AUD 3 Test of Control Flashcards
When planning a particular audit sample for a test of controls, the auditor should consider four things:
(1) the relationship of the sample to the objective of the test of controls,
(2) the maximum rate of deviations from prescribed controls that would support his or her planned assessed level of control risk,
(3) the auditor’s allowable risk of assessing control risk too low and,
(4) the characteristics of the population.
Unless an entity has different controls based on the value of the check request, the auditor should not consider the dollar value of the check request in making his or her selections.
Various factors typically influence determination of sample size…For tests of controls:
The tolerable rate of deviation of the population to be tested; the expected rate of deviation of the population to be tested; the desired level of assurance…that the tolerable rate of deviation is not exceeded by the actual rate of deviation in the population desired level of assurance…[and] the number of sampling units in the population if the population is very small….
Inspection of records or documents consists of
examining records or documents, whether internal or external.
Inquiry consists
of seeking information of knowledgeable persons, both financial and nonfinancial, inside or outside the entity. By interviewing the controller, the auditor is performing inquiry procedures.
An audit trail in a computer system, as in a manual system, assists in
Other major reasons for an audit trail include:
discovering fraud and therefore acts as a deterrent to perpetration of such acts.发现欺诈,因此作为一种威慑此类行为的犯罪
- monitoring the system and the data produced, and
- answering queries by tracking a specific transaction through the accounting records or tracing a transaction back to the original source and observing how it is processed through the system.
Substantive tests or test of details of transactions include:
recalculation
comparison
confirmation
verification
To ensure that goods shipped are properly billed, the auditor would perform a
a “downstream” or “tracing” test, that is, examining shipping documents for matching sales invoices. This test of controls uses the controls that directly relate to management’s control objective that all transactions are executed (completeness).
Parallel simulation
is when the auditor uses client data and auditor-controlled software to obtain output. The auditor’s output is compared to the output from the client. Differences indicate potential weaknesses or problems with the client’s software.
An integrated test facility
introduces a fictitious entity (such as a fake employee or customer) with real entries in the master files of the client’s computer system. The auditor then compares the processing of data through the fictitious entity with what should be there in order to test that the data processing is reliable. Like the test data (or test deck) approach, an integrated test facility uses the client’s system and is not under the auditor’s control.
In a test of controls, sample size varies inversely with the tolerable (or maximum) rate of deviation.
As the number of allowable deviations increases, the sample size decreases. Sample size increases as the expected population deviation rate increases.