Copyright 2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett Slides prepared by Roger Simnett 1 TESTS OF CONTROLS CHAPTER 9
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 1
TESTS OF CONTROLS
CHAPTER 9
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 2
TESTS OF CONTROLS • Provide auditor with evidence to support their
assessment of control risk. When control risk assessed at less than high, necessary to gather evidence that controls are working.
• Auditor will select most efficient and effective combination of tests of controls, and substantive tests of transactions and balances.
• Auditor must consider:
Design
Operation of internal control structure
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 3
PLANNING THE SCOPE OF TESTS
OF CONTROLS
• Nature: If controls exist that auditor expects to rely upon, undertake tests of these controls, otherwise undertake substantive testing.
• Timing: To aid ability to meet deadlines and scheduling of staff, tests of controls sometimes scheduled before year-end. Testing then extended (rolled forward) until year-end.
• Extent: For tests of controls related to documents, extent determined by reference to sampling theory.
Controls related to accounting routines (e.g. back reconciliations) usually tested by re- performing a small number.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 4
TESTS OF CONTROLS
AIMED AT DESIGN
Generally include:
• Inquiries of company personnel
• Inspection of documents and reports
• Observation of the application of specific internal control policies and procedures
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 5
TESTS OF CONTROLS AIMED AT
OPERATION
Should provide evidence that the:
• Control actually existed
• Control was effective in achieving its objectives
• Control operated continuously throughout the period of intended reliance
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 6
SUFFICIENCY AND
APPROPRIATENESS OF TESTS OF
CONTROLS
• Dependent on level of control risk the tests must support
• The lower the planned assessed level of control risk, the greater the amount of testing that is required
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 7
OTHER FACTORS AFFECTING
SUFFICIENCY AND
APPROPRIATENESS
Auditor should also consider:
• Type and source evidence
• Timeliness
• Interrelationship of evidence
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 8
EFFECT OF DOCUMENTATION
OF CONTROLS: AUDIT TRAIL
• Methods used by auditor dependent on whether a documentary audit trail exists
• Where no audit trail exists, greater emphasis on:
Observation
Inquiry of the control
• If audit trail does exist:
Inspect documentation for evidence of the control
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 9
REVENUES, RECEIVABLES
AND RECEIPTS (SALES CYCLE)
Sales cycle involves all those transactions
and events that are initiated when an entity
makes a sale. Characterised by a high
volume of routine transactions.
Audit problems tend to be related to clerical
processing rather than complex accounting
problems.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 10
KEY FUNCTIONS IN TYPICAL
SALES CYCLE
• Order entry and order approval by credit department
• Shipping
• Invoicing
• General ledger entry
• Accounts receivable
• Mail opening
• Cashier functions
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 11
TYPICAL CREDIT SALES
FLOWCHART
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 12
TYPICAL CASH COLLECTION
FLOWCHART
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 13
SALES CYCLE — ROUTINE AND
NON-ROUTINE TRANSACTIONS
• Routine transactions: credit sales to customers, cash collections from customers (flowcharts), usually strong control system, auditor considers (and usually undertakes) tests of controls.
• Non-routine transactions: adjustments to sales, and provisions for doubtful debts. Less well controlled. Where material, auditor undertakes substantive testing.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 14
CONTROL OBJECTIVES FOR
SALES SYSTEM
Controls are in place to ensure that:
• All sales recorded are bona fide transactions for merchandise actually shipped to customers.
• All sales for the period of merchandise shipped are invoiced and properly recorded in accounting records.
• Invoices have been recorded correctly as to amount and period and summarised correctly.
• Sales are disclosed and classified in accordance with disclosure policies.
From Table 9.4 (p. 397)
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 15
EXAMPLE OF LINKING OBJECTIVES TO
CONTROL POLICIES AND TESTS OF
CONTROLS FOR SALES (From Table 9.4 p. 397)
Special control objectives Common control policies and procedures
Tests of controls
• All sales recorded are bona fide transactions for merchandise actually shipped to customers
• Policy of authorisation of credit and terms
• Quantities shipped periodically reconciled to quantities invoiced independently of shipping and invoicing
• Monthly statements mailed to customers
• Signed acknowledgment that goods are received by customers
• Select a sample of sales transactions from sales journal (daily activity report), check for appropriate authorisation and trace to shipping document file
• Inspect reconciliation of shipments to invoices
• Observe mailing of monthly statements, examine customer correspondence file and investigate non-cash credits to accounts receivable
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 16
CONTROL OBJECTIVES FOR
CASH RECEIPTS SYSTEM
Controls are in place to ensure that:
• Recorded cash receipts are for collection of receivables from customers
• All cash receipts are recorded and deposited
• Cash receipts have been recorded correctly as to account, amount and period
Ref.: Table 9.5 (p. 400)
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 17
EXAMPLE OF LINKING CONTROL OBJECTIVES
TO CONTROL POLICIES TO TESTS OF
CONTROLS: CASH RECEIPTS
(Ref.: Table 9.5 p. 400)
Special control objectives Common control policies and procedures
Test of controls
• Recorded cash receipts are for collection of receivables from customers
• Cash receipts matched to specific sales invoices in posting to accounts receivable master file
• Select a sample of entries in cash receipts journal and trace to remittance advices or sales invoices
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 18
TYPES OF MISSTATEMENTS
IN SALES CYCLE
Generally result of:
• Clerical mistakes
• Employee fraud
• Misapplied accounting principles
• Management fraud
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 19
EXPENDITURES, PAYABLES
AND DISBURSEMENTS
• Expenditures cycle — all transactions and events initiated when an entity acquires assets or services used for cash or credit.
• Auditors (and many entities) often separate this cycle into a number of sub-cycles, which reflect various types of services and assets that can be acquired.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 20
SUB-CYCLES IN EXPENDITURES,
PAYABLES AND DISBURSEMENTS
These sub-cycles are:
• Payroll
• Property, plant and equipment
• Inventory
• Income taxes
• Incurrence of selling and administrative
expenses
• Miscellaneous expenses paid from petty
cash
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 21
KEY FUNCTIONS WITHIN
THE INVENTORY SUB-
CYCLE
• Purchasing
• Accounts payable
• Cash disbursements function
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 22
TYPICAL PURCHASES AND CASH
PAYMENTS FLOWCHART
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 23
CONTROL OBJECTIVES IN A
PURCHASES OF INVENTORY SYSTEM
Controls are in place to ensure that: • All recorded purchases are bona fide transactions in
that they relate to goods or services authorised or received.
• All purchases for the period of inventory received are recorded.
• Purchases of goods or services for inventory are recorded correctly as to account, amount and period, and summarised correctly.
• Purchases are disclosed and classified in accordance with disclosure policies.
From Table 9.6 (p. 409)
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 24
EXAMPLE OF LINKING CONTROL
OBJECTIVES, CONTROLS AND TESTS OF
CONTROLS: PURCHASES
Special control objectives Common control policies and procedures
Tests of controls
• All recorded purchases are bona fide transactions in that they relate to goods or services authorised or received
• Goods received are counted, inspected and compared to purchase order before acceptance
• Services received are acknowledged in writing
• Comparison of purchase order, receiving report and supplier’s invoice and recomputation of supplier’s invoice before recording liability
• Select a sample of order entries in purchases journal, trace back to vouchers and inspect for existence of supporting document including receiving report, ensuring agreement of details and indication of approval
• Observe and inquire about receiving procedures
From Table 9.6 (p. 409)
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 25
CONTROL OBJECTIVES IN A CASH
DISBURSEMENTS SYSTEM
Controls are in place to ensure that:
• Recorded cash disbursements are for goods or services authorised and received.
• All cash disbursements are recorded.
• Cash disbursements are recorded correctly as to account, amount and period.
From Table 9.7 (p. 410)
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 26
EXAMPLE OF LINKING CONTROL OBJECTIVES,
CONTROL AND TESTS OF CONTROLS: CASH
DISBURSEMENTS (Ref.: Table 9.7 p. 410)
Special control objectives Common control policies and procedures
Tests of controls
• Recorded cash disbursements are for goods or services authorised and received
• Cheques printed or prepared only when supporting documents compared, recomputed and voucher approved
• Cheques signed only after viewing supporting documentation and prior approval
• Cheque signing independent of initiating or approving purchases, cheque preparation and accounting functions
• Supporting documentation cancelled and reference to cheque number
• Select a sample of cash disbursement transactions from cash payments journal and inspect supporting documentation for indication of checking, review and approval, and reperform checking
• Observe and inquire about cheque preparation and signing and protection of unissued cheques
• For the sample of cash disbursement transactions inspect supporting documents for cancellation, cheque number and endorsement
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 27
POTENTIAL MISSTATEMENTS IN
EXPENDITURE CYCLE
As expenditure cycle involves disbursements
of cash there is a greater risk of fraud or
irregularity, including:
• Classic disbursements fraud
• Kickbacks
• Illegal acts
• Unauthorised executive perks
• Kiting
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 28
SELLING AND ADMINISTRATIVE
EXPENSES
• Processing and related control policies and procedures for selling and administrative expenses are similar to those for purchases of inventory.
• Auditor will normally obtain comfort from cash disbursement testing for inventory purchases and perform minimal testing in this area.
• Analytical procedures (e.g. comparing balance with prior periods) widely used as a key type of testing.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 29
PETTY CASH DISBURSEMENTS
• Petty cash disbursements are usually immaterial in amount and therefore few, if any, audit procedures are applied to this area.
• Where the area is significant, emphasis is on ensuring appropriate procedures are in place to safeguard cash.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 30
PAYROLL The payroll function is usually audited in either of two ways (or best combination):
• Focusing on analytical procedures (there are disaggregated and strong relationships in this area, e.g. comparing fortnightly payrolls); or
• An emphasis on tests of transactions over the payroll area with a key control being appropriate segregation of duties of hiring function, approval of time worked, payroll preparation and payroll distribution.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 31
TESTS OF CONTROLS IN PAYROLL
If tests of controls are necessary the
following audit procedures may be
undertaken:
• Authorisation by supervisors of time worked
• Check signed time cards/sheets
• Use of approved pay rates (personnel department)
• Check for reasonableness, compared with awards
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 32
INTEREST, RENT, LEASE AND
INSURANCE PAYMENTS
Usually a substantive approach of checking terms and conditions to contracts.
• Auditor interested in the key control of authorisation of the contract
• Accounting treatment of leases complex, and auditor might check controls to ensure properly accounted for
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 33
TESTING CONTROLS IN CLIENT
COMPUTER PROGRAMS
Separate techniques have to be developed
for testing programmed controls.
These are: • Test data
• Integrated test facility
• Controlled processing, reprocessing or parallel processing
• Review program code and results of job processing
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 34
TEST DATA
Figure 9.4 (p. 416)
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 35
INTEGRATED TEST FACILITY
Figure 9.5 (p.417)
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 36
AUDITING THROUGH
COMPUTER — PROCESSING
CLIENT DATA
• Controlled processing. Auditor establishes control over processing of client’s data.
• Controlled reprocessing. Auditor reprocesses client data.
• Parallel processing. Simultaneously processes client data through client and auditor programs.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 37
AUDITING THROUGH COMPUTER —
NON-PROCESSING APPROACHES
• Program code review. Involves reviewing relevant code line by line, considering whether processing steps and control procedures are properly coded and logically correct.
• Review of job accounting data. Involves review printed log of jobs, looking for excessive processing time, abnormal halts, etc.
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 38
ADVANCED CAATs
• Systems control audit review file (SCARF) Audit modules embedded in programs to monitor
transaction activity
• Snapshot Transactions are tagged and then identified at
certain points during processing to see how program is treating them
• Audit hooks Points in program that allow auditor to insert
commands for special processing
Copyright 2003 McGraw-Hill Australia Pty Ltd
PPTs t/a Auditing and Assurance Services in Australia by Gay & Simnett
Slides prepared by Roger Simnett 39
IMPACT OF STRATEGIC BUSINESS
RISK ON TESTS OF CONTROLS
Approach increases emphasis on non- routine transactions and decreases emphasis on routine transactions:
• Expect a satisfactory IC structure around routine transactions; therefore must undertake tests of controls to support this expectation
• Therefore either no change or increased emphasis on tests of controls