ISA 9 kiểm tra kiểm soát

Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett Tests of

Chapter 9 Tests of Controls

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Tests of Controls

• Provides auditor with evidence to support their

assessment of control risk When control risk assessed

at less than high, necessary to gather evidence that controls are working This evidence is gathered via test

of controls.

• If control risk is assessed at high, auditor will not

undertake test of controls.

• Auditor selects most efficient and effective combination

of tests of controls, and substantive tests of

transactions and balances.

Learning Objective 1:

Assessing control risk

• To assess control risk as high, auditor must expect that substantive procedures alone will provide sufficient

appropriate evidence.

• Areas where substantive procedures alone may not

provide sufficient appropriate evidence include routine recording of significant classes of transactions, such as revenue or purchases These areas often highly

automated with little or no manual intervention.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Planning the scope of tests of controls

• Nature – if controls exist that the auditor expects to rely upon, undertake tests of these controls, otherwise undertake

substantive testing.

• Timing – to aid ability to meet deadlines and scheduling of staff, tests of controls sometimes scheduled before year-end Testing then extended (rolled forward) until year-end.

• Extent – the more the auditor relies on controls, the greater the extent of tests of controls For tests of controls related to documents, extent determined by reference to sampling

theory.

• Controls related to accounting routines (e.g bank

reconciliations) usually tested by re-performing a small

number.

Existence, Effectiveness and Continuity of

Controls

• For internal controls to provide audit evidence about risk

of material misstatements at the assertion level, the

auditor must collect audit evidence about the existence, effectiveness and continuity of controls.

• Evidence of existence of controls is usually gained

when auditor is evaluating control risk.

• Tests of controls are aimed at establishing their

effectiveness and continuity.

Learning Objective 2:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Aspects of internal control

Sufficiency and Appropriateness

• Dependent on the level of control risk the tests must support.

• The lower the planned assessed level of control risk, the greater the amount of testing that is required.

Learning Objective 3:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Others factors affecting sufficiency and

appropriateness

• Auditor should also consider:

– type and source of evidence

– timeliness

– interrelationship of evidence.

Effect of documentation of controls:

– inquiry of the control.

• If audit trail does exist:

– Inspect documentation for evidence of the control.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Relationship between tests of controls

and assertions

• When auditor’s assessment of material misstatement at assertion level includes an expectation that controls are operating effectively, the auditor should perform tests of controls to obtain evidence that the controls were

operating effectively at relevant times during the audit.

• Controls that relate to the control environment of a

company’s internal control system relate less directly to specific financial report assertions.

Assertions and testing control activities

• The information system, control activities and monitoring of controls are built around major flows of transactions and

events Possible to relate most tests of controls for these

elements to assertions about classes of transactions and

(iii) Accuracy – amounts and other data relating to recorded

transactions and events have been recorded appropriately

(iv) Cutoff – transactions and events have been recorded in the correct accounting period; and

(v) Classification – transactions and events have been recorded in the proper accounts.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Revenues, Receivables and Receipts

Key functions in typical sales cycle

• Order entry and order approval by credit department

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Typical credit sales flowchart

Typical cash collection flowchart

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Sales cycle — routine and non-routine

transactions

• Routine transactions:

– credit sales to customers, cash collections from

customers (flowcharts), usually strong control system, auditor considers (and usually undertakes) tests of

controls.

• Non-routine transactions:

– adjustments to sales, and provisions for doubtful debts Less well controlled Where material, auditor undertakes substantive testing.

Control objectives for sales system

• Controls are in place to ensure that:

– Occurrence – all sales recorded are bona fide

transactions for merchandise actually shipped to

customers;

– Completeness – all sales shipped are invoiced and

recorded in accounting records;

– Accuracy – invoices have been recorded correctly as to amount and summarised correctly;

– Cutoff – invoices have been recorded in correct period;

– Classification – sales classified in accordance with written policies.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Example of linking objectives to control policies and tests of controls for sales (Ref Table 9.4 p 411)

top of table 9.4

Special control

objectives

Common control policies and procedures

Tests of controls

• Occurrence – All sales

recorded are bona fide

• Select sample of sales transactions from sales journal (daily activity report), check for authorisation and trace

to shipping document file

• Inspect reconciliation

of shipments to invoices

Control objectives for cash receipt system

• Controls are in place to ensure:

– Occurrence – recorded cash receipts are for collection of receivables resulting from sales to customers of the

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Example of linking control objectives to control

policies to tests of controls: cash receipts (Ref.: Table

resulting from sales to

customers of the entity.

• Cash receipts matched

to specific sales invoices in posting to accounts receivable master file.

• Select a sample of entries in cash receipts journal and review evidence that matched

to specific sales invoices.

Types of misstatement in sales cycle

• Generally result of:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Expenditures, Payables and

Disbursements

• Expenditure cycle — all transactions and events

initiated when an entity acquires assets or services

used for cash or credit

• Auditors (and many entities) often separate this cycle into a number of sub-cycles, which reflect various types

of services and assets that can be acquired.

Learning Objective 5:

Sub-cycles in expenditures, payables and disbursements

• These sub-cycles are:

– payroll

– property, plant and equipment

– inventory

– income taxes

– selling and administrative expenses

– miscellaneous expenses paid from petty cash.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Key functions within the inventory

Typical purchases and cash payments

flowchart

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Control objectives for purchases

of inventory

• Controls are in place to ensure:

– Occurrence – all recorded purchases are bona fide

transactions in that they relate to goods or services

Example of Linking Control Objectives, Controls and

Test of Controls: Purchases

Special control

objectives

• Occurrence – All

recorded purchases are

bona fide transactions

in that they relate to

goods or services

authorised or received.

• Approval of purchase order

• Goods received are counted, inspected and compared to purchase order before acceptance

• Comparison of purchase order, receiving report and supplier’s invoice and recomputation of supplier’s invoice before recording liability

• Examine evidence of approved purchase and service orders

• Select a sample of order entries in purchases journal, trace back to vouchers and inspect for existence of supporting document including receiving report, ensuring agreement of details and indication of approval

From Table 9.6 (p 422-3)

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Control objectives in a cash

disbursements system

• Controls are in place to ensure:

– Occurrence – recorded cash disbursements are for goods

or services authorised and received;

– Completeness – all cash disbursements are recorded;

– Accuracy – cash disbursements are recorded correctly as

to amount;

– Cutoff – cash disbursements recorded in correct period;

– Classification – cash disbursements are recorded

correctly as to account.

Example of linking control objectives, controls and test of

controls: purchases : cash disbursements (Ref.: Table 9.7 p 423)

recomputed and voucher approved)

• Cheques signed only after viewing supporting

documentation and prior approval

• Supporting documentation cancelled and reference to cheque number

• Select a sample of cash disbursement transactions from cash payments journal and inspect supporting documentation for indication of checking, review and approval

• Observe and inquire about cheque preparation and signing and protection of unissued cheques

• For the sample of cash disbursement transactions inspect supporting documents for cancellation, cheque

number and endorsement

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Selling and Administrative Expenses

• Processing and related control policies and procedures for selling and administrative expenses are similar to those for purchases of inventory.

• Auditor will normally obtain comfort from cash

disbursement testing for inventory purchases and

perform minimal testing in this area.

• Analytical procedures (e.g comparing balance with

prior periods) widely used as a key type of testing.

Learning Objective 6:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Petty cash disbursements

• Petty cash disbursements are usually immaterial in

amount and therefore few, if any, audit procedures are applied to this area.

• Where the area is significant, emphasis is on ensuring appropriate procedures are in place to safeguard cash.

• The payroll function is usually audited in either of two ways (or best combination):

– focusing on analytical procedures (there are

disaggregated and strong relationships in this area, e.g comparing fortnightly payrolls);

– an emphasis is placed on tests of transactions over the payroll area with the key control being appropriate

segregation of duties in the hiring function, approval of time worked, payroll preparation and payroll distribution.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Tests of controls in payroll

• If tests of controls are necessary the following audit

procedures may be undertaken:

– authorisation by supervisors of time worked;

– check signed time cards/sheets;

– check use of approved pay rates (personnel department);

– check for reasonableness, compared with awards.

Interest, rent, lease and insurance

payments

• Auditor usually takes a more substantive approach,

which includes checking terms and conditions of

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Testing Controls in Client Computer

Programs

• Separate techniques have to be developed for testing programmed controls These are:

– test data

– integrated test facility

– controlled processing, reprocessing or parallel processing

– review program code and results of job processing.

Learning Objective 7:

Test data

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Integrated test facility

Auditing through computer –

processing client data

• Controlled processing – auditor establishes control over processing of client’s data;

• Controlled reprocessing – auditor reprocesses client

data;

• Parallel processing – simultaneously processes client data through client and auditor programs.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Auditing through computer –

other approaches

• Program code review — involves reviewing relevant

code line by line, considering whether processing steps and control procedures are properly coded and logically correct.

• Review of job accounting data — involves reviewing

printed log of jobs, looking for excessive processing

time, abnormal halts, and etc.

Advanced CAATs

• Systems control audit review file (SCARF)

– audit modules embedded in programs to monitor

transaction activity.

• Snapshot

– transactions are tagged and then identified at certain

points during processing to see how program is treating them.

• Audit hooks

– points in program that allow auditor to insert commands for special processing.