Assessing control risk requires the auditor to consider the design of controls to evaluate whether they should be effective in meeting transaction-related audit objectives.
Some evidence will have been gathered in support of the design of the controls, as well as evidence that they have been placed in operation, during the understanding phase.
Designing audit tests of controls
To use specific controls as a basis for reducing assessed control risk, however, specific evidence must be obtained about their operating effectiveness throughout all, or at least most, of the period under audit, The procedures to test effectiveness of controls in support of a reduced assessed control risk are called tests of controls. Designing tests of controls involves the following:
- Nature of tests
- Timing of tests
- Extent of tests
Nature of Tests
As to the nature of tests of controls, the auditor’s has the following choices:
- Inquiring: Inquiring is designed to determine (1) an employee’s understanding of his/her duties, (2) the individual’s performance of those duties, and (3) the frequency, indicate improper application of a control.
- Observing: Observing the employee’s performance provides similar evidence,
- Inspecting: Inspecting documents and records is applicable when there is a transaction trail of performance in the form of signatures and validation stamps that indicate whether the control was performed and the individual who performed.
- Re performing: Re performing a control by the auditor provides the best evidence of its effectiveness.
In performing the tests, the auditor selects the procedure that will provide the most reliable evidence about the effectiveness of the control policy or procedure. No one test of controls is always applicable or equally effective in providing evidence.
Timing of Tests
The timing of the test of controls refers to when they are performed and the part of the accounting period to which they relate. Additional test of control are performed during interim work, which may be several months before the end of the year under audit.
These tests therefore only provide evidence of the effectiveness of controls from the beginning of year to the date of the tests. From the standpoint of audit efficiency, the tests of controls should be performed as late in the interim period as possible.
Extent of Tests
The extent of tests of controls is directly affected by the auditor’s planned assessed level of control risk. More extensive tests of controls will ordinarily provide more evidence of the operating effectiveness of a control policy or procedure than less extensive tests. More extensive testing will be needed for a low assessed level of control risk than for a moderate assessed level of control risk.
The extent o; additional testing will also be affected by the intended use of evidence about this effectiveness from prior audits. Moreover, before using evidence from prior audits the auditor should ascertain whether there have been any significant changes in the design or operation of the control policies and procedures since the prior tests.
You May Like Also:
- Relationship between test controls and assessing control risk
- Using the work of internal auditors in test of controls
- Additional Considerations in Assessing Control Risk
- Post Audit Responsibilities
- What is auditor’s certificate with sample
- Difference between audit report and audit certificate
- Advantages of Cost Audit
- Annexure to Cost Audit Report
- Auditing glossary and abbreviation