In a prior audit, if controls unchanged since last tested Changes may mean there is no basis for continued reliance. The operating effectiveness of such controls should be tested in the current audit. In a prior audit, if controls changed since last tested The auditor may not rely on evidence obtained in prior audits for controls that mitigate a significant risk: those controls should be tested in the current period. In prior audits - controls over significant risks The auditor should obtain audit evidence whether changes in those specific controls have occurred after the prior audit through enquiry, in combination with observation or inspection. The auditor obtains audit evidence that the control operated effectively at relevant times.Īdditional audit evidence should be obtained for the remaining period about the nature and extent of any significant changes in internal control, e.g. The auditor only obtains audit evidence that the controls operated effectively at that time. If substantially different controls were used at different times during the period under audit, the auditor should consider each one separately. For significant risks, the auditor should test the controls in the current period. The timing of tests refers both to the period to cover (at a particular time or throughout a period) and to the time when the auditor will perform the test (interim period or period end) or not (reliance obtained in prior audits). Timing of tests of controls The timing of tests of controls depends on the auditor’s objective and determines the period of reliance on those controls. These detection controls are performed after transaction processing and provide management with assurance that a group or class of transactions has been processed completely, accurately and in accordance with the rules. Additional audit evidence may be obtained by testing monitoring controls, which focus on internal control system outputs and are performed on a regular basis. Tests of management and monitoring controls.The key application controls are tested since they play a key role in the generation of key reports and the protection of electronic data, and have a significant impact on the financial statements. The auditor should have a good understanding of the auditee’s IT environment. Application controls are built into the auditee’s systems and are applied to individual transactions or to batches of similar transactions. Tests of automated application controls.Key controls are part of transactions processing, often manual or semi-automated. Tests of key controls over individual transactions processed by a system.Tests of controls can be divided into three main categories, as follows. Reliance should be placed on the highest-level control possible. These can be manual, semi-automated or fully automated. There are two levels of controls: high-level controls, such as monitoring controls, and low-level controls, such as authorisation controls, operational controls, physical controls, etc. Nature of tests of controls The nature of a particular control influences the type of audit procedure required to obtain audit evidence about whether the control was operating effectively at relevant times during the period under audit. Not placing reliance on controls Even if in the planning phase it is decided not to rely on controls (audit objective), the auditor should still examine the design of key controls (and may perform tests of controls) so as to support findings and identify and report on weaknesses and propose recommendations for improvement. Compensating controls), operated effectively and continuously during the period under review (phase 3 in the diagram below).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |