditor's assessment of control risk.

Methods to Test Controls

• Reperformance: The auditor repeats the process performed by the accountant, checking invoices, purchase orders, etc.
• Recalculation: The auditor recalculates values generated by IT applications.
• Inspection: The auditor reviews documentation (purchase orders, etc).
• Observation: The auditor watches employees perform a task.
• Inquiry: The auditor asks questions of management/employees.

Example - Tests of Controls

• Risk: Fictitious sales are created and recorded.
• Process: Sales
• Key Assertion:
  • Occurrence and Accuracy of revenue.
• Control: Sale is only recorded if details (date, customer, description, price, quantity) on documents (sales invoice; goods delivery note; customer order) agree.
• Test of Control: Select a sample of sales transactions from sales ledger and ensure details agree with invoice, shipping document and customer order.
• Risk: Sales are invoiced at incorrect amounts.
• Process: Sales
• Key Assertion: Valuation and allocation of accounts receivable.
• Control:
  • Details do not match, an exception report is generated for the financial controller. Weekly review and investigation of exceptions.
• Test of Control: Select 10 weekly exception reports and determine if reviewed by financial controller; discuss actions taken to resolve exceptions.

Using Data Analytics in Designing Tests of Controls

• Data analytics can be used for audit testing to identify duplicate or missing invoices.
• Accounting software often uses sequential transaction numbering; this is a type of IT application control over completeness.
• Auditors can use software to test if invoice numbers are sequential to spot missing or duplicate invoices.
• Missing invoice numbers mean revenue is potentially understated, therefore affecting the completeness and accuracy assertions.

Sampling

• 100% testing: An approach used when the control operates only once a year (e.g., board approval)
• Specific items: An approach that is not commonly used.
• Audit sampling: Selecting less than 100% of items for testing, but ensuring all items have a chance to be selected. This uses ISA 530 (audit sampling).

Relationship Between Sampling and Audit Risk Model

• Detection risk includes sampling risk and non-sampling risk.
• Sampling risk is that the sample conclusion differs from testing the whole population.
• Risks of over-reliance/incorrect acceptance affect audit effectiveness and opinion.
• Non-sampling risk is error in audit procedures, inappropriate procedures.

Audit Sampling in Testing Controls

• Sampling is typically used for high-volume transactions.
• The sample allows all items in the population a chance of selection.
• Audit software is often used to select the sample.
• A deviation from internal controls is when a control objective is not achieved; for instance, when it doesn't prevent or correct any misstatement.

Tolerable Deviation Rate (TDR)

• The acceptable rate of deviation that indicates the control is operating effectively.
• The auditor considers the design and nature of the control, and factors like risk, when setting the TDR.

Factors Influencing Sample Size

• Risk of material misstatement: Higher risk, often greater evidence required.
• Auditor degree of reliance on the controls: Greater reliance, often greater testing required.
• Audit procedures: Sample size will vary based on the procedures/approach.

Performing Tests of Controls

• The auditor obtains documentation from the client.
• The auditor reviews and tests each item selected.
• If the procedure isn't applicable to a sampled item, select a replacement.
• If a test can't be performed, consider an alternate procedure.

Evaluating the Results of Control Testing

• Decide if the controls performed effectively, or not.

No Deviation(s) Found

• The auditor infers that the control is operating effectively and continues the planned audit approach.

Deviation(s) Found

• The control may not be performing as expected.
• The auditor should investigate the nature and cause of the deviation.
• The auditor analyses if the deviation is an anomaly, or indicates issues with the control.

Compare Actual deviation rate to the TDR

• If the Actual Deviation Rate is less than the Tolerable Deviation Rate, the auditor can conclude the controls are operating effectively.
• If the ADR is greater than the TDR, the auditor needs to consider increasing sample size, or concluding that the control is not operating effectively - which may require a change in the audit approach and increase in the assessment of the control risk.

Description

This quiz explores the procedures and methods involved in testing controls during an audit. It covers critical concepts such as control risk assessment, designing tests, and various methods like reperformance and recalculation. Enhance your understanding of how auditors ensure the effectiveness of controls in detecting misstatements.