Module 16 Audit Process: Systems and Controls Flashcards

1
Q

When does the systems and control analysis stage typically occur?

A

It often commences prior to the year end as it forms part of understanding the entity.

For large organisations, it will be pre year-end during the interim audit in order to spread the workload and manage staff more effectively

Smaller organisations may not be cost-effective for interim audits and may be done after year-end but will be prior to substantive testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the systems and control analysis stage involve?

A

Understanding and documentation of processes, systems and controls

Walkthrough of systems

Evaluation of the design of the controls

Tests of control

Assessment of the risk of material misstatement

Production of audit programmes in response to the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the overall aim of system and control analysis?

A

To determine the level of control risk in the entity and as such conclude on the ROMM in the financial statements and determine the level of substantive testing required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How is control risk assessed

A

It is assessed by gaining an overall understanding and assessment of the entity’s internal control system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Auditor must obtain and document an understanding of the five components of internal control to be able to conclude on the level of control risk - True or False

A

True, the five components are

Control Environment
Risk Assessment
Information systems
Monitoring of controls
Control activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A strong control environment ensures the effectiveness of the overall internal control system - True or false

A

False, if any one of the components are ineffective, this will increase control risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An auditor must document their understanding of the information systems used by an entity - True or false

A

True - Once documented, the auditor must corroborate their understanding of the information system with the entity, commonly through discussions and “walkthroughs”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of a walkthrough?

A

To confirm the auditor’s understanding of the process is correct by selecting one or more transactions relating to a specific system and follow them through the system from initiation to settlement and reporting

This may identify controls not operating, missing or ineffective (this is not a test of control)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does audit data analytics help with system and controls analysis?

A

ADA process mining can help replace the walkthrough stage of systems provided sufficient data is available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the three steps auditors must perform in relation to the entity’s control activities to determine whether they can be relied upon?

A

Identify key controls - A control that mitigates the ROMM and that the auditor intends to rely on

Assess the design of key controls - Auditors will only want to test controls that are designed effectively, ie the control would help mitigate the corresponding risk

Test whether key controls operated effectively throughout the year - How well does the control work in practice?

It is not necessary or efficient to test every control of an entity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is test of control?

A

Audit procedures performed by the auditor to determine whether the control activities operated as documented throughout the period under review

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What techniques can be used for test of control?

A

Enquiring - talking to staff to confirm the operation of control activity

Inspection - checking documents and evidence of management reviews

Observing - watching procedures and control activities being performed

Reperformance - do the procedures as an auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does a well written test control contain?

A

The testing technique

The control activity being tested

What is being checked

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Do auditors need to attend stock counts?

A

ISA (UK) 501 Audit Evidence states that where stock is material to the financial statements, auditors should obtain sufficient, appropriate evidence with regards to its existence and condition by attending the physical stock count (unless impractical)

Auditors will first need to understand the procedures used for stock count and then observe the entity doing the stock count

Auditors then do test counts (reperformance) to determine the accuracy of the stock counts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How are the results of test control evaluated?

A

All errors found in tests of control must be investigated, the value of the error is not important as it is the procedure being tested, not the amount of the transaction.

If an error is found, it should be decided whether it can be localised or not.

Yes = control operated effectively except for the period identified

No = control has not operated effectively throughout the year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly