CPA AUD testing of internal control requires understanding design/implementation (walkthroughs) and testing operating effectiveness (inquiry, observation, inspection, reperformance). Auditors evaluate control risk to determine the nature, timing, and extent of substantive procedures. If controls are effective, substantive testing is reduced. 1. Understanding Internal Control (Design & Implementation) Auditors must understand the control environment and information systems (IT). Purpose: Determine if controls are designed to prevent or detect material misstatements. Procedures:... Show more CPA AUD testing of internal control requires understanding design/implementation (walkthroughs) and testing operating effectiveness (inquiry, observation, inspection, reperformance). Auditors evaluate control risk to determine the nature, timing, and extent of substantive procedures. If controls are effective, substantive testing is reduced. 1. Understanding Internal Control (Design & Implementation) Auditors must understand the control environment and information systems (IT). Purpose: Determine if controls are designed to prevent or detect material misstatements. Procedures: Walkthroughs (tracing transactions from inception to financial records). Documentation: Flowcharts, narratives, and questionnaires. Key Focus: Evaluating design and implementation (not yet operating effectiveness). 2. Testing Internal Control (Operating Effectiveness) If an auditor plans to rely on controls to reduce substantive testing (i.e., assess control risk below high), they must perform tests of controls. Inquiry: Asking personnel (least reliable). Observation: Watching employees perform controls (e.g., safeguarding assets). Inspection: Reviewing documentation (signatures, logs). Reperformance: Auditor independently executes the control (most reliable). 3. Evaluating Results Effective Controls: Allows reduction of substantive procedures (smaller sample sizes, interim testing). Deficiencies/Weak Controls: If controls fail, the auditor must assess control risk at high and use a "substantive approach" (increased testing). Key Audit Concepts Segregation of Duties: Essential separation of authorization, custody, and recording. IT Controls: Testing automated controls is crucial as companies rely on IT systems. Management Override: Auditors must specifically assess the risk of fraud related to overriding controls, particularly in journal entries. Show less
CPA AUD testing of internal control requires understanding design/implementation (walkthroughs) and testing operating effectiveness (inquiry, observation, inspection, reperformance). Auditors evaluate control risk to determine the nature, timing, and extent of substantive procedures. If controls are effective, substantive testing is reduced.
1. Understanding Internal Control (Design & Implementation) Auditors must understand the control environment and information systems (IT).
Purpose: Determine if controls are designed to prevent or detect material misstatements. Procedures: Walkthroughs (tracing transactions from inception to financial records). Documentation: Flowcharts, narratives, and questionnaires. Key Focus: Evaluating design and implementation (not yet operating effectiveness).
2. Testing Internal Control (Operating Effectiveness) If an auditor plans to rely on controls to reduce substantive testing (i.e., assess control risk below high), they must perform tests of controls.
Inquiry: Asking personnel (least reliable). Observation: Watching employees perform controls (e.g., safeguarding assets). Inspection: Reviewing documentation (signatures, logs). Reperformance: Auditor independently executes the control (most reliable).
3. Evaluating Results Effective Controls: Allows reduction of substantive procedures (smaller sample sizes, interim testing). Deficiencies/Weak Controls: If controls fail, the auditor must assess control risk at high and use a "substantive approach" (increased testing).
Key Audit Concepts Segregation of Duties: Essential separation of authorization, custody, and recording. IT Controls: Testing automated controls is crucial as companies rely on IT systems. Management Override: Auditors must specifically assess the risk of fraud related to overriding controls, particularly in journal entries.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.