Test of controls – When the audit strategy involves relying on the operating effectiveness of the
            controls for some assertions in the design of substantive procedures or when substantive
            procedures alone do not provide sufficient appropriate audit evidence at the assertion level, the
            auditor should design and perform tests of the operating effectiveness of controls (ToC).
            Additionally, they will perform procedures to evaluate the design of internal controls and
            determine whether they are implemented.

            Threat event – An event or situation that can cause undesirable consequences or have a
            negative impact.


































































            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Glossary 11