AUD 3 Internal Control 10 - 4 Flashcards
1
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit:
Step 1 – Obtain an understanding of the design of all 5 components of the entity’s internal control (CRIME) through the performance of risk assessment procedures.
Step 2 – Document the understanding of Internal Control.
Step 3 – Assess Risk of Material Misstatement (RMM) which consists of inherent risk (IR) and control risk (CR).
RMM = IR × CR
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or
o (NOT Rely)
Decide NOT to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
Step 5 – Reassess Risk of Material Misstatement and evaluate results.
o For controls for which tests of controls were performed, evaluate results to reassess RMM and determine if it is appropriate to modify the nature, timing, and extent of further audit procedures.
Step 6 – Document conclusions and determine the effect on the planned substantive procedures. At this point, the audit program needs to be developed or revised for further audit procedures.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit:
Step 1 – Obtain an understanding of the design of all 5 components of the entity’s internal control (CRIME) through the performance of risk assessment procedures.
Step 2 – Document the understanding of Internal Control.
Step 3 – Assess Risk of Material Misstatement (RMM) which consists of inherent risk (IR) and control risk (CR).
RMM = IR × CR
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or
o (NOT Rely)
Decide NOT to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
Step 5 – Reassess Risk of Material Misstatement and evaluate results.
o For controls for which tests of controls were performed, evaluate results to reassess RMM and determine if it is appropriate to modify the nature, timing, and extent of further audit procedures.
Step 6 – Document conclusions and determine the effect on the planned substantive procedures. At this point, the audit program needs to be developed or revised for further audit procedures.
2
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum,
reducing RMM below the level of IR and
allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or
o (NOT Rely)
Decide NOT to perform tests of controls,
assessing CR at the maximum level as if the control did not exist, and
measuring RMM as being equal to IR.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum,
reducing RMM below the level of IR and
allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests): or
o (NOT Rely)
Decide NOT to perform tests of controls,
assessing CR at the maximum level as if the control did not exist, and
measuring RMM as being equal to IR.
3
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Str_______)
Develop an audit strategy to either:
• Perform tests of control to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide not to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Develop an audit strategy to either:
• Perform tests of control to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide not to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
4
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Develop an audit strategy to either:
• Perform t___s of co_____ to determine if CR is below maximum,
Reducing RMM below the level of IR and
Allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide NOT to perform t___s of con____s,
Assessing CR at the maximum level as if the control did not exist, and
Measuring RMM as being equal to IR.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Develop an audit strategy to either:
• Perform tests of control to determine if CR is below maximum,
Reducing RMM below the level of IR and
Allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide not to perform tests of controls,
Assessing CR at the maximum level as if the control did not exist, and
Measuring RMM as being equal to IR.
5
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Develop an audit strategy to either:
• Perform tests of control to determine if CR is below maximum,
Re___ing RMM be___ the level of IR and
Allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide not to perform tests of controls,
Assessing CR at the maximum level as if the control did not exist, and
Measuring RMM as being eq___ to IR.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Develop an audit strategy to either:
• Perform tests of control to determine if CR is below maximum,
Reducing RMM below the level of IR and
Allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide not to perform tests of controls,
Assessing CR at the maximum level as if the control did not exist, and
Measuring RMM as being equal to IR.
6
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit:
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum,
CR < 100% or CR < 1.0
RMM = IR x CR
reducing RMM below the level of IR
RMM < IR
and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
o (NOT Rely)
Decide NOT to perform tests of controls,
assessing CR at the maximum level as if the control did not exist,
CR = 100% or CR = 1.0
RMM = IR x CR
RMM = IR x 1.0
RMM = IR
and measuring RMM as being equal to IR.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
An auditor performs the following procedures to obtain and apply an understanding of internal control to an audit:
Step 4 – Develop an audit strategy to either:
o (RELY?)
Perform tests of control (TofC) to determine if CR is below maximum,
CR < 100% or CR < 1.0
RMM = IR x CR
reducing RMM below the level of IR
RMM < IR
and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
o (NOT Rely)
Decide NOT to perform tests of controls,
assessing CR at the maximum level as if the control did not exist,
CR = 100% or CR = 1.0
RMM = IR x CR
RMM = IR x 1.0
RMM = IR
and measuring RMM as being equal to IR.
7
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Develop an audit strategy to either:
• Perform tests of control to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide not to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Develop an audit strategy to either:
• Perform tests of control to determine if CR is below maximum, reducing RMM below the level of IR and allowing for the modification of the nature, timing, and extent of further audit procedures (sub tests):
or
• Decide not to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
8
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effe________ss of the design and operation of a control (what is the substance?).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
9
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the de____ and operation of a control (what is the substance?).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
10
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and ope_______ of a control (what is the substance?).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
11
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a co_____ (what is the substance?).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
12
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the subs_______?).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
13
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must con_____ how the control was applied, the consistency with which it was applied and by whom it was applied.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider how the control was applied, the consistency with which it was applied and by whom it was applied.
14
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
h__ the control was applied,
the consistency with which it was applied
and by whom it was applied.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
15
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the con_______cy with which it was applied
and by whom it was applied.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
16
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by wh__ it was applied.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
17
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was ap___ed,
the consistency with which it was ap___ed
and by whom it was ap___ed.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
18
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor m___ consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
19
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
Tests of co_____s generally consist of 4 types of procedures (RIIO).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider
how the control was applied,
the consistency with which it was applied
and by whom it was applied.
Tests of controls generally consist of 4 types of procedures (RIIO).
20
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of pro______s (RIIO).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
21
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o T___ing the Cycles for ARCC’s by doing RIIO
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o Testing the Cycles for ARCC’s by doing RIIO
22
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o Testing the Cy___s for ARCC’s by doing RIIO
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o Testing the Cycles for ARCC’s by doing RIIO
23
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o Testing the Cycles for ARCC’s by doing RIIO
There are 4 Procedures for t___ing controls (RIIO).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o Testing the Cycles for ARCC’s by doing RIIO
There are 4 Procedures for testing controls (RIIO).
24
Q
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o Testing the Cycles for ARCC’s by doing RIIO
There are 4 Pro______es for testing controls (RIIO).
A
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Tests of controls generally consist of 4 types of procedures (RIIO).
o Testing the Cycles for ARCC’s by doing RIIO
There are 4 Procedures for testing controls (RIIO).
25
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing con____s (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
26
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperf_________
2. Inspection
3. Inquiry
4. Observation
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
27
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Insp_______
3. Inquiry
4. Observation
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
28
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inq____
4. Observation
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
29
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Obs________
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
30
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Reperformance
– The au_____ applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
31
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Reperformance
– The auditor applies the con____ that the client personnel presumably performed to determine if the procedure was performed properly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
32
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably per____ed to determine if the procedure was performed properly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
33
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed pr____ly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
34
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recal________, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
35
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the s___ as that derived by the entity
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
36
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-f__ting an invoice to make certain that amounts have been calculated correctly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
37
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-footing an in____ to make certain that amounts have been calculated correctly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
38
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-footing an invoice to make certain that amounts have been ca_______ed correctly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
39
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-footing an invoice to make certain that amounts have been calculated cor____tly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity
or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
40
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperf_________
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
41
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Insp______
– The auditor examines controls, documents and reports that provide documentary evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
42
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inspection
– The auditor exa____s controls, documents and reports that provide documentary evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
43
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines con____, documents and reports that provide documentary evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
44
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and re____s that provide documentary evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
45
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, docu____s and reports that provide documentary evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
46
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evid____.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
47
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example,
the auditor might examine pa__ invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example,
the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
48
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example,
the auditor might examine paid invoices to make certain they have been properly can___led to avoid paying the same invoice more than once.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example,
the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
49
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example,
the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than on__.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example,
the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
50
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example, the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example, the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
51
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inq____
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
52
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inquiry
– The auditor asks client personnel involved in controls to state h__ effectively certain controls were enforced.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
53
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inquiry
– The auditor asks client personnel involved in controls to state how ef________y certain controls were enforced.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
54
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain con____s were enforced.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
55
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example,
the auditor might ask the acc____ing personnel if they handled any cash or signed checks in the course of the year.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example,
the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
56
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example,
the auditor might ask the accounting personnel if they handled any ca__ or signed checks in the course of the year.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example,
the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
57
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example,
the auditor might ask the accounting personnel if they handled any cash or signed ch___s in the course of the year.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example,
the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
58
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example, the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example, the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
59
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Observation
– The auditor wa___es client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
60
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Obser_______
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
61
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their reg____ functions to see if they follow the controls that were designed and implemented.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
62
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they fol___ the controls that were designed and implemented.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
63
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were de____ed and implemented.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
64
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and im_________ed.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
65
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example,
the auditor might ob_____ the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example,
the auditor might observe the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.
66
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example,
the auditor might observe the distribution of pay checks to see if appro_______ procedures for verifying employees are being followed.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example,
the auditor might observe the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.
67
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example,
the auditor might observe the distribution of pay checks to see if appropriate procedures for ve____ing employees are being followed.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example,
the auditor might observe the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.
68
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Reperformance – The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
• Inspection – The auditor examines controls, documents and reports that provide documentary evidence.
For example, the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
• Inquiry – The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example, the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
• Observation – The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example, the auditor might observe the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
• Reperformance – The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
• Inspection – The auditor examines controls, documents and reports that provide documentary evidence.
For example, the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
• Inquiry – The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example, the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
• Observation – The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example, the auditor might observe the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.
69
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
* Reperformance – The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
* Inspection – The auditor examines controls, documents and reports that provide documentary evidence.
* Inquiry – The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
* Observation – The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
* Reperformance – The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
* Inspection – The auditor examines controls, documents and reports that provide documentary evidence.
* Inquiry – The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
* Observation – The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
70
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate seg________ of duties.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties.
71
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very eff______ in determining if a system features appropriate segregation of duties.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties.
72
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of t___s of controls can be very effective in determining if a system features appropriate segregation of duties.
In general, however, the most effective type of test of control is observation.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties.
In general, however, the most effective type of test of control is observation.
73
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties.
In general, however, the most effective type of test of control is obse_______.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties.
In general, however, the most effective type of test of control is observation.
74
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties.
In general, however, the m___ effective type of test of control is observation.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
There are 4 Procedures for testing controls (RIIO).
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
These different types of tests of controls can be very effective in determining if a system features appropriate segregation of duties.
In general, however, the most effective type of test of control is observation.
75
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misst_________ due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
76
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to er___ or fraud are generally identified by applying a “What Could Go Wrong” analysis,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
77
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fr___ are generally identified by applying a “What Could Go Wrong” analysis,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
78
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “Wh__ Could Go Wrong” analysis,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
79
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” ana____s,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
80
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
applied at the asse_____ level and taking into consideration the auditor’s understanding of the entity’s internal control.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
81
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
applied at the assertion level and taking into consideration the auditor’s und_______ing of the entity’s internal control.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
82
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
applied at the assertion le___ and taking into consideration the auditor’s understanding of the entity’s internal control.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
83
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susc______ to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
84
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
For example,
the auditor may be evaluating the occurrence ass_____ in relation to sales.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
85
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
For example,
the auditor may be eva____ing the occurrence assertion in relation to sales.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
86
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commi_____ system,
they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis, applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commission system,
they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
87
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commission system,
they may be motivated to over_____ sales reported to the company and, as a result, reported by the company.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commission system,
they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
88
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commission system,
they may be mo_____ed to overstate sales reported to the company and, as a result, reported by the company.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commission system,
they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
89
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commission system,
they may be motivated to overstate sales reported to the company and, as a result, re____ed by the company.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor determines that, since sales personnel are highly incentivized by a liberal commission system,
they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
90
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s ques____: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
91
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “Wh__ could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
92
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did n__ actually occur.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
93
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually oc___.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
94
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to deter____if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
95
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are con____s that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
96
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either pre____ the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
97
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be de____ed and corrected on a timely basis.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
98
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and cor____ed on a timely basis.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
99
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the r____ding of sales that did not occur or would cause them to be detected and corrected on a timely basis.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
100
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The con____s may be built into the system, which the auditor can determine by reviewing the documented understanding.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
101
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by rev___ing the documented understanding.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
102
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can deter____ by reviewing the documented understanding.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
103
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inq____ as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
104
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the pos_____ty and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
105
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate con____, of which the auditor is not yet aware, to deal with the issue.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
106
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and dev____ed a separate control, of which the auditor is not yet aware, to deal with the issue.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
107
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aw___, to deal with the issue.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
• The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
108
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
“What Could Go Wrong” analysis
For example,
the auditor may be evaluating the occurrence assertion in relation to sales.
The following may result:
* The auditor determines that, since sales personnel are highly incentivized by a liberal commission system, they may be motivated to overstate sales reported to the company and, as a result, reported by the company.
* The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
* The auditor will next try to determine if there are controls that would either prevent the recording of sales that did not occur or would cause them to be detected and corrected on a timely basis.
o The controls may be built into the system, which the auditor can determine by reviewing the documented understanding.
o Otherwise, the auditor will inquire as to whether management has considered the possibility and developed a separate control, of which the auditor is not yet aware, to deal with the issue.
109
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not con____s to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
110
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either bu___ into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
111
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately dev____ed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
112
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and im_________ed,
the auditor would likely conclude that a control deficiency has been identified.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
113
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control defi____cy has been identified.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
114
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conc____ that a control deficiency has been identified.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
115
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the is___ that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
116
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will eva______ the control deficiency,
determining if it is a significant deficiency or a material weakness and,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material weakness and,
117
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control def______cy,
determining if it is a significant deficiency or a material weakness and,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material weakness and,
118
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a signi_______ deficiency or a material weakness and,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material weakness and,
119
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a ma______ weakness and,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material weakness and,
120
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material we______ss and,
if so, make certain to include it in a communication to those charged with governance.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material weakness and,
if so, make certain to include it in a communication to those charged with governance.
121
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material weakness and,
if so, make certain to include it in a comm________ to those charged with governance.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency,
determining if it is a significant deficiency or a material weakness and,
if so, make certain to include it in a communication to those charged with governance.
122
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are n__ controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency, determining if it is a significant deficiency or a material weakness and,
if so, make certain to include it in a communication to those charged with governance.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency, determining if it is a significant deficiency or a material weakness and,
if so, make certain to include it in a communication to those charged with governance.
123
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency, determining if it is a significant deficiency or a material weakness and, if so, make certain to include it in a communication to those charged with governance.
In addition, however, the auditor will eva_____ what further audit procedures will provide evidence that recorded sales did actually occur.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency, determining if it is a significant deficiency or a material weakness and, if so, make certain to include it in a communication to those charged with governance.
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
124
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what fur____ audit procedures will provide evidence that recorded sales did actually occur.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
125
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evi______ that recorded sales did actually occur.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
126
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that re____ed sales did actually occur.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
127
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually oc___.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
128
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will dev____ an audit program with procedures designed to verify that the information reported on the financial statements is correct.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
129
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit prog___ with procedures designed to verify that the information reported on the financial statements is correct.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
130
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to ve___y that the information reported on the financial statements is correct.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
131
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information re____ed on the financial statements is correct.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
132
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is cor____.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
133
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
• To test the ass______ of occurrence,
the auditor will likely select a sample from the population of recorded sales
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
134
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
• To test the assertion of occu_______,
the auditor will likely select a sample from the population of recorded sales
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
135
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sam___ from the population of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
136
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the popu______ of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
137
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and tr___ them to supporting documentation to verify that they actually occurred.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
138
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting docum________ to verify that they actually occurred.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
139
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to v___fy that they actually occurred.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
140
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to verify that they actually occ____d.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
• To test the assertion of occurrence,
the auditor will likely select a sample from the population of recorded sales
and trace them to supporting documentation to verify that they actually occurred.
141
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
* The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
* To t___ the assertion of occurrence, the auditor will likely select a sample from the population of recorded sales and trace them to supporting documentation to verify that they actually occurred.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
* The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
* To test the assertion of occurrence, the auditor will likely select a sample from the population of recorded sales and trace them to supporting documentation to verify that they actually occurred.
142
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency, determining if it is a significant deficiency or a material weakness and, if so, make certain to include it in a communication to those charged with governance.
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
* The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
* To test the assertion of occurrence, the auditor will likely select a sample from the population of recorded sales and trace them to supporting documentation to verify that they actually occurred.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented, the auditor would likely conclude that a control deficiency has been identified.
The auditor will evaluate the control deficiency, determining if it is a significant deficiency or a material weakness and, if so, make certain to include it in a communication to those charged with governance.
In addition, however, the auditor will evaluate what further audit procedures will provide evidence that recorded sales did actually occur.
* The auditor will develop an audit program with procedures designed to verify that the information reported on the financial statements is correct.
* To test the assertion of occurrence, the auditor will likely select a sample from the population of recorded sales and trace them to supporting documentation to verify that they actually occurred.
143
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are con____s intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
144
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will eva_____ the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
145
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the des___ of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
146
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is sui_____ and if the control is likely to be effective.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
147
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be eff______.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
148
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will n__ attempt to verify that the control has been implemented as it is irrelevant.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
149
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to ve___y that the control has been implemented as it is irrelevant.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
150
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been imple____ed as it is irrelevant.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
151
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irre______t.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls
and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
152
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the is___, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
153
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
If, however, the control is expected to be effe_____,
the auditor will perform some form of walk through
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
If, however, the control is expected to be effective,
the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
performing analytical procedures.
154
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
If, however, the control is expected to be effective,
the auditor will perform some form of walk through involving
ob____ing the control,
inspecting documents, or
performing analytical procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
If, however, the control is expected to be effective,
the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
performing analytical procedures.
155
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If, however, the control is expected to be effective,
the auditor will perform some form of walk through involving
observing the control,
ins_____ng documents, or
performing analytical procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If, however, the control is expected to be effective,
the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
performing analytical procedures.
156
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If, however, the control is expected to be effective,
the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
per____ing analytical procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If, however, the control is expected to be effective,
the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
performing analytical procedures.
157
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
If, however, the control is expected to be effective, the auditor will perform some form of walk through involving observing the control, inspecting documents, or performing an_____al procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to whether the design is suitable and if the control is likely to be effective.
If not, the auditor will not attempt to verify that the control has been implemented as it is irrelevant.
If, however, the control is expected to be effective, the auditor will perform some form of walk through involving observing the control, inspecting documents, or performing analytical procedures.
158
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit str____y:
Not to Rely
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
Rely
• The auditor may decide to Rely on the controls related to the relevant assertion.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
Not to Rely
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
Rely
• The auditor may decide to Rely on the controls related to the relevant assertion.
159
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide N__ to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
160
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are n_ relevant controls in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
161
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inh______ risk under the assumption that there are no relevant controls in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
162
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no rele____ controls in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
163
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be eq___ to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
164
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will deve___ a program to t___ the assertion
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion
165
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the asse____ by applying substantive audit procedures
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion by applying substantive audit procedures
166
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion by applying sub________ audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
167
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide suffi_____ appropriate audit evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
168
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient approp_____ audit evidence.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
169
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evid____.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
170
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to R___ on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
171
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be re___d from IR, taking into account the effect of CR being below the maximum.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
172
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being be___ the maximum.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
173
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maxi___.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
174
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o The auditor will perform t___s of the controls
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o The auditor will perform tests of the controls
175
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the rele____ assertion.
o The auditor will perform tests of the controls selecting from a pop_______ that covers the entire period during which the auditor is anticipating that the controls were in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
176
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o The auditor will perform tests of the controls selecting from a population that covers the en____ period during which the auditor is anticipating that the controls were in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
177
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o The auditor will perform tests of the controls se____ing from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
178
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the rele____ assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
179
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
NOT RELY
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
---------------
RELY
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will then determine an audit strategy:
NOT RELY
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
---------------
RELY
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
180
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effe______ess of controls obtained in prior audits
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
181
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in pr___ audits
and the controls have not changed since they were last tested,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
182
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have n__ changed since they were last tested,
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
183
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last t___ed,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
184
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at le___ once in every 3 years.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
185
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every _ years.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
186
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should t___ the operating effectiveness of such controls at least once in every 3 years.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
187
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
The auditor will deter____ that controls have not changed since they were last tested through the performance of risk assessment procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
The auditor will determine that controls have not changed since they were last tested through the performance of risk assessment procedures.
188
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will determine that controls have not changed since they were l___ tested through the performance of risk assessment procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will determine that controls have not changed since they were last tested through the performance of risk assessment procedures.
189
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will determine that controls have not changed since they were last tested through the perfor_____ of risk assessment procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will determine that controls have not changed since they were last tested through the performance of risk assessment procedures.
190
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will determine that controls have not changed since they were last tested through the performance of r__ assessment procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
The auditor will determine that controls have not changed since they were last tested through the performance of risk assessment procedures.
191
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
The auditor will determine that controls have not changed since they were last tested through the performance of risk asses_____ procedures.
Obtain an Understanding of the Entity’s Internal Control Structure (AU-C 315)
Step 4 –
4. Tests of Controls (Develop an Audit Strategy)
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
The auditor will determine that controls have not changed since they were last tested through the performance of risk assessment procedures.
192
Why an auditor need to perform tests of control?
To determine if __________ is below maximum
Why an auditor need to perform tests of control?
To determine if control risk (CR) is below maximum
193
Why an auditor need to perform tests of control?
To determine if ___________________________
Why an auditor need to perform tests of control?
To determine if control risk (CR) is below maximum
194
Why an auditor need to perform tests of control?
To determine .....
Why an auditor need to perform tests of control?
To determine if control risk (CR) is below maximum
195
If the control did not exist, or auditor assessing CR at the maximum level, will tests of controls needed to be performed?
If the control did not exist, or auditor assessing CR at the maximum level, will tests of controls needed to be performed?
No
-------
Develop an audit strategy to
• Decide not to perform tests of controls, assessing CR at the maximum level as if the control did not exist, and measuring RMM as being equal to IR.
196
An auditor decide not to perform tests of controls
| and assessing CR at the _________ level
An auditor decide not to perform tests of controls
| and assessing CR at the maximum level
197
What does the auditor must consider in order to test the effectiveness of the design and operation of a control?
The auditor must consider
- ___ the control was applied,
- The __________ with which it was applied
- By _____it was applied to
What does the auditor must consider in order to test the effectiveness of the design and operation of a control?
The auditor must consider
- How the control was applied,
- The consistency with which it was applied
- By whom it was applied to
--------
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider how the control was applied, the consistency with which it was applied and by whom it was applied.
198
What does the auditor must consider in order to test the effectiveness of the design and operation of a control?
What does the auditor must consider in order to test the effectiveness of the design and operation of a control?
The auditor must consider
- How the control was applied,
- The consistency with which it was applied
- By whom it was applied to
--------
To test the effectiveness of the design and operation of a control (what is the substance?).
The auditor must consider how the control was applied, the consistency with which it was applied and by whom it was applied.
199
What are the 4 procedures for testing controls?
RIIO
1. R____________
2. I__________
3. I________
4. O_________
What are the 4 procedures for testing controls?
RIIO
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
200
What are the 4 procedures for testing controls?
RIIO
What are the 4 procedures for testing controls?
RIIO
1. Reperformance
2. Inspection
3. Inquiry
4. Observation
201
"The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly."
What is this testing controls procedure?
• Reperformance
– The auditor applies the control that the client personnel presumably performed to determine if the procedure was performed properly.
Reperformance, which also includes recalculation, may involve the auditor performing a reconciliation to determine if the result is the same as that derived by the entity or may involve re-footing an invoice to make certain that amounts have been calculated correctly.
202
"The auditor examines controls, documents and reports that provide documentary evidence."
What is this testing controls procedure?
• Inspection
– The auditor examines controls, documents and reports that provide documentary evidence.
For example,
the auditor might examine paid invoices to make certain they have been properly cancelled to avoid paying the same invoice more than once.
203
"The auditor asks client personnel involved in controls to state how effectively certain controls were enforced."
What is this testing controls procedure?
• Inquiry
– The auditor asks client personnel involved in controls to state how effectively certain controls were enforced.
For example,
the auditor might ask the accounting personnel if they handled any cash or signed checks in the course of the year.
204
"The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented."
What is this testing controls procedure?
• Observation
– The auditor watches client personnel performing their regular functions to see if they follow the controls that were designed and implemented.
For example,
the auditor might observe the distribution of pay checks to see if appropriate procedures for verifying employees are being followed.
205
What is the most effective type of test of control in determining if a system features appropriate segregation of duties?
observation
In general, the most effective type of test of control in determining if a system features appropriate segregation of duties is observation.
206
What is “What Could Go Wrong” analysis?
Items susceptible to _____________ due to _____ or _____ are generally identified by applying a “What Could Go Wrong” analysis.
Items susceptible to misstatement due to error or fraud are generally identified by applying a “What Could Go Wrong” analysis,
applied at the assertion level and taking into consideration the auditor’s understanding of the entity’s internal control.
For example, the auditor may be evaluating the occurrence assertion in relation to sales.
• The response to the auditor’s question: “What could go wrong?” is that sales personnel may submit paperwork for sales that did not actually occur.
207
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control _________ has been identified.
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
208
If there are ___ controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
If there are not controls to deal with the issue that are either built into the system or have been separately developed and implemented,
the auditor would likely conclude that a control deficiency has been identified.
209
The auditor will evaluate the control deficiency, determining if it is
1) a _________________
or
2) a _________________
The auditor will evaluate the control deficiency, determining if it is
1) a significant deficiency
or
2) a material weakness
and, if so, make certain to include it in a communication to those charged with governance.
210
If there are controls intended to deal with the issue, the auditor will
1) evaluate the _______ of the controls
and
2) make a ___________ as to
whether the design is suitable and if the control is likely to be effective.
If there are controls intended to deal with the issue, the auditor will
1) evaluate the design of the controls
and
2) make a determination as to
whether the design is suitable and if the control is likely to be effective.
211
If there are controls intended to deal with the issue, the auditor will
1) _________ the design of the controls
and
2) ____ a determination as to
whether the design is suitable and if the control is likely to be effective.
If there are controls intended to deal with the issue, the auditor will
1) evaluate the design of the controls
and
2) make a determination as to
whether the design is suitable and if the control is likely to be effective.
212
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to
whether the design is _______ and if the control is likely to be _________.
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to
whether the design is suitable and if the control is likely to be effective.
213
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to
whether the _______ is suitable and if the ______ is likely to be effective.
If there are controls intended to deal with the issue, the auditor will evaluate the design of the controls and make a determination as to
whether the design is suitable and if the control is likely to be effective.
214
If the control is expected to be effective, the auditor will perform some form of ___________ involving observing the control, inspecting documents, or performing analytical procedures.
If the control is expected to be effective, the auditor will perform some form of walk through involving observing the control, inspecting documents, or performing analytical procedures.
215
If the control is expected to be _________, the auditor will perform some form of walk through involving observing the control, inspecting documents, or performing analytical procedures.
If the control is expected to be effective, the auditor will perform some form of walk through involving observing the control, inspecting documents, or performing analytical procedures.
216
If the control is expected to be effective, the auditor will perform some form of walk through involving ___________ the control, __________ documents, or __________ analytical procedures.
If the control is expected to be effective, the auditor will perform some form of walk through involving observing the control, inspecting documents, or performing analytical procedures.
217
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits
and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every __ years.
3 years
218
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should test the operating ____________ of such controls at least once in every 3 years.
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits and the controls have not changed since they were last tested,
the auditor should test the operating effectiveness of such controls at least once in every 3 years.
219
The auditor will determine that controls have not changed since they were last tested through the ___________ of risk assessment procedures.
The auditor will determine that controls have not changed since they were last tested through the performance of risk assessment procedures.
220
The auditor will determine that controls have not changed since they were last tested through the ___________________________ procedures.
The auditor will determine that controls have not changed since they were last tested through the performance of risk assessment procedures.
221
If the control is expected to be effective, the auditor will perform some form of walk through involving
_________ the control,
__________ documents, or
__________ analytical procedures.
If the control is expected to be effective, the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
performing analytical procedures.
222
If the control is expected to be __________, the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
performing analytical procedures.
If the control is expected to be effective, the auditor will perform some form of walk through involving
observing the control,
inspecting documents, or
performing analytical procedures.
223
When
o RMM will be equal to inherent risk
RMM = IR
o The auditor will perform substantive audit procedures
Does this mean the auditor decide to rely or not rely on the internal controls?
Does this mean the auditor decide to rely or not rely on the internal controls?
Answer: Not to Rely
-------------
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
224
When
o RMM will be equal to inherent risk
RMM = IR
o The auditor will perform substantive audit procedures
Does this mean are there relevant internal controls in place?
Does this mean are there relevant internal controls in place?
Answer: No relevant controls in place
-------------
• The auditor may decide Not to Rely on the controls related to a relevant assertion.
o RMM will be equal to the assertion’s inherent risk under the assumption that there are no relevant controls in place.
o The auditor will develop a program to test the assertion by applying substantive audit procedures that the auditor believes will provide sufficient appropriate audit evidence.
225
When
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
RMM < IR
CR < 100% or CR < 1.0
o The auditor will perform tests of the controls selecting from a population that covers the entire period
Does this mean the auditor decide to rely or not rely on the internal controls?
Does this mean the auditor decide to rely or not rely on the internal controls?
Answer: The auditor may decide to Rely on the controls
--------
• The auditor may decide to Rely on the controls related to the relevant assertion.
o RMM will be reduced from IR, taking into account the effect of CR being below the maximum.
o The auditor will perform tests of the controls selecting from a population that covers the entire period during which the auditor is anticipating that the controls were in place.
