Module 16 Audit Process: Systems and Controls Flashcards
When does the systems and control analysis stage typically occur?
It often commences prior to the year end as it forms part of understanding the entity.
For large organisations, it will be pre year-end during the interim audit in order to spread the workload and manage staff more effectively
Smaller organisations may not be cost-effective for interim audits and may be done after year-end but will be prior to substantive testing
What does the systems and control analysis stage involve?
Understanding and documentation of processes, systems and controls
Walkthrough of systems
Evaluation of the design of the controls
Tests of control
Assessment of the risk of material misstatement
Production of audit programmes in response to the risk
What is the overall aim of system and control analysis?
To determine the level of control risk in the entity and as such conclude on the ROMM in the financial statements and determine the level of substantive testing required
How is control risk assessed
It is assessed by gaining an overall understanding and assessment of the entity’s internal control system
Auditor must obtain and document an understanding of the five components of internal control to be able to conclude on the level of control risk - True or False
True, the five components are
Control Environment
Risk Assessment
Information systems
Monitoring of controls
Control activities
A strong control environment ensures the effectiveness of the overall internal control system - True or false
False, if any one of the components are ineffective, this will increase control risk
An auditor must document their understanding of the information systems used by an entity - True or false
True - Once documented, the auditor must corroborate their understanding of the information system with the entity, commonly through discussions and “walkthroughs”
What is the purpose of a walkthrough?
To confirm the auditor’s understanding of the process is correct by selecting one or more transactions relating to a specific system and follow them through the system from initiation to settlement and reporting
This may identify controls not operating, missing or ineffective (this is not a test of control)
How does audit data analytics help with system and controls analysis?
ADA process mining can help replace the walkthrough stage of systems provided sufficient data is available.
What are the three steps auditors must perform in relation to the entity’s control activities to determine whether they can be relied upon?
Identify key controls - A control that mitigates the ROMM and that the auditor intends to rely on
Assess the design of key controls - Auditors will only want to test controls that are designed effectively, ie the control would help mitigate the corresponding risk
Test whether key controls operated effectively throughout the year - How well does the control work in practice?
It is not necessary or efficient to test every control of an entity
What is test of control?
Audit procedures performed by the auditor to determine whether the control activities operated as documented throughout the period under review
What techniques can be used for test of control?
Enquiring - talking to staff to confirm the operation of control activity
Inspection - checking documents and evidence of management reviews
Observing - watching procedures and control activities being performed
Reperformance - do the procedures as an auditor
What does a well written test control contain?
The testing technique
The control activity being tested
What is being checked
Do auditors need to attend stock counts?
ISA (UK) 501 Audit Evidence states that where stock is material to the financial statements, auditors should obtain sufficient, appropriate evidence with regards to its existence and condition by attending the physical stock count (unless impractical)
Auditors will first need to understand the procedures used for stock count and then observe the entity doing the stock count
Auditors then do test counts (reperformance) to determine the accuracy of the stock counts
How are the results of test control evaluated?
All errors found in tests of control must be investigated, the value of the error is not important as it is the procedure being tested, not the amount of the transaction.
If an error is found, it should be decided whether it can be localised or not.
Yes = control operated effectively except for the period identified
No = control has not operated effectively throughout the year