Sie sind auf Seite 1von 41

Chapter 9

Tests of Controls

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-1

Learning Objective 1:

Tests of Controls

Provides auditor with evidence to support their


assessment of control risk. When control risk assessed
at less than high, necessary to gather evidence that
controls are working. This evidence is gathered via test
of controls.
If control risk is assessed at high, auditor will not
undertake test of controls.
Auditor selects most efficient and effective combination
of tests of controls, and substantive tests of
transactions and balances.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-2

Assessing control risk

To assess control risk as high, auditor must expect that


substantive procedures alone will provide sufficient
appropriate evidence.
Areas where substantive procedures alone may not
provide sufficient appropriate evidence include routine
recording of significant classes of transactions, such as
revenue or purchases. These areas often highly
automated with little or no manual intervention.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-3

Planning the scope of tests of controls

Nature if controls exist that the auditor expects to rely upon,


undertake tests of these controls, otherwise undertake
substantive testing.
Timing to aid ability to meet deadlines and scheduling of
staff, tests of controls sometimes scheduled before year-end.
Testing then extended (rolled forward) until year-end.
Extent the more the auditor relies on controls, the greater
the extent of tests of controls. For tests of controls related to
documents, extent determined by reference to sampling
theory.
Controls related to accounting routines (e.g. bank
reconciliations) usually tested by re-performing a small
number.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-4

Learning Objective 2:

Existence, Effectiveness and Continuity of


Controls

For internal controls to provide audit evidence about


risk of material misstatements at the assertion level, the
auditor must collect audit evidence about the existence,
effectiveness and continuity of controls.
Evidence of existence of controls is usually gained
when auditor is evaluating control risk.
Tests of controls are aimed at establishing their
effectiveness and continuity.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-5

Aspects of internal control

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-6

Learning Objective 3:

Sufficiency and Appropriateness

Dependent on the level of control risk the tests must


support.
The lower the planned assessed level of control risk,
the greater the amount of testing that is required.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-7

Others factors affecting sufficiency and


appropriateness

Auditor should also consider:

type and source of evidence


timeliness
interrelationship of evidence.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-8

Effect of documentation of controls:


audit trail

Methods used by auditor is dependent on whether a


documentary audit trail exists.
Where no audit trail exists, greater emphasis is placed
on:

observation
inquiry of the control.

If audit trail does exist:

Inspect documentation for evidence of the control.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-9

Relationship between tests of controls


and assertions

When auditors assessment of material misstatement at


assertion level includes an expectation that controls are
operating effectively, the auditor should perform tests of
controls to obtain evidence that the controls were
operating effectively at relevant times during the audit.
Controls that relate to the control environment of a
companys internal control system relate less directly to
specific financial report assertions.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-10

Assertions and testing control activities

The information system, control activities and monitoring of


controls are built around major flows of transactions and
events. Possible to relate most tests of controls for these
elements to assertions about classes of transactions and
events:
(i) Occurrence transactions and events that have been recorded,
have occurred and pertain to the entity;
(ii) Completeness all transactions and events that should have
been recorded have been recorded;
(iii) Accuracy amounts and other data relating to recorded
transactions and events have been recorded appropriately
(iv) Cutoff transactions and events have been recorded in the
correct accounting period; and
(v) Classification transactions and events have been recorded in
the proper accounts.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-11

Learning Objective 4:

Revenues, Receivables and Receipts


(Sales Cycle)

Sales cycle involves all those transactions and events


that are initiated when an entity makes a sale. It is
commonly characterised by a high volume of routine
transactions.
Audit problems commonly related to clerical processing
rather than complex accounting problems.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-12

Key functions in typical sales cycle

Order entry and order approval by credit department


Shipping
Invoicing
General ledger entry
Accounts receivable
Mail opening
Cashier functions.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-13

Typical credit sales flowchart

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-14

Typical cash collection flowchart

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-15

Sales cycle routine and non-routine


transactions

Routine transactions:

credit sales to customers, cash collections from


customers (flowcharts), usually strong control system,
auditor considers (and usually undertakes) tests of
controls.

Non-routine transactions:

adjustments to sales, and provisions for doubtful debts.


Less well controlled. Where material, auditor undertakes
substantive testing.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-16

Control objectives for sales system

Controls are in place to ensure that:

Occurrence all sales recorded are bona fide


transactions for merchandise actually shipped to
customers;
Completeness all sales shipped are invoiced and
recorded in accounting records;
Accuracy invoices have been recorded correctly as to
amount and summarised correctly;
Cutoff invoices have been recorded in correct period;
Classification sales classified in accordance with written
policies.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-17

Example of linking objectives to control policies and


tests of controls for sales (Ref. Table 9.4 p. 411)
top of table 9.4
Special control
objectives

Common control
policies and
procedures

Tests of controls

Occurrence All sales

Policy of authorisation

Select sample of sales

recorded are bona fide


transactions for
merchandise actually
shipped to customers.

of credit and terms


Evidence of quantities
shipped reconciled to
quantities invoiced

transactions from sales


journal (daily activity
report), check for
authorisation and trace
to shipping document
file
Inspect reconciliation
of shipments to
invoices

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-18

Control objectives for cash receipt system

Controls are in place to ensure:

Occurrence recorded cash receipts are for collection of


receivables resulting from sales to customers of the
entity;
Completeness all cash receipts are recorded and
deposited;
Accuracy cash receipts have been recorded correctly as
to amount;
Cutoff cash receipts have been recorded in correct
period;
Classification cash receipts are classified in accordance
with company policy.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-19

Example of linking control objectives to control


policies to tests of controls: cash receipts (Ref.: Table
9.5 p. 413)
Special control
objectives

Common control
policies and
procedures

Occurrence Recorded

Cash receipts matched

cash receipts are for


collection of receivables
resulting from sales to
customers of the entity.

to specific sales
invoices in posting to
accounts receivable
master file.

Test of controls

Select a sample of

entries in cash receipts


journal and review
evidence that matched
to specific sales
invoices.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-20

Types of misstatement in sales cycle

Generally result of:

clerical mistakes;
employee fraud;
misapplied accounting principles, especially around some
revenue recognition issues;
management fraud.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-21

Learning Objective 5:

Expenditures, Payables and


Disbursements

Expenditure cycle all transactions and events


initiated when an entity acquires assets or services
used for cash or credit.
Auditors (and many entities) often separate this cycle
into a number of sub-cycles, which reflect various types
of services and assets that can be acquired.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-22

Sub-cycles in expenditures,
payables and disbursements

These sub-cycles are:

payroll
property, plant and equipment
inventory
income taxes
selling and administrative expenses
miscellaneous expenses paid from petty cash.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-23

Key functions within the inventory


sub-cycle

Purchasing
Receiving
Accounts payable
Cash disbursements function.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-24

Typical purchases and cash payments


flowchart

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-25

Control objectives for purchases


of inventory

Controls are in place to ensure:

Occurrence all recorded purchases are bona fide


transactions in that they relate to goods or services
authorised or received;
Completeness all purchases for the period of inventory
received are recorded;
Accuracy purchases of goods or services for inventory
are recorded correctly as to amount and summarised
correctly;
Cutoff purchase invoices have been recorded in correct
period;
Classification purchase are classified in accordance
with classification policies.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-26

Example of Linking Control Objectives, Controls and


Test of Controls: Purchases
Special control
objectives
Occurrence All

recorded purchases are


bona fide transactions
in that they relate to
goods or services
authorised or received.

Common controls

Tests of controls

Approval of purchase

Examine evidence of

order
Goods received are
counted, inspected and
compared to purchase
order before acceptance
Comparison of purchase
order, receiving report and
suppliers invoice and
recomputation of
suppliers invoice before
recording liability

approved purchase and


service orders
Select a sample of order
entries in purchases
journal, trace back to
vouchers and inspect for
existence of supporting
document including
receiving report, ensuring
agreement of details and
indication of approval

From Table 9.6 (p. 422-3)


Copyright 2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-27

Control objectives in a cash


disbursements system

Controls are in place to ensure:

Occurrence recorded cash disbursements are for goods


or services authorised and received;
Completeness all cash disbursements are recorded;
Accuracy cash disbursements are recorded correctly as
to amount;
Cutoff cash disbursements recorded in correct period;
Classification cash disbursements are recorded
correctly as to account.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-28

Example of linking control objectives, controls and test of


controls: purchases : cash disbursements (Ref.: Table 9.7 p. 423)
Special control
objectives
Occurrence

Recorded cash
disbursements are
for goods or
services authorised
and received.

Common control policies


and procedures

Tests of controls

Cheques printed or prepared

Select a sample of cash

only when receipt of goods or


services and approval are
documented (e.g. supporting
documents compared,
recomputed and voucher
approved)
Cheques signed only after
viewing supporting
documentation and prior
approval
Supporting documentation
cancelled and reference to
cheque number

disbursement transactions
from cash payments journal
and inspect supporting
documentation for indication of
checking, review and approval
Observe and inquire about
cheque preparation and
signing and protection of
unissued cheques
For the sample of cash
disbursement transactions
inspect supporting documents
for cancellation, cheque
number and endorsement

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-29

Potential misstatements in
expenditure cycle

As expenditure cycle involves disbursements of cash


there is a greater risk of fraud or irregularity, including:

classic disbursements fraud


kickbacks
illegal acts
unauthorised executive perks
kiting.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-30

Learning Objective 6:

Selling and Administrative Expenses

Processing and related control policies and procedures


for selling and administrative expenses are similar to
those for purchases of inventory.
Auditor will normally obtain comfort from cash
disbursement testing for inventory purchases and
perform minimal testing in this area.
Analytical procedures (e.g. comparing balance with
prior periods) widely used as a key type of testing.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-31

Petty cash disbursements

Petty cash disbursements are usually immaterial in


amount and therefore few, if any, audit procedures are
applied to this area.
Where the area is significant, emphasis is on ensuring
appropriate procedures are in place to safeguard cash.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-32

Payroll

The payroll function is usually audited in either of two


ways (or best combination):

focusing on analytical procedures (there are


disaggregated and strong relationships in this area, e.g.
comparing fortnightly payrolls);
an emphasis is placed on tests of transactions over the
payroll area with the key control being appropriate
segregation of duties in the hiring function, approval of
time worked, payroll preparation and payroll distribution.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-33

Tests of controls in payroll

If tests of controls are necessary the following audit


procedures may be undertaken:

authorisation by supervisors of time worked;


check signed time cards/sheets;
check use of approved pay rates (personnel department);
check for reasonableness, compared with awards.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-34

Interest, rent, lease and insurance


payments

Auditor usually takes a more substantive approach,


which includes checking terms and conditions of
contracts;
Auditor interested in the key control of authorisation of
the contract;
Accounting treatment of leases is complex, and auditor
might check controls that ensure leases are properly
accounted for.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-35

Learning Objective 7:

Testing Controls in Client Computer


Programs

Separate techniques have to be developed for testing


programmed controls. These are:

test data
integrated test facility
controlled processing, reprocessing or parallel processing
review program code and results of job processing.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-36

Test data

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-37

Integrated test facility

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-38

Auditing through computer


processing client data

Controlled processing auditor establishes control over


processing of clients data;
Controlled reprocessing auditor reprocesses client
data;
Parallel processing simultaneously processes client
data through client and auditor programs.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-39

Auditing through computer


other approaches

Program code review involves reviewing relevant


code line by line, considering whether processing steps
and control procedures are properly coded and logically
correct.
Review of job accounting data involves reviewing
printed log of jobs, looking for excessive processing
time, abnormal halts, and etc.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-40

Advanced CAATs

Systems control audit review file (SCARF)

Snapshot

audit modules embedded in programs to monitor


transaction activity.
transactions are tagged and then identified at certain
points during processing to see how program is treating
them.

Audit hooks

points in program that allow auditor to insert commands


for special processing.

Copyright 2006 McGraw-Hill Australia Pty Ltd


Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

9-41