Page 130 - Internal Auditing Standards
P. 130

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts




        Purpose

        Tests of controls are tests designed to obtain audit evidence about the operating effectiveness of controls.
        Controls can prevent material misstatements at the assertion level from occurring altogether, or detect and
        then correct them after they have occurred. The controls selected for testing would be those that provide
        necessary audit evidence for a relevant assertion.


           CONSIDER POINT

           A walk-through procedure to determine whether a control has been implemented is not a test of
           controls. It is a risk assessment procedure, the results of which may determine whether tests of controls
           would be useful, and if so, how they would be designed.



        Tests of controls are considered by the auditor when:

        •     The risk assessment is based on an expectation that internal control operates eff ectively; or

        •     Substantive procedures alone will not provide sufficient appropriate audit evidence at the assertion

              level. This might apply where sales are made over the Internet and no documentation of transactions is
              produced or maintained, other than through the IT system.

        Selecting sample sizes for tests of controls is addressed in Volume 2, Chapter 17 on the extent of testing.

        Tests of controls are designed to obtain audit evidence about:
        •     How internal control procedures were applied throughout, or at relevant times during, the period under

              audit. If substantially different controls were used at different times during the period, each control

              system should be considered separately;
        •     The consistency with which internal control procedures were applied; and

        •     By whom or by what means controls were applied.


           CONSIDER POINT

           When auditing smaller entities, auditors often plan to perform substantive procedures, on the
           assumption that tests of existing control activities would not be practical due to limited segregation of
           duties, etc. Before jumping to that conclusion, consider:
           •     The strength of the control environment and other elements of internal control;



           •     Existence of control activities over assertions where it would be more efficient to gain evidence
                 through tests of controls; and
           •     Assertions where substantive procedures alone will not reduce the risks of material misstatement
                 to an acceptably low level. For instance, this may be the case for the completeness of revenues.














   128
   125   126   127   128   129   130   131   132   133   134   135