Efficient Tests of Balances Series—No. 5: When Should an Auditor Perform Tests of Controls?
First, tests of controls are not required by the risk assessment standards of 2006, or the redrafts of those standards effective for periods ending after December 15, 2012. Sufficient substantive evidence can be obtained from other risk assessment procedures, analytical procedures and tests of balances to express an opinion on financial statements.
Tests of controls may be necessary, however, when:
• The auditor plans reliance on the results of the tests for a low assessed level of control risk.
• Tests of balances and analytical procedures are not sufficient to evaluate certain financial statement assertions (such as completeness for revenues).
• Inquiries and observations concerning key controls in smaller entities are necessary to offset significant control deficiencies and material weaknesses for a control risk assessment at some level less than high.
When tests of controls are performed, they may be used to evaluate some or all of the assertions for classes of transactions events thereby reducing related tests of balances. Common sample sizes used in practice are 40 sample units (assuming no errors or deviations) or 60 sample units (permitting one error or deviation).
Tests of controls are usually “dual purpose.” One purpose is to test compliance with an entity’s designed internal controls, formal or informal. The second purpose is to “re-perform” certain accounting system and internal control procedures. Descriptions of the dual purposes of tests of controls follow.
Tests of Controls—Compliance Transactions Tests (author’s words):
Compliance tests are designed as tests of internal control procedures or activities to determine:
• The frequency with which the control procedures are performed.
• The quality of the performance of the control procedures.
• The person performing the procedures.
• The design effectiveness of the procedures.
Compliance tests of controls are performed to measure the likelihood of errors occurring and going undetected and to reduce the amount of substantive testing. Compliance procedures consist mainly of observations, inspections and inquiries. Documented evidence of the internal control procedures performed by a client is necessary to evaluate compliance for larger clients with effectively designed internal controls. Examining a foreperson’s approval of hours worked on employees’ time cards, for example, is a compliance test of control. Materiality is measured by the frequency of errors.
Owners or managers of smaller entities may perform key controls that are not documented. In these circumstances, the auditor may assess compliance by making inquiries of an owner or manager and inspecting relevant documentation, and evaluating the owner’s or manager’s responses. Documentation of the owner’s or manager’s compliance should be included in a memo or on a working paper.
Tests of Controls—Substantive Transactions Tests (author’s words):
A substantive transactions test is a test of the accounting system and is normally designed to test for monetary errors. Determining that all entries recorded in the cash disbursements journal are valid by examining supporting documents, or that the extension of sales prices and units on sales invoices are correct, are examples of substantive transactions testing procedures.
Tests of controls are often used as “dual-purpose” tests, i.e., both compliance and substantive tests of transactions are performed. While both may supply sufficient evidence to verify applicable financial statement assertions, we can often be more efficient by performing one or the other. Only a “handful” (10%-20%) of the selected transactions need be tested substantively if we choose compliance tests. If a client has limited internal controls, but has a good accounting system on the other hand, we may perform only substantive transactions tests. For smaller entities, informal substantive transactions tests may be informally performed as systems walk-through procedures.
More resources concerning tests of controls and audit strategies can be obtained from my live and on-demand webcasts by clicking of the applicable box on the left side of my home page, www.cpafirmsupport.com.
by Larry Perry, CPA, CPA Firm Support Services, LLC - Larry has over 40 years experience as a CPA practitioner, author of accounting and auditing manuals, author and presenter of live staff training seminars and author of webcast and self-study CPE programs. He is co-founder of CPA Firm Support Services, LLC (www.cpafirmsupport.com), an organization providing resources, training and consulting to smaller CPA firms. Larry writes a weekly blog on AccountingWEB.com focusing on small audits, reviews and compilations. He is currently developing documentation manuals and handbooks for small audits, reviews and compilations and related electronic practice aids.