Control Systems

avatar
Created by
Brianna Johnson

Cards (34)

  • Service Organisations
    Organisations that provide services to other organisations, e.g. payroll, receivables, finance function
  • Auditor's responsibilities regarding service organisations

    1. Gain an understanding of the services being provided
    2. Assess the design and implementation of the internal controls of the service provider
    3. Visit the service provider and perform tests of control
    4. Contact the service provider's auditor to obtain an opinion on the systems and the suitability of controls
  • Sampling
    The application of audit procedures to less than 100% of the items within a population such that all items have a chance of selection in order to provide a reasonable basis to draw conclusions about the whole population
  • An auditor must choose a representative sample so that same conclusion is drawn from the sample as would have been drawn if the whole population had been tested
  • Stratification
    Involves breaking down a population into smaller sub populations. Each subpopulation have similar characteristics
  • Example of stratification for payroll
    • Production staff
    • Administration staff
    • Management
  • Sampling methods
    • Statistical Sampling
    • Non-statistical Sampling
  • Statistical sampling methods

    • Random selection
    • Systematic selection
    • Monetary selection
  • Non-statistical sampling methods
    • Haphazard selection
    • Block selection
    • Sequential selection
  • Deviations

    Issues identified during tests of control
  • Misstatements

    Issues identified during substantive testing
  • If the deviation rate is above a tolerable level

    More substantive testing will be needed
  • If the total projected misstatement in the sample exceeds a tolerable level

    The auditor will extend the sample
  • Example of evaluating misstatements
    • Payables have a balance of £20m. A sample of £1m was tested and an error found of £20,000. The error is 2%, extrapolating this error rate across the population: £20m x 2% = £400,000. If £400,000 is above the tolerable misstatement level set by the auditor more testing is required.
  • Computer-assisted audit techniques
    Used to test computerised controls within a system. Data is put into a client's system by the auditor to test if the system processes it correctly.
  • Computer-assisted audit techniques
    • Advantage - Cost effective as long as systems are not changed often
    • Disadvantage - May be inconvenient to use the clients live systems
  • Data analytics
    The science of examining large data sets with the purpose of drawing conclusions about that information
  • Examples of how auditors use data analytics
    • Comparing the last time an item was bought with the last time it was sold, for cost/NRV purposes
    • Inventory ageing and how many days inventory is in stock by item
  • Scenario 1: Tolerable deviation rate is 5%. Tolerable misstatement is $3,000.
  • Tests of controls over revenue
    The audit team tested a sample of 50 sales invoices for evidence of a second person checking: the prices charged on the invoice to the company's approved price list, the goods invoiced to the goods despatched note, and an arithmetical check of the invoice total. In four cases the checks had not been performed. The sample was chosen by selecting every 37th invoice in the population.
  • Substantive procedures over purchases
    The audit team tested a sample of 50 purchase invoices listed in the purchase day book and traced the amounts back to the physical invoices for accuracy. Two invoices were recorded inaccurately, resulting in a total misstatement within the sample of $198. The total of the sample tested was $2,500. The total purchases figure included in the statement of profit or loss is $43,000. The sample was chosen by the auditor selecting 50 invoices from anywhere in the purchase day book, trying to avoid bias.
  • Scenario 2: You are planning the audit of Wyndham Co. The company sells diamonds and other precious stones. You have decided to use the work of an expert to provide sufficient appropriate evidence over the valuation of inventory.
  • Effect of controls on the audit
    The auditor will test the controls to assess whether they are preventing and detecting misstatements - assess Control Risk. If the controls are working effectively auditors can place reliance on the controls and reduce the amount of substantive procedures.
  • Effect of effective controls on the audit
    • Less procedures can be conducted at the year end
    Decrease the locations visited
    Place more reliance on analytical review and management representations
    Obtain less evidence from external sources
  • Limitation of Controls
    There are inherent limitations of internal controls such as human error, collusion of staff circumventing controls, management override, and use of management judgement on the nature and extent of controls it chooses to implement. Auditors can therefore never eliminate the need for substantive procedures.
  • Components of Internal control

    • The control environment
    The entity's assessment process
    Information System
    Control activities
    Monitoring
  • Control Environment
    The attitudes, awareness and actions of management and those responsible for the entity's internal controls. A good control environment includes communication and monitoring of ethical values, commitment to doing things the right way, management's operating style, organisation structure, delegation of responsibility, and HR polices.
  • Entity's risk assessment process

    The process by which management identify business risks and decide what actions to take. This includes identifying business risks, estimating how big these risks are, assessing how likely these risks are to materialise, and deciding what actions to take.
  • Information systems

    Used to process financial information, such as record and report transactions, maintain records for assets, liabilities and equity, identify incorrect transactions, and transfer information to the general/nominal ledger.
  • Control Activities
    Policies and procedures designed to ensure management objectives are being carried out. For example, procedures to ensure employees only claim valid expenses.
  • Monitoring
    Often the key role of internal auditors. Monitoring can be ongoing or on a separate evaluation basis.
  • IT Controls
    • Application controls
    General controls
  • Application controls

    Procedures that apply to individual areas within the system ensuring completeness and accuracy of processing, such as batch total checks, sequence checks, arithmetic checks, authorisation, and exception reporting.
  • General Controls
    Policies and procedures that relate to many applications and support the effective functioning of application controls, such as network access controls, staff training, password protection, back up controls, disaster recovery procedures, and virus checks.