Modern Auditing Ch11_2
-
Upload
aris-surya-putra -
Category
Documents
-
view
171 -
download
3
description
Transcript of Modern Auditing Ch11_2
![Page 1: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/1.jpg)
Modern Auditing:Modern Auditing:Assurance Services and the Assurance Services and the
Integrity of Financial Reporting, 8Integrity of Financial Reporting, 8thth EditionEdition
Modern Auditing:Modern Auditing:Assurance Services and the Assurance Services and the
Integrity of Financial Reporting, 8Integrity of Financial Reporting, 8thth EditionEdition
William C. BoyntonWilliam C. BoyntonCalifornia Polytechnic State California Polytechnic State
University at San Luis ObispoUniversity at San Luis Obispo
Raymond N. Raymond N. JohnsonJohnson
Portland State UniversityPortland State University
Chapter 11 – Audit Procedures in Response to Assessed Risks: Tests of Controls
![Page 2: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/2.jpg)
Chapter 11 OverviewChapter 11 OverviewChapter 11 OverviewChapter 11 Overview
![Page 3: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/3.jpg)
Assessing Control RiskAssessing Control RiskAssessing Control RiskAssessing Control Risk
In assessing control risk, the auditor must evaluate the effectiveness of :
• Design of internal controls
• Operation of internal controls
![Page 4: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/4.jpg)
Steps in Assessing Control Steps in Assessing Control RiskRisk
Steps in Assessing Control Steps in Assessing Control RiskRisk
![Page 5: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/5.jpg)
Process for Assessing Control Process for Assessing Control RiskRisk
Process for Assessing Control Process for Assessing Control RiskRisk
• Consider Knowledge Acquired from Procedures to Obtain an Understanding
• Identify Potential Misstatements
![Page 6: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/6.jpg)
Process for Assessing Control Process for Assessing Control RiskRisk
Process for Assessing Control Process for Assessing Control RiskRisk
• Identify Necessary Controls– Nature of controls to prevent or detect
and correct misstatements
– Nature of controls implemented by management
– Significance of each control
– Risk that designed controls may not operate effectively
![Page 7: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/7.jpg)
Control Design for Specific Control Design for Specific AssertionsAssertions
Control Design for Specific Control Design for Specific AssertionsAssertions
• Completeness Assertion
• Existence or Occurrence Assertion
• Valuation and Allocation Assertion
• Presentation and Disclosure Assertion
![Page 8: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/8.jpg)
Identify Necessary ControlsIdentify Necessary ControlsIdentify Necessary ControlsIdentify Necessary Controls
![Page 9: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/9.jpg)
Process for Assessing Control Process for Assessing Control RiskRisk
Process for Assessing Control Process for Assessing Control RiskRisk
• Perform Tests of Controls– Evidence about effectiveness of the
design and operation of controls
• Evaluate Evidence and Make Assessment– Matter of professional judgment– Identify strengths and deficiencies– Express quantitatively or
qualitatively
![Page 10: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/10.jpg)
Strategies for Performing Strategies for Performing Tests of Controls in an IT Tests of Controls in an IT
EnvironmentEnvironment
Strategies for Performing Strategies for Performing Tests of Controls in an IT Tests of Controls in an IT
EnvironmentEnvironment• User Controls
• Application Controls
• General Controls and Manual Followup Procedures
![Page 11: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/11.jpg)
Overview of Computer Overview of Computer ControlsControls
Overview of Computer Overview of Computer ControlsControls
![Page 12: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/12.jpg)
Computer-Assisted Audit Computer-Assisted Audit Techniques (CAATs)Techniques (CAATs)
Computer-Assisted Audit Computer-Assisted Audit Techniques (CAATs)Techniques (CAATs)
• Auditing through the computer
• Advantageous when:– Significant part of internal controls
is imbedded in a computer program– Significant gaps in visible audit trail– Large volumes of records to be
tested
![Page 13: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/13.jpg)
Types of CAATsTypes of CAATsTypes of CAATsTypes of CAATs
• Parallel Simulation
• Test Data
• Integrated Test Facility
• Continuous Monitoring of On-line Real-time Systems
![Page 14: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/14.jpg)
Parallel Simulation versus Test Parallel Simulation versus Test DataData
Parallel Simulation versus Test Parallel Simulation versus Test DataData
![Page 15: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/15.jpg)
Continuous Monitoring of On-Continuous Monitoring of On-Line Real-Time SystemsLine Real-Time Systems
Continuous Monitoring of On-Continuous Monitoring of On-Line Real-Time SystemsLine Real-Time Systems
• Continuous Monitoring
• Audit Hook
• Tagging Transactions
• Audit Log
![Page 16: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/16.jpg)
Methodologies for Meeting the Methodologies for Meeting the Second Standard of FieldworkSecond Standard of Fieldwork
Methodologies for Meeting the Methodologies for Meeting the Second Standard of FieldworkSecond Standard of Fieldwork
![Page 17: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/17.jpg)
Study BreakStudy BreakStudy BreakStudy Break
1. This step in assessing control risk allows the auditor to consider the points at which errors or fraud could occur.
A. Evaluate EvidenceB. Perform Tests of ControlsC. Identify Potential MisstatementsD. Identify Necessary Controls
C. Identify Potential Misstatements
![Page 18: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/18.jpg)
Study BreakStudy BreakStudy BreakStudy Break
2. This CAAT uses dummy transactions that are processed under auditor control by the client’s computer system and the output is evaluated against expectations.
A. Parallel SimulationB. Test DataC. Integrated Test FacilityD. None of the above
B. Test Data
![Page 19: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/19.jpg)
Effects of Preliminary Audit Effects of Preliminary Audit StrategiesStrategies
Effects of Preliminary Audit Effects of Preliminary Audit StrategiesStrategies
• Primarily Substantive Approaches
• Lower Assessed Level of Control Risk
![Page 20: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/20.jpg)
Designing Tests of ControlsDesigning Tests of ControlsDesigning Tests of ControlsDesigning Tests of Controls
Designed to evaluate the operating effectiveness of a control concerned with:
• How the control was applied• Consistency with which it was
applied• By whom it was applied
![Page 21: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/21.jpg)
Nature of Tests of ControlsNature of Tests of ControlsNature of Tests of ControlsNature of Tests of Controls
• Inquiries of entity personnel
• Inspection of items indicating performance of the control
• Observation of the application of the control
• Reperformance of the application of the control by the auditor
![Page 22: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/22.jpg)
Timing of Tests of ControlsTiming of Tests of ControlsTiming of Tests of ControlsTiming of Tests of Controls
• One Occasion versus Multiple Occasions
• Timing Issues– Interim Period
– Remaining Period
– Results from Prior Periods
![Page 23: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/23.jpg)
Extent of Tests of ControlsExtent of Tests of ControlsExtent of Tests of ControlsExtent of Tests of Controls
• Nature of the Control
• Frequency of Operation
• Importance of the Control
![Page 24: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/24.jpg)
Designing Tests of ControlsDesigning Tests of ControlsDesigning Tests of ControlsDesigning Tests of Controls
• Staffing Tests of Controls
• Audit Programs for Tests of Controls
• Dual-Purpose Tests
![Page 25: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/25.jpg)
Additional ConsiderationsAdditional ConsiderationsAdditional ConsiderationsAdditional Considerations
• Assessing Control Risk for Account Balance Assertions Affected by a Single Transaction Class
• Assessing Control Risk for Account Balance Assertions Affected by Multiple Transaction Classes
![Page 26: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/26.jpg)
Account Balance Assertions Account Balance Assertions and Transaction Class and Transaction Class
AssertionsAssertions
Account Balance Assertions Account Balance Assertions and Transaction Class and Transaction Class
AssertionsAssertions
![Page 27: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/27.jpg)
Account Balance Assertions Account Balance Assertions and Transaction Class and Transaction Class
AssertionsAssertions
Account Balance Assertions Account Balance Assertions and Transaction Class and Transaction Class
AssertionsAssertions
![Page 28: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/28.jpg)
Documenting the Assessed Documenting the Assessed Level of Control RiskLevel of Control Risk
Documenting the Assessed Documenting the Assessed Level of Control RiskLevel of Control Risk
• Control Risk Assessed at the Maximum– Only the conclusion is documented
• Control Risk Assessed at Below the Maximum– Basis for assessment must be
documented
![Page 29: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/29.jpg)
Communicating Internal Communicating Internal Control MattersControl Matters
Communicating Internal Communicating Internal Control MattersControl Matters
• Internal Control Deficiency
• Significant Deficiency
• Material Weakness
![Page 30: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/30.jpg)
Study BreakStudy BreakStudy BreakStudy Break
3. While evaluating the operating effectiveness of a control, the tests of controls are concerned with all of the following except:
A. How the control was appliedB. The consistency with which it was
appliedC. When it was appliedD. By whom it was applied
C. When it was applied
![Page 31: Modern Auditing Ch11_2](https://reader036.fdocuments.in/reader036/viewer/2022062320/55cf9a8d550346d033a24cac/html5/thumbnails/31.jpg)
Study BreakStudy BreakStudy BreakStudy Break
4. Auditors are required to report a deficiency in internal controls to management and the audit committee when there is a(n):
A. Internal Control Deficiency B. Significant DeficiencyC. Material WeaknessD. No Deficiencies
B. Significant Deficiency and C. Material Weakness