Which of the following is a step in an auditors decision to rely on internal controls
[toc-this] Show
PrinciplesPlacing reliance on controlsIf the selected approach is to rely on controls to reduce the extent of substantive procedures, the objective of tests of controls ito evaluate whether the key controls, or relevant [a-glossary term="compensating%20controls"]compensating controls)[/a-glossary] , operated effectively and continuously during the period under review (phase 3 in the diagram below).Not placing reliance on controlsEven if in the planning phase it is decided not to rely on controls (audit objective), the auditor should still examine the design of key controls (and may perform tests of controls) so as to support findings and identify and report on weaknesses and propose recommendations for improvement. Nature of tests of controlsThe nature of a particular control influences the type of audit procedure required to obtain audit evidence about whether the control was operating effectively at relevant times during the period under audit. There are two levels of controls: high-level controls, such as monitoring controls, and low-level controls, such as authorisation controls, operational controls, physical controls, etc. These can be manual, semi-automated or fully automated. Reliance should be placed on the highest-level control possible. Tests of controls can be divided into three main categories, as follows.
Timing of tests of controlsThe timing of tests of controls depends on the auditor’s objective and determines the period of reliance on those controls. The timing of
tests refers both to the period to cover (at a particular time or throughout a period) and to the time when the auditor will perform the test (interim period or period end) or not (reliance obtained in prior audits). For significant risks, the auditor should test the controls in the current period. If substantially different controls were used at different times during the period under audit, the auditor should consider each one separately.
Extent of tests of controlsThe auditor designs tests of controls to obtain sufficient, relevant and reliable audit evidence that they operated effectively throughout the period of reliance. The more (s)he relies on the operating effectiveness of controls in the risk assessment, the greater the extent of tests of controls. The auditor may consider the following when determining the extent of tests of controls:
In cases where the auditor decides to increase the extent of the audit procedure, the extent of tests of automated controls does not necessarily need to be increased, because of the inherent consistency of IT processing. Once the auditor determines that an automated control is functioning as intended, (s)he will then consider performing tests to establish whether the control still functions effectively. Tests of controls providing positive evidenceWhen evaluating and testing controls, the auditor should carefully consider the [link title="inherent%20limitations%20of%20internal%20controls" link="%2Faware%2FGAP%2FPages%2FCA-FA%2FPlanning%2FInternal-control.aspx%23Inherent-limitations-of-internal-controls" /] , as well as the cost-effectiveness of testing controls. The weakly persuasive and negative nature of evidence is a general problem affecting tests of controls. However, tests of controls can be devised that provide positive evidence that a control is operating as expected, e.g. lists of transactions that were rejected as a result of the key controls, along with the record of the correction and reprocessing of the transactions concerned or periodic reconciliation of bank records to accounting data.InstructionsThe techniques that are generally used to test key controls are observation and enquiry, inspection and computation, or a combination thereof. The following overview gives an indication of how to test the operating effectiveness of key controls. Testing application controls
Testing the assertions addressed
Walkthrough testing of controls
Testing individual items
Reviewing evidence of controls
Testing management and monitoring controls
Resources[toggles] [toggle title="Tests%20of%20controls%20typically%20performed%20when%20auditing%20the%20reliability%20of%20the%20accounts"]
[/toggle] [/toggles] [toggles] [toggle title="Examples%20of%20key%20high-level%20controls%20that%20may%20be%20tested%20in%20compliance%20audit"]
[/toggle] [/toggles] [/toc-this] Which of the following is a step in an auditor's decision to rely on internal controls?Which of the following is a step in an auditor's decision to rely on internal controls? Identify specific controls that are likely to prevent, or detect and correct material misstatements and perform tests of controls.
What are the steps considered in considering internal control?Here is a five-step process to follow when developing and implementing effective internal controls in an organization:. Step 1: Establish an Appropriate Control Environment.. Step 2: Assess Risk.. Step 3: Implement Control Activities.. Step 4: Communicate Information.. Step 5: Monitor.. What are audit procedures for internal controls?Audit procedures are the processes and methods auditors use to obtain sufficient, appropriate audit evidence to give their professional judgment about the effectiveness of an organization's internal controls.
What are the 4 internal controls?Preventive Controls
Separation of duties. Pre-approval of actions and transactions (such as a Travel Authorization) Access controls (such as passwords and Gatorlink authentication) Physical control over assets (i.e. locks on doors or a safe for cash/checks)
|