Audit Test of controls is a type of audit examination on the internal control of an entity after they performed an understanding of internal control over financial reporting. Those internal controls mainly related to internal control over financial reporting.
Quality of financial statements is significantly depending on internal control especially the control over financial reporting. If the control is strong and effectively implemented by management, then the risks of material misstatements are likely to be low whether those risks are from errors or fraud.
Internal control testing is normally done at the audit planning as required by the standard, but in practice, the internal control testing might be done at the execution stages. Test of controls is part of System Based Approach and Substantive Procedures Audit Approach.
Audit Test of controls is the difference from substantive or detail test. Test of controls is performed to confirm the efficiency and effectiveness of control over financial reporting so that the audit can conclude whether they could rely on or not. For example, auditor test whether monthly bank statements are properly prepared, reviewed and approved
Definition of Test of Controls from IFAC:
Explanation on Audit Test of Controls:
Here is the explanation of how the test of controls are performed,
Most of the audit of financial statements is to follow the international standard on auditing. This standard, at the planning stage, required the auditor to perform a risk assessment and understanding the client’s nature of business and internal control.
The auditor generally obtains an understanding of the nature of client business as a whole, internal control related to the operation, and internal control over financial reporting.
Yet, the auditor is not required to test all of those internal controls, the test of controls. The auditor is normally focused mainly on internal control over financial reporting as it mater to the financial report that they are auditing.
So, during the planning stage auditor is required by the standard to obtain an understanding of client internal control over financial reporting. And then assess those control whether they are reliable or not.
Reliable means that internal control can detect major kinds of risks that could materially affect the financial statements. And in order to assess, the auditor needs to design internal control testing on those significant control and make a conclusion.
This is very important for audit works. For example, if the auditor concluded that the internal financial reporting is strong and reliable, then the auditor will reduce its substantive testing. But if the control is not, then the substantive test will be increased. The increase might be up to 100% (percent) based on auditors’ judgments.
Example of Test of Controls:
For example, the auditor is engaged with the audit of the financial statements of ABC and the audit work will start very soon. Normally, before performing the substantive test or go to fieldwork, the auditor required to perform audit planning and get it approved by the audit partner.
At the planning stage, auditors will have to documents many areas that required by the standard but one of those is testing the internal control.
For example, auditor just documents about purchasing system of the client as the purchase are part of the significant process in the operating expenses, inventories as well as fixed assets sections.
At this stage, the auditor will consider what are the key control in the internal control of purchase. Then, the auditor needs to test those key control, in other words, the test of controls in purchasing from the beginning process to the ending process.
For example, examine the authority that approves to purchase of material, inventories as well as fixed assets.
In this case, the auditor might examine the purchase requisition, purchase order as well as payment made to suppliers.
The number of items to be tested for the test of control is normally depending on the frequency of the transactions or the nature of event. For example, if the frequency of transactions is more than one per day, then number of sample sizes for this kind of transaction should be more than 25 samples.
Once auditors complete the reviews all the samples that they are selecting, auditors need to make the conclusion on the internal control based on the result of their testing as well as conclude whether they could place the reliance on the internal control or not.
What are the procedures that use to perform the test of controls?
The procedures that use to verify the control can be a difference depending on the controls that auditors want to test. For example, auditors want to review capital expenditure authorization whether it is implemented based on the delegation that approves by the board of directors or not.
For this kind of control, the auditor might sample on the capital expenditure that occurs during the period, and then inspect the invoices and related documents again the authorization. This kind of procedure is called inspection.
So, the procedures that use to perform the test of controls over financial reporting are depending on the control that auditors want to review. The following are the procedures that normally use:
- Observation: for example, observe the inventories count at the year-end to ensure that the count has really existed and the procedures during the count are proper.
- Inspection: Inspect the documents related to control. For example, invoices and goods receive noted.
- Re-performance: Re-perform the control is performed by the client. For example, re-perform the monthly bank reconciliation.
- Re-calculation: Re-calculate the monthly depreciation that performs by clients.
- Confirmation: The auditor performs the confirmation to test the existence of account receivables, bank accounts, account payables, or loan balance.
Written by Sinra