© OECD

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

Tirana, 10-12 September 2014

Workshop System Based Auditing

11. Test of controls

2

3

11.1 Audit procedures: types of procedures left

• Tests of controls

------------------------------------------------

• Substantive procedures:

Substantive analytical procedures

Tests of detail

4

11.2 Purpose of test of controls

Reduction of control risk can be justified only with evidence that the controls are functioning.

7 basic types of evidence • Physical examination • Confirmation • Documentation • Observation • Accuracy • Analytical evidence • Client inquiry

5

11.3 Audit procedures for testing controls

• Physical examination • Evidence obtained from the inspection of assets

• Confirmation • Written evidence from third parties

• Documentation • Evidence obtained from the examination of internal written

records

• Observation • Visual evidence obtained by the auditor by inspecting client

activities

6

11.4 Audit procedures for testing controls

• Accuracy

Evidence obtained by verifying totals,

• Client inquiry

Evidence obtained by clients personnel or management

7

11.5 Hierarchy of evidence reliability

Best

• Physical evidence

• Confirmation

• External documentation

• Test of accuracy/reperform

Good

• Observation

Weak

• Internal documentation

• Client inquiry

8

11.6 Extent of procedures

• Reliance on evience of prior audit – every 3rd

year

• Controls related to significant risks – evidence of

current year

• Less than entire audit period – evidence that

controls were working at end of the year

9

11.7 realionshiop tets of controls and obtaining understanding process

Overlap between the two:

=> physical evidence, client inquiry, observation are used procedures

Differences:

• Obtaining understanding covers all controls: testing of controls thios econtrols where tehre were doubts

• Obtaining understanding covers only one or few transactions; test of controls more (20-100)

10

11

11.8 Example of number of tests of control

11

11.9. Audit procedures If nothing is found, everything is OK! Isn’t it?

12

Test control -

sample size= 30

No errors

found

Two or more

errors found

No reliance

possible on this

key control

Reliance possible

on this key control

One error

found

Extra Sample

sample size = 20

No further

errors found

One or more

errors found

either or

Central Limit Theory; http://en.wikipedia.org/wiki/Central_limit_theorem

see also http://www.stat.ufl.edu/~aa/articles/agresti_min_binomial.pdf

11.10 Test of controls vs. Substantive tests

Test of controls:

• System Audit & Financial Audit

• Test of internal controls

• Residual Risk

Substantive Testing:

• Financial Audit

• Test of amount

• Detection Risk 13

13

QUESTIONS?

14