Page 134 - Internal Auditing Standards
P. 134

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts




        data file (such as sales or payables), which can then be tested. Such programs can analyze client data to

        provide the audit evidence needed. In addition, they provide the potential to perform much more extensive

        testing of electronic transactions and account files. Some possible uses of CAATs are outlined below.
        Exhibit 10.5-4

         Use of  CAATs
         Typical Types of      Extract specific records such as payments more than a specified amount or


         Procedures            transactions before a given date.
                               Extract top or bottom records in a database.
                               Identify missing and duplicate records.

                               Identify possible fraud (using Benford's Law).
                               Select sample transactions from electronic files which match predetermined

                               parameters or criteria.
                               Sort transactions with specifi c characteristics.
                               Test an entire population instead of a sample.

                               Recalculate (add up) the total monetary amount of records in a file (such as inventory)
                               and check extensions such as pricing.
                               Stratify, summarize, and age information.

                               Match data across fi les.

        Smaller entities often use off-the-shelf packaged accounting and other relevant software without

        modification. However, many software packages actually contain proven application controls that could be

        used by the entity to reduce the extent of errors and possibly deter fraud. Auditors might want to ask their
        clients whether these controls are being used and, if not, whether there would be value in using them.

              g
        Timing of Tests of Controls

            Paragraph #           Relevant Extracts from ISAs
            330.11                The auditor shall test controls for the particular time, or throughout the period, for which the
                                  auditor intends to rely on those controls, subject to paragraphs 12 and 15 below, in order to
                                  provide an appropriate basis for the auditor’s intended reliance. (Ref: Para. A32)

            330.12                If the auditor obtains audit evidence about the operating effectiveness of controls during an
                                  interim period, the auditor shall:

                                  (a)  Obtain audit evidence about significant changes to those controls subsequent to the
                                     interim period; and
                                  (b)  Determine the additional audit evidence to be obtained for the remaining period. (Ref:
                                     Para. A33-A34)
            330.15                If the auditor plans to rely on controls over a risk the auditor has determined to be a signifi cant
                                  risk, the auditor shall test those controls in the current period.



        Tests of controls may provide evidence of eff ective operation:
        •     At a particular point in time (i.e., physical inventory count); or

        •     Over a period of time, such as the period under audit.


   132
   129   130   131   132   133   134   135   136   137   138   139