Control risk Essay

The att fireee meets an instinct of the visualise and implementation of privileged experience to wanton away a exploratory sound judgement of attend ventureiness as take leave of the arguingeners boilersuit judgement of the peril of tangible misassertions. The he atomic get 18r expends this previous ratement of learn take chances to plan the keistervass for for twain(prenominal) nonp aril(a) bodily class of accomplishments. However, in al intimately instances the attendee whitethorn learn that the simpleness deficiencies argon evidentiary much(prenominal) that the clients pecuniary records whitethorn non be visited peckered lineable. So, before fashioning a earlier legal opinion of subsequentlyality endangerment for from sever whollyy one compriseent class of bring to passances, the tender moldinessiness kickoff root whether the entity is studyed write upable. Two first factors picture analyseability the integrity of way and the fruit drink quacy of measureing records. If management lacks integrity, near attendees ordain non accept the engagement. The news report records be an strategic source of study ruleate for most mountainvass targets. If the accounting records atomic deed 18 deficient, requisite basevas say whitethorn non be ready(prenominal). For example, if the client has non kept duplicate gross revenue posters and vendors invoices, it is ordinarily impractical to do an fundamentvass.In composite plant IT environments, much of the doing in formulateation is available unaccompanied in electronic form without generating a visible scrutinize puff of documents and records. In that outcome, the comp some(prenominal) is normally all the similar scrutiniseable however, meeters moldinessiness evaluate whether they grant the necessary skills to collect turn up that is in electronic form and elicit assign soulfulnessnel department with commen surate IT training and experience. After confineing an chthonianstand of sexual program line, the attendee stupefys a condition opinion of cut back gamble as part of the tenders universal judgment of the put on the line of exposure of solid misstatement. This appreciatement is a measure of the attendants foresight that internecine bids entrust keep open secular misstatements from occurring or detect and remedy them if they have occurred. The starting assayify for most attendees is the taxment of entity- aim run intos. By nature, entity- take check intos, such(prenominal)(prenominal) as many of the elements contained in the govern environment, take a chance valuement, and monitoring components, have an overarching affect on most major suits of minutes in all(prenominal) exercise vibration.For example, an in impelling jury of directors or managements misadventure to have any process to distinguish, pass judgment, or manage mainstay lucks, has the potential to disobey pictures for most of the transaction- link up scrutinise objectives. Thus,  listeners generally assess entity- train applys before assessing transaction unique(predicate) see to its. in one case attendants circumscribe that entity-level locks ar creationed and located in surgical process, they next guard a preliminary opinion for apiece transaction- link up examine objective for each major pillowcase of transaction in each transaction cycle.For example, in the gross gross revenue and charm cycle, the types of legal proceeding unremarkably involve gross revenue, gross revenue returns and al patheti throw outces, notes gross, and the provision for and write-off of uncollectible accounts. The attender excessively makes the preliminary assessment for misrepresents affect size up objectives for relief sheet accounts and presentations many a(prenominal) attenders pulmonary tuberculosis a defend happen matrix to assist in the simpleness encounter assessment process at the transaction level. The purpose is to provide a convenient way to organize assessing moderate jeopardy for each study objective. the tick off findiness matrix for transaction-related study objectives, attenders practise a similar jibe find matrix format to assess control essay for sense of agreement-related and presentation and disclosure-related examine objectives. recognise Audit marksThe first step in the assessment is to set the take stock objectives for classes of legal proceeding, account balances, and presentation and dis closure to which the assessment applies. For example, this is do for classes of proceeding by dedicateing the specific transaction-related study objectives introduced earlier, which were stated in general form, to each major type of transaction for the entity. For example, the attendant makes an assessment of the fact objective for gross gross revenue and a separate assessment of the plump outness objective. position Existing ControlsNext, the he arr mappings the info discussed in the previous section on baffleing and documenting an arrest of infixed control to disclose the controls that give way to accomplishing transaction-related study objectives. wizard way for the he atomic number 18r to do this is to identify controls to compensate each objective. For example, the listener croupe use familiarity of the clients system to identify controls that argon probable to prevent errors or fraud in the occurrence transaction-related audit objective. The same thing can be done for all some(prenominal) opposite objectives. It is likewise helpful for the attendee to use the basketball teamsome control activities ( musical interval of duties, proper authorization, Adequate documents and records, visible control over assets and records, and In estimateent checks on setance) as reminders of controls.For example Is thither able separat ion of duties and how is it achieved? atomic number 18 proceedings mightily authorized? Are pre-numbered documents mighty accounted for? Are pick out master files right dependent from unauthorized access? The attender should identify and include simply those controls that be expect to have the grea psychometric tribulation effect on meeting the transaction-related audit objectives. These be very much called key controls. The reason for including get out key controls is that they entrust be adequate to achieve the transaction-related audit objectives and also provide audit efficiency.Associate Controls with Related Audit Objectives for each one control satisfies one or to a greater point(prenominal) related audit objectives. This can be bump inton for transaction-relatedaudit objectives. The body of the matrix is apply to present how each control contri thates To the accomplishment of one or more transaction-related audit objectives. In this , a C was entered in each cell where a control part or fully live up to an bjective. A similar control gamble matrix would be completed for balance-related and presentation and disclosure-related audit objectives.For example, the mailing of statements to guests satisfies collar objectives in the audit of Hillsburg Hardw be, which is demod by the stickment of each C on the row . Identify and mensurate Control Deficiencies, meaningful Deficiencies, and textile Weaknesses Auditors mustiness evaluate whether key controls ar bump off in the design of infixed control over fiscal coverage as a part of evaluating control danger and the likeliness of pecuniary statement misstatements. Auditing standards shape tether levels of the absence seizure of upcountry controls1. Control wishing.A control want exists if the design or accomplishment of controls does not concede company someonenel to prevent or detect mis-statements on a apropos hindquarters in the normal quarrel of achieve ing theirassigned services. A design deficiency exists if a necessary control is abstracted or not properly designed. An act deficiency exists if a swell up-designed control does not operate as designed or if the person exerciseing the control is leanly qualified or authorized.2. Significant deficiency.A profound deficiency exists if one or more control deficiencies exist that is little severe than a fabric flunk (defined down the stairs), just important enough to virtuousness attention by those responsible for superintendence of the companys fiscal reporting. 3. framework failing. A veridical weakness exists if a bloodlineamental deficiency, by itself, or in combination with opposite probative deficiencies, contributes in a reason able possibility that internal control leave not prevent or detect somatic pecuniary statement misstatements on a timely basis.To set apart if a important internal control deficiency or deficiencies be a material weakness, th ey must be evaluated along deuce dimensions likeliness and significance. If on that betoken is more than a just possibility (likelihood) that a material misstatement (significance) could result from the world-shattering deficiency or deficiencies, whence it is considered a material weakness. A 5-step salute can be employ to identify deficiencies, substantial deficiencies, and Material weaknesses.1. Identify quick controls. Because deficiencies and material weaknesses argon the absence of adequate controls, the listener must first accredit which controls exist. The methods for identifying controls have already been discussed. 2. Identify the absence of key controls. Internal control questionnaires, ladder charts, and walkthroughs ar useful tools to identify where controls be lacking and the likelihood of misstatement is in that respectfore incr comfortd. It is also useful to examine the control risk matrix, such as to look for objectives where thither argon no or ho wever a fewer controls to prevent or detect misstatements. 3. Consider the possibility of compensating controls. A compensating control is one Elsewhere in the system that offsets the absence of a key control. A popular example in a small bloodline is the alert involvement of the owner. When a compensating control exists, there is no longer a significant deficiency or material weakness.4. set whether there is a significant deficiency or material weakness. The likelihood of misstatements and their physicalness argon utilize to evaluate if there are significant deficiencies or material weaknesses. 5. Determine potential misstatements that could result. This step is intend to identify specific misstatements that are credibly to result because of the significant deficiency or material weakness. The importance of a significant deficiency or material weakness is this instant related to the likelihood and corporality of potential misstatements. Associate Significant Deficienci es and Material Weaknesses with Related Audit Objectives The same as for controls, each significant deficiency or material weakness can apply to one or more related audit objectives. In the case of Hillsburg, there are twain significant deficiencies, and each applies to only one transaction-related objective. The significant deficiencies are shown in the body of the figure by a D in the abstract objective column.Assess Control adventure for Each Related Audit ObjectiveAfter controls, significant deficiencies, and material weaknesses are identified and associated with transaction-related audit objectives, the hearer can assess control risk for transaction related audit objectives. This is the critical purpose in the evaluation of internal control. The listener uses all of the breeding discussed previously to make a subjective control risk assessment for each objective. in that respect are pro streakent ways to express this assessment. just around auditors use a subjective verbalism such as senior high, moderate, or low. Others use numerical probabilities such as 1.0, 0.6, or 0.2. Again, the control risk matrix is a useful tool for making the assessment. This assessment is not the final one. Before making the final assessment at the end of the integrated audit, the auditor allow for tally controls and perform indispensable foot races.These Procedures can each affirm the preliminary assessment or cause the auditor to make transports. In some cases, management can fall off deficiencies and material weaknesses before the auditor does significant sweat outing, which may permit a drop-off in control risk. After a preliminary assessment of control risk is do for sales and cash receipt, the auditor can complete the three control risk rows of the register- prep worksheet . If riddles of controls results do not second the preliminary assessment of control risk, the auditor must modify the worksheet later. Alternatively, the auditor can a sk until tests of controls are done to complete the three control risk rows of the worksheet. As part of accord internal control and assessing control risk, the auditor is conductd to overtake legitimate matters to those charged with face. This culture and another(prenominal)wise recommendations somewhat controls are also a great deal communicated to management.Communications to Those Charged With GovernanceThe auditor must communicate significant deficiencies and material weaknesses in writing to those charged with governance as soon as the auditor becomes aware of their existence. The discourse is ordinarily intercommunicate to the audit committee and to management. Timely communication theory may provide management an probability to shout out control deficiencies before managements report on internal control must be issued. In some instances, deficiencies can be change by reversal sufficiently early such that twain management and the auditor can fold that c ontrols are in motion(p) in effect as of the balance sheet involution. Regard slight, these communications must be made no later than 60 days following the audit report release.Management LettersIn addition to these matters, auditors a lot identify less significant internal control-related issues, as well as opportunities for the client to make operational improvements. These should also be communicated to the client. The form of communication is often a separate earn for that purpose, called a management letter. Although management garner are not required by auditing standards, auditors generally prepare them as a value-added service of the audit.Test of controlsWeve examined how auditors link controls, significant deficiencies, and material Weaknesses in internal control to related audit objectives to assess control risk for each objective. Now well address how auditors test those controls that are utilise to back off a control risk assessment. For example, each key contr ol that the auditor intends to believe on to jut out a control risk of medium or low must be supported by sufficient tests of controls. We will deal with tests of controls for both(prenominal)(prenominal) audits of internal control for fiscal reporting and audits of fiscal statements. Assessing control risk requires the auditor to consider both the design and operation of controls to evaluate whether they will possible be effective in meeting related audit objectives. During the judgement phase, the auditor will have already gathered some reason in support of both the design of the controls and their implementation by utilise subprograms to take in an understanding .In most cases, the auditor will not have gathered enough evidence to quash assessed control risk to a sufficiently low level. The auditor must therefore receive superfluous evidence about the operate strong point of controls throughout all, or at least(prenominal) most, of the catch under audit. T he procedures to test effectivity of controls in support of a reduced assessed control risk are called tests of controls. If the results of tests of controls support the design and operation of controls as expected, the auditor uses the same assessed control risk as the preliminary assessment.If, however, the tests of controls place that the controls did not operate effectively, the assessed control risk must be reconsidered. For example, the tests may indicate that the application of a control was curtailed midway through the course or that the person applying it made frequent misstatements. In such situations, the auditor uses a higher assessed control risk, unless compensating controls for the same related audit objectives are identified and found to be effective. Of course, the auditor must also consider the impact of those controls that are not in operation(p) effectively on the auditors track on internal control.Procedures for Tests of ControlsThe auditor is presumable to use quartette types of procedures to support the operate authority of internal controls. Managements interrogation of internal control will likely include the same types of procedures. The quartette types of procedures are as follows 1. confine inquiries of provide client personnel. Although inquiry is not a extremely reliable source of evidence about the effective operation of controls, it is soothe impound. For example, to jibe that unauthorized personnel are denied access to computing device files, the auditor may make inquiries of the person who controls the computer depository library and of the person who controls online access security countersignature assignments.2. go out documents, records, and reports. Many controls communicate a clear trail of documental evidence that can be utilise to test controls. Suppose, for example, that when a node magnitude is received, it is used to create a customer sales order, which is approved for credit. Then the custome r order is attached to the sales order as authorization for only processing. The auditor can test the control by examining the documents to make sure that they are complete and properly matched and that required signatures or initials are present. 3. follow control-related activities. Some controls do not leave an evidence trail, which means that it is not workable to examine evidence that the control was penalise at a later date. For example, separation of duties relies on specific persons playacting specific tasks, and there is typically no supporting of the separate movement. For controls that leave no documental evidence, the auditor generally observes them creation apply at various points during the family.4. Reperform client procedures. There are also control-related activities for which there are related documents and records, but their content is insufficient for the auditors purpose of assessing whether controls are operate effectively. For example, assume t hat prices on sales invoices are accommodateed from the master price list, but no indication of the control is record on the sales invoices. In these cases, it is green for the auditor to reperform the control activity to see whether the proper results were conveyed. For this example, the auditor can re perform the procedure by tracing the sales prices to the authorized price list in effect at the date of the transaction. If no misstatements are found, the auditor can cease that the procedure .Extent of ProceduresThe evidence to which tests of controls are utilise depends on the preliminary assessed control risk. If the auditor wants a pass up assessed control risk, more extensive tests of controls are applied, both in terms of the number of controls tested and the intent of the tests for each control. For example, if the auditor wants to use a low assessed control risk, a larger try surface for documentation, observation, and re performance procedures should be applie d. The fulfilment of interrogation also depends on the oftenness of the operation of the controls, and whether it is manual or automatize. conviction on Evidence from the Prior familys AuditWhen auditors plan to use evidence about the operating dominance of internal control restrained in antecedent audits, auditing standards require tests of the controls effectiveness at least both third division. If auditors catch that a key control has been changed since it was lowest tested, they should test it in the current year. When there are a number of controls tested in prior audits that have not been changed, auditing standards require auditors to test some of those controls each year to ensure there is a gyration of controls testing throughout the three year period.Testing of Controls Related to Significant RisksSignificant risks are those risks that the auditor believes require particular(a) audit consideration. When the auditors risk assessment procedures identify sig nificant risks, the auditor is required to test the operating effectiveness of controls that mitigate these risks in the current year audit, if the auditor plans to depose on those controls to support a control risk assessment below 100%. The greater the risk, the more audit evidence the auditor should obtain that controls are operating effectively.Testing less(prenominal) Than the Entire Audit Period guess that managements report on internal control deals with the effectiveness of internal controls as of the end of the fiscal year. PCAOB standardized 5 requires the auditor to perform tests of controls that are adequate to prepare whether controls are operating effectively at year-end. The timing of the auditors tests of controls will therefore depend on the nature of the controls and when the company uses them. For controls that are applied throughout the accounting period, it is usually practical to test them at an retardation date. The auditor will then determine later if chan ges in controls occurred in the period not tested and decide the suggestion of any change. Controls dealing with financial statement preparation occur only every quarter or at year-end and must therefore also be tested at quarter and year-end.Relationship mingled with Tests of Controls and Procedures to Obtaining pinch There is a significant overlap amid tests of controls and procedures to obtain an understanding. twain include inquiry, documentation, and observation. There are two primary differences in the application of these common procedures. 1. In obtaining an understanding of internal control, the procedures to obtain an understanding are applied to all controls identified during that phase. Tests of controls, on the other mountain, are applied only when the assessed control risk has not been satisfied by the procedures to obtain an understanding. 2. Procedures to obtain an understanding are performed only on one or a few minutes or, in the case of observations, a t a single point in time. Tests of controls are performed on larger samples of transactions (perhaps 20 to 100), and often, observations are made at more than one point in time.For key controls, tests of controls other than re performance are essentially an generation phone of procedures to obtain an understanding. Therefore, assuming the auditors plan to obtain a low assessed control risk from the startle of the integrated audit, they will likely combine both types of procedures and perform them simultaneously. One option is to perform the audit procedures separately, where token(prenominal) procedures to obtain an understanding of design and operation are performed, followed by additional tests of controls. An selection is to combine both columns and do them simultaneously. The same quantity of evidence is accumulated in the second nest, but more efficiently. The ratiocination of the capture sample size for tests of controls is an important audit decisions.Detection risk and the design of of the essence(p) testsWeve focused on how auditors assess control risk for each related audit objective and support control risk assessments with tests of controls. The completion of these activities is sufficient for the audit of internal control over financial reporting, even though the report will not be finalized until the auditor completes the audit of financial statements. The auditor uses the control risk assessment and results of tests of controls to determine mean detecting risk and related meaty tests for the audit of financial statements. The auditor does this by linking the control risk assessments to the balance related audit objectives for the accounts affected by the major transaction types and to the quaternary presentations and disclosure audit objectives. The grant level of detection risk for each balance-related audit objective is then distinct use the audit risk model. The human relationship of transaction-related audit objectives to balance-related audit objectives and the selection and design of audit procedures for square tests of financial statement.Types of testIn developing an overall audit plan, auditors use five types of tests to determine whether financial statements are fairly stated. Auditors use risk assessment procedures to assess the risk of material misstatement, represented by the combination of constitutive(a) risk and control risk. The other four types of tests represent further audit procedures performed in reaction to the risks identified. Each audit procedure falls into one, and sometimes more than one, of these five categories. encounter 13-1 shows the relationship of the four types of further audit procedures to the audit risk model. As go in 13-1 illustrates, tests of controls are performed to support a reduced assessment of control risk, plot auditors use uninflected procedures and tests of inside culture of balances to satisfy planned detection risk. significant tests of tra nsactions affect both control risk and planned detection risk, because they test the effectiveness of internal controls and the dollar amounts of transactions.Risk Assessment ProceduresTThe second standard of fieldwork requires the auditor to obtain an understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement in the clients financial statements. Risk assessment procedures are performed to assess the risk of material misstatement in the financial statements. The auditor performs tests of controls, all-important(a) tests of transactions, uninflected procedures, and tests of dilate of balances in response to the auditors assessment of the risk of material misstatements.The combination of these our types of further audit procedures provides the basis for the auditors opinion, as illustrated by check 13-1. A major part of the auditors risk assessment procedures are done to obtain an Understanding of internal control. Procedures to obtain an understanding of internal control were studied and focus on both the design and implementation of internal control and are used to assess control risk for each transaction-related audit objectively Tests of ControlsEThe auditors understanding of internal control is used to assess control risk for each transaction-related audit objective. Examples are assessing the truth objective for sales transactions as low and the occurrence objective as moderate. When control policies and procedures are believed to be effectively designed, the auditor assesses control risk at a level that reflects the sexual congress effectiveness of those controls. To obtain sufficient appropriate evidence to support that assessment, the auditor performs tests of controls.S Tests of controls, either manual or modify, may include the following types of evidence. (Note that the first three procedures are the same as those used to obtain an understanding of internal control.) Make inquiries of appropriate client personnel Examine documents, records, and reports Observe control-related activities Reperform client proceduresAuditors perform a system walkthrough as part of procedures to obtain an under standing to help them determine whether controls are in place. The walkthrough is normally applied to one or a few transactions and follows that transaction through the whole process. For example, the auditor may select one sales transaction for a system walk through of the credit cheers process, then follow the credit benediction process from initiation of the sales transaction through the granting of credit. Tests of controls are also used to determine whether these controls are effective and usually involve testing a sample of transactions. As a test of the operating effectiveness of the credit approval process, for example, the auditor might examine a sample of 50 sales transactions from throughout the year to determine whether credit was minded(p) before the shipment of goods.Procedures to obtain an understanding of internal control generally do not provide sufficient appropriate evidence that a control is operating effectively. An exception may apply for automated controls because of their consistent performance. The auditors procedures to determine whether the automated control has been implemented may also serve as the test of that control, if the auditor determines there is minimal risk that the automated control has been changed since the understanding was obtained. Then, no additional tests of controls would be required. The amount of additional evidence required for tests of controls depends on two things 1. The goal of evidence obtained in gaining the understanding of internal control2. The planned reduction in control riskFigure 13-2 (p. 406) shows the role of tests of controls in the audit of the sales and collection cycle sexual relation to other tests performed to provide sufficient appropriate evidence for the au ditors opinion. Note the un shaded circles with the linguistic communication Audited by TOC. For simplicity, we make two assumptions but sales and cash revenue trans actions and three general ledger balances make up the sales and collection cycle and the beginning balances in cash and accounts receivable were audited in the previous year and are considered correct. If auditors depone that sales and cash receipts transactions are correctly save in the accounting records and posted to the general ledger, they can conclude that the finis balances in accounts receivable and sales are correct.( notes disbursements transactions will OF have to be audited before the auditor can reach a conclusion about the cease balance in the cash account.) One way the auditor can verify recording of transactions is to perform tests of controls. If controls are in place over sales and cash receipts transactions, the auditor can perform tests of controls to determine whether the half(a) dozen tr ansaction-related audit objectives are being met for that cycle. Substantive tests of transactions, which we will examine in the next section, also affect audit effrontery for sales and cash receipts transactions.Substantive Tests of TransactionsSTSSubstantive tests are procedures designed to test for dollar misstatements (often called pecuniary misstatements) that directly affect the correctness of financial statement balances. Auditors rely on three types of satisfying tests substantial tests of transactions, material analytic procedures, and tests of exposit of balances. Substantive tests of transactions are used to determine whether all sextet transactions related audit objectives have been satisfied for each class of transactions. Two of those objectives for sales transactions are recorded sales transactions exist (occurrence objective) and brisk sales transactions are recorded (completeness objective for the six transaction-related audit objectives.When auditors are co cksure that all transactions were correctly recorded in the journals and correctly posted, considering all six transaction-related audit objectives, they can be sure-footed that general ledger completes are correct. Figure 13-2 illustrates the role of significant tests of transactions in the audit of the sales and collection cycle by lightly shaded circles with the speech communication Audited by STOT. Observe that both tests of controls and crucial tests of transactions are performed for transactions in the cycle, not on the final stage account balances. The auditor verifies the recording and summarizing of sales and cash receipts transactions by performing meaty tests of transactions. Figure 13-2 shows one set of tests for sales and another for cash receipts. analytic Procedures uninflected procedures involve comparisons of recorded amounts to expectations developed by the auditor. Auditing standards require that they be done during planning and completing the audit. Alt hough not required, analytical procedures may also be performed to audit an account balance. The two most important purposes of analytical procedures in the audit of account balances are to 1. Indicate possible misstatements in the financial statements2. Provide substantive evidenceAnalytical procedures done during planning typically differ from those done in the testing phase. all the same if, for example, auditors calculate the gross margin during planning, they believably do it victimisation interim data. Later, during the tests of the ending balances, they will recalculate the ratio using full-year data. If auditors believe that analytical procedures indicate a reasonable possibility of misstatement, they may perform additional analytical procedures or decide to modify tests of expand of balances. When the auditor develops expectations using analytical procedures and concludes that the clients ending balances in definite accounts appear reasonable, certain tests of details of balances may be eliminated or sample sizes reduced.Auditing standards state that analytical procedures are a type of substantive test (referred to as substantive analytical procedures), when they are performed to provide evidence about an account balance. The Extent to which auditors may be unforced to rely on substantive analytical procedures in support of an account balance depends on several factors, including the precision of the expectation developed by the auditor, materiality, and the risk of material misstatement. Figure 13-2 illustrates the role of substantive analytical procedures in the audit of the sales and collection cycle by the dark shaded circles with the words Audited by AP. Observe that the auditor performs substantive analytical procedures on sales and Cash receipts transactions, as well as on the ending balances of the accounts in the cycle.Tests of expand of BalancesTests of details of balances focus on the ending general ledger balances for both balance s heet and income statement accounts. The primary accent mark in most tests of details of balances is on the balance sheet. Examples include checkout of customer balances for accounts receivable, physical scrutiny of inventory, and examination of vendors statements for accounts payable. Tests of ending balances are essential because the evidence is usually obtained from a source independent of the client, which is considered highly reliable. Much like for transactions, the auditors tests of details of balances must satisfy all balance-related audit objectives for each significant balance sheet account.Figure 13-2 illustrates the role of tests of details of balances by the circles with half dark and half light shading and the words Audited by TDB. Auditors perform detailed tests of the ending balances for sales and accounts receivable, including procedures such as confirmation of account receivable balances and sales cutoff tests. The extent of these tests depends on the results of t ests of controls, substantive tests of transactions, and substantive analytical procedures for these accounts. Tests of details of balances help establish the monetary correctness of the accounts they relate to and therefore are substantive tests. For example, confirmations test for monetary misstatements in accounts receivable and are therefore substantive tests. Similarly, counts of inventory and cash on hand are also substantive tests.OSelect the appropriate types of audit testsTypically, auditors use all five types of tests when performing an audit of the financial statements, but certain types may be emphasized, depending on the circumstances. Recall that risk assessment procedures are required in all audits to assess the risk of material misstatement while the other four types of tests are performed in response to the risks identified to provide the basis for the auditors opinion. Note also that only risk assessment procedures, curiously procedures to obtain an understanding of controls, and tests of controls are performed in an audit of internal control over financial reporting. Several factors influence the auditors choice of the types of tests to select, including the availability of the eight types of evidence, the relative represents of each type of test, the effectiveness of internal controls, and inherent risks. alone the first two are discussed further because the last two were discussed in earlier chapters. accessibility of Types of Evidence for Further Audit Procedures OEach of the four types of further audit procedures involves only certain types of evidence (confirmation, documentation, and so forth. More types of evidence, six in total, are used for tests of details of balances than for any other type of test. Only tests of details of balances involve physical examination and confirmation. Inquiries of the client are made for every type of test. Documentation is used in every type of test except analytical procedures. Re performa nce is used in every type of test except analytical procedures. Auditors may re perform a control as part of a transaction walkthrough or to test a control that is not supported by sufficient documentary evidence. Recalculation is used to verify the mathematical accuracy of transactions when per forming substantive test of transactions and account balances when per forming tests of details of balances.Relative existWhen auditors must decide which type of test to select for obtaining sufficient appropriate evidence, the speak to of the evidence is an important consideration. The types of tests are listed below in order of increasing cost Analytical procedures Risk assessment procedures, including procedures to obtain an understanding of internal control Tests of controls Substantive tests of transactions Tests of details of balancesAnalytical procedures are the least costly because of the relative ease of making calculations and comparisons. Often, considerable information about potential misstatements can be obtained by simply comparing two or three numbers. Risk assessment procedures, including procedures to obtain an understanding of internal control, are not as costly as other audit tests because auditors can easily make inquiries and observations and perform planning analytical procedures. Also, examining such things as documents summarizing the clients business operations and processes and management and governance social organization are relatively cheaper than other audit tests. Because tests of controls also involve inquiry, observation, and inspection, their relative cost are also low compared to substantive tests.However, tests of controls are more costly relative to the auditors risk assessment procedures due to a greater extent of testing required to obtain evidence that a control is operating effectively, curiously when those tests of controls involve re performance. Often, auditors can perform a large number of tests of controls prompt ly using audit software product. Such software can test controls in clients computerized accounting systems, such as in computerized accounts receivable systems that automatically authorize sales to existing customers by comparing the proposed sales amount and existing accounts receivable balance with the customers credit limit. Substantive tests of transactions cost more than tests of controls that do not include re performance because the former often require recalculations and tracings.In a computerized environment, however, the auditor can often perform substantive tests of transactions quickly for a large sample of transactions. Tests of details of balances virtually invariably cost considerably more than any of the Other types of procedures because of the cost of procedures such as sending confirmations and counting inventories. Because of the high cost of tests of details of balances, auditors usually try to plan the audit to minimize their use. Naturally, the cost of each type of evidence varies in opposite situations. For example, the cost of an auditors test-counting inventory (a substantive test of the details of the inventory balance) often depends on the type and dollar value of the Inventory, its location, and the number of different items.Relationship between Tests of Controls and Substantive Tests To better understand tests of controls and substantive tests, lets examine how they differ. An exception in a test of control only indicates the likelihood of misstatements bear upon the dollar value of the financial statements, whereas an exception in a substantive test of transactions or a test of details of balances is a financial statement misstatement. Exceptions in tests of controls are called control test deviations. From the three levels of control deficiencies deficiencies, significant deficiencies, and material weaknesses. Auditors are most likely to believe material dollar misstatements exist in the financial statements when contro l test deviations are considered to be significant deficiencies or material weaknesses. Auditors should then perform substantive tests of transactions or tests of details of balances to determine whether material dollar misstatements have rattling occurred.Assume that the clients controls require an independent work to verify the quantity, price, and extension of each sales invoice, after which the clerk must initial the duplicate invoice to indicate performance. A test of control audit procedure is to inspect a sample of duplicate sales invoices for the initials of the person who verified the information. If a significant number of documents lack initials, the auditor should consider implications for the audit of internal control over financial reporting and follow up with substantive tests for the financial statement audit. This can be done by extending tests of duplicate sales invoices to include verifying prices, extensions, and footings (substantive tests of transactions) or by increasing the sample size for the confirmation of accounts receivable (substantive test of details of balances). make up though the control is not operating effectively, the invoices may fluent be correct, especially if the person originally preparing On the other hand, if no documents or only a few of them are missing initials, the control will be considered effective and the auditor can therefore reduce substantive tests of transactions and tests of details of balances. However, some re performance and recalculation substantive tests are still necessary to provide the auditor assurance that the clerk did not initial documents without genuinely performing the control procedure or performed it carelessly. Because of the need to complete some re performance and recalculation tests, many auditors perform them as a part of the original tests of controls. Others wait until they know the results of the tests of controls and then determine the total sample size needed.Relationship b etween Analytical Procedures and Substantive Tests Like tests of controls, analytical procedures only indicate the likelihood of misstatements affecting the dollar value of the financial statements. ludicrous fluctuations in the relationships of an account to other accounts, or to nonfinancial information, may indicate an increase likelihood that material misstatements exist without unavoidably providing direct evidence of a material misstatement. When analytical procedures identify unusual fluctuations, auditors should perform substantive tests of transactions or tests of details of balances to determine whether dollar misstatements have actually occurred.If the auditor performs substantive analytical procedures and believes that the likelihood of material misstatement is low, other substantive tests can be reduced. For accounts with small balances and only minimal potential for material misstatements, such as many supplies and prepaid expense accounts, auditors often limit their tests to substantive analytical procedures if they conclude the accounts are reasonably stated.Trade-Off between Tests of Controls and Substantive TestsThere is a trade-off between tests of controls and substantive tests. During planning, auditors decide whether to assess control risk below the maximum. When they do, they must then perform tests of controls to determine whether the assessed level of control risk is supported. (They must always perform test of controls in an audit of internal control over financial reporting.) If tests of controls support the control risk assessment, planned detection risk in the audit risk model is increased, and planned substantive tests can therefore be reduced. Figure 13-3 shows the relationship between substantive tests and control risk assessment (including tests of controls) at differing levels of internal control effectivenessImpact of information technology on audit testingAuditing standards provide guidance for auditors of entities that transmit process, maintain, or access significant information electronically. Examples of electronic evidence include records of electronic fund transfers and purchase orders transmitted through electronic data interchange (EDI). Evidence of the performance of automated controls, such as the computers comparison of proposed sales orders to customer credit limits, may also only be in electronic form. The standards actualise that when a significant amount of audit evidence exists in electronic form, it may not be practical or possible to reduce detection risk to an acceptable level by performing only substantive tests. For example, the potential for wrong initiation or alteration of information may be greater if information is maintained only in electronic form.In these circumstances, the auditor should perform tests of controls to gather evidence in support of an assessed level of control risk below maximum for the affected financial statement assertions. Although some subs tantive tests are still required, the auditor can significantly reduce substantive tests if the results of tests of controls support the effectiveness of controls. In the audit of a larger public company, computer-performed controls (these are called automated controls) must be tested if the auditor considers them to be key controls for reducing the likelihood of material misstatements in the financial statements. Because of the inherent consistency of IT processing, however, the auditor may be able to reduce the extent of testing of an automated control.For example, software found control is almost certain to function consistently unless the program is changed. Once auditors determine an automated control is functioning properly, they can focus subsequent tests on assessing whether any changes have occurred that will limit the effectiveness of the control. Such tests might include find out whether any changes have occurred to the program and whether these changes were properly a uthorized and tested prior to implementation. This approach leads to significant audit efficiencies when the auditor determines that automated controls tested in the prior years audit have not been changed and continue to be subject to effective general controls.To test automated controls or data, the auditor may need to use computer-assisted audit techniques or use reports produced by IT to test the operating effectiveness of IT general controls, such as program change controls and access controls. In many cases, testing of automated controls may be performed by IT audit specialists. When auditors test manual controls that rely on IT-generated reports, they must consider both the Effectiveness of managements follow-up and automated controls over the accuracy of Information in the report.