Tests of controls are audit procedures performed to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level.
An auditor might use inspection of documents, observation of specific controls, reperformance of the control, or other audit procedures to gather evidence about.
Designing Tests of Controls
Assessing control risk requires the auditor to consider the design of controls to evaluate whether they should be effective in meeting transaction-related audit objectives.
Some evidence will have been gathered in support of the design of the controls, as well as evidence that they have been placed in operation, during the understanding phase.
To use specific controls as a basis for reducing assessed control risk, however, specific evidence must be obtained about their operating effectiveness throughout all, or at least most, of the period under audit.
The procedures to test the effectiveness of controls in support of a reduced assessed control risk are called tests of controls.
Designing tests of controls involves the following;
- Nature of tests.
- Timing of tests.
- The extent of tests.
These are explained below;
1. Nature of Tests
As to the nature of tests Of controls, the auditor’s has the following choices:
- Task Reperforming.
Let’s look at the nature of test choices briefly.
Inquiring designed to determine;
- an employee’s understanding of his/her duties,
- the individual’s performance of those duties, and
- the frequency, causes, and disposition of deviation. Unsatisfactory answers from an employee may indicate an improper application of control.
Observing the employee’s performance provides similar evidence.
Inspecting documents and records is applicable when there is a transaction trail of performance in the form of signatures and validation stamps that indicate whether the control was performed and the individual who performed it.
4. Task Reperforming
Reperforming a control by the auditor provides the best evidence of its effectiveness.
In performing the tests, the auditor selects the procedure that will provide the most reliable evidence about the effectiveness of the control policy or procedure. No one test of controls is always applicable or equally effective in providing evidence.
2. Timing of Tests
The timing of the test of controls refers to when they are performed and the part of the accounting period to which they relate.
An additional test of control is performed during interim work, which may be several months before the end of the year under audit.
These tests therefore only provide evidence of the effectiveness of controls from the beginning of the year to the date of the tests.
From the standpoint of audit efficiency, the tests of controls should be performed as late in the interim period as possible.
3. Extent of Tests
The extent of tests of controls is directly affected by the auditor’s planned assessed level of control risk.
More extensive tests controls will ordinarily provide more evidence of the operating effectiveness of a control policy or.. procedure than less extensive tests.
More extensive testing will be needed for a low assessed level of control risk than for a moderate assessed level of control risk.
The extent of additional testing will also be affected by the intended use of_evidence about the effectiveness of prior audits.
Moreover, before using evidence from prior audits, the auditor should ascertain whether there have been any significant changes in the design or operation of the control policies and procedures since the prior tests.
The Relationship between Test of Controls and Assessing Control Risk
The relationship between a test of controls and assessing control risk is that the planned test of controls is performed during fieldwork and should provide evidence of the proper and consistent application of a control policy or procedure throughout the entire year under audit.
They are not ordinarily performed under the primarily substantive approach.
However such tests are performed when, based on the favorable result from a concurrent test of controls the auditor decides to switch from the primarily substantive to the lower assessed level of control risk approach.
In this circumstance, the tests are sometimes called additional tests of control.
They are performed only when it is likely that additional evidence will be obtained to lower the initial assessment of control risk and it is cost-effective to do so.
These tests are also performed as part of an initial lower assessed level of control risk strategy for specific assertion and they are performed to support the initial planned assessed level of control risk of moderate or low and the corresponding planned level of substantive tests.
Using Internal Auditors in Test of Controls
Companies with many divisions usually employ internal auditors.
Whenever a client has an internal audit function, the auditor may help in the following:
- Coordination of Audit Internal Auditors.
- Direct Assistance.
1. Coordination of Audit Internal Auditors
Internal auditors will usually monitor internal control structure policies and procedures in each division or branch as part of their duties.
The monitoring may include periodic reviews.
In such a case, the auditor may coordinate work with the internal auditors and reduce the number of entity locations at which the auditor would otherwise perform tests of controls.
In coordinating work with internal auditors, it may be efficient for the auditor to;
- have periodic meetings with the internal auditors,
- review their work schedules,
- obtain access to their working papers, and
- review internal audit reports.
When there is coordination of the work, the auditor should evaluate the quality and effectiveness of the internal auditors’ work.
2. Direct Assistance
The auditor may request internal auditors to provide direct assistance in performing tests of controls. In this case, the auditor should:
- Consider the internal auditors’ competence and objectivity, and supervise, review, evaluate, and test the work performed.
- Inform the internal auditors of their responsibilities, the objectives of procedures they are to perform, and matters that may affect the nature, timing, and extent of the tests.
- Inform the internal auditors that all significant accounting and auditing issues identified during their work should be brought to the external auditor’s attention.