Page 127 - CITP Review
P. 127

testing than application testing because of the increased risk of a system change versus an application
            change.

            The system testing would proceed from the new or revised application layer mentioned to integration
            with relevant financial reporting or accounting applications or systems, all the way up to and including
            the GL. It also would include an enterprise test where the new or revised system is integrated with all
            components of the enterprise system. Obviously, this last step is key for ERP or systems that are
            essentially fully integrated from customized or COTS systems.
            Because of the increased risk, system testing usually includes a “war room” approach to the switch from
            the old system to the new (including major revised) system. The staging area is usually a good place to
            centralize the switch and be prepared for any and all types of integration or application failures.

            When it is relevant to the assurance service or IT review, the set of procedures would be similar to ones
            described for application testing in this course.


            Evidence gathering and the nature, timing, and extent of procedures

            The primary strategy in gathering evidence is to reduce audit risk to a sufficiently low level, and to provide
            sufficient evidence for the various audit objectives. Having appropriate sufficient evidence will enable the
            auditor to draw reasonable conclusions and form a professional opinion; evidence must be gathered for
            each relevant assertion of each material account balance or class of transactions or disclosure in a
            financial audit.

            In the RBA, one driving factor behind gathering evidence is that the power of the tests used to gather
            evidence must be aligned with the level of assessed risk to the audit objective; the higher the assessed level
            of risk, the more powerful the test required in order to gather sufficient evidence. A few suggested tests to
            obtain sufficient audit evidence can include inspection, observation, confirmation, recalculation,
            reperformance, analytical procedures, and inquiry; often, these tests are applied in some combination. The
            different types of tests command different levels of credibility and thus provide different evidence
            strategies (see exhibit 3-12).




                        Exhibit 3-12 — Evidence strategy


                           Level of reliance on test results   Types of tests
                           Little                             Inquiry

                           Moderate                           Observation
                           High                               Inspection or reperformance










            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-43
   122   123   124   125   126   127   128   129   130   131   132