Tests of Controls
Audit procedures evaluating control effectiveness in preventing or detecting material misstatements, determining the extent of substantive testing needed.
Tests of Controls
Audit procedures designed to evaluate the operating effectiveness of controls in preventing, detecting, or correcting material misstatements at the assertion level, influencing the nature, timing, and extent of substantive testing needed.
For instance, to test controls over sales transactions, an auditor might examine evidence that credit approvals were properly performed by selecting a sample of sales and inspecting for appropriate authorization signatures, or test automated controls by reviewing system configuration settings and change management logs.
Tests of controls help auditors determine how much to rely on the entity’s internal controls versus detailed testing of transactions and balances. Procedures include inquiries about control operation, observation of controls being performed, inspection of documents showing control implementation, and reperformance of controls by the auditor. The timing can be point-in-time (as of a specific date) or throughout the period, with more frequent testing required for higher risk areas or manual controls. When controls prove effective, auditors may reduce substantive testing. Conversely, identified control deficiencies require expanded substantive procedures and communication to management and those charged with governance.