Audit test of controls is a type of audit examination on the internal control of an entity after they perform an understanding of internal control over financial reporting to assess whether the control is efficient and effective and whether auditor could rely on those control or not for their audit purpose. Those internal controls are mainly related to internal control over financial reporting.
The quality of financial statements is significantly depending on internal control especially the control over financial reporting. If the control is strong and effectively implemented by management, then the risks of material misstatements are likely to be low whether those risks are from errors or fraud.
Internal control testing is normally done at the audit planning as required by the standard, but in practice, the internal control testing might be done at the execution stages. Test of controls is part of System Based Approach and Substantive Procedures Audit Approach.
Audit Test of controls is the difference from substantive or detail test. Test of controls is performed to confirm the efficiency and effectiveness of control over financial reporting so that the audit can conclude whether they could rely on it or not. For example, auditor test whether monthly bank statements are properly prepared, reviewed, and approved
Definition of Test of Controls from IFAC:
Explanation on Audit Test of Controls:
Here is the explanation of how the test of controls are performed,
Most of the audits of financial statements are to follow the international standard of auditing. This standard, at the planning stage, required the auditor to perform a risk assessment and understand the client’s nature of business and internal control.
The auditor generally obtains an understanding of the nature of client business as a whole, internal control related to the operation, and internal control over financial reporting.
Yet, the auditor is not required to test all of those internal controls, the test of controls. The auditor is normally focused mainly on internal control over financial reporting as it mater to the financial report that they are auditing.
So, during the planning stage auditor is required by the standard to obtain an understanding of client internal control over financial reporting. And then assess those control whether they are reliable or not.
Reliable means that internal control can detect major kinds of risks that could materially affect the financial statements. And in order to assess, the auditor needs to design internal control testing on those significant control and make a conclusion.
This is very important for audit works. For example, if the auditor concluded that the internal financial reporting is strong and reliable, then the auditor will reduce its substantive testing. But if the control is not, then the substantive test will be increased. The increase might be up to 100% (percent) based on auditors’ judgments.
Example of Test of Controls:
For example, the auditor is engaged with the audit of the financial statements of ABC and the audit work will start very soon. Normally, before performing the substantive test or going to fieldwork, the auditor is required to perform audit planning and get it approved by the audit partner.
At the planning stage, auditors will have to document many areas that are required by the standard but one of those is testing the internal control.
For example, the auditor just documents about purchasing system of the client as the purchase is part of the significant process in the operating expenses, inventories as well as fixed assets sections.
At this stage, the auditor will consider what are the key control in the internal control of purchase. Then, the auditor needs to test those key control, in other words, the test of controls in purchasing from the beginning process to the ending process.
For example, examine the authority that approves to purchase of material, inventories as well as fixed assets.
In this case, the auditor might examine the purchase requisition, purchase order as well as payment made to suppliers.
The number of items to be tested for the test of control is normally depending on the frequency of the transactions or the nature of the event. For example, if the frequency of transactions is more than one per day, then the number of sample sizes for this kind of transaction should be more than 25 samples.
Once auditors complete the reviews of all the samples that they are selecting, auditors need to make the conclusion on the internal control based on the result of their testing as well as conclude whether they could place the reliance on the internal control or not.
What are the procedures that use to perform the test of controls?
The procedures that use to verify the control can be different depending on the controls that auditors want to test. For example, auditors want to review capital expenditure authorization whether it is implemented based on the delegation that approves by the board of directors or not.
For this kind of control, the auditor might sample the capital expenditure that occurs during the period, and then inspect the invoices and related documents again the authorization. This kind of procedure is called inspection.
So, the procedures that use to perform the test of controls over financial reporting are depending on the control that auditors want to review. The following are the procedures that are normally used:
- Observation: for example, observe the inventories count at the year-end to ensure that the count has really existed and the procedures during the count are proper.
- Inspection: Inspect the documents related to control. For example, invoices and goods receive noted.
- Re-performance: Re-perform the control is performed by the client. For example, re-perform the monthly bank reconciliation.
- Re-calculation: Re-calculate the monthly depreciation that performs by clients.
- Confirmation: The auditor performs the confirmation to test the existence of account receivables, bank accounts, account payables, or loan balance.
When to perform a test of controls?
Test of control is one of the important approaches that is used by auditors to reduce the workload or reduce the number of sampling that the auditor will select during the substantive test or dest of detail. The decision whether to test the control or not is after the auditor obtains their understanding of the client’s internal control and concludes that they might not be able to test the control.
Auditors will also make the conclusion again whether the control is effective or efficient and whether they could rely on or not after they tested the control which is normally linked to the key items of accounts in the financial statements. Those include revenues as well as expenses.
When should the auditor not test the control?
The auditor might decide not to test the control if they do not intend to rely on the control and decide to go straight to the substantive testing. They also decide not to test the control once they decided to review 100% of the total population.
Written by Sinra