Internal control evidence Flashcards
Types of controls
- management controls (entity-level)
- process controls (process-level)
internal controls (different types)
- segregation of duties (preventive, detective)
- performance reviews (detective, corrective)
- physical controls (preventive)
- processing controls (preventive, corrective)
Test of controls
assess control risk (the risk that controls will not prevent or detect a misstatement). The test on the effectiveness of key controls reduces RMM. If control risk assessment is not supported –> increase sutstantive testing
existence test of controls
- inquiry of client personnel including a walkthrough of at least one type of each significant transaction
- inspection of documents and reports indicating performance of controls done during walkthrough
effectiveness test of controls
re-performance by auditor of controls to a sample of transactions or balances
hypogeometric distribution (idea)
large populations probability of error of a specific sample size becomes independent from population size
segregation of duties
an employee can not perpetrate and conceal fraud or theft and accidental errors are reduced if he/she does not have responsibility only one
performance reviews
independent checks on performance by a third party not directly involved in the activity (internal varification)
processing controls
ensure accuracy of input and processing, adequacy of documentation, and computer application controls
compensating controls (whole process)
controls are not effective or not feasible in the organisation (small organisations)
example entity levels of controls
- monitoring of competition
- operational effectiveness (risk on delivery, returns, processing errors)
types of control tests
- existence
- effectiveness
hypergeometric distribution
is a probability distribution for sampling with replacement from a population with finite size
substantive testing: achieve
evidence on audit objective (completeness, accuracy) achieve allowance for sampling risk within materiality
controls sampling: achieve
does a control work effectively achieve deviation rate does not exceed an acceptable level