馃攳
Lesson 17: Testing Internal Controls - YouTube
Channel: Executive Finance
[7]
in this lesson we will continue our
[10]
discussion of how it allowed to
[12]
justifies their reliance on internal
[15]
controls by testing them the methods we
[17]
can use as auditors to test controls
[20]
very inquiry of client personnel is one
[24]
possible method we can use to test a
[26]
control but it's generally not a very
[28]
strong source of audit evidence
[30]
inspecting documents and records so long
[33]
the audit trail for evidence of
[35]
performance of the internal control
[37]
procedure is a much stronger source of
[39]
evidence keep in mind that as we test
[42]
controls we are looking for evidence
[44]
that the control procedure has been
[45]
performed we're not trying to
[47]
substantiate a balance or an amount per
[50]
se so if the key control is that the
[52]
payables clerk matches a receiving
[55]
report a purchase order and a purchase
[57]
invoice prior to preparing the payment
[60]
that we would be looking at a sample of
[62]
these documents looking for evidence of
[65]
the three-way match a third way to test
[68]
controls is to observe the control
[70]
activity being performed if the control
[72]
is undocumented and there's no evidence
[75]
this may be the only way that we can
[77]
test it
[77]
however it's harder to verify that the
[80]
control operated throughout the period
[82]
using this method test data is a way of
[85]
testing computer controls that we've
[87]
discussed which means we feed in dummy
[89]
data into the computer system to ensure
[92]
that these computer system processes the
[94]
data according to the controls
[96]
documentation gathered and last we can
[99]
read perform the clients control
[101]
procedures ourselves in our earlier
[103]
example of the three-way match we looked
[105]
for evidence such as a stamp on the
[108]
invoice indicating that the clerk
[110]
performed a three-way match however
[112]
using a reaper formas method we can
[115]
reaper form the three-way match
[117]
ourselves the extent of testing of the
[119]
clients internal controls depends on our
[122]
assessment of control risk the lower
[124]
this assessment the greater the reliance
[127]
and hence the greater the amount of
[129]
testing in Evin
[130]
require to support this reliance does
[133]
that make sense the results of our
[135]
control testing are fed back into our
[137]
risk assessment if the test supports our
[140]
initial assessment we continue on with
[142]
the execution of the audit plan is
[143]
scripted however if the tests do not
[145]
support the control risk assessment then
[147]
we'll need to circle back and
[149]
reformulate our audit approach for this
[151]
area when this happens there's often a
[154]
deficiency and the internal controls
[156]
noted our first step might be to
[158]
consider whether a compensating control
[160]
exists our compensating control is
[162]
another control that exists elsewhere in
[164]
the process that offsets the weakness if
[167]
there is not a compensating control and
[169]
we legitimately have a control gap we
[172]
will document the weakness on a separate
[174]
working paper this working paper will
[177]
discuss the potential misstatement that
[179]
can arise and any effect on the
[181]
collection of substantive evidence this
[183]
is referred to as a control matrix
[186]
working paper significant internal
[188]
control deficiencies are communicated in
[191]
an internal control letter to the audit
[194]
committee or its equivalent in the
[195]
company management letters are a similar
[198]
sort of communication however the
[200]
control of deficiencies identified and
[203]
discussed in this communication are less
[206]
significant and will be communicated to
[208]
management to point out areas for
[210]
improvement the common way of
[212]
communicating deficiencies is to
[214]
identify the deficiency talk about the
[216]
implications and then propose the
[218]
recommendations to close the gap so
[220]
there you have it what you would need to
[223]
do before you can rely on internal
[225]
controls now a couple of finishing
[227]
points before we close off this lesson
[229]
first sometimes we will purposely assess
[232]
control risk at maximum for efficiency
[234]
purposes for example if a balance or a
[238]
transaction cycle can be more easily
[240]
audited using a substantive approach
[243]
than a combined approach then we can
[245]
limit our work on internal controls to
[247]
gaining and understanding we then
[249]
immediately move into the substantive
[250]
procedures and finally one last point
[253]
let's put a bow around this whole group
[255]
of lessons on internal controls by
[258]
reviewing the overall approaches to the
[260]
audit one more time and of course we
[263]
have to
[263]
combined approach or the substantive
[265]
approach under both approaches we need
[268]
to obtain an understanding of the
[270]
control environment and the system of
[272]
internal controls which enables us to
[275]
make our assessment of control risk this
[278]
is done on an overall basis and on a
[280]
transactional cycle basis under the
[283]
combined approach we believe there are
[285]
efficiencies to be gained by relying on
[288]
the strength of the client system of
[289]
internal controls if this is our
[292]
approach we must test the controls to
[294]
support our reliance the results of the
[296]
testing controls may or may not impact
[298]
the rest of the audit depending on the
[300]
results of our findings then we move on
[303]
to do substantive audit procedures which
[305]
we would hope would be generally less
[307]
because we've tested and relied upon the
[310]
internal controls under a purely
[312]
substantive approach we would assess
[315]
control risk at maximum and this would
[317]
take us right into the substantive audit
[319]
procedures which would generally be
[321]
greater than we had we done more work on
[323]
the internal controls it's taking us a
[326]
while to get to this point in the course
[327]
where you're beginning to see how all
[329]
the pieces of the audit fit together
[331]
this won't be the last time we review
[333]
the different odd approaches so if your
[336]
understanding is still a bit fuzzy
[337]
hanging in there and remember don't stop
[340]
to get the top and when you get to the
[341]
top don't stop
Most Recent Videos:
You can go back to the homepage right here: Homepage