ch11

Date post:18-Aug-2014
Category:
View:328 times
Download:6 times
Share this document with a friend
Transcript:

Modern Auditing:Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. BoyntonCalifornia Polytechnic State University at San Luis Obispo

Raymond N. JohnsonPortland State University

Chapter 11 Audit Procedures in Response to Assessed Risks: Tests of Controls

Chapter 11 Overview

Assessing Control RiskIn assessing control risk, the auditor must evaluate the effectiveness of : Design of internal controls Operation of internal controls

Steps in Assessing Control Risk

Process for Assessing Control Risk Consider Knowledge Acquired from Procedures to Obtain an Understanding

Identify Potential Misstatements

Process for Assessing Control Risk Identify Necessary Controls Nature of controls to prevent or detect and correct misstatements Nature of controls implemented by management Significance of each control Risk that designed controls may not operate effectively

Control Design for Specific Assertions Completeness Assertion Existence or Occurrence Assertion Valuation and Allocation Assertion Presentation and Disclosure Assertion

Identify Necessary Controls

Process for Assessing Control Risk Perform Tests of Controls Evidence about effectiveness of the design and operation of controls

Evaluate Evidence and Make Assessment Matter of professional judgment Identify strengths and deficiencies Express quantitatively or qualitatively

Strategies for Performing Tests of Controls in an IT Environment User Controls

Application Controls

General Controls and Manual Followup Procedures

Overview of Computer Controls

ComputerComputer-Assisted Audit Techniques (CAATs) Auditing through the computer Advantageous when: Significant part of internal controls is imbedded in a computer program Significant gaps in visible audit trail Large volumes of records to be tested

Types of CAATs Parallel Simulation Test Data Integrated Test Facility Continuous Monitoring of On-line Real-time Systems

Parallel Simulation versus Test Data

Continuous Monitoring of OnOnLine Real-Time Systems Real Continuous Monitoring Audit Hook Tagging Transactions Audit Log

Methodologies for Meeting the Second Standard of Fieldwork

Study Break1. This step in assessing control risk allows the auditor to consider the points at which errors or fraud could occur. A. Evaluate Evidence B. Perform Tests of Controls C. Identify Potential Misstatements D. Identify Necessary Controls C. Identify Potential Misstatements

Study Break2. This CAAT uses dummy transactions that are processed under auditor control by the clients computer system and the output is evaluated against expectations. A. Parallel Simulation B. Test Data C. Integrated Test Facility D. None of the above B. Test Data

Effects of Preliminary Audit Strategies Primarily Substantive Approaches

Lower Assessed Level of Control Risk

Designing Tests of ControlsDesigned to evaluate the operating effectiveness of a control concerned with: How the control was applied Consistency with which it was applied By whom it was applied

Nature of Tests of Controls Inquiries of entity personnel Inspection of items indicating performance of the control Observation of the application of the control Reperformance of the application of the control by the auditor

Timing of Tests of Controls One Occasion versus Multiple Occasions Timing Issues Interim Period Remaining Period Results from Prior Periods

Extent of Tests of Controls Nature of the Control

Frequency of Operation

Importance of the Control

Designing Tests of Controls Staffing Tests of Controls

Audit Programs for Tests of Controls

Dual-Purpose Tests

Additional Considerations Assessing Control Risk for Account Balance Assertions Affected by a Single Transaction Class Assessing Control Risk for Account Balance Assertions Affected by Multiple Transaction Classes

Account Balance Assertions and Transaction Class Assertions

Account Balance Assertions and Transaction Class Assertions

Documenting the Assessed Level of Control Risk Control Risk Assessed at the Maximum Only the conclusion is documented

Control Risk Assessed at Below the Maximum Basis for assessment must be documented

Communicating Internal Control Matters Internal Control Deficiency

Significant Deficiency

Material Weakness

Study Break3. While evaluating the operating effectiveness of a control, the tests of controls are concerned with all of the following except: A. How the control was applied B. The consistency with which it was applied C. When it was applied D. By whom it was applied C. When it was applied

Study Break4. Auditors are required to report a deficiency in internal controls to management and the audit committee when there is a(n): A. Internal Control Deficiency B. Significant Deficiency C. Material Weakness D. No Deficiencies B. Significant Deficiency and C. Material Weakness

Popular Tags:

Click here to load reader

Embed Size (px)
Recommended