Chapter 10

Assessing Control Risk / Tests of Controls

|Learning Check |

10-1. a. Assessing control risk is the process of evaluating the effectiveness of an entity's internal controls in preventing or detecting material misstatements in the financial statements.

b. Control risk should be assessed in terms of individual financial statement assertions.

10-2. In assessing control risk for an assertion, the auditor should perform the following five steps: 1. Consider knowledge acquired from procedures to obtain an understanding about whether controls pertaining to the assertion have been designed and placed in operation by the entity's management. 2. Identify the potential …show more content…

The auditor must also take care to determine that the data selected for simulations are representative of actual client transactions.

10-10. a. Under the test data approach, dummy transaction are prepared by the auditor and processed under auditor control by the client’s computer program. This is often performed during a time when the auditor can take full control over the client’s computer operations. In an integrated tests facility approach the auditor does not control computer operations and dummy transactions are processed simultaneously with real transactions. This usually requires the creation of a small subsystem (a mini-company) within the regular IT system. It may be accomplished by creating dummy master files or appending dummy master records to existing client files. Test data, specially coded to correspond to the dummy master files, are introduced into the system together with actual transactions.

b. A common way to test programmed controls in an on-line, real-time system is to create some form of continuous monitoring. For example, an audit module might be created to tag transactions for subsequent testing, or an audit log (frequently called an systems control audit review file) might be used to record transactions that meet particular audit criteria.

10-11. In comparison to the methodology for assessing control risk under the primarily substantive approach, the methodology under the