1. Modern Auditing:
Assurance Services and the Integrity of Financial Reporting, 8th Edition
William C. Boynton
California Polytechnic State University at San Luis Obispo
Raymond N. Johnson
Portland State University
Chapter 11 – Audit Procedures in Response to Assessed Risks: Tests of Controls

2. Chapter 11 Overview

3. Assessing Control Risk
In assessing control risk, the auditor must evaluate the effectiveness of :
Design of internal controls
Operation of internal controls

4. Steps in Assessing Control Risk

5. Process for Assessing Control Risk
Consider Knowledge Acquired from Procedures to Obtain an Understanding
Identify Potential Misstatements

6. Process for Assessing Control Risk
Identify Necessary Controls
Nature of controls to prevent or detect and correct misstatements
Nature of controls implemented by management
Significance of each control
Risk that designed controls may not operate effectively

7. Control Design for Specific Assertions
Completeness Assertion
Existence or Occurrence Assertion
Valuation and Allocation Assertion
Presentation and Disclosure Assertion

8. Identify Necessary Controls

9. Process for Assessing Control Risk
Perform Tests of Controls
Evidence about effectiveness of the design and operation of controls
Evaluate Evidence and Make Assessment
Matter of professional judgment
Identify strengths and deficiencies
Express quantitatively or qualitatively

10. Strategies for Performing Tests of Controls in an IT Environment
User Controls
Application Controls
General Controls and Manual Followup Procedures

11. Overview of Computer Controls

12. Computer-Assisted Audit Techniques (CAATs)
Auditing through the computer
Advantageous when:
Significant part of internal controls is imbedded in a computer program
Significant gaps in visible audit trail
Large volumes of records to be tested

13. Types of CAATs Parallel Simulation Test Data Integrated Test Facility
Continuous Monitoring of On-line Real-time Systems

14. Parallel Simulation versus Test Data

15. Continuous Monitoring of On-Line Real-Time Systems
Audit Hook
Tagging Transactions
Audit Log

16. Methodologies for Meeting the Second Standard of Fieldwork

17. Study Break
1. This step in assessing control risk allows the auditor to consider the points at which errors or fraud could occur.
Evaluate Evidence
Perform Tests of Controls
Identify Potential Misstatements
Identify Necessary Controls
C. Identify Potential Misstatements

18. Study Break
2. This CAAT uses dummy transactions that are processed under auditor control by the client’s computer system and the output is evaluated against expectations.
Parallel Simulation
Test Data
Integrated Test Facility
None of the above
B. Test Data

19. Effects of Preliminary Audit Strategies
Primarily Substantive Approaches
Lower Assessed Level of Control Risk

20. Designing Tests of Controls
Designed to evaluate the operating effectiveness of a control concerned with:
How the control was applied
Consistency with which it was applied
By whom it was applied

21. Nature of Tests of Controls
Inquiries of entity personnel
Inspection of items indicating performance of the control
Observation of the application of the control
Reperformance of the application of the control by the auditor

22. Timing of Tests of Controls
One Occasion versus Multiple Occasions
Timing Issues
Interim Period
Remaining Period
Results from Prior Periods

23. Extent of Tests of Controls
Nature of the Control
Frequency of Operation
Importance of the Control

24. Designing Tests of Controls
Staffing Tests of Controls
Audit Programs for Tests of Controls
Dual-Purpose Tests

25. Additional Considerations
Assessing Control Risk for Account Balance Assertions Affected by a Single Transaction Class
Assessing Control Risk for Account Balance Assertions Affected by Multiple Transaction Classes

26. Account Balance Assertions and Transaction Class Assertions

27. Account Balance Assertions and Transaction Class Assertions

28. Documenting the Assessed Level of Control Risk
Control Risk Assessed at the Maximum
Only the conclusion is documented
Control Risk Assessed at Below the Maximum
Basis for assessment must be documented

29. Communicating Internal Control Matters
Internal Control Deficiency
Significant Deficiency
Material Weakness

30. Study Break
3. While evaluating the operating effectiveness of a control, the tests of controls are concerned with all of the following except:
How the control was applied
The consistency with which it was applied
When it was applied
By whom it was applied
C. When it was applied

31. Study Break
4. Auditors are required to report a deficiency in internal controls to management and the audit committee when there is a(n):
Internal Control Deficiency
Significant Deficiency
Material Weakness
No Deficiencies
B. Significant Deficiency and C. Material Weakness