Module 16: Audit Process: Systems and Controls Flashcards
What does the overview stage involve?
This stage often commences prior to the year end, as systems and controls form part of understanding the entity. This stage involves:
1. Understanding and documentation of processes, systems and controls
- Walkthrough of systems
- Evaluation of the design of controls.
- Tests of controls
- Assessment of the risk of material misstatement
- Production of audit programmes in response to risk
Timing of risk model?
Most of the work relating to systems and controls will be performed pre-year end during the interim audit. The purpose of this is to spread the workload across the year to manage the staffing requirements effectively.
On smaller audits the interim audit may not occur as it would not be cost effective.
What is control risk?
Control risk is assessed by gaining an understanding of how effectively an entity controls its accounting systems and its financial statement preparation process
What are the five components of internal control and the audit impact on each component?
- Control environment - Indicates the likelihood that control activities will operate effectively. A STRONG CONTROL ENVIRONMENT DOES NOT ENSURE THE EFFECTIVENESS OF THE OVERALL INTERNAL CONTROL SYSTEM.
- Risk assessment process - Allows the auditor to follow up on business risks identified by the entity and to consider the impact of these business risks on the financial statements
Highlights risks which the entity has failed to detect, identifying possible uncontrolled risks and weaknesses in the internal controls - Information systems - Determines how the entity’s accounting records and financial statements are produced
Helps assess the quality of the information systems to determine the integrity of the financial statements - Control activities - Helps assess whether control activities effectively mitigate the risks identified and helps reduce ROMM
- Monitoring of controls - Allows the auditor to consider the likelihood that control activities will continue to operate effectively to reduce ROMM.
How will an auditor gain an understanding of the information systems?
- Enquiries within the entity’s employees
- Inspection of the entity’s procedural and systems manual
- Observation of the system in operation
- Inspection of the prior year audit file
- Inspection of the prior year management letter to see whether any improvements were suggested and whether the entity has implemented any of the recommendations
Auditor must document their understanding of information systems.
What is a walkthrough?
Where the auditor selects one or more transactions relating to a specific system and follows them through the system from initiation to settlement and reporting.
Can identify where controls are not working or ineffective. Walkthrough is not a test of control
What are the three steps an auditor must perform in relation to the entity’s control activities to determine whether or not they can be relied upon?
- Identify key controls - A key control is control that mitigates the ROMM and that the auditor intends to rely on.
- Assess the design of key controls - whether it has been designed effectively
- Test whether key controls operated effectively throughout the year - A well designed control will be ineffective if it is not applied, how well does it work in practice.
What is a test of control?
Audit procedures performed by the auditor to determine whether the control activities operated as documented throughout the period under review.
What can tests of control involve?
- Enquiring of staff to confirm the operation of a control activity. Low reliability from staff as they can not tell the truth.
- Inspection of documents or evidence of management controls. High reliability, original documentation will evidence how the control was performed.
- Observing procedures and control activities being performed. Medium reliability, staff are more likely to perform a control effectively when being observed.
- Re-performance of procedures by auditor. High reliability, agreement between how the auditor and client performs a control indicate it is performed effectively.
What does a well written test control consist of?
A testing technique (enquiry, observation, inspection or re-performance)
The control activity being tested
What is being checked
If the stock count is performed at the year end, what can an auditor do?
- Confirm the integrity of the controls that management has in place over the systems to record stock quantities and conditions
- Perform tests of control over the stock count
- Perform substantive procedures over the completeness and existence of the stock balance
The auditor will also observe how the entity performs the stock count to check procedures are being followed and are in accordance with the design of the control activity
What is floor-to-sheet testing and why is it carried out?
Select a sample of stock items from the warehouse floor and agree that they are included on the stock listing.
Done to check that all stock items in the warehouse are included in the stock records and the records are complete
What is sheet-to-floor testing?
Select a sample of stock from the stock listing and agree that they are held in the warehouse
To check that all stock items on the stock records exist in the warehouse and that stock is not overstated.
Is the value of an error important?
No, as it is the procedure being tested and not the amount of the transaction or balance.
Explain localising errors
Error can be localised to a particular period (if it only occurred when a certain staff member was on holiday). If it can’t be localised then it hasn’t operated efficiently throughout the year.
