Topic 8- Sufficient and appropriate evidence Flashcards
The auditor should obtain audit evidence to be able to draw reasonable conclusions on which to base the audit opinion
what qualities should the audit evidence have and it’s breakdown (names)
audit evidence should be
1) sufficient
2) apropriate
Sufficient= Quantity
Appropriate= Quality
- > Reliable (source of information)
- > Relevant (to be relevant the procedures needs to meet the objective or purpose- proving assertions)
What affects SUFFICIENT audit evidence?
i.e. what influences it
✓ the nature of the item (more judgemenetal then more suppoert)
✓ the adequacy of internal control (if we can rely on the controls, it will reduce the amont of work)
✓ the nature or size of the business carried on by the entity e.g. number of locations
✓ situations which may exert an unusual influence on management (pressure to perform well and therefor eincrease the risk of mang biaase)
✓ the financial position of the entity (loan/gearing leads to restrictions on terms of borrowing)
✓ The materiality of the item (more material it is the more we need to do to increase testing so it’s not materially misstated)
The auditor’s knowledge and experience of the business i/e The experience gained during previous audits (i.e. if we experienced issues in the past in certain areas then we need to increase the testing to check there are no issues this year)
✓ The results of auditing procedures, including fraud or error which may have been found (extend and increase samples to find evidence there arent more)
✓ The type of information available ( if it is an external source, the more reliable it is then the lower the quantity you need (highlights the link between sufficient and reliable)
✓ The trend indicated by accounting ratios and analysis. (if it is in line with the expectation then reduce the amount of evidence needed)
The risk of material misstatement (the more risky the more evidence is required as there is a higher risk of misstatement)
The size of a population being tested
The size of the sample selected to test
The reliability of the evidence obtained.
what are examples of less reliable evidence
obtained from inside the entity
obtained indirectly or by inference
oral representation
photocopy of a document
client generated evidence
what are examples of reliable evidence
obtained from independent sources outside the entity
obtained directly by the auditor
exists in documentary form
original document
written is more reliable than spoken
what are the two sources of sufficient appropriate evidence?
Tests of control
Substantive procedures
what is definition of test of control
Tests of control are Procedures designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting material misstatement. at an assertion level
CAAT- Test Data
what is definition of substantive procedures
and the two types AND it’s definition
Substantive procedures are designed to detect material misstatement at the ASSERTION level.
They include
1) Tests of detail; ..testing specific transactions, balances, disclosures etc
2) substantive analytical procedures….Comparing this year with last year, actual verse budget, meeting expectations (CAAT Audit Software)
what are the 7 types of audit procedures/work
AEIOU
Analytical procedures (Compare- PY/Budget/Industry)-nalysis of plausible relationships between data.
Enquiry of knowledgeable parties
Inspection- records, documents
Observation- of processprocedures
Re-calculation- to confirm numberical accuracy
Re-performance- by auditor of procedure or control
Confirmation
+ CAAT
what is enquiry
Enquiry consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or outside the entity.
the results of enquiries usually need to be corroborated
what is inspection
Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or a physical examination of an asset.
it may give direct evidence of existence of asset, ownership, control operation, about cut off, valuation etc
what is observation
Observation consists of looking at a process or procedure being performed by others.
may provide evidence that a control is being operated
what is recalculation
Recalculation consists of checking the mathematical accuracy of documents or records.
Recalculation may be
performed manually or electronically.
what is reperformance
Includes Re-performing management or accounting procedures (e.g. reconciliations) that were originally performed as part of the entity’s internal control.
what is confirmation
Usually consist of obtaining confirmation regarding a Specific form of enquiry, for example balances or representations made by management directly from an external third party
Management is responsible for the preparation of FS which give a true and fair view
For each item in the FS, management are making assertions about two things
what are they
1) Transactions and event (SOP/L)
2) Account balances (SOFP)
What are the assertions made for Transactions and events (SOP/L)
6 lists
1 Completeness 2 Occurrence 3 Cut off 4 Accuracy 5 Presentation 6 Classification
What are the assertions made for Account balances (SOFP)
6 lists
1 Existence
2 Rights and obligations ( Right to use the assets and obligation to pay something over others)
3 Completeness
4 Valuation/Accuracy & Allocation (Assets, Liabilities and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded)
5 Classification
6 Presentation
The sutability of this approach of testing the assertions depends on ..
- The assertions being tested (maybe good for valuation, bad for existence)
- The reliability of the data (unsuitable if controls are weak as numbers could be wrong)
- The degree of precision possible (more suited to regular transactions than one off items)
- The amount of variation which is acceptable (some numbers in financials require greater accuracy than other
What is the definition of audit sampling
Sampling involves selecting items for testing where all items have a chance of selection
The application of audit procedures to less than 100% of items within a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population.’
when is audit sampling not appropriate?
AND Which THREE of should be considered when deciding whether to use sampling?
- Population is small
- All transactions in a particular area are of great monetary significance
- population is non homogeneous
Second Q
○ Appropriateness of the population for the purpose of the test
○ The size of the population
○ Completeness of the population
what is sampling risk
This is the possibility that the auditors’ conclusions, based on a sample, may be different from the conclusion that would be reached if the entire population was tested.
an auditor must choose between statistical and non statistical sampling
what is statistical sampling and it’s characteristics?
Has the following characteristics:
i. Random selection of the sample items, and
ii. The use of probability theory to evaluate sample results, (including measurement of sampling risk).
Statistical sampling allows each sampling unit to stand an equal chance of selection.
an auditor must choose between statistical and non statistical sampling
what is non- statistical sampling?
Any other sampling approach that is not statistical sampling is non statistical sampling
Non statistical sampling requires the auditor to us judgement to select the sample items to be presentative of the population
what are the 5 types of sampling methods
statistical
non- statistical
Statistical:
1) random selection
2) systematic selection
3) monetary unit sampling
Non statistical
4) haphazard selection
5) block selection
what is the definition of random selection
Ensures each item in a population has an equal chance of selection, for example, by using
random number generators or tables.
what is the definition of systematic selection
Systematic selection – This involves selecting a sample of every nth term
e.g. a constant sampling interval, such as every 40th item being selected,
the starting point for testing is determined randomly.
what is the definition of monetary unit sampling and where is this most often used? Substanative or TOC
This is similar to systematic sampling but instead of the nth it uses value weighted selection - number of items in the population doesn’t impact it.
The method of sampling is a value-weighted selection whereby sample size, selection and evaluation will result in a conclusion in monetary amounts.
The steps involved in monetary unit sampling are to:
determine a sample size
select the sample
perform the audit procedures
evaluate the results and arriving at a conclusion about the population.
monetary unit sampling skews the selection towards picking larger
values and therefore more signifcant items for you to check.
Often used in test of control
what is the definition of haphazard sampling (non statistical)
Haphazard selection – Here the auditor selects the sample without following a structured technique. E.g. opening a file at random and selecting an invoice
The auditor must ensure that no conscious bias or predictability arises and this method is not appropriate when using statistical sampling.
e.g. selecting a random month and taking that sample
what is the definition of block selection (non statistical) where is this most often used?
Block selection – This involves selection of a block(s) / continuous (run)of items from within the population.
An example of block selection is where the auditor may examine all the remittances from customers in the month of January. Similarly, the auditor may only examine remittance advices that are numbered 300 to 340
Block selection cannot ordinarily be used in audit sampling because most populations are structured such that items in a sequence can be expected to have similar characteristics to each other, but different characteristics from items
elsewhere in the population.
most useful in test of control
how does the auditor evaluate the sample results
auditor carries out audit procedures on each item selected and documents the results.
errors identified in the sample are then projected across the population as a whole
Before RELYING on the work of internal audit, the external auditor must assess the effectiveness of the internal audit function and assess whether the work produced by the internal auditor is adequate for the purpose of the audit.
What 5 characteristics are looked at to assess reliableness of the IA
and if they lack these then their work cannot be relied on
Organizational status Objectivity Competence Professional due care communication
ORGANISATIONAL STATUS (who they report to (those charged with gov instead of FD)
- -> are their opinions valued + recommendations taken
- -> and relevant policies and procedures support the OBJECTIVITY of the internal auditors.
- ->The technical competence of IA staff should be considered. Consideration should be given to whether they are members of a professional body and have relevant qualifications and experience.
The technical COMPETENCE of the internal audit function.
- -> Enough resources?
- ->established policy for hiring/training internal auditors
- ->relevant professional qualifications and experience/ part of a professional body which requires continued professional development?
- -> whether they have knowledge of the entitys FR and applicable FR framework
PROFESSIONAL DUE CARE-Whether the internal audit function applies a systematic and disciplined approach.
- -> Application of quality control standards such as those in ISQC 1
- -?> Is their work planned?
- ->The external auditors should consider if the IA department have exercised due professional care, the work would need to have been properly planned including detailed work programmes, supervised, documented and reviewed. The external auditor is looking for a systematic and disciplined approach.
COMMUNICATION-In order to place reliance there needs to be effective communication between the internal auditors and the external auditor. This is most likely to occur when the IA department is free to communicate openly and regular meetings are held throughout the year
Many companies use service organisations to perform business functions such as
✓ Payroll ✓ Accounting ✓ Factoring ✓ Internal audit ✓ Pension management
If a company uses a service organisation, audit evidence will need to be obtained from the service organisation instead of, or in addition to, the client. This needs to be considered when planning the audit.
the auditor will need to firstly what? 2 points
- Obtain an understanding of the service organisation sufficient to identify and assess the risks of material misstatement.
2Design and perform audit procedures responsive to those risks.
to obtain an understanding of external organisation and the risk of material misstatements, the auditor needs to understand what basic things about this org?
*** Must learn
.Nature of the services provided and their effect on internal controls.
Nature and materiality of the transactions to the entity.
Level of interaction between the activities of the service organisation and the entity.
Nature of the relationship between the service organisation and the entity including contractual terms.
what other issues does the auditor need to consider when using a service organisation
Reputation of the service organisation.
Existence of external supervision.
Extent of controls operated by service provider.
Experience of errors and omissions.
Degree of monitoring by the user.
to obtain an understanding of external organisation and the risk of material misstatements, the data can be obtain through what?
*** Must learn
✓ inquiries with client
✓ confirmation from the service organisation and their auditors
✓ visits to the service organisation
✓ type 1 or type 2 report from the service organisation’s auditor
what is type 1 report
A Type 1 report is management’s description of a service organization’s system and a service auditor’s report on that description and on the suitability of the design of controls.
A Type 1 report provides a description of the design of the controls at the service organisation prepared by the management of the service organisation. It includes a report by the service auditor providing an opinion on the description of the system and the suitability of the controls.
what is type 2 report
A Type 1 report is management’s description of a service organization’s system and a service auditor’s report on that description and on the suitability of the design of controls.. A Type 2 report goes a step further, where the service auditor also reports on the operating effectiveness of those controls.
A Type 2 report is a report on the description, design and operating effectiveness of controls at the service organisation. It contains a report prepared by management of the service organisation. It includes a report by the service auditor providing an opinion on the description of the system, the suitability of the controls, the effectiveness of the controls and a description of the tests of controls performed by the auditor.
The auditor should determine whether sufficient appropriate evidence is available from the client and if not, perform further procedures or use another auditor to perform procedures on their behalf.
If controls are expected to operate effectively..what do you do
obtain a type 2 report
perform tests of controls at the service organistion
use another auditor to perform tests of control
what does relevant evidence mean
Relevance means the evidence relates to the financial statement assertions being tested. [ISA 500, A27]
For example, when attending an inventory count, the auditor will:
Select a sample of items from physical inventory and trace them to inventory records to confirm the completeness of accounting records
Select a sample of items from inventory records and trace them to physical inventories to confirm the existence of inventory assets.
Whilst the procedures are similar in nature, their purpose (and relevance) is to test different assertions regarding inventory balances.
In order to be able to rely on client’s controls the auditor will need to:
list the proceess
Ascertain how the system operates
Document the system in audit working papers
Test the operation of the system
Assess the design and operating effectiveness of the control system
Determine the impact on the audit approach for specific classes of transactions, account balances and disclosures.
what is test of detail
to verify individual transactions and balances.
A test of detail looks at the supporting evidence for an individual transaction such as inspection of a purchase invoice to verify the amount/date/classification of a specific purchase. If there are 5000 purchase invoices recorded during the accounting period, this one test of detail has only provided evidence for one of those transactions.
what is Substantive analytical procedures and examples
Analytical procedures consist of evaluation/comparing of financial information through analysis of plausible relationships among both financial and non-financial data.
It helps identify unusual relationships or variances that could indicate fraud or error. Results of analytical reviews need to be corroborated by each forms of test
e.g. comparing this year with last year, actual verse budget, meeting expectations (CAAT Audit Software)
An analytical procedure would be used to assess the reasonableness of the purchases figure in total. For example, calculating the percentage change in purchases from last year and comparing this with the percentage change in revenue to see if they move in line with each other as expected.
The analytical procedure is not looking at the detail of any of the individual purchases but at the total figure. It is possible that there are a number of misstatements within the purchases population which would only be discovered by testing the detail as they may cancel each other out. An analytical procedure would not detect these misstatements.
e.g. proof in total/comparisons
The auditor must always carry out substantive procedures on what items.
MATERIAL
In some circumstances the auditor may rely solely on substantive testing
What are these?
: The auditor may choose to rely solely on substantive testing where it is considered to be a more efficient or more effective way of obtaining audit evidence, e.g. for smaller organisations.
The auditor may have to rely solely on substantive testing where the client’s internal control system cannot be relied on.
There are two types of external expert an auditor may use:
who are the two types
(1) Management’s expert – an employee of the client or someone engaged by the audit client who has expertise that is used to assist in the preparation of the financial statements.
(2) Auditor’s expert – an employee of the audit firm or someone engaged by the audit firm to provide sufficient appropriate evidence.
e. g. valuers, lawyers, actuaries
when do you suggest to use an external expert
only if it is a relevant procedure
If the auditor lacks the required technical knowledge to gather sufficient appropriate evidence to form an opinion, they may have to rely on the work of an expert.
The valuation of complex financial instruments, land and buildings, works of art, jewellery and intangible assets.
Actuarial calculations associated with insurance contracts or employee benefit plans.
The estimation of oil and gas reserves.
The interpretation of contracts, laws and regulations. The analysis of complex or unusual tax compliance issues.
can be court cases
The auditor must determine if the expert’s work is adequate for the auditor’s purposes. [ISA 620, 5b]
To fulfil this responsibility the auditor must evaluate whether the expert has the necessary ..qualities (list 4)
competence, capability and objectivity for the purpose of the audit. [ISA 620, 9]
independent
objective
competent
experienced
Using the Work of an Auditor’s expert requires auditors to evaluate the competence, capabilities including expertise and objectivity of a management expert.
This would include consideration of the qualifications of the expert and assessment of whether they were members of any professional body or industry association. (obtain and inspect)
In addition, the auditor should meet with the expert and discuss with them their relevant expertise. Also consider whether they understand the accounting requirements (after getting permission of the client)
The expert’s independence should be ascertained, with potential threats such as undue reliance on a particular company or a self-interest threat such as share ownership considered.
Scope of the work will be documented, giving a general outline, intended user, the extent to the experts access to information and information regarding the assumptions and methods intended to be used by the expert.
The information provided by the expert should then be evaluated. The assumptions used should be carefully reviewed and compared to previous revaluations. These assumptions should be discussed with both management and the expert to understand where the misstatement has arisen.
Once the auditor has considered the above matters they must then obtain written agreement from the external expert of the following:…?
1) agreeing work
2) evaluating work
what is agreeing the work of external expert
** must learn
The nature, scope and objectives of the expert’s work.
The roles and responsibilities of the auditor and the expert.
The nature, timing and extent of communication between the two parties.
The need for the expert to observe confidentiality.
when evaluating the work of external expert, what must the auditor consider? 3 things
** must learn
In particular, the auditor should consider:
The relevance and reasonableness of the findings and consistency with other evidence.
relevance and reasonableness of assumptions
relevance and completeness and accuracy of source data
PROFESSIONAL DUE CARE- What does evaluating approach consist of
Evaluating the systematic and disciplined approach [ISA 610, A11]
Existence, adequacy and use of internal audit procedures and guidance.
Application of quality control standards such as those in ISQC 1.
what is considered when evaluating /assessing the work of internal audit
** must learn
The work was properly planned, performed, supervised, reviewed and documented.
Sufficient appropriate evidence has been obtained.
The conclusions reached are appropriate in the circumstances and VALID
The reports prepared are consistent with the work performed.
To evaluate the work adequately, the external auditor must reperform some of the procedures that the internal auditor has performed to ensure they reach the same conclusion AND they should perform audit procedures on that work to confirm it’s adequacy for auditing purposes
IA can provide direct assistance to EA under their SUPERVISION and REVIEW
Where it is agreed that the internal auditor can provide direct assistance: what other things must be considered when having IA assistance
** must learn
Management must agree to NOT intervene in that work
Competence and objectivity of the IA must be considered
The internal auditors must provide written confirmation that they will keep the external auditors information confidential.
external auditor will provide direction, supervision and review of the internal auditor’s work
external auditor should remain alert to the risk that IA is NOT objective or competent
- cannot be provided where laws and regulations prohibit such assistance e.g. uk
- must not do work which involves significant judgement, a high risk of material misstatement or with which the IA has been involved
Planned work must be communicated with those charged with governance so agreement can be made that the use of the IA is not excesisve
regarding the work with IA for the audit, the auditor should document what
▪ The evaluation of the internal auditor’s objectivity and competence.
▪ The basis for the decision regarding the nature and extent of the work performed by the internal auditor.
▪ The name of the reviewer and the extent of the review of the internal auditor’s work.
▪ The written agreement of management mentioned above.
The working papers produced by the internal auditor.
Where it is agreed that the internal auditor can provide direct assistance:
what 4 things are done
▪ Management must agree in writing that the internal auditor can provide such assistance and that they will not intervene in that work.
▪ The internal auditors must provide written confirmation that they will keep the external auditors information confidential.
▪ The external auditor will provide direction, supervision and review of the internal auditor’s work.
▪ During the direction, supervision and review of the work, the external auditor should remain alert to the risk that the internal auditor is not objective or competent.
What is Test Data and how is it done
It is a test of control
Test data involves the auditor submitting ‘dummy’ data into the client’s system to ensure that the system correctly processes it and that it prevents or detects and corrects misstatements.
The assurance provider supervises the process of running data through the clients system. To do this the auditor
would have to:
▪ Note controls in the clients system
▪ Decide upon the test data
what are the disadvantages of using Live and Dead test data
Live tests could interfere with the operation of the system or corrupt master files/standing data.
Dead testing avoids this issue but only gives assurance that the system works when not operating live. This may not be reflective of the strains the system is put under in normal conditions.
what are advantages of test data
Enables the auditor to test programmed controls which wouldn’t otherwise be able to be tested.
Once designed, costs incurred will be minimal unless the programmed controls are changed requiring the test data to be redesigned.
what are disadvantages of test data
Risk of corrupting the client’s systems.
Requires time to be spent on the client’s system if used in a live environment which may not be convenient for the client.
Use of copy files-
Clients tend to provide the auditors with copies of the system notes and any other relevant information. The problem here is do we know if those are the actual files?
what is audit software
This is software specifically designed for audit purposes. Audit software is used to interrogate a client’s system.
It is used to process the client’s data in order to check that the figures themselves are correct. It can therefore carry out a whole range of substantive procedure, across all sorts of different data
It can be either packaged, off-the-shelf software or it can be purpose written to work on a client’s system.
give examples of things that the audit software can do
▪ Extract a sample according to specified criteria ✓ Random ✓ Over a certain amount ✓ Below a certain amount ✓ At certain dates
▪ Calculate ratios and select indicators that fail to meet certain predefined criteria (i.e. benchmarking)
▪ Check calculations ( for example additions )
Recalculation of amounts such as depreciation
▪ Prepare reports ( budget v actual)
▪ Produce letters to send out to customers suppliers
▪ Follow items through a computerised system
Identifying changes to standing data e.g. employee or supplier bank details
what are advantages of audit software
Calculations and casting of reports will be quicker.
More transactions can be tested as compared with manual testing.
The computer files are tested rather than printouts.
Can be cost effective once set up.
what are disadvantages of audit software
Bespoke software (specific to one client) can be expensive to set up.
Training of audit staff will be required incurring additional cost.
The audit software may slow down or corrupt the client’s systems.
If errors are made in the design of the software, issues may go undetected by the auditor.
-Lack of software documentation
If the company you are auditing cannot confirm all system documentation is available, then the auditors will be unable to do the tests effectively due to lack of understanding
what are some general advantages of CAAT
Enables the auditor to test more items volume of data more quickly.
The auditor is able to test the system rather than printouts.
The results of CAATs can be compared with other tests to increase audit confidence.
Audit tests can be performed more cost effectively. - as the same audit software can be used each year as long as the system doesn’t changed
The use of CAATs frees up audit team members to focus on judgemental and high risk areas, rather than number crunching.
CAATs results can be compared with traditional audit testing.- If these two sources agree, then overall audit
confidence will increase.
what are some general DISadvantages of CAAT
CAATs can be expensive and time consuming to set up.
Client permission and cooperation may be difficult to obtain.
Potential incompatibility with the client’s computer system.
The audit team may not have sufficient IT skills and knowledge to create the complex data extracts and programming required.
The audit team may not have the knowledge or training needed to understand the results of the CAATs.
Data may be corrupted or lost during the application of CAATs.
CAAT’s will be limited depending on how well the computer system is integrated. The more integrated the better the use of CAAT’s . For example the whole accountancy package raises the invoices, processes and allocates. (Ensure you understand the system to assess whether audit software will be relevant for the company.)
The existing system may do some of the
functions of the CAAT, for example highlight old balances on receivables or obsolete inventory (Need to assess whether there is a need for the audit
software, due to the accounting system already doing it.)
what is data analytics tool
Data analytics (DA) is the science and art of discovering and analysing patterns, deviations and inconsistencies, and extracting other useful information in the data of underlying or related subject matter of an audit through analysis, modelling, visualisation for the purpose of planning and performing the audit.
what is big data and BD Technology
Big data refers to data sets that are large or complex. Big data technology allows the auditor to perform procedures on very large or complete sets of data rather than samples.
what factors affect/influence reliability of audit evidence
Audit evidence is more reliable when it is obtained from independent sources outside the entity.
Audit evidence that is generated internally is more reliable when the related controls imposed by the entity are effective.
Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or other medium. (For example, a written record of a meeting is more reliable than a subsequent oral representation of the matters discussed.)
Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles.
Evidence created in the normal course of business is better than evidence specially created to satisfy the auditor.
The best-informed source of audit evidence will normally be management of the company (although management’s lack of independence may reduce its value as a source of such evidence).
Evidence about the future is particularly difficult to obtain and is less reliable than evidence about past events.
Which procedure is more reliable?
Proof in total or recalculation
proof in total
The auditor’s report for High town will not need to refer to going concern uncertainties as it is a local government authority
TRUE OR FALSE
FALSE
An auditor’s report for a local government authority will need to refer to going concern uncertainties in the same way as for a company
why can we never completely rely on the clients internal system
✓ Human error in the use of judgement
✓ Processing a transaction and making errors
✓ Collusion with staff to cover up fraud or error
✓ Management override of transactions
if the clients control risk is low what approach could we take?
and what if the opposite
if good- we could reduce the substantive work (though still have to do some)
if the CR is high then we have to take a substantive approach
what are some general problems of auditing computer system (IT)
1) Lack of primary records (difficult to trace the source documents as everything is held in those computers)
2) Concerntration of controls in the IT department
3) errors ( flagged by the computer)
4) program controls - passwords to different parts of the computer
5) overwriting of data
6) loss of audit trail- if there is an ability to delete transaction history
7) encoded data- held in a specific format/ ‘retrace’
what is an issue with auditing around the computer
why does it increase Audit Risk
This term means that the ‘internal’ software of the computer is not documented or audited by the auditor, but
the inputs to the computer are agreed to the expected outputs to the computer.
this increases the audit risk because the actual computer files and
programs are NOT TESTED.
Therefore no DIRECT evidence that
the programs are working as
documented
package programmes of audit software are designed to do what
Package programmes are generally designed to;
▪ read computer files
▪ select information
▪ perform calculations
▪ create data files, and
▪ print reports in a format specified by the auditor
what are some examples of test data for revenue
Input an order into the clients system that
would cause a customer to exceed their
credit limit.
The order should not be accepted, or should raise a query whether you are sure you wish to proceed. If this happens
then the auditors will have confidence the system is working properly.
Input a negative number of items on an order Ensures only positive quantities are accepted.
Input incomplete customer details The system should not process the order unless allinformation is completed
what are some examples of test data for purchase
Input an order from a supplier not on the
preferred supplier list
A query should be raised as to whether you want to proceed with this transaction
Input an order with an unauthorized staff ID The system should reject the process altogether or send the request through to an appropriate person for authorization
Input changes to the supplier standing data (their address, vat reg etc.) using the ID of someone who is not authorized to do so
The system should reject the process altogether or send the request through to an appropriate person for authorization
what are some examples of test data for payroll
Input a new employee up on the payroll
system using an unauthorized ID
The system should reject the process altogether or send the request through to an appropriate person for authorization
Input employee changes of detail using an unauthorized ID
The system should reject the process altogether or send the request through to an appropriate person for authorization
Input excess change for example increase
someone’s salary by $1,000,000 by someone authorized
The system should have parameters in place to question this amount, and maybe reject it due to it being outside the
normal range
what are some examples of test data for payables
Cast the payables ledger to ensure it agrees with the total on the payables control account
To ensure the completeness and accuracy of the items on the payables control account
Compare the balances to the credit limits to ensure they haven’t been exceeded
To check or violation of the system rules
Review the balances to ensure they don’t
exceed the total purchases for that supplier
To check for unreasonable items in the ledger
To review the payable days on a monthly
basis and compare to year
To obtain new / relevant statistical information
To form payable balances to show all
material items and select appropriate
sampling for testing.
To select specific items for the audit test.
To produce an aged payable analysis to assist with identification of old outstanding
balances
To assist in the payables valuation testing.
what kinds of work done by internet audit be used
the relevant of internal audit work
▪ Testing of the operating effectiveness of controls
▪ Substantive procedures involving limited judgement
▪ Observations on inventory counts (if the EA couldn’t attend all the locations then the EA may use the data for areas of lower risk or less material)
▪ Tracing transactions through the financial reporting information system
▪ Testing the compliance with regulatory requirements
▪ Audits or reviews of the financial statements of subsidiaries that are not significant components of a
group
There are two issues to consider; the ABILITY of internal audit to produce the documentation and the actual accuracy of the documentation itself
the ability of the internal audit department to PRODUCE the documentation can be determined by:
▪ Ensuring that the department has staff who have appropriate qualifications. Provision of a relevant qualification e.g. membership of a computer related institute would be appropriate.
▪ Ensuring that this and similar documentation is produced using a recognised plan and that the documentation is tested prior to use. The use of different staff in the internal audit department to produce and test documentation will increase confidence in its accuracy.
▪ Ensuring that the documentation is actually used during internal audit work and that problems with documentation are noted and investigated as part of that work. Being given access to internal audit reports on the inventory software will provide appropriate evidence.
There are two issues to consider; the ABILITY of internal audit to produce the documentation and the actual accuracy of the documentation itself
regarding ACTUAL documentation:
Regarding the actual documentation:
▪ Reviewing the documentation to ensure that it appears logical and that terms and symbols are used consistently throughout. This will provide evidence that the flowcharts, etc should be accurate.
▪ Comparing the documentation against the ‘live’ system to ensure it correctly reflects the system. This comparison will include tracing individual transactions through the systems.
Advantages of outsourcing Internal Audit
▪ Greater focus on cost and efficiency of the internal audit function
▪ Staff may be drawn from a broader range of expertise
▪ Risk of staff turnover is passed to the outsourcing firm
▪ Specialist skills may be more readily available
▪ Costs of employing permanent staff are avoided
▪ May improve independence
▪ Access to new market place technologies, e.g. audit methodology software without associated costs
▪ Reduced management time in administering an in-house department
Dis-advantages of outsourcing Internal Audit
▪ Possible conflict of interest if provided by the external auditors
▪ Pressure on the independence of the outsourced function due to, for example, a threat by management not to renew contract
▪ Risk of lack of knowledge and understanding of the organisation’s objectives, culture or business
▪ The decision may be based on cost with the effectiveness of the function being reduced
▪ Flexibility and availability may not be as high as with an in-house function
▪ Lack of control over standard of service
▪ Risk of blurring of roles between internal and external audit, losing credibility for both