15) Tests of Controls Flashcards
at what level do we use TOC?
assertion level
what do we do if we find that controls are working effectively?
place reliance on them and thus perform fewer substantive procedures
is TOC indirect or direct?
indirect as we do not directly test the FS
what are the four types of TOC?
- inspection
- observation
- enquiry
- reperformance
what is inspection?
examining documents and balances
what is observation?
watching someone do the control
what is enquiry?
enquiring with mgmt what the control is and how/why they perform it
what is reperformance?
redoing the control to see if it gives same outcome
what is the weak vs strongest control?
weak = observation, equiry
strongest = reperformance
why are the weak controls weak?
as it is unlikely that we will get sufficient audit evidence from it
what is the formula for TOC questions?
1) verb: inspect, observe, enquire, reperform
2) with who ro what? (doc, obj, person)
3) why? (purpose)
what control objectives does audit risk look at?
VAC
what are examples of controls to test?
- username, ID
- read-only/write-only access
- signatures
- sequence checks, other tests
- drop-down menu