5.2. Test of Controls

INTERNAL CONTROL AND
TESTS OF CONTROLS
CHAPTER 5 – PART 2
Copyright ©2017 Pearson Education, Inc.

CHAPTER 5 – PART 2 LEARNING OBJECTIVES
1. Obtain understanding of internal control
2. Understand purposes and procedures for tests of controls
3. Tests of controls: Sales and collection cycle
4. Tests of controls: Acquisition and payment cycle
Copyright © 2017 Pearson Education, Inc. 12-2

1. OBTAIN UNDERSTANDING OF
INTERNAL CONTROL
Copyright ©2017 Pearson Education, Inc. 14-1

OBJECTIVE 1
Obtain and document an
understanding of internal control.

OBTAIN AND DOCUMENT UNDERSTANDING
OF INTERNAL CONTROL
Auditors need to understand controls that are relevant to
financial statement audits in order to identify and assess the
risks of material misstatements
There are four steps in the process of understanding controls, as
shown in Figure 12-1:
ghi chép
• Obtain and document understanding of internal control.
• Assess control risk.
• Design, perform, and evaluate tests of controls.
phát hiện
• Decide planned detection risk and substantive tests.

OF INTERNAL CONTROL (CONT.)
Obtain and Document Understanding of Internal Control—Auditors use
the following techniques:
• Narrative—Written description of client’s internal controls including:
nguồn gốc
1. The origin of every document and record in the system
2. All processing that takes place
sắp xếp
3. The disposition of every document and record in the system
4. An indication of the controls relevant to the assessment of control risk
• Flowchart—A diagram of the client’s documents flow in the organization.
• Internal Control Questionnaire—Illustrated in Figure 12-2.

OF INTERNAL CONTROL (CONT.)
Đáng giá vc áp dụng ksnb
Evaluating Internal Control Implementation—In addition to
understanding the design of the internal controls, the auditor must also
evaluate whether the designed controls are implemented.
Auditors use the following methods to evaluate implementation:
• Update and evaluate auditor’s previous experience with the entity.
• Make inquiries of client personnel.
• Examine documents and records.
• Observe entity activities and operations.
• Perform walkthroughs of the accounting system.
Copyright ©2017 Pearson Education, Inc. 12-

OBJECTIVE 2
Assess control risk by linking key
controls and control deficiencies to
transaction-related audit objectives.
Copyright © 2017 Pearson Education, Inc. 12-

ASSESS CONTROL RISK
Determine Assessed Control Risk Supported by the
Understanding Obtained—The auditor makes a preliminary
assessment of control risk based on entity-level control risks as
well as IT general controls.
Use of a Control Risk Matrix to Assess Control Risk—A sample
matrix is included in Figure 12-3 on page 373.
Components of the Matrix include:
• Identify audit objectives.
• Identify existing controls.
• Associate controls with related audit objectives.

ASSESS CONTROL RISK (CONT.)
Identify and Evaluate Control Deficiencies, Significant Deficiencies, and

Material Weaknesses—Auditors must evaluate whether key controls are
absent in the design of internal control over financial reporting.
Auditing standards define three levels of the absence of internal controls:
1. Control Deficiency—The design or implementation of internal controls does not
permit company personnel to prevent or detect misstatement.
2. Significant Deficiency—A deficiency that is less severe than a material
weakness, but important enough to merit attention.
3. Material Weakness—Exists if a significant deficiency, or combination of
significant deficiencies, result in a reasonable possibility that internal control
will not prevent or detect material financial statement misstatement.

Identify Deficiencies, Significant Deficiencies, and Material

Weaknesses—involves the following process:
1. Identify existing controls.
2. Identify the absence of key controls.
3. Consider the possibility of compensating controls.
4. Decide whether there is a significant deficiency or material weakness.
5. Determine potential misstatements that could result.
Evaluating significant control deficiencies is illustrated in Figure 12-4.

Identify Deficiencies, Significant Deficiencies, and Material

Weaknesses (cont.)
Associate Control Deficiencies with Related Audit Objectives—The
control matrix is useful for this task.
Assess Control Risk for Each Related Audit Objective—Again, the
control matrix is useful for this assessment.
Two different deficiencies in internal control are described in
Figure 12-5.

2. UNDERSTAND PURPOSES AND
PROCEDURES FOR TESTS OF
CONTROLS

OBJECTIVE 1
Describe the process of designing
and performing tests of controls.

TESTS OF CONTROLS
Purpose of Tests of Controls—to test the effectiveness of controls
in support of a reduced control risk for the audit
Procedures for Tests of Controls—The auditor uses four types of
procedures to test controls:
1. Make inquiries of appropriate client personnel.
2. Examine documents, records, and reports.
3. Observe control-related activities.
4. Reperform client procedures.

TESTS OF CONTROLS (CONT.)
Phạm vi thủ tục
Extent of Procedures—depends on preliminary assessed control risk
If the auditor wants a lower control risk, more extensive tests of
controls are applied, both in number and extent of tests.
The extent of tests of controls is also dependent on the following:
• Reliance on evidence from the prior year’s audit
• Testing of controls related to significant risks
• Testing less than the entire audit period

Relationship Between Tests of Controls and Procedures to Obtain
an Understanding—There is significant overlap between tests of
controls and procedures to obtain an understanding. However, there
are two primary differences:
1. In obtaining an understanding of internal control, the procedures
are applied to all controls identified during that phase. Tests of
controls are applied only when the assessed control risk has not
been satisfied.
2. Procedures to obtain an understanding are performed on only
one or a few transactions. Tests of controls are performed on
larger samples and often at more than one point in time.
This concept is illustrated in more detail in Table 12-1.

Relationship Between Tests of Controls and Procedures to Obtain
an Understanding (cont.)
Understanding Internal Controls on Outsourced Systems—
• When clients use service centers for processing transactions, the auditor
may need to obtain an understanding of the controls of the service center.
Reliance on Service Center Auditors—

• It has become increasingly common for service centers to engage their
own CPA firm to obtain the understanding necessary for an audit and
issue a report to be used by the auditors of their customers.

OBJECTIVE 2
Understand how control risk
impacts detection risk and the
design of substantive tests.

DECIDE PLANNED DETECTION RISK AND
DESIGN SUBSTANTIVE TESTS
The completion of these activities is sufficient for the audit of
internal control over financial reporting.
The auditor uses the control risk assessment and results of
tests of controls to determine planned detection risk and
related substantive tests for the audit.
• The auditor links the control risk assessment to the balance-
related audit objectives for the accounts affected by the major
transaction types and to the four presentation and disclosure
audit objectives.

OBJECTIVE 3
Understand requirements for auditor
reporting on internal control.

AUDITOR REPORTING ON INTERNAL CONTROL
Communications to Those Charged with Governance

and Management Letters
• The auditor must communicate significant deficiencies and

material weaknesses in writing to those charges with governance
as soon as the auditor becomes aware of their existence. An
example of a report used in the audit of a nonpublic company is
shown in Figure 12-6.
• Management letters are not required by auditing standards, but
auditors usually provide them when less significant internal
control-related issues exist.

AUDITOR REPORTING ON INTERNAL CONTROL (CONT.)
Section 404 Reporting Requirements—The auditor is required to

issue an audit report on internal control over financial reporting for
public companies.
Types of Opinions on Internal Control
ý kiến chấp nhận toàn phần
• Unqualified Opinion—The auditor will issue an unqualified opinion
on internal control over financial reporting when two conditions are
met:
• There are no identified material weaknesses as of the end of
the fiscal year. hạn chế
• There have been no restrictions on the scope of the auditor’s
work. không có bất kỳ hạn chế nào với phạm vi cviec của ktv

AUDITOR REPORTING ON INTERNAL CONTROL (CONT.)
Types of Opinions on Internal Control (cont.)

ý kiến không chấp nhận
• Adverse Opinion
• The auditor will express an adverse opinion on the effectiveness of
internal control over financial reporting when one or more material
weaknesses exist.
ngoại trừ hoặc từ chối đưa ra ý kiến
• Qualified or Disclaimer of Opinion
• A scope limitation requires the auditor to express a qualified or
disclaimer of opinion.
The definition of a material weakness and opinion paragraph are

shown in Figure 12-7.

DISCUSSION QUESTION

DISCUSSION QUESTION

3. AUDIT OF THE
SALES AND
COLLECTION CYCLE:
TESTS OF CONTROLS

OBJECTIVE 1
Identify the accounts and the classes
of transactions in the sales and
collection cycle.

ACCOUNTS AND CLASSES OF TRANSACTIONS IN
THE SALES AND COLLECTION CYCLE
There are five classes of transactions in the sales and
collection cycle:
1. Sales (cash and sales on account)
2. Cash receipts
3. Sales returns and allowances
4. Write-off of uncollectible accounts
5. Estimate of bad debt expense
The way accounting information flows through the various
accounts in the sales and collection cycle is shown in Figure 14-1.

OBJECTIVE 2
Describe the business functions and
the related documents and records
in the sales and collection cycle.

BUSINESS FUNCTIONS IN THE CYCLE AND RELATED
DOCUMENTS AND RECORDS
There are eight business functions within the sales and collection
cycle:
1. Processing customer orders
2. Granting credit
3. Shipping goods
4. Billing customers and recording sales
5. Processing and recording cash receipts
6. Processing and recording sales returns and allowances
7. Writing off uncollectible accounts receivable
8. Providing for bad debts
The classes of transactions, accounts, business functions, and related documents

and records for the sales and collection cycle are detailed in Table 14-1.

OBJECTIVE 3
Understand internal control, and
design and perform tests of controls
and substantive tests of
transactions for sales.

METHODOLOGY FOR DESIGNING TESTS OF CONTROLS
AND SUBSTANTIVE TESTS OF TRANSACTIONS FOR SALES
The methodology for this process is shown in Figure 14-2.

Understand Internal Control—Sales: To gain an understanding, the auditor
can use the client’s flowchart or other documentation and perform walkthrough
tests. A flowchart is shown in Figure 14-3 on page 454.
Assess Planned Control Risk—Sales: There are four steps to this process:
1. Determine a framework for assessing control risk, which is provided by the
transaction-related audit objectives.
2. Identify key internal controls and deficiencies for sales.
3. Associate the key internal controls and deficiencies with the audit objectives.
4. Assess control risk for each objective by evaluating controls and deficiencies.

METHODOLOGY FOR DESIGNING TESTS
OF CONTROLS AND SUBSTANTIVE TESTS OF
TRANSACTIONS FOR SALES (CONT.)
The key control activities for sales:
• Adequate Separation of Duties—Proper separation of duties helps to
prevent misstatements due to both errors and fraud.
• Proper Authorization—The auditor is concerned about authorization
at three points:
1. Credit must be properly authorized before a sale takes place.
2. Goods should be shipped only after proper authorization.
3. Prices, including basic terms, freight, and discounts, must be authorized.
• Adequate Documents and Records—May be paper or electronic.

The key control activities for sales (cont.):

• Prenumbered Documents—This helps prevent both the failure to bill
and duplicate billings and recordings.
• Monthly Statements—This is a useful control because it encourages
customers to respond if their balance is incorrect.
• Internal Verification Process—Can be manual or computerized.
Determine Extent of Tests of Controls—After key controls and
deficiencies are identified, auditors assess control risk and determine
the extent of tests of controls.

Design Tests of Controls for Sales—Tests of controls for sales are illustrated
in Table 14-2 on page 457.
Design Substantive Tests of Transactions for Sales—Substantive tests are
designed for each transaction-related audit objective, including:
• Recorded Sales Occurred—There are three types of possible misstatements:
1. Sales included in the journals for which no shipment was made
2. Sales recorded more than once
3. Shipments made to nonexistent customers and recorded as sales
• Existing Sales Transactions Are Recorded—This is less likely to be tested
because the risk of overstatement of sales is more likely than
understatement.

Design Substantive Tests of Transactions for Sales (cont.)

• Direction of Tests—The direction of the test fulfills different
objectives:
• Tracing—From source documents to the journals tests for omitted
transactions (completeness objective)
• Vouching—From the journals back to the source documents tests for
nonexistent transactions (occurrence objective)
The direction of tests related to sales is shown in Figure14-4.

Design Substantive Tests of Transactions for Sales (cont.)

• Sales Are Accurately Recorded—Auditor concerns:
• Shipping the amount of goods ordered
• Accurately billing for the amount of goods shipped
• Accurately recording the amount billed in the accounting records
• Sales Transactions Are Correctly Included in the Master File and
Correctly Summarized
• Recorded Sales Are Correctly Classified
• Sales Are Recorded on the Correct Dates

Summary of Methodology for Sales:
• Transaction-related audit objectives
• Key existing controls
• Tests of controls
• Deficiencies
• Substantive tests
Design and Performance Format Audit Procedures—Properly
designed and formatted audit programs do the following:
• Eliminate duplicate procedures
• All procedures on any one document are completed at the same time
• Enables the most effective order in which to perform procedures

OBJECTIVE 4
Apply the methodology for controls
over sales transactions to controls
over sales returns and allowances.

SALES RETURNS AND ALLOWANCES
Transaction-related audit objectives are essentially the same for

credit memos as those for processing sales, with two notable
differences:
1. First is materiality. Sales returns and allowances are often so
immaterial that auditors can ignore them.
2. The second is emphasis on the occurrence objective. Auditors usually
emphasize testing recorded transactions to uncover any theft of cash
in the collection of accounts receivable that was covered up by
fictitious sales returns or allowances.

OBJECTIVE 5
design and perform tests of controls
and substantive tests of transactions
for cash receipts.

METHODOLOGY FOR DESIGNING TESTS OF
CONTROLS AND SUBSTANTIVE TESTS OF
TRANSACTIONS FOR CASH RECEIPTS
Auditors use the same methodology for tests of controls and

substantive tests of transactions for cash receipts as they use for sales:
• Determine key internal controls for each audit objective.
• Design tests of control for each control used to support reduced control
risk.
• Design substantive tests of transactions to test for monetary
misstatement for each objective.
The control risk matrix for cash receipts is presented in Figure 14-5 on page
466. Key internal controls and common tests of controls are shown in Table
14-3 on page 465. The audit program is shown in Figure 14-6 on page 467.

TRANSACTIONS FOR CASH RECEIPTS (CONT.)
Determine Whether Cash Received Was Recorded—It is difficult to detect theft if

cash when it occurs before the cash is recorded. Prenumbered remittance
advices and prelists of cash receipts are usually tested against journals, but this
is effective only if the prelist was prepared when the receipt was received.
Prepare Proof of Cash Receipts—Total cash receipts recorded in the journal for
a specific period is compared with the amount of cash deposited in the bank
during the same period.
Test to Discover Lapping of Accounts Receivable—Lapping is postponing entries
for cash receipts to conceal an existing cash shortage. This can be easily
prevented by adequate separation of duties.

Copyright ©2017 Pearson Education, Inc. 57
Copyright ©2017 Pearson Education, Inc. 58
OBJECTIVE 6
Apply the methodology for controls
over the sales and collection
cycle to controls related to
uncollectible accounts receivable.

AUDIT TESTS FOR UNCOLLECTIBLE ACCOUNTS
Similar to sales returns and allowances, the auditor’s concern in the

write-off of uncollectible accounts is the possibility that write-offs are
used to cover up embezzlement of cash receipts.
The auditor is also concerned with the balance-related objective of the
realizable value of net accounts receivable. Two controls that address
this issue:
• The preparation of a periodic aged accounts receivable trial balance
for review and follow-up by appropriate management personnel.
• A policy of writing off uncollectible accounts when they are no longer
likely to be collected.

OBJECTIVE 7
Understand the effect of tests of
controls and substantive tests of
transactions on substantive tests
of details of balances.

EFFECT OF RESULTS OF TESTS OF CONTROLS AND
SUBSTANTIVE TESTS OF TRANSACTIONS
The results of the tests of controls and substantive tests of

transactions have a significant effect on the remainder of the audit.
If the test results are unsatisfactory, it will be necessary to do additional
substantive testing.
The most significant effect of the results of the tests of controls and
substantive tests of transactions in the sales and collections cycle is on
the confirmation process. The type of confirmation, the size of the
samples, and the timing are all affected.
The major accounts in the sales and collection cycle and the types
of tests are illustrated in Figure 14-7.

4. AUDIT OF THE
ACQUISITION AND
PAYMENT CYCLE: TESTS OF
CONTROLS

OBJECTIVE 1
Identify the accounts and the classes
of transactions in the
acquisition and payment cycle.

ACCOUNTS AND CLASSES OF TRANSACTIONS IN THE
ACQUISITION AND PAYMENT CYCLE
There are three classes of transactions in the acquisition and

payment cycle:
1. Acquisitions of goods and services
2. Cash disbursements
3. Purchase returns and allowances and purchase
discounts
The typical accounts involved in the acquisition and payment
cycle are shown in Figure 18-1.

OBJECTIVE 2
Describe the business functions and
the related documents and
records in the acquisition and
payment cycle.

BUSINESS FUNCTIONS IN THE CYCLE AND RELATED
DOCUMENTS AND RECORDS
There are four business functions involved in the

acquisitions and payment cycle: These business functions
and the related documents are detailed in Table 18-1.
1. Processing Purchase Orders—Includes a purchase
requisition which is used to request authorization for
goods or services and a purchase order which is used
for the order after it has been authorized.
2. Receiving Goods and Services—Includes a receiving
report which is prepared at the time the goods are
received.

BUSINESS FUNCTIONS IN THE CYCLE AND
RELATED DOCUMENTS AND RECORDS(CONT.)
3. Recognizing the Liability—Proper recognition requires
prompt and accurate recording. Documents that may be
involved:
• Vendor’s Invoice—Document from the vendor that shows the amount
owed for an acquisition
• Debit Memo—Also from the vendor; indicates a reduction in the
amount owed
• Voucher—A formal means of recording and controlling acquisitions
• Acquisitions Transaction File—Computer-generated file including all
acquisitions transactions

3. Recognizing the Liability (cont.) Documents involved:
• Acquisitions Journal or Listing—Often referred to as the purchases
journal; includes vendor name, date, amount, and account
classification
• Accounts Payable Master File—Records acquisitions, cash
disbursements, and acquisition returns and allowances for each
vendor
• Accounts Payable Trial Balance—A listing of the amount owed each
vendor at a point in time
• Vendor’s Statement—A document prepared monthly by the vendor
that indicates the beginning balance, acquisitions, returns and
allowances, payments to the vendor, and ending balance

4. Processing and Recording Cash Disbursements—The
payment for goods and services represent a significant
activity for all entities. Documents that auditors examine
associated with this activity:
• Check—Document used to pay for an acquisition; may be paper or
an electronic funds transfer (EFT)
• Cash Disbursements Transaction File—A computer-generated file
that includes all cash disbursement transactions processed during
a period
• Cash Disbursements Journal or Listing—Includes all disbursement
transactions for a period

OBJECTIVE 3
design and perform tests of
controls and substantive tests of
transactions for the acquisition
and payment cycle.

AND SUBSTANTIVE TESTS OF TRANSACTIONS
The most time-consuming accounts to verify by tests of

details of balances are accounts receivable, inventory, fixed
assets, accounts payable, and expense accounts. Four of these
are directly related to the acquisition and payment cycle.
• If the auditor can reduce the tests of details of the account
balances by using tests of controls and substantive tests of
transactions for acquisitions and cash disbursements, the time
saved can be dramatic.
The methodology for designing tests of controls and
substantive tests of transactions is illustrated in Figure 18-2.

AND SUBSTANTIVE TESTS OF TRANSACTIONS (CONT.)
Understand Internal Control: The auditor gains an understanding

of internal control for the acquisition and payment cycle as part of
performing risk assessment procedures.
Assess Planned Control Risk: Key internal controls for the business
functions in this cycle are:
• Authorization of purchases
• Separation of asset custody from other functions
• Timely recording and independent review of transactions
• Authorization of payments

Determine Extent of Tests of Controls:

• If the auditor intends to rely on controls to support a preliminary
control risk assessment below maximum, the auditor performs tests
of controls to obtain evidence that controls are operating effectively.
Design Tests of Controls and Substantive Tests of Transactions for
Acquisitions:
• Key internal controls, common tests of controls, and common
substantive tests of transactions for each transaction-related audit
objective are summarized in Table 18-2 on page 612.


Acquisitions (cont): Four of the six transaction-related audit
objectives should be examined more closely:
1. Recorded acquisitions are for goods and services received,
consistent with the best interests of the client (Occurrence).
2. Existing acquisitions are recorded (Completeness).
3. Acquisitions are accurately recorded (Accuracy).
4. Acquisitions are correctly classified (Classification).

Cash Disbursements:
• Key internal controls, common tests of controls, and common substantive
tests of transactions for each transaction-related audit objective are
summarized in Table 18-3 on page 615.
Attributes Sampling for Tests of Controls and Substantive Tests of
Transactions: Important differences in acquisition and payment cycle:
• a larger number of accounts involved in this cycle, including both income
statement and balance sheet accounts.
• more common for transactions to require significant judgment, such as for
leases and construction costs.
• dollar amounts of individual transactions in the cycle cover a wide range.

5.2. Test of Controls

Uploaded by

Copyright:

Available Formats

5.2. Test of Controls

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5.2. Test of Controls

Uploaded by

Copyright:

Available Formats

INTERNAL CONTROL AND

Copyright ©2017 Pearson Education, Inc.

1. Obtain understanding of internal control

2. Understand purposes and procedures for tests of controls

3. Tests of controls: Sales and collection cycle

4. Tests of controls: Acquisition and payment cycle

Copyright © 2017 Pearson Education, Inc. 12-2

Copyright ©2017 Pearson Education, Inc. 14-1

Copyright © 2017 Pearson Education, Inc. 12-4

Copyright © 2017 Pearson Education, Inc. 12-5

Copyright ©2017 Pearson Education, Inc. 12-7

Copyright ©2017 Pearson Education, Inc. 12-

Copyright © 2017 Pearson Education, Inc. 12-

Copyright © 2017 Pearson Education, Inc. 12-

Identify and Evaluate Control Deficiencies, Significant Deficiencies, and

Copyright ©2017 Pearson Education, Inc. 12-

Identify Deficiencies, Significant Deficiencies, and Material

Copyright ©2017 Pearson Education, Inc. 12-

Identify Deficiencies, Significant Deficiencies, and Material

Copyright ©2017 Pearson Education, Inc. 12-

Copyright ©2017 Pearson Education, Inc. 14-1

Copyright © 2017 Pearson Education, Inc. 12-

Copyright © 2017 Pearson Education, Inc. 12-

Copyright ©2017 Pearson Education, Inc. 12-

Copyright ©2017 Pearson Education, Inc. 12-

Reliance on Service Center Auditors—

Copyright ©2017 Pearson Education, Inc. 12-

Copyright © 2017 Pearson Education, Inc. 12-

Copyright © 2017 Pearson Education, Inc. 12-

Copyright © 2017 Pearson Education, Inc. 12-

Communications to Those Charged with Governance

• The auditor must communicate significant deficiencies and

Copyright © 2017 Pearson Education, Inc. 12-

Section 404 Reporting Requirements—The auditor is required to

Copyright ©2017 Pearson Education, Inc. 12-

Types of Opinions on Internal Control (cont.)

The definition of a material weakness and opinion paragraph are

Copyright ©2017 Pearson Education, Inc. 12-

Copyright ©2017 Pearson Education, Inc. 12-

Copyright ©2017 Pearson Education, Inc. 12-

Copyright ©2017 Pearson Education, Inc. 14-1

Copyright © 2017 Pearson Education, Inc. 14-

Copyright © 2017 Pearson Education, Inc. 14-

Copyright © 2017 Pearson Education, Inc. 14-

The classes of transactions, accounts, business functions, and related documents

Copyright © 2017 Pearson Education, Inc. 14-

Copyright © 2017 Pearson Education, Inc. 14-

The methodology for this process is shown in Figure 14-2.

Copyright © 2017 Pearson Education, Inc. 14-

Copyright ©2017 Pearson Education, Inc. 14-

The key control activities for sales (cont.):

Copyright ©2017 Pearson Education, Inc. 14-

Copyright ©2017 Pearson Education, Inc. 14-

Design Substantive Tests of Transactions for Sales (cont.)

The direction of tests related to sales is shown in Figure14-4.

Copyright ©2017 Pearson Education, Inc. 14-

Design Substantive Tests of Transactions for Sales (cont.)

Copyright ©2017 Pearson Education, Inc. 14-

Copyright ©2017 Pearson Education, Inc. 14-