Illustrative Work-paper Template for Testing ROMM and Performing Walkthroughs

Form 18**S.1, Cash Overview

Risk of Material Misstatement Worksheet — Overview

GENERAL INSTRUCTIONSThis template has been developed to provide illustrative examples to assist the auditors in addressing the Risks of Material Misstatement (ROMM) for material classes of transactions and account balances. The pre-populated risks of material misstatement (i.e., "what could go wrong") and relevant control activities included within this template are derived from Appendix IV "Illustrative Risks of Material Misstatement, Related Control Objectives and Control Activities" of the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting. The substantive procedures responsive to the risks identified are are also illustrative.

TerminologyWithin this template, the term class of transactions refers to Statement of Profit and Loss accounts and account balance refers to Balance Sheet accounts. The term transaction type is used to describe an activity or series of activities that results in one or more classes of transactions, account balances, and disclosures.

Transaction Types, Relevant Assertions, or Risks of Material Misstatement Referenced to Other Audit Area DocumentationTo the extent that a relevant assertion or a transaction type is appropriately addressed and documented within documentation of another class of transactions, account balance, or disclosure ROMM template, redundant documentation is not necessary — although specific referencing is appropriate. Consider referencing, as appropriate, to other audit sections that document the risks of material misstatement, relevant control activities, and planned procedures to test the operating effectiveness of the control activities and substantive procedures.

Combining Risks Certain risks of material misstatement contain more than one risk; bullets are used to identify individual risks within the combined risk. These combined risks ordinarily are part of a single business process and have a common control that mitigates the risk of material misstatement for each of the individual risks. Depending on the circumstances of the entity (e.g., if the entity does not address the combined risks in a single business process or with a single control), you may need to separate the combined risks into individual risks.

ROMM Overview TabThis worksheet within the template is intended to be a “dashboard” presenting a summary of the audit plan for the account including the (1) relevant control activities and substantive procedures that address each risk of material misstatement and (2) related control design, implementation, and operating effectiveness conclusions. The dashboard provides internal linking between the summarised description and the more extensive description of the control activities and/or substantive procedures on subsequent worksheets within the template.

Form 18**S.1, Cash Overview

This template has been developed to provide illustrative examples to assist the auditors in addressing the Risks of Material Misstatement (ROMM) for material classes of transactions and account balances. The pre-populated risks of material misstatement (i.e., "what could go wrong") and relevant control activities included within this template are derived from Appendix IV "Illustrative Risks of Material Misstatement, Related Control Objectives and Control Activities" of the Guidance Note on Audit of Internal Financial Controls Over Financial Reporting. The substantive procedures responsive to the risks

account balance refers to Balance Sheet accounts. The term transaction type is used to describe an activity or series of activities that results in one or more classes of transactions, account balances, and disclosures.

To the extent that a relevant assertion or a transaction type is appropriately addressed and documented within documentation of another class of transactions, account balance, or disclosure ROMM template, redundant documentation is not necessary — although specific referencing is appropriate. Consider referencing, as appropriate, to other audit sections that document the risks of material misstatement, relevant control activities, and planned procedures to test the operating effectiveness of the control activities and substantive procedures.

Certain risks of material misstatement contain more than one risk; bullets are used to identify individual risks within the combined risk. These combined risks ordinarily are part of a single business process and have a common control that mitigates the risk of material misstatement for each of the individual risks. Depending on the circumstances of the entity (e.g., if the entity does not address the combined risks in a single business process or with a single control), you may need to separate the combined risks into individual risks.

This worksheet within the template is intended to be a “dashboard” presenting a summary of the audit plan for the account including the (1) relevant control activities and substantive procedures that address each risk of material misstatement and (2) related control design, implementation, and operating effectiveness conclusions. The dashboard provides internal linking between the summarised description and the more extensive description of the control activities and/or substantive procedures on subsequent worksheets within the template.

Form 18**S.1, Cash ROMM Overview

CASH AND BANK: Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure — ROMM Overview

Exis

ten

ce

Co

mp

lete

ness

Risk Description

Cash X X X X

Cash X

Account Balance/ Class of

Transactions/Disclosure

Assertion Name— Relevant Assertion

at the Period-End

Identification of Risk of Material Misstatement

("What Could Go Wrong")

Significant Findings or

Issues?

Risk of Material Misstatement Due to Fraud?R

igh

ts a

nd

O

bli

gati

on

s

Valu

ati

on

an

d

All

oca

tio

n

Classification of Inherent Risk

(Normal, Significant)

Risk Associated with the Control

(Not Higher, Higher)

Control That Addresses Risk of Material Misstatement

— Control Name

Control Design

Conclusion(Effective, Ineffective)

Control Implementation

Conclusion(Implemented,

Not Implemented)

Control OE Conclusion(Effective, Ineffective)

Note 1 Note 2 Note 3 Note 4 Note 5 Note 6 Note 7 Note 8 Note 9

Cash receipts:• Have been recorded (when there are non-existent cash receipts), or have been improperly recorded• Have not been recorded/applied• Are not accurately recorded.

Bank Statements Reconciled to General Ledger; Differences Investigated and ResolvedOn a daily basis, cash receipts recorded to the general ledger are agreed to bank deposit slips by accounting personnel. Discrepancies are investigated and resolved.

Cash exists in bank accounts that have not been recorded in the general ledger.

Bank Statements Reconciled to General Ledger; Differences Investigated and ResolvedAccounts personnel record bank account transactions to the general ledger on a daily basis; Accounts Manager (Management) reviews recorded transactions and cash position regularly for unusual activity and investigates and resolves issues on a timely basis.


Exis

ten

ce

Co

mp

lete

ness

Risk Description



Assertion Name— Relevant Assertion

at the Period-End

Identification of Risk of Material Misstatement

("What Could Go Wrong")

Significant Findings or

Issues?

Risk of Material Misstatement Due to Fraud?R

igh

ts a

nd

O

bli

gati

on

s

Valu

ati

on

an

d

All

oca

tio

n

Classification of Inherent Risk

(Normal, Significant)

Risk Associated with the Control

(Not Higher, Higher)

Control That Addresses Risk of Material Misstatement

— Control Name

Control Design

Conclusion(Effective, Ineffective)

Control Implementation

Conclusion(Implemented,

Not Implemented)

Control OE Conclusion(Effective, Ineffective)


Cash XNot all bank accounts have been recorded in the general ledger.

New bank accounts are only opened through the direction and approval of Board of Directors. When new bank accounts are approved and opened, finance personnel create the general ledger account and prepare the journal entry to record the initial balance in the account. Management reviews and approves the new general ledger account and journal entry, including supporting documentation, before the journal entry is recorded.


CASH AND BANK: Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure — ROMM Overview

Cash

Cash



Note 1

Substantive Procedures Planned

AND

AND

Note 10

Confirm Cash

Perform Tests of Details on Bank Reconciliations (Additive Items)

Perform Tests of Details on Bank Reconciliations (Subtractive Items)

Confirm Cash




Note 1

Cash

Substantive Procedures Planned

Note 10

Confirm Cash

Form 18**S.1, Cash Plan Control Testing

CASH AND BANK: Account Balance (Balance Sheet)/Class of Transactions (Statement of Profit and Loss)/Disclosure — Control Testing

Control Operating Effectiveness Testing

Strategy(Test in Current Period,

Using Prior Period Evidence, OE Testing Not

Required)

Operating Frequency(Annually, Quarterly, Monthly,

Weekly, Daily, Many Times per Day, As

Needed)Control

Automated?Application

System

Testing Reference

— IPE

Testing Reference — General IT Controls

Control That Addresses Risk of Material Misstatement— Description

Control Year Last

Tested

Is IPE Used in Testing or

Performing a Relevant Control?

List IPE

Reference to

Evaluation of D&I


Bank Statements Reconciled to General Ledger; Differences Investigated and Resolved

Bank statements are reconciled to the general ledger regularly and differences are investigated and resolved on a timely basis.

On a daily basis, cash receipts recorded to the general ledger are agreed to bank deposit slips by accounting personnel. Discrepancies are investigated and resolved.

Accounts personnel record bank account transactions to the general ledger on a daily basis; Accounts Manager (Management) reviews recorded transactions and cash position regularly for unusual activity and investigates and resolves issues on a timely basis.

New Bank Accounts Require Approval; Management Approves New GL Account and JE Prior to PostingNew bank accounts are only opened through the direction and approval of management. When new bank accounts are approved and opened, finance personnel create the general ledger account and prepare the journal entry to record the initial balance in the account. Management [Title/Role] reviews and approves the new general ledger account and journal entry, including supporting documentation, before the journal entry is recorded.

Form 18**S.1, Cash Plan Control Testing

CASH AND BANK: Account Balance (Balance Sheet)/Class of Transactions (Statement of Profit and Loss)/Disclosure — Control Testing

Control Operating Effectiveness Testing

Strategy(Test in Current Period,

Using Prior Period Evidence, OE Testing Not

Required)

Operating Frequency(Annually, Quarterly, Monthly,

Weekly, Daily, Many Times per Day, As

Needed)Control

Automated?Application

System

Testing Reference

— IPE

Testing Reference — General IT Controls

Testing Reference —

OE

Findings and Observations

(None Noted, Change to Plan, Deficiency,

Identified or Suspected Fraud,

Management Letter Comment, Material

Weakness, Significant Deficiency)

Control That Addresses Risk of Material Misstatement— Description

Control Year Last

Tested

Is IPE Used in Testing or

Performing a Relevant Control?

List IPE

Reference to

Evaluation of D&I

Planned Nature, Timing, and Extent of Procedures to Evaluate Operating Effectiveness (OE) of Controls

Note 8 Note 11 Note 12 Note 13 Note 14 Note 15 Note 16 Note 17 Note 18 Note 19 Note 20 Note 21

Bank Statements Reconciled to General Ledger; Differences Investigated and Resolved

Bank statements are reconciled to the general ledger regularly and differences are investigated and resolved on a timely basis.

On a daily basis, cash receipts recorded to the general ledger are agreed to bank deposit slips by accounting personnel. Discrepancies are investigated and resolved.

Accounts personnel record bank account transactions to the general ledger on a daily basis; Accounts Manager (Management) reviews recorded transactions and cash position regularly for unusual activity and investigates and resolves issues on a timely basis.

New Bank Accounts Require Approval; Management Approves New GL Account and JE Prior to PostingNew bank accounts are only opened through the direction and approval of management. When new bank accounts are approved and opened, finance personnel create the general ledger account and prepare the journal entry to record the initial balance in the account. Management [Title/Role] reviews and approves the new general ledger account and journal entry, including supporting documentation, before the journal entry is recorded.

Form 18**S.1, Cash Plan Substantive Testing

CASH: Audit Plan by Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure — Substantive Testing

Substantive Procedures Planned List IPE

Planned Extent of Substantive Testing[Risk (Not Significant) and Relying on Controls — Low

Extent of TestingRisk (Not Significant) and Relying on Controls — Normal

Extent of TestingSignificant Risk and Relying on Controls

Risk (Not Significant) and Not Relying on ControlsSignificant Risk and Not Relying on Controls]

Information Produced by the Entity(IPE)

Testing Reference — Substantive Procedures

Is IPE Used in

Performing Substantive

Testing?Application

System

Testing Reference

— IPENote 10 Note 22 Note 14 Note 15 Note 16 Note 20

Confirm Cash A. Obtain the schedule of bank accounts and the reconciliation of the schedule to the general ledger. Agree applicable amounts from the cash accounts schedule and reconciliation to the general ledger and trace significant reconciling items, if any, to supporting documents.

B. Make an audit sample of bank accounts. Obtain reconciliations of the selected accounts to the general ledger. For each selection, perform the following:(1) Prepare, or have the entity prepare, standard bank confirmation requests for the selected bank accounts. Mail the confirmation requests under our control, determine that the requests are properly addressed (i.e., obtain audit evidence about the accuracy and completeness of addresses provided by the entity), and request that all replies be sent directly to our office.(2) Send second requests for nonreplies.(3) Compare replies to the balance-per-bank in the bank reconciliations. Agree all other amounts reported in the replies to the general ledger or appropriate records. Prepare, or have the entity prepare, reconciliations of exceptions. Trace reconciling items to supporting documents.(4) For confirmations not received, trace outstanding items listed on the bank reconciliation to the subsequent month's bank statement and, for those not traced, trace to the cash disbursements records for the period prior to the balance sheet.









Is IPE Used in


Testing?Application

System

Testing Reference


C. Determine if there is a system or process in place that facilitates electronic confirmation between us and the confirmation respondent.(1) If we plan to rely on such a system or process, assess the design and operating effectiveness of the electronic and manual controls with respect to such process. a. An assurance trust services report or another auditors' report on such a process may assist us in assessing the design and operating effectiveness of the electronic and manual controls. i. Such a report would usually address risks related to the reliability of the information obtained through the confirmation process that we will use as audit evidence, including the risks that: • The information obtained may not be from an authentic source• A respondent may not be knowledgeable about the information to be confirmed• The integrity of the information may have been compromised.ii. If the above risks are not adequately addressed in the report, perform additional procedures to address such risks.(2) National Office has approved the use of Capital Confirmation Inc. (CCI), for electronic confirmations from banks that have designated CCI to process confirmation requests from auditors.

Perform Tests of Details on Bank Reconciliations (Additive Items)A. For those bank accounts selected in "Confirm Cash" procedure B, perform the following:(1) Make an audit sample of additive reconciling items and perform the following:a. Examine related accounting records, subsequent or current bank statements, bank credit advices, or other evidence, and determine that the selected items are properly included as additive reconciling items.









Is IPE Used in


Testing?Application

System

Testing Reference


Perform Tests of Details on Bank Reconciliations (Subtractive Items)A. For those bank accounts selected in "Confirm Cash" procedure B for the testing of the Existence assertion of cash, perform the following:(1) Make an audit sample of items from subsequent bank statements representing paid checks, bank debit advices, and other items that potentially should be subtractive items in the bank reconciliations items and perform the following:a. Examine related accounting records, subsequent or current bank statements, bank credit advices, or other evidence, and determine that the selected items are properly included as subtractive reconciling items.


CASH: Audit Plan by Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure — Substantive Testing








Is IPE Used in


Testing?Application

System

Testing Reference

— IPE


(None Noted, Change to Plan, Identified or Suspected Fraud,

Management Letter Comment, Misstatement)

Note 10 Note 22 Note 14 Note 15 Note 16 Note 20 Note 21

Confirm Cash A. Obtain the schedule of bank accounts and the reconciliation of the schedule to the general ledger. Agree applicable amounts from the cash accounts schedule and reconciliation to the general ledger and trace significant reconciling items, if any, to supporting documents.

B. Make an audit sample of bank accounts. Obtain reconciliations of the selected accounts to the general ledger. For each selection, perform the following:(1) Prepare, or have the entity prepare, standard bank confirmation requests for the selected bank accounts. Mail the confirmation requests under our control, determine that the requests are properly addressed (i.e., obtain audit evidence about the accuracy and completeness of addresses provided by the entity), and request that all replies be sent directly to our office.(2) Send second requests for nonreplies.(3) Compare replies to the balance-per-bank in the bank reconciliations. Agree all other amounts reported in the replies to the general ledger or appropriate records. Prepare, or have the entity prepare, reconciliations of exceptions. Trace reconciling items to supporting documents.(4) For confirmations not received, trace outstanding items listed on the bank reconciliation to the subsequent month's bank statement and, for those not traced, trace to the cash disbursements records for the period prior to the balance sheet.









Is IPE Used in


Testing?Application

System

Testing Reference

— IPE





C. Determine if there is a system or process in place that facilitates electronic confirmation between us and the confirmation respondent.(1) If we plan to rely on such a system or process, assess the design and operating effectiveness of the electronic and manual controls with respect to such process. a. An assurance trust services report or another auditors' report on such a process may assist us in assessing the design and operating effectiveness of the electronic and manual controls. i. Such a report would usually address risks related to the reliability of the information obtained through the confirmation process that we will use as audit evidence, including the risks that: • The information obtained may not be from an authentic source• A respondent may not be knowledgeable about the information to be confirmed• The integrity of the information may have been compromised.ii. If the above risks are not adequately addressed in the report, perform additional procedures to address such risks.(2) National Office has approved the use of Capital Confirmation Inc. (CCI), for electronic confirmations from banks that have designated CCI to process confirmation requests from auditors.

Perform Tests of Details on Bank Reconciliations (Additive Items)A. For those bank accounts selected in "Confirm Cash" procedure B, perform the following:(1) Make an audit sample of additive reconciling items and perform the following:a. Examine related accounting records, subsequent or current bank statements, bank credit advices, or other evidence, and determine that the selected items are properly included as additive reconciling items.









Is IPE Used in


Testing?Application

System

Testing Reference

— IPE





Perform Tests of Details on Bank Reconciliations (Subtractive Items)A. For those bank accounts selected in "Confirm Cash" procedure B for the testing of the Existence assertion of cash, perform the following:(1) Make an audit sample of items from subsequent bank statements representing paid checks, bank debit advices, and other items that potentially should be subtractive items in the bank reconciliations items and perform the following:a. Examine related accounting records, subsequent or current bank statements, bank credit advices, or other evidence, and determine that the selected items are properly included as subtractive reconciling items.

Form 18**S.1, Cash Notes

NOTES

Note 1 Account Balance/Class of Transactions/Disclosure Within this template, the term class of transactions refers to Statement of Profit and Loss accounts and account balance refers to Balance Sheet accounts. The term transaction type is used to describe an activity or series of activities that results in one or more classes of transactions, account balances, and disclosures.

Note 2 Relevant AssertionsThe assertions are considered at the class of transactions, account balance, and disclosure level. See the "Assertions" tab of this template for a description and examples of each assertion.NOTE: For a class of transactions ( Statement of Profit and Loss account), account balance (Balance Sheet account), or disclosure, if an assertion is not considered relevant, include documentation in the working papers explaining why the assertion is not relevant for that class of transactions, account balance, or disclosure.

Note 3 Risk of Material MisstatementFor the material classes of transactions, account balances, and disclosures [significant accounts and disclosures] identified, the auditor is required to identify risks of material misstatement at the relevant assertion level to provide a basis for designing and performing further audit procedures.Consideration of transaction types may be relevant to such identification and assessment of risks of material misstatement at the relevant assertion level for classes of transactions, account balances, and disclosures.


Note 4 Significant Findings or IssuesSignificant Findings or IssuesSignificant findings or issues represent matters of importance to the audit in planning, supervising, and reviewing the audit. These items are categorised as significant findings or issues to draw the attention of engagement leaders to them and to designate them as matters for which the audit partner is required to perform a primary review in addition to that of the manager. While a significant risk gives rise to an audit response that is incremental to that required for a normal risk, a significant finding or issue may not result in changes to the nature, timing, or extent of audit testing. However, significant findings or issues are separately identified in audit documentation (including planning ) and a more detailed review by the audit partner could be warranted.

Risks of material misstatement related to significant findings or issues, identified during planning and which affect the audit procedures performed, may result in customisation of one or all of the related risks of material misstatement, control activities, and/or the related substantive procedures described in this template.

Significant findings or issues for planning purposes include, but are not limited to, the following:

- Risks of material misstatement that are determined to be significant risks and the results of the auditing procedures performed in response to those risks- Matters that are significant involving the selection, application, and consistency of accounting principles, including related disclosures (e.g., new accounting pronouncements)- Accounting for complex or unusual transactions - Accounting estimates highly dependent upon judgment- Significant uncertainties- Matters that led to the classification of engagement risk as greater than normal or much greater than normal - Circumstances that cause us significant difficulty in applying necessary audit procedures.


Note 5 Classification of Inherent RiskAs part of the risk assessment, the auditor is required to determine whether any of the risks identified are, in their judgment, a significant risk. In exercising this judgment, they are required to exclude the effects of identified controls related to the risk. A significant risk is an identified and assessed risk of material misstatement that, in the auditor's judgment, requires special auditor consideration.

Risks of material misstatement related to significant risks may result in customisation of one or all of the related risks of material misstatement, control activities, and/or related substantive procedures described in this template.

In exercising judgment as to which risks are significant risks, the auditor is required to consider at least the following:- Whether the risk is a risk of fraud - Whether the risk is related to recent significant economic, accounting, or other developments and, therefore, requires specific attention- The complexity of transactions- Whether the risk involves significant transactions with related parties- The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty- Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.


Note 6 Risk of Material Misstatement Due to Fraud?The auditor is required to use professional judgment to determine whether a fraud risk factor is present and whether it is to be considered in assessing the risks of material misstatement of the financial statements due to fraud. There are certain risks that are presumed to exist on each audit engagement. The presumed risks due to fraud are revenue recognition and management override of controls.

The auditor is required to treat those assessed risks of material misstatement due to fraud as significant risks and accordingly, to the extent not already done so, he is required to obtain an understanding of the entity’s related controls, including control activities, relevant to such risks, and evaluate whether such controls have been suitably designed and implemented to mitigate such fraud risks.

Identifying potential fraud schemes may facilitate the evaluation of the design of relevant controls and the development of effective audit procedures.

Note 7 Risk Associated with the Control —

The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a material weakness would result.

If the risk of material misstatement associated with the related account(s) or assertions(s) is a significant risk, the risk associated with the control is higher.

Note 8 Identification and Documentation of Relevant Control Activities

Audit of Financial Statements along with Audit of Internal Financial Controls Over Financial Reporting (Integrated Audit)If an integrated audit is being performed, control activities that are relevant to the audit include those that address the assessed risks of material misstatement for each relevant assertion.

Nonintegrated AuditsThe auditor is required to obtain an understanding of control activities relevant to the audit, i.e. those that he judges necessary to understand in order to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks.

He is required to obtain an understanding of the process for reconciling detailed records to the general ledger for material classes of transactions and account balances.

Control activities that are relevant to the audit are:- Those that are required to be treated as such, being control activities that relate to significant risks and those that relate to risks for which substantive procedures alone do not provide sufficient appropriate audit evidence; or- Those that are in the auditor’s judgment considered to be relevant.

Relevant controls include:- Controls that address significant risks- Controls that address risks for which substantive procedures alone are not sufficient - Controls that the auditor plans to rely upon to reduce substantive testing- Controls over journal entries- Controls that the auditor believes are necessary to understand in order to plan substantive procedures as part of their further audit procedures to obtain sufficient appropriate audit evidence- Reconciliations of detailed records to the general ledger for material classes of transactions and account balances.

When obtaining an understanding of controls that are relevant to the audit, the auditor is required to evaluate the design of those controls and determine whether they have been implemented, by performing procedures in addition to inquiry of the entity’s personnel.

Note 9 Conclusion — Design, Implementation, Operating Effectiveness of ControlsWas a deviation or exception identified? Does a deficiency exist? If yes, the auditor needs to evaluate the deficiency individually and in combination with other deficiencies. He needs to determine if the deficiency is a deficiency, a significant deficiency, or a material weakness and communicate the deficiency, as appropriate.

He should determine whether he has a basis for relying on those controls and whether he will be able to perform his planned extent of substantive procedures. In an integrated audit, he needs to evaluate the effect on the IFC opinion.


Information Produced by the Entity (IPE)

Note 10 Substantive Procedures Planned Irrespective of the assessed risks of material misstatement, the auditor is required to design and perform substantive procedures for each relevant assertion related to each material class of transactions, account balance, and disclosure [significant account and disclosure].

The nature, timing, and extent of planned procedures may vary in response to the assessed risk of material misstatement at the assertion level.

A substantive procedure may address more than one risk. The auditor should consider the audit procedures and risks which they address when planning and performing substantive procedures so that the substantive procedures performed are effective and efficient.

Nature and Extent of Substantive ProceduresDepending on the circumstances, the auditor may determine that:- Performing only substantive analytical procedures will be sufficient to reduce audit risk to an acceptably low level (e.g., where the assessment of risk is supported by audit evidence from tests of controls)- Only tests of details are appropriate- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks

- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks Note 11 Control Operating Effectiveness Testing Strategy

In an integrated audit, the auditor is required to test the operating effectiveness of controls in each of the five components of internal control each year, including (1) relevant controls within the control environment, entity's risk assessment process, information system relevant to financial reporting and communication, and monitoring components, and (2) those controls that address the assessed risks of material misstatement for each relevant assertion. The objective of the tests of controls in an audit of IFC is to obtain audit evidence about the effectiveness of controls to support the opinion on the entity’s internal control over financial reporting.

Note 12 Control Year Last Tested —

The "Control Year Last Tested" represents the last year the relevant control was tested using a normal extent of testing.

Note 13 Operating Frequency

Depending on the circumstances, the auditor may use professional judgment to determine that larger sample sizes may be appropriate, for example, when they are performing tests of controls that address one or more significant risks.

When testing the operating effectiveness of a control that operates less frequently than many times per day, depending on the nature of the control, the risk associated with the control, and the number of times that it is applied when it operates, additional selections to test its operating effectiveness may be made.

Note 14


Types of IPE may include, but are not limited to:

- Standard "out of the box" reports as taken out from the system that have not been modified and do not allow for customisation of inputs/outputs- Parameter-driven reports generated by the entity's application system that allow for user selection of inputs (fields/parameters) to generate the report output- Custom-developed reports that are not standard to the application and are defined and generated by user-operated tools such as scripts, report writers, programming language, and query tools- Spreadsheets that include relevant information (e.g., data (1) obtained from an outside source, (2) manually entered into a spreadsheet, (3) summarised or analysed using spreadsheet formulas or data exported from ledger system into an MS Access Database, and (4) then manipulated and summarised)- Client-prepared analyses and schedules that are manually prepared by entity personnel either from information generated from the entity's system or from other internal or external sources.

Internal Controls IPE in the Context of Internal ControlsIPE in the context of internal controls may include the following:

- Information that the auditor uses to test a relevant control- Information that entity personnel are dependent upon to perform a relevant control

Substantive ProceduresIPE in the Context of Substantive Audit ProceduresIPE in the context of substantive audit procedures includes information that the auditor uses when performing substantive audit procedures. If the information is the starting point or subject of substantive audit procedures, the planned substantive audit procedures will typically address the accuracy and completeness of the information, and no additional procedures may therefore be necessary. In other cases, substantive audit procedures may use a report that is not the subject of the substantive audit procedures and/or tests of relevant controls, and it may be necessary to perform additional procedures to address the completeness and accuracy of the report.

Note 15 Application SystemDocument the names of relevant application systems.

Identifying the relevant application system allows the auditor to establish the linkage between the risks of material misstatement to which the relevant application systems and IT infrastructure relate, the relevant IT risks related to these application systems and IT infrastructure, and the general IT controls that address such risks.

General IT-controls may be relevant to the audit if:- The entity relies on data related to significant accounts and disclosures that by their nature require general IT controls to address their integrity and reliability- Any of the entity's relevant controls are automated controls- Any of the entity’s relevant controls rely on information produced by the entity or if the auditor intends to make use of information produced by the entity in designing and performing further procedures and he plans to obtain evidence of the accuracy and completeness of such information by testing controls over the preparation and maintenance of the information- The auditor has judged that it is not possible or practicable for him to obtain sufficient appropriate audit evidence to address certain risks of material misstatement only through performing substantive procedures and the relevant controls identified over such risks are automated controls or controls that rely on general IT-controls.


Planned Procedures to Obtain Audit Evidence of Accuracy and Completeness of IPEReference to where IPE testing is performed.

Note 16

For nonintegrated audits performed, when using information produced by the entity the auditor is required to evaluate whether the information is sufficiently reliable for his purposes, including as necessary in the circumstances: • Obtaining audit evidence about the accuracy and completeness of the information • Evaluating whether the information is sufficiently precise and detailed for his purposes.

For an audit of IFC which is integrated with the audit of the financial statements (an integrated audit), when testing a relevant control that is dependent upon information produced by the entity (and the effectiveness of the control is therefore dependent upon the accuracy and completeness of such information), the auditor is required to (1) identify controls that address the accuracy and completeness of such information produced by the entity and (2) test the design and operating effectiveness of such controls.

Obtaining audit evidence about the accuracy and completeness of information produced by the entity includes procedures to address: • The accuracy and completeness of the source data• The creation and modification of the applicable report logic and parameters.

Note 17 Testing Reference — General IT ControlsInclude tickmark or cross-reference (as specific as possible) to the IT Risk Worksheet — General Information Technology or other supporting working papers where testing is documented

Note 18 Reference to Evaluation of D&IInclude a tickmark or cross-reference to where the evaluation of design and implementation is documented. The evaluation of design and implementation of relevant control activities may be documented in a separate working paper or within a tab inserted within this template.

Evaluation of Design and ImplementationEvaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. Implementation of a control means that the control exists and that the entity is using it.

The evaluation of the design of controls documentation may include consideration of the (1) the nature and significance of the risks of material misstatement addressed by the control, (2) the characteristics or details of the control, and (3) the following factors to determine whether the control is appropriately designed (i.e., the precision of a control) to address the identified risk.

Note 19 Planned Nature, Timing, and Extent of Procedures to Evaluate Operating Effectiveness of ControlsConsider nature, timing, and extent of tests when planning procedures to evaluate operating effectiveness of controls.

Nature of Tests of ControlsNature of tests of controls includes inspection of documentation supporting the auditors inquiries, reperformance supporting such inquiries, and observation supporting such inquiries.Extent of Tests of ControlsWhen more persuasive audit evidence is needed regarding the effectiveness of a control, it may be appropriate to increase the extent of testing of the control. As well as the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the following:- The frequency of the performance of the control by the entity during the period- The length of time during the audit period that the auditor is relying on the operating effectiveness of the control- The expected rate of deviation from a control- The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control at the assertion level- The extent to which audit evidence is obtained from tests of other controls related to the assertion.

In addition, matters the auditor may also consider in determining the extent of tests of controls include the following:- The nature of the control, including, in particular, whether it is a manual control or an automated control- For an automated control, the effectiveness of relevant general IT controls.


Timing of Tests of ControlsThe auditor is required to test controls for the particular time, or throughout the period, for which he intends to rely on those controls, in order to provide an appropriate basis for his intended reliance.

Note 20 Testing ReferenceInclude tickmark or cross-reference (as specific as possible) to supporting working papers where testing is documented. Include reference, if applicable, to use of the work of others, use of specialists, and rollforward procedures if tested at an interim date.

Note 21 Findings and ObservationsNOTE: When evaluating the operating effectiveness of relevant controls, the auditor is required to evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively. The absence of misstatements detected by substantive procedures, however, does not provide audit evidence that controls related to the assertion being tested are effective. The identification by the auditor of a material misstatement of the financial statements under audit in circumstances that indicate that the misstatement would not have been detected by the entity’s internal control is an indicator of a material weakness.

The auditor’s evaluation of the effect of the findings of his substantive procedures on the effectiveness of internal control is required to include, at a minimum, the following:- The appropriateness of the nature, timing, and extent of substantive procedures, especially those related to fraud, based on the assessed risk of material misstatement- Findings with respect to non-compliance with laws and regulations and related party transactions- Indications of management bias in making accounting estimates and in selecting accounting principles- The appropriateness of his conclusions on the effectiveness of internal control when misstatements are detected by his substantive procedures.

Note 22 Planned Extent of Substantive TestingA substantive procedure may address more than one risk of material misstatement. The planned extent of substantive testing would equate to the most extensive planned extent of substantive testing for all risks of material misstatement to which the procedure has been linked (e.g., if a substantive procedure is addressing multiple material misstatements and only one is a significant risk, the substantive procedure would be performed to address the extent of testing necessary to address the significant risk).


refers to Statement of Profit and Loss accounts and account balance refers to Balance Sheet accounts. The term transaction type is used to describe an activity or series of activities that results in one or more classes of transactions, account balances, and disclosures.

Relevant AssertionsThe assertions are considered at the class of transactions, account balance, and disclosure level. See the "Assertions" tab of this template for a description and examples of each assertion.: For a class of transactions ( Statement of Profit and Loss account), account balance (Balance Sheet account), or disclosure, if an assertion is not considered

relevant, include documentation in the working papers explaining why the assertion is not relevant for that class of transactions, account balance, or disclosure.

For the material classes of transactions, account balances, and disclosures [significant accounts and disclosures] identified, the auditor is required to identify risks of material misstatement at the relevant assertion level to provide a basis for designing and performing further audit procedures.Consideration of transaction types may be relevant to such identification and assessment of risks of material misstatement at the relevant assertion level for classes of


Significant findings or issues represent matters of importance to the audit in planning, supervising, and reviewing the audit. These items are categorised as significant findings or issues to draw the attention of engagement leaders to them and to designate them as matters for which the audit partner is required to perform a primary review in addition to that of the manager. While a significant risk gives rise to an audit response that is incremental to that required for a normal risk, a significant finding or issue may not result in changes to the nature, timing, or extent of audit testing. However, significant findings or issues are separately identified in audit documentation (including planning ) and a more detailed review by the audit partner could be warranted.

Risks of material misstatement related to significant findings or issues, identified during planning and which affect the audit procedures performed, may result in customisation of one or all of the related risks of material misstatement, control activities, and/or the related substantive procedures described in this template.

Significant findings or issues for planning purposes include, but are not limited to, the following:

- Risks of material misstatement that are determined to be significant risks and the results of the auditing procedures performed in response to those risks- Matters that are significant involving the selection, application, and consistency of accounting principles, including related disclosures (e.g., new accounting

- Matters that led to the classification of engagement risk as greater than normal or much greater than normal - Circumstances that cause us significant difficulty in applying necessary audit procedures.


As part of the risk assessment, the auditor is required to determine whether any of the risks identified are, in their judgment, a significant risk. In exercising this judgment, they are required to exclude the effects of identified controls related to the risk. A significant risk is an identified and assessed risk of material misstatement that, in the auditor's judgment, requires special auditor consideration.

Risks of material misstatement related to significant risks may result in customisation of one or all of the related risks of material misstatement, control activities, and/or

In exercising judgment as to which risks are significant risks, the auditor is required to consider at least the following:

- Whether the risk is related to recent significant economic, accounting, or other developments and, therefore, requires specific attention

- The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement

- Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.


The auditor is required to use professional judgment to determine whether a fraud risk factor is present and whether it is to be considered in assessing the risks of material

There are certain risks that are presumed to exist on each audit engagement. The presumed risks due to fraud are revenue recognition and management override of

The auditor is required to treat those assessed risks of material misstatement due to fraud as significant risks and accordingly, to the extent not already done so, he is required to obtain an understanding of the entity’s related controls, including control activities, relevant to such risks, and evaluate whether such controls have been

Identifying potential fraud schemes may facilitate the evaluation of the design of relevant controls and the development of effective audit procedures.

The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a material weakness would result.

If the risk of material misstatement associated with the related account(s) or assertions(s) is a significant risk, the risk associated with the control is higher.

Audit of Financial Statements along with Audit of Internal Financial Controls Over Financial Reporting (Integrated Audit)If an integrated audit is being performed, control activities that are relevant to the audit include those that address the assessed risks of material misstatement for each

The auditor is required to obtain an understanding of control activities relevant to the audit, i.e. those that he judges necessary to understand in order to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks.

He is required to obtain an understanding of the process for reconciling detailed records to the general ledger for material classes of transactions and account balances.

- Those that are required to be treated as such, being control activities that relate to significant risks and those that relate to risks for which substantive procedures alone

- Controls that the auditor believes are necessary to understand in order to plan substantive procedures as part of their further audit procedures to obtain sufficient

- Reconciliations of detailed records to the general ledger for material classes of transactions and account balances.

When obtaining an understanding of controls that are relevant to the audit, the auditor is required to evaluate the design of those controls and determine whether they have been implemented, by performing procedures in addition to inquiry of the entity’s personnel.

Was a deviation or exception identified? Does a deficiency exist? If yes, the auditor needs to evaluate the deficiency individually and in combination with other deficiencies. He needs to determine if the deficiency is a deficiency, a significant deficiency, or a material weakness and communicate the deficiency, as appropriate.

He should determine whether he has a basis for relying on those controls and whether he will be able to perform his planned extent of substantive procedures. In an


Information Produced by the Entity (IPE)

Irrespective of the assessed risks of material misstatement, the auditor is required to design and perform substantive procedures for each relevant assertion related to each material class of transactions, account balance, and disclosure [significant account and disclosure].

The nature, timing, and extent of planned procedures may vary in response to the assessed risk of material misstatement at the assertion level.

A substantive procedure may address more than one risk. The auditor should consider the audit procedures and risks which they address when planning and performing substantive procedures so that the substantive procedures performed are effective and efficient.

- Performing only substantive analytical procedures will be sufficient to reduce audit risk to an acceptably low level (e.g., where the assessment of risk is supported by

- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks

- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks

In an integrated audit, the auditor is required to test the operating effectiveness of controls in each of the five components of internal control each year, including (1) relevant controls within the control environment, entity's risk assessment process, information system relevant to financial reporting and communication, and monitoring components, and (2) those controls that address the assessed risks of material misstatement for each relevant assertion. The objective of the tests of controls in an audit of IFC is to obtain audit evidence about the effectiveness of controls to support the opinion on the entity’s internal control over financial reporting.

The "Control Year Last Tested" represents the last year the relevant control was tested using a normal extent of testing.

Depending on the circumstances, the auditor may use professional judgment to determine that larger sample sizes may be appropriate, for example, when they are

When testing the operating effectiveness of a control that operates less frequently than many times per day, depending on the nature of the control, the risk associated with the control, and the number of times that it is applied when it operates, additional selections to test its operating effectiveness may be made.


- Standard "out of the box" reports as taken out from the system that have not been modified and do not allow for customisation of inputs/outputs- Parameter-driven reports generated by the entity's application system that allow for user selection of inputs (fields/parameters) to generate the report output- Custom-developed reports that are not standard to the application and are defined and generated by user-operated tools such as scripts, report writers, programming

- Spreadsheets that include relevant information (e.g., data (1) obtained from an outside source, (2) manually entered into a spreadsheet, (3) summarised or analysed using spreadsheet formulas or data exported from ledger system into an MS Access Database, and (4) then manipulated and summarised)- Client-prepared analyses and schedules that are manually prepared by entity personnel either from information generated from the entity's system or from other internal

IPE in the context of substantive audit procedures includes information that the auditor uses when performing substantive audit procedures. If the information is the starting point or subject of substantive audit procedures, the planned substantive audit procedures will typically address the accuracy and completeness of the information, and no additional procedures may therefore be necessary. In other cases, substantive audit procedures may use a report that is not the subject of the substantive audit procedures and/or tests of relevant controls, and it may be necessary to perform additional procedures to address the completeness and accuracy of the report.

Identifying the relevant application system allows the auditor to establish the linkage between the risks of material misstatement to which the relevant application systems and IT infrastructure relate, the relevant IT risks related to these application systems and IT infrastructure, and the general IT controls that address such risks.

- The entity relies on data related to significant accounts and disclosures that by their nature require general IT controls to address their integrity and reliability

- Any of the entity’s relevant controls rely on information produced by the entity or if the auditor intends to make use of information produced by the entity in designing and performing further procedures and he plans to obtain evidence of the accuracy and completeness of such information by testing controls over the preparation and

- The auditor has judged that it is not possible or practicable for him to obtain sufficient appropriate audit evidence to address certain risks of material misstatement only through performing substantive procedures and the relevant controls identified over such risks are automated controls or controls that rely on general IT-controls.


Planned Procedures to Obtain Audit Evidence of Accuracy and Completeness of IPEReference to where IPE testing is performed.

For nonintegrated audits performed, when using information produced by the entity the auditor is required to evaluate whether the information is sufficiently reliable for his

Evaluating whether the information is sufficiently precise and detailed for his purposes.

For an audit of IFC which is integrated with the audit of the financial statements (an integrated audit), when testing a relevant control that is dependent upon information produced by the entity (and the effectiveness of the control is therefore dependent upon the accuracy and completeness of such information), the auditor is required to (1) identify controls that address the accuracy and completeness of such information produced by the entity and (2) test the design and operating effectiveness of such

Obtaining audit evidence about the accuracy and completeness of information produced by the entity includes procedures to address:

IT Risk Worksheet — General Information Technology or other supporting working papers where testing

Include a tickmark or cross-reference to where the evaluation of design and implementation is documented. The evaluation of design and implementation of relevant control activities may be documented in a separate working paper or within a tab inserted within this template.

Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or

Implementation of a control means that the control exists and that the entity is using it.

The evaluation of the design of controls documentation may include consideration of the (1) the nature and significance of the risks of material misstatement addressed by the control, (2) the characteristics or details of the control, and (3) the following factors to determine whether the control is appropriately designed (i.e., the precision of a

Planned Nature, Timing, and Extent of Procedures to Evaluate Operating Effectiveness of ControlsConsider nature, timing, and extent of tests when planning procedures to evaluate operating effectiveness of controls.

Nature of tests of controls includes inspection of documentation supporting the auditors inquiries, reperformance supporting such inquiries, and observation supporting

When more persuasive audit evidence is needed regarding the effectiveness of a control, it may be appropriate to increase the extent of testing of the control. As well as the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the following:

- The length of time during the audit period that the auditor is relying on the operating effectiveness of the control

- The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control at the assertion level- The extent to which audit evidence is obtained from tests of other controls related to the assertion.

In addition, matters the auditor may also consider in determining the extent of tests of controls include the following:- The nature of the control, including, in particular, whether it is a manual control or an automated control


The auditor is required to test controls for the particular time, or throughout the period, for which he intends to rely on those controls, in order to provide an appropriate

Include tickmark or cross-reference (as specific as possible) to supporting working papers where testing is documented. Include reference, if applicable, to use of the work

NOTE: When evaluating the operating effectiveness of relevant controls, the auditor is required to evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively. The absence of misstatements detected by substantive procedures, however, does not provide audit evidence that controls related to the assertion being tested are effective. The identification by the auditor of a material misstatement of the financial statements under audit in circumstances that indicate that the misstatement would not have been detected by the entity’s internal control is an indicator of a material weakness.

The auditor’s evaluation of the effect of the findings of his substantive procedures on the effectiveness of internal control is required to include, at a minimum, the

- The appropriateness of the nature, timing, and extent of substantive procedures, especially those related to fraud, based on the assessed risk of material misstatement- Findings with respect to non-compliance with laws and regulations and related party transactions- Indications of management bias in making accounting estimates and in selecting accounting principles- The appropriateness of his conclusions on the effectiveness of internal control when misstatements are detected by his substantive procedures.

A substantive procedure may address more than one risk of material misstatement. The planned extent of substantive testing would equate to the most extensive planned extent of substantive testing for all risks of material misstatement to which the procedure has been linked (e.g., if a substantive procedure is addressing multiple material misstatements and only one is a significant risk, the substantive procedure would be performed to address the extent of testing necessary to address the significant risk).

Form 18**S.1, Cash Assertions

Occurrence

Completeness

Accuracy

Cutoff

Classification

Existence

Completeness

Assertions about presentation and disclosure:

Completeness

Assertions used by us to consider the different types of potential misstatements that may occur (i.e., "what could go wrong") fall into the following three categories and may take the following forms:

Assertions about classes of transactions and events for the period under audit (Statement of Profit and Loss Accounts):

The following are examples of potential Misstatements relating to the assertions below. These examples are neither exhaustive nor always applicable as facts

and circumstance may vary from one entity to the next.

Transactions and events that have been recorded have occurred and pertain to the entity.

Potential Misstatements relating to the Assertion occurrence, for classes of transactions and events for the period under audit, may result from: - Fictitious or unauthorised transactions are entered on source documents or directly into the application system (input). - Transactions are duplicated when input. - Invalid input is captured in the subsidiary ledgers.

All transactions and events that should have been recorded have been recorded.

Potential Misstatements relating to the Assertion completeness, for classes of transactions and events for the period under audit, may result from: - Transactions or events that are not identified and therefore are not entered on a source document or directly into the application system (input)- Input is not captured into the subsidiary ledgers- Input that is rejected is not resubmitted for capture in the subsidiary ledger.

Amounts and other data relating to recorded transactions and events have been recorded appropriately.

Potential Misstatements relating to the Assertion accuracy, for classes of transactions and events for the period under audit, may result from:- Input is inaccurately captured into the subsidiary ledgers.- Input or subsequent processing reflects amounts in excess or less than appropriate amounts.- Processing of transactions is inaccurate (i.e., summarising, calculating, and posting).- Inaccurate adjustments are made to the subsidiary ledgers or general ledger.

Transactions and events have been recorded in the correct accounting period.

Potential Misstatements relating to the Assertion cutoff, for income statement account balances, may result from:- Transactions or events that have occurred or will occur are recorded too early (i.e., they are recorded in a period prior to when they should have been recorded).- Transactions or events that have occurred are recorded too late (i.e., they are recorded in a period after the period in which they should have been recorded).

Transactions and events have been recorded in the proper accounts.

Potential Misstatements relating to the Assertion classification, for classes of transactions and events for the period under audit, may result from:- Input is recorded in the incorrect subsidiary ledger or general ledger account.- Subsequent processing of a transaction results in it being reflected in the incorrect subsidiary ledger or general ledger account.

Assertions about account balances at the period-end (balance sheet accounts):

Assets, liabilities, and equity interests exist.

Potential Misstatements relating to the Existence assertion, for balance sheet account balances, may result from:- A balance sheet account balance that was previously correctly recorded no longer exists and the sale/adjustment has not been recorded.- Sale of an asset with no recording of the sale.- Theft of an asset with no recording of the loss.

Rights and obligations

The entity holds or controls the rights to assets, and liabilities are the obligations of the entity.

Potential Misstatements relating to the Assertion rights and obligations, for balance sheet account balances, may result from:- The entity no longer having the right to an asset that was previously correctly recorded- The entity no longer having an obligation to settle a liability that was previously correctly recorded

All assets, liabilities, and equity interests that should have been recorded have been recorded.

Potential Misstatements relating to the Assertion completeness, for balance sheet account balances, may result from:- A liability that should have been recorded has not been recorded (e.g., no accrual at period-end for certain liabilities).

Valuation and allocation

Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.

Potential Misstatements relating to the Assertion valuation and allocation, for balance sheet account balances, may result from:- Impairments of assets that are not identified and properly recorded - Inaccurate adjustments that are made to a balance sheet account balance that inappropriately adjust the value of that balance sheet account balance- Assets which are amortised over the incorrect period resulting in the remaining asset balance being incorrectly valued- Fair value adjustments that are not identified and properly recorded

Occurrence and rights and obligations

Disclosed events, transactions, and other matters have occurred and pertain to the entity.

Potential Misstatements relating to the presentation and disclosure assertions may result from:- Fictitious or unauthorised disclosures are included in the Financial Statements.- Disclosures of contingent liabilities for which the entity no longer has an obligation.- Disclosures that are intentionally omitted from the Financial Statements.- The captions in the Financial Statements result in amounts being presented in a misleading way.- Input is inaccurately captured into the Financial Statements.- Input into the Financial Statements reflects amounts in excess or less than appropriate amounts.

All disclosures that should have been included in the financial statements have been included.

Classification and understandability

Financial information is appropriately presented and described, and disclosures are clearly expressed.

Accuracy and valuation

Financial and other information are disclosed fairly and at appropriate amounts.

Template for performing walkthroughs

Walkthrough Documentation

Business Cycle/Sub cycleRelated Account BalancesDate(s) of walkthrough

Reference to documentation of narratives

Description of the procedures to understand the process:

Purpose of the Control and its correlation to the risk/assertionNature and significance of the Risk

Frequency and consistency with which the control is performedLevel of aggregation and predictabilityCriteria for investigation and process for follow-upDependency on other controlsDependency on Information Produced by the Entity (IPE)

Conclusion regarding control designConclusion regarding control implementation

Attendees (including job titles):

Controls included in this walkthrough (Include control activity number )

Description of specific transaction(s) (if any) selected to trace from initiation to recording.

Competence and authority of the person(s) performing the

Are there any significant processes not included or inadequately documented by the client? If so, describe.What were the points in the process at which a misstatement, including a misstatement due to fraud, could arise that, individually or in combination with other misstatements, would be material?How are these potential errors addressed by the controls in

Are there any circumstances where the control(s) included in this walkthrough are/have been overridden or bypassed? What are those circumstances?

Date post:	14-Apr-2016
Category:	Documents
Upload:	droidant
View:	11 times
Download:	2 times

Illustrative Work-paper Template for Testing ROMM and Performing Walkthroughs

Documents