Control and Audit System

AQ016-3-3
INTERNAL CONTROL PLANNING

Application of Audit Testing

A.
B.
C.
D.

Tests of Controls
Testing for Monetary Misstatement
Reduction of Risk
Audit Assurance at Different Levels of
Internal Control Effectiveness
E. Simultaneous Testing of Controls and
Substantive Testing of Transactions
F. Timing of Audit Testing
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

A. Tests of Controls
Audit procedures to test the operating
effectiveness of control policies and procedures
in support of a reduced assessed control risk.
Some examples include:
Matching of vendor invoices against a purchase
order and receiving report before approving
invoice for payment.
Examination of employee time cards for
approval of overtime.

AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

B. Testing for Monetary Misstatement

Substantive Tests of
Transactions
Testing for monetary
misstatements to determine
if the following 6 transactionrelated audit objectives
have been met:
Existence
Completeness
Accuracy
Classification
Timing
Posting and Summarization
AQ016-3-3-CAS

Tests of Details of
Balances
Testing for monetary
misstatements to determine if the
following 9 balance-related audit
objectives have been met:
Existence
Completeness
Accuracy
Classification
Cutoff
Detail tie-in
Realizable value
Rights and obligations
Presentation and disclosure

INTERNAL CONTROL PLANNING

C. Reduction of Risk
Control Risk
Procedures to gain an
understanding of internal
control
Tests of controls
Once the auditor obtains an
initial understanding of
controls, tests of controls
must be performed to
obtain evidence regarding
the effectiveness of
controls. Stronger controls
will allow the auditor to
assess control risk below
the maximum.

AQ016-3-3-CAS

Detection Risk
Substantive tests of
transactions
Analytical procedures
Tests of details of
balances
The more evidence an
auditor collects from
the above procedures,
the lower the detection
risk. Detection risk
must be lower when
control risk is higher.

INTERNAL CONTROL PLANNING

Acceptable
assurance

No
assurance

AUDIT ASSURANCE

D. Audit Assurance at Different Levels of

Internal Control Effectiveness
C3

Audit
assurance
from
substantive
tests

C2
C1

Audit assurance
from control risk
assessment and
tests of control

A
C
B
INTERNAL CONTROL EFFECTIVENESS
Weak control
Strong control
Reliance on controls: C3 None, C2 Some, C1 Maximum

AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

E. Simultaneous Testing of Controls and

Substantive Testing of Transactions
The determination of control risk affects the type of
procedures and sample size for the substantive
testing of transactions.
For purposes of convenience, the testing of controls
and substantive testing of transactions will often
occur simultaneously.
In such situations the auditor will make an
assumption about the results of tests of controls. If
the testing of controls indicates that internal control
is worst than expected, substantive testing of
transactions will have to be modified accordingly.
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

F. Timing of Audit Testing

Auditors frequently consider it desirable to perform
audit tests prior to year end. Certain procedures
may be performed at an interim time (prior to
clients year end) :
Update depreciation schedules
Examine new loan agreements
Vouch transactions
Analyze changes in clients accounting system
Review board of director minutes
If strong internal controls exist the auditor may also:
Observe physical inventories
Confirm account balances
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

II. Selecting Tests to Perform

A. The Cost of Testing
B. Appropriate Evidence for Audit Testing
C. Risk and Testing in the Audit Process

AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

A. The Cost of Testing

AQ016-3-3-CAS

Going from the most to

least costly, the types of
tests are:
Tests of details of
balances
Substantive tests of
transactions
Tests of controls
Procedures to obtain an
understanding of internal
controls
Analytical procedures

INTERNAL CONTROL PLANNING

B. Appropriate Evidence for Audit

Testing

AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

Analytic
performance

Reperformance

Inquiries of
the client

Observation

Procedures for internal control

Tests of controls
ubstantive tests of transactions
Analytical procedures
Tests of details of balances

Documentation

Type of Test

Physical
Examination
Confirmation

Type of Evidence

C. Risk and Testing in the Audit

Process
Substantive Testing of
Transactions
In some situations it may be
more efficient to assess
control risk at a higher level
and reduce or eliminate tests
of controls. This depends on
cost of testing controls
versus the additional
substantive testing that
would result from a higher
control risk.
AQ016-3-3-CAS

Tests of Details of
Balances
If tolerable
misstatement is low,
and inherent risk and
control risk are high,
planned tests of
details of balances
must be high.

INTERNAL CONTROL PLANNING

III. Design of the Audit Program

Most audits design an audit program in the following three parts:

A. Tests of Controls and Substantive Tests

of Transactions
B. Analytical Procedures
C. Tests of Details of Balances

AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

A. Tests of Controls and Substantive Tests of Transactions

A four-step approach when the auditor plans to reduce assessed
control risk below the maximum:
Transaction related audit objectives are applied to the class of
transactions being tested, such as sales.
Key controls that should reduce control risk for each
transaction-related audit objective are identified.
For all internal controls used to reduce the initial assessment of
control risk below the maximum (key controls), appropriate
tests of controls are developed.
Design appropriate substantive tests of transactions,
considering weaknesses in internal control and expected
results of tests of controls (allows for simultaneous tests of
controls and substantive testing).
Note: If control risk is assessed at 1.0, only substantive tests of
transactions will be used in this part of the audit program.
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

B. Analytical Procedures

Analytical procedures may be performed during 3 different

stages of the audit:
In the planning stage to help the auditor understand the
clients business and determine other evidence needed to
satisfy acceptable audit risk.
During the audit, especially during substantive testing.
Near the end of the audit as a final test of reasonableness.
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

C. Tests of Details of Balances

If the results of tests of
controls, substantive
tests of transactions,
and analytical
procedures are not
consistent with the
predictions, tests of
details of balances
will need to be
changed as the audit
progresses.
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

IV. A Summary
of the Audit
Process

AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

Summary of the Audit Process - Phase I (Planning)

Accept client and perform initial planning.

Understand the clients business and industry.

Assess clients business risk.

Perform preliminary analytical procedures.

Set materiality and assess acceptable audit risk

and inherent risk.

Understand internal control and assess control risk.

AQ016-3-3-CAS

Develop overall audit

plan and audit program.
INTERNAL CONTROL PLANNING

Summary of the Audit Process - Phase II (Begin Field

Work)
From
Phase I

Plan to reduce assessed

level of control risk?

Yes
Perform tests of controls.
Perform substantive tests of transactions.

Assess likelihood of misstatements in

financial statements.
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

No

Summary of the Audit Process Phase III (End of

Fieldwork)
From
Phase II

Likelihood of Misstatement
in Financial Statements
Low
Medium High or
unknown
Perform analytical procedures.

Perform tests of key items.

Perform additional tests of details of balances.
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING

Summary of the Audit Process Phase IV (Wrap-Up)

From
Phase III
Review for contingent liabilities.

Review for subsequent events.

Accumulate final evidence.
Evaluate results.
Issue audit report.

Communicate with audit

committee and management.
AQ016-3-3-CAS

INTERNAL CONTROL PLANNING