Tests of Controls in Internal Auditing

By /

Tests of Controls in audit test how effectively the operation runs compared to the controls (standards) set in the organization.

Meaning of Tests of Controls

Tests of controls are audit procedures performed to test the operating effectiveness of controls in preventing or detecting material misstatements at the relevant assertion level.

An auditor might use inspection of documents, observation of specific controls, reperformance of the control, or other audit procedures to gather evidence.

Designing Tests of Controls

Assessing control risk requires the auditor to consider the design of controls to evaluate whether they should be effective in meeting transaction-related audit objectives.

Some evidence will have been gathered in support of the design of the controls, as well as evidence that they have been placed in operation during the understanding phase.

To use specific controls to reduce assessed control risk, however, specific evidence must be obtained about their operating effectiveness throughout all, or at least most, of the period under audit.

The procedures to test the effectiveness of controls in support of a reduced assessed control risk are called tests of controls.

1. Nature of Tests

As to the nature of tests Of controls, the auditor has the following choices:

Let’s look at the nature of test choices briefly.

1. Inquiring

Inquiring designed to determine;

  1. an employee’s understanding of their duties,
  2. the individual’s performance of those duties, and
  3. the frequency, causes, and disposition of deviation. Unsatisfactory answers from an employee may indicate an improper application of control.

2. Observing

Observing the employee’s performance provides similar evidence.

3. Inspecting

Inspecting documents and records is applicable when there is a transaction trail of performance in the form of signatures and validation stamps that indicate whether the control was performed and the individual who performed it.

4. Task Reperforming

Reperforming control by the auditor provides the best evidence of its effectiveness.

In performing the tests, the auditor selects the procedure that will provide the most reliable evidence about the effectiveness of the control policy or procedure. No one test of controls is always applicable or equally effective in providing evidence.

2. Timing of Tests

The timing of the test of controls refers to when they are performed and the part of the accounting period to which they relate.

An additional test of control is performed during interim work, which may be several months before the end of the year under audit.

These tests, therefore, only provide evidence of the effectiveness of controls from the beginning of the year to the date of the tests.

From the standpoint of audit efficiency, the tests of controls should be performed as late in the interim period as possible.

3. Extent of Tests

The extent of tests of controls is directly affected by the auditor’s planned assessed level of control risk.

More extensive test controls will ordinarily provide more evidence of the operating effectiveness of a control policy or procedure than less extensive tests.

More extensive testing will be needed for a low-assessed control risk than for a moderate-assessed control risk.

The extent of additional testing will also be affected by the intended use of evidence about the effectiveness of prior audits.

Moreover, before using evidence from prior audits, the auditor should ascertain whether there have been any significant changes in the design or operation of the control policies and procedures since the prior tests.

The Relationship between Test of Controls and Assessing Control Risk

The relationship between a test of controls and assessing control risk is that the planned test of controls is performed during fieldwork and should provide evidence of the proper and consistent application of a control policy or procedure throughout the entire year under audit.

They are not ordinarily performed under the primarily substantive approach.

However, such tests are performed when, based on the favorable result from a concurrent test of controls, the auditor decides to switch from the primarily substantive to the lower assessed level of control risk approach.

In this circumstance, the tests are sometimes called additional tests of control.

They are performed only when it is likely that additional evidence will be obtained to lower the initial assessment of control risk, and it is cost-effective.

These tests are also performed as part of an initial lower assessed level of control risk strategy for the specific assertion. They are performed to support the initial planned assessed level of control risk of moderate or low and the corresponding planned level of substantive tests.

Using Internal Auditors in Test of Controls

Companies with many divisions usually employ internal auditors. Whenever a client has an internal audit function, the auditor may help in the following:

1. Coordination of Audit Internal Auditors

Internal auditors will usually monitor internal control structure policies and procedures in each division or branch as part of their duties.

The monitoring may include periodic reviews.

In such a case, the auditor may coordinate work with the internal auditors and reduce the number of entity locations at which the auditor would otherwise perform tests of controls.

In coordinating work with internal auditors, it may be efficient for the auditor to;

  1. have periodic meetings with the internal auditors,
  2. review their work schedules,
  3. obtain access to their working papers, and
  4. review internal audit reports.

When there is a coordination of the work, the auditor should evaluate the quality and effectiveness of the internal auditors’ work.

2. Direct Assistance

The auditor may request internal auditors to provide direct assistance in performing tests of controls. In this case, the auditor should:

  1. Consider the internal auditors’ competence and objectivity, and supervise, review, evaluate, and test the work performed.
  2. Inform the internal auditors of their responsibilities, the objectives of procedures they are to perform, and matters that may affect the nature, timing, and extent of the tests.
  3. Inform the internal auditors that all significant accounting and auditing issues identified during their work should be brought to the external auditor’s attention.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top