Tests of controls are used to test whether controls are operating effectively
Tests of controls are necessary if the auditor plans to assess the level of control risk at minimum
The audit risk against which the auditor and those who rely on his or her opinion require reasonable protection is a combination of two separate risks at the assertion level
The second risk is detectionrisk where material misstatements that occur will not be detected by the audit
The auditor is required to perform testsofcontrols when the auditor’s risk assessment includes an expectation of the operating effectiveness of controls
An auditor intends to perform tests of control on a client’s cash disbursements procedures. If the control procedures leave no audit trail of documentary evidence, the auditor most likely will test the procedures by observation
The auditor is required to perform tests of controls when substantive procedures alone do not provide sufficient appropriate audit evidence at the assertion level
Factors to assess control risk in terms of financialstatementsassertions
Tests of controls are not necessary if the auditor plans to use the primarily substantiveapproach
When the risks of material misstatement are high, an auditor should increase the amount of substantive testing
Risk assessment procedures performed to obtain an understanding of an entity’s internal control also may serve as tests of controls
An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes controls are unlikely to pertain to the assertions
When an auditor increases the planned assessed level of control risk because certain controls were determined to be ineffective, the auditor would most likely increase the extent of tests of details
Regardless of the assessed level of control risk, an auditor would perform some substantive tests to restrict detection risk for significant transaction classes