Test of Control Example
After performing an understanding of internal control of the company, auditors must undergo audit tests to assess whether the controls are efficient and effective. It is the test of control. Auditors perform this test if they plan to rely on internal control to reduce the substantive testing.
When auditors understand the client’s business, they have to identify the internal control of the client. We can test the internal control only when they exist in the company. Without internal control, auditors will not be able to test them.
Auditor look at how well the internal control work to ensure the accuracy of the financial statement. They also ensure that internal control can prevent and detect fraud that happens within the company.
The strength and effectiveness of internal control are the key factors in determining the quality of financial statements. If management has implemented effective internal control, it can reduce or eliminate the risk of errors or fraud in the annual reports. The risks of errors or fraud would have been detected and prevented by the internal control.
Internal control testing is a key component in the process of auditing. It is normally done at audit planning, as required by the auditing standard. In practice, it is also done in other processes besides the planning stage. Auditors make decisions regarding the internal control testing during the fieldwork.
Sometimes auditors make the wrong decisions during the planning stage as they do not yet collect enough information. Auditors may not plan to test control as they are not aware of any potential control until they start the fieldwork. During the testing, they are aware of the internal control and expect to reduce the substantive test and gather more audit evidence, they decide to test the internal control.
Type of Internal Control Testing
Inquiry is an audit procedure where auditors ask management for an explanation related to control processes. It starts with a verbal conversation between an auditor and the management of the client and it may include the communication with the client’s staff who actually perform the work.
An inquiring process is a low-quality form of evidence during controls testing. It is hard to ensure that the client really performs the tasks by just asking them around. The inquiry process is just talking and not writing, which makes it an unreliable process for obtaining audit evidence.
However, it is the fastest way to get more understanding of the control. It is a procedure to collect the basic understanding which will be required another testing procedure if the auditor wants to rely on a specific control. Furthermore, auditors must use other audit procedures to verify the claims of management.
It is still an effective way to gather audit evidence especially if we can ask the staffs who really perform the work. They are highly likely to tell us the truth about their routine work. They are afraid if we ask for supporting documents if they tell different procedures. This approach helps auditors to gain an understanding of the company’s internal controls, which are key to ensuring that financial transactions are recorded properly.
It will be a problem if the client’s management and staffs are not willing to share the real information. They are hiding something from the auditors. The inquiry will be less effective but we still perform other procedures to verify the internal control.
Observation is a great way to get an inside look at how companies operate. Auditor can see the actual procedures that have been performed by the client. It might lead to the suggested changes that will improve the effectiveness of internal control.
The auditor should be present when the client is performing its control procedures, to ensure they are following best practices and proper procedures.
For example, at end of the year, it is time for the company to perform a physical inventory count. Auditors can observe this process by attending the annual count with the client. They want to ensure the client has performed the right procedure. They want to know that client has proper control over the inventory annual count.
Observation gives auditors an idea of how the procedures are performed by the personnel responsible. It can help spot any weaknesses within internal control processes as well. The auditor can give suggestions so that future problems will not happen again.
Observation may not be the most reliable form of evidence, but it can see the actual work perform. The clients may try to perform their best during the observation. The daily process may be different when the auditors are not around. Moreover, there is no written document to file for the audit evidence.
The inspection is a great way for auditors to ensure that they are getting accurate information from clients. It can also serve as an audit procedure, which means it will be more likely to receive the correct audit evidence.
Inspection is a comprehensive assessment of a company’s internal controls. This includes examining all supporting documents related to the internal control. It can be done to obtain more evidence after inquiries and observation.
For example, auditors can determine whether the bank reconciliation statement prepared by the client is reliable through an inspection. They inspect if the client really performs the monthly bank reconciliation and access the proper level of control.
Inspections give auditors a more complete form of evidence than inquiry and observation. The process of inspection is to look at the source documents which are in written form. Auditors can ensure that the company really performs the control with the proof of document. The level of effectiveness will depend on the way in which auditors access the control.
To test for controls, auditors select a sample of transactions to inspect. The first step of any inspection is to make sure the auditor has sufficient data on hand. The population must include all the transactions that have been incurred during the period.
Inspection can be problematic as there is sampling risk involved when selecting the sample. The result from the sample test may not represent the whole population. We cannot say that the company has performed control 100% based on the sample size we inspect.
The auditor can use re-performance as a part of their test for controls. Auditor uses the client data and control procedure to re-perform the client’s work. Then they compare their results with the clients’ results. The result should be the same as both parties using the same data and procedures.
For example, auditor re-perform the bank reconciliation that company has already done. Auditors use the same document such bank statements and book balances to re-perform the bank reconciliation. They want to see if the reconciling process is done properly. The result should be the same, otherwise, they need to investigate.
Moreover, auditors recalculate the depreciation expense base on the client’s fixed assets listing and fixed assets policy. With the same listing and the same policy, the depreciation expense must be the same.
It is the use of computer software to analyze a large volume of data and test the client’s automated system. In a large corporation, there are millions of transitions that process automatically by computer software. It is not effective for the auditor to manually test all of those transactions. The auditors need to use the IT team to validate the clients’ software and ensure that they have IT system control.
For example, the interest income calculates by the bank consist of thousands of transaction per month. The auditor needs to engage with CAAT team to test the effectiveness of client software in calculating interest income.
Test of Control Example
There are many internal control tests for each process in the company. Please refer to the example of each testing under the testing procedure as follows:
- Auditors inquire the management about the sale process. They ask the process that clients record sale orders, work in progress, and deliver to the customers. It will lead to the invoice processing and collection of accounts receivables as well.
- Inquiry about the fixed assets policy regarding to the capitalization threshold, depreciation method, and write-off procedure.
- Auditors observe the client perform inventory physical count. They are not involved in the counting process, they just observe how clients perform counting, reconcile,e and investigate variance.
- Auditors observe the client record the sale transaction into the accounting system. They check if the client really checks all supporting documents. They also check if the transaction really requires proper approval before release.
- Auditors inspect the supporting document of clients’ expenses to validate the internal control process in payment. The client needs to follow the payment procedure to ensure effective internal control.
- They also inspect the payroll supporting documents to validate the payroll process base on the company’s internal control.
- Auditors recalculate the interest expense base on the debt listing and interest rate from banks and creditors. They want to reconcile their result with the client’s balance.
- They also re-perform the bank reconciliation to ensure proper procedure.
When Auditor should Perform test of control?
After the auditor has fully understood the client’s business, they will decide whether or not to test the internal control. If the auditors have deeply understood the client’s business, they can make proper planning related to internal control testing.
The reason that auditors change the planning for internal control testing is due to the lack of understanding of the client business.
The auditor will also make the conclusion again whether or not their control is effective and efficient and if they could rely on it after testing. This normally happens when there are key items in accounts such as revenues and other main accounts.
When Auditor should not perform test of control?
It is not really practical to test all the internal control in the company. Some internal control is not related to the significant accounts. It is more efficient for auditors to go straight to substantive testing.
The objective of internal control testing is to reduce the substantive work and gather more audit evidence. So if the auditors cannot rely on the control or the effectiveness of control, they cannot reduce the substantive test, it is not necessary to validate the control.
For example, the client may have internal control to prevent the error in the recording of other income accounts. However, the other income accounts balance is very small during the years. There is no material misstatement that can exist in the account. So auditors do not require to test this control.