Modern Auditing - Muhariefeffendi's Website | Knowledge · PDF file · 2015-08-31Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William

Modern Auditing: Assurance Services and the Integrity

of Financial Reporting, 8th Edition

William C. Boynton California Polytechnic State

University at San Luis Obispo

Raymond N. Johnson Portland State University

Chapter 11 – Audit Procedures in Response to Assessed

Risks: Tests of Controls

Chapter 11 Overview

Assessing Control Risk

In assessing control risk, the auditor

must evaluate the effectiveness of :

• Design of internal controls

• Operation of internal controls

Steps in Assessing Control Risk

Process for Assessing Control

Risk

• Consider Knowledge Acquired from

Procedures to Obtain an

Understanding

• Identify Potential Misstatements

Process for Assessing Control

Risk

• Identify Necessary Controls

– Nature of controls to prevent or detect and

correct misstatements

– Nature of controls implemented by

management

– Significance of each control

– Risk that designed controls may not operate

effectively

Control Design for Specific

Assertions

• Completeness Assertion

• Existence or Occurrence Assertion

• Valuation and Allocation Assertion

• Presentation and Disclosure

Assertion

Identify Necessary Controls

Process for Assessing Control

Risk

• Perform Tests of Controls

– Evidence about effectiveness of the

design and operation of controls

• Evaluate Evidence and Make

Assessment

– Matter of professional judgment

– Identify strengths and deficiencies

– Express quantitatively or qualitatively

Strategies for Performing Tests

of Controls in an IT Environment

• User Controls

• Application Controls

• General Controls and Manual

Followup Procedures

Overview of Computer Controls

Computer-Assisted Audit

Techniques (CAATs)

• Auditing through the computer

• Advantageous when:

– Significant part of internal controls is

imbedded in a computer program

– Significant gaps in visible audit trail

– Large volumes of records to be tested

Types of CAATs

• Parallel Simulation

• Test Data

• Integrated Test Facility

• Continuous Monitoring of On-line

Real-time Systems

Parallel Simulation versus Test

Data

Continuous Monitoring of On-

Line Real-Time Systems

• Continuous Monitoring

• Audit Hook

• Tagging Transactions

• Audit Log

Methodologies for Meeting the

Second Standard of Fieldwork

Effects of Preliminary Audit

Strategies

• Primarily Substantive Approaches

• Lower Assessed Level of Control Risk

Designing Tests of Controls

Designed to evaluate the operating

effectiveness of a control concerned

with:

• How the control was applied

• Consistency with which it was applied

• By whom it was applied

Nature of Tests of Controls

• Inquiries of entity personnel

• Inspection of items indicating

performance of the control

• Observation of the application of the

control

• Reperformance of the application of the

control by the auditor

Timing of Tests of Controls

• One Occasion versus Multiple

Occasions

• Timing Issues

– Interim Period

– Remaining Period

– Results from Prior Periods

Extent of Tests of Controls

• Nature of the Control

• Frequency of Operation

• Importance of the Control

Designing Tests of Controls

• Staffing Tests of Controls

• Audit Programs for Tests of Controls

• Dual-Purpose Tests

Additional Considerations

• Assessing Control Risk for Account

Balance Assertions Affected by a

Single Transaction Class

• Assessing Control Risk for Account

Balance Assertions Affected by

Multiple Transaction Classes

Account Balance Assertions and

Transaction Class Assertions

Account Balance Assertions and

Transaction Class Assertions

Documenting the Assessed Level

of Control Risk

• Control Risk Assessed at the

Maximum

– Only the conclusion is documented

• Control Risk Assessed at Below the

Maximum

– Basis for assessment must be

documented

Communicating Internal Control

Matters

• Internal Control Deficiency

• Significant Deficiency

• Material Weakness