Control Systems

    avatar
    Created by
    Brianna Johnson

    Cards (34)

    • Service Organisations
      Organisations that provide services to other organisations, e.g. payroll, receivables, finance function
      View source
    • Auditor's responsibilities regarding service organisations

      1. Gain an understanding of the services being provided
      2. Assess the design and implementation of the internal controls of the service provider
      3. Visit the service provider and perform tests of control
      4. Contact the service provider's auditor to obtain an opinion on the systems and the suitability of controls
      View source
    • Sampling
      The application of audit procedures to less than 100% of the items within a population such that all items have a chance of selection in order to provide a reasonable basis to draw conclusions about the whole population
      View source
    • An auditor must choose a representative sample so that same conclusion is drawn from the sample as would have been drawn if the whole population had been tested
      View source
    • Stratification
      Involves breaking down a population into smaller sub populations. Each subpopulation have similar characteristics
      View source
    • Example of stratification for payroll
      • Production staff
      • Administration staff
      • Management
      View source
    • Sampling methods
      • Statistical Sampling
      • Non-statistical Sampling
      View source
    • Statistical sampling methods

      • Random selection
      • Systematic selection
      • Monetary selection
      View source
    • Non-statistical sampling methods
      • Haphazard selection
      • Block selection
      • Sequential selection
      View source
    • Deviations

      Issues identified during tests of control
      View source
    • Misstatements

      Issues identified during substantive testing
      View source
    • If the deviation rate is above a tolerable level

      More substantive testing will be needed
      View source
    • If the total projected misstatement in the sample exceeds a tolerable level

      The auditor will extend the sample
      View source
    • Example of evaluating misstatements
      • Payables have a balance of £20m. A sample of £1m was tested and an error found of £20,000. The error is 2%, extrapolating this error rate across the population: £20m x 2% = £400,000. If £400,000 is above the tolerable misstatement level set by the auditor more testing is required.
      View source
    • Computer-assisted audit techniques
      Used to test computerised controls within a system. Data is put into a client's system by the auditor to test if the system processes it correctly.
      View source
    • Computer-assisted audit techniques
      • Advantage - Cost effective as long as systems are not changed often
      • Disadvantage - May be inconvenient to use the clients live systems
      View source
    • Data analytics
      The science of examining large data sets with the purpose of drawing conclusions about that information
      View source
    • Examples of how auditors use data analytics
      • Comparing the last time an item was bought with the last time it was sold, for cost/NRV purposes
      • Inventory ageing and how many days inventory is in stock by item
      View source
    • Scenario 1: Tolerable deviation rate is 5%. Tolerable misstatement is $3,000.
      View source
    • Tests of controls over revenue
      The audit team tested a sample of 50 sales invoices for evidence of a second person checking: the prices charged on the invoice to the company's approved price list, the goods invoiced to the goods despatched note, and an arithmetical check of the invoice total. In four cases the checks had not been performed. The sample was chosen by selecting every 37th invoice in the population.
      View source
    • Substantive procedures over purchases
      The audit team tested a sample of 50 purchase invoices listed in the purchase day book and traced the amounts back to the physical invoices for accuracy. Two invoices were recorded inaccurately, resulting in a total misstatement within the sample of $198. The total of the sample tested was $2,500. The total purchases figure included in the statement of profit or loss is $43,000. The sample was chosen by the auditor selecting 50 invoices from anywhere in the purchase day book, trying to avoid bias.
      View source
    • Scenario 2: You are planning the audit of Wyndham Co. The company sells diamonds and other precious stones. You have decided to use the work of an expert to provide sufficient appropriate evidence over the valuation of inventory.
      View source
    • Effect of controls on the audit
      The auditor will test the controls to assess whether they are preventing and detecting misstatements - assess Control Risk. If the controls are working effectively auditors can place reliance on the controls and reduce the amount of substantive procedures.
      View source
    • Effect of effective controls on the audit
      • Less procedures can be conducted at the year end
      Decrease the locations visited
      Place more reliance on analytical review and management representations
      Obtain less evidence from external sources
      View source
    • Limitation of Controls
      There are inherent limitations of internal controls such as human error, collusion of staff circumventing controls, management override, and use of management judgement on the nature and extent of controls it chooses to implement. Auditors can therefore never eliminate the need for substantive procedures.
      View source
    • Components of Internal control

      • The control environment
      The entity's assessment process
      Information System
      Control activities
      Monitoring
      View source
    • Control Environment
      The attitudes, awareness and actions of management and those responsible for the entity's internal controls. A good control environment includes communication and monitoring of ethical values, commitment to doing things the right way, management's operating style, organisation structure, delegation of responsibility, and HR polices.
      View source
    • Entity's risk assessment process

      The process by which management identify business risks and decide what actions to take. This includes identifying business risks, estimating how big these risks are, assessing how likely these risks are to materialise, and deciding what actions to take.
      View source
    • Information systems

      Used to process financial information, such as record and report transactions, maintain records for assets, liabilities and equity, identify incorrect transactions, and transfer information to the general/nominal ledger.
      View source
    • Control Activities
      Policies and procedures designed to ensure management objectives are being carried out. For example, procedures to ensure employees only claim valid expenses.
      View source
    • Monitoring
      Often the key role of internal auditors. Monitoring can be ongoing or on a separate evaluation basis.
      View source
    • IT Controls
      • Application controls
      General controls
      View source
    • Application controls

      Procedures that apply to individual areas within the system ensuring completeness and accuracy of processing, such as batch total checks, sequence checks, arithmetic checks, authorisation, and exception reporting.
      View source
    • General Controls
      Policies and procedures that relate to many applications and support the effective functioning of application controls, such as network access controls, staff training, password protection, back up controls, disaster recovery procedures, and virus checks.
      View source
    See similar decks