Audit Plan and Program

Chapter 13

Five Types of Tests to Use

1. Procedures to obtain an understanding of controls

2. Tests of controls

3. Substantive tests of transactions

4. Analytical procedures

5. Tests of details of balances

Obtaining an Understanding

• Update prior information

• Make inquiries of personnel

• Examine documents and records

• Remember to document with flowchart, questionnaire, and/or narrative

• Make preliminary CR assessment

Tests of Controls

• Tests the effectiveness of controls

• May lead to change in CR and therefore the amount of substantive testing

• Procedures– Inquiries– Examination of documents and records– Observation of control activities– Reperformance of client procedures

• Generally done on a sample basis

Terminology Clarification

• Note: To many, substantive tests and tests of details are synonymous

• In this book, substantive tests are of transactions, tests of details are of balances

• I will use them synonymously

Substantive Tests of Transactions

• Any misstatement detected means the account is misstated

• The issue is materiality and tolerable misstatement

• Used to look at all of the management assertions

• Often performed at same time as tests of controls

Evidence for Transactions

• Documentation

• Inquiries

• Reperformance

• Rarely, but occasionally, confirmations

Analytical Procedures

• Compare results to expectations

• To do so, you must have some expectations!

• Can be performed on transactions as well as balances

• Should be drilled down to periodic figures

Detailed Tests of Balances

• Focus on ending balances in the general ledger

• Sometimes tested by way of a subsidiary ledger

• The issue is materiality and tolerable misstatement

• Used to look at all of the management assertions

• Generally on a sample basis, but audit software can achieve 100% testing

Evidence for Detailed Tests

• Confirmations

• Reperformance (footing, extensions)

• Physical examination

• Observation (contrary to book)

• Documentation

Which Types of Tests?

• Remember audit risk modelAR = IR x CR x DR

• If CR < 100%, must do tests of controls

• If client subject to 404, must test controls

• The lower the DR, the more tests of transactions and balances you must do

• Analytical procedures– Required during planning and conclusion– Can be a substantive test as well

IT Audits

• Many clients conduct business electronically (many don’t!)

• Think of an on-line catalogue order– Customer places order online– Pull ticket is sent to shipping electronically– Payment is processed online– Inventory is updated electronically

• Where’s the paper trail?

• EDI (Electronic Data Interchange)

Conducting an IT Audit

• Tests of controls are vital

• General versus Application controls

• Parallel simulations

• False data

• ACL and IDEA mine for data for substantive tests

Results of Tests• Control Tests

– Failure of control implies, but does not guarantee, incorrect amounts

– Failure rate above tolerable rate raises CR, increases substantive testing

• Substantive Tests– Any discovered errors mean amounts are

wrong– Amounts must be aggregated and

extrapolated– If upper limit of error is above tolerable

misstatement, adjustment is required

Review of Audit Planning

1. Client acceptance decision

2. Understand business and industry

3. Perform analytical procedures

4. Set materiality and assess risks

5. Test controls

6. Perform substantive tests

7. Propose adjustments

8. Final review, AP, and issue reports.