VU VICKY Virtual University Assignment Solution, Past Papers, Handouts and other material

Lesson 17

Possible application: standard accounting procedures such as the use of control accounts, reconciliation

procedures and the performance of arithmetic checks on accounting records.  

d) Physical 

 There should be adequate physical control to ensure the security and safekeeping of its assets such

 as plant and machinery, valuable inventory items and cash. 

Possible application

: banking cash immediately, controlling access to inventory areas; electronic tagging of

inventory and portable non-current assets. 

e) Management and Monitoring

 There should be sufficient controls in existence to ensure management can effectively control the

 business operations. 

Possible application

: the use of budgeting and standard costing systems; the establishment of an internal

audit department  

f) Authorization 

 All transactions should be authorized. 

Possible application

: authorization of purchases, cash and bank payments, sale of non-current assets, sales

to customers on credit, bad debt write offs. 

g) Personnel 

 Employees should be appropriately qualified and of suitable caliber to perform the required tasks.

Possible application

: recruiting the right people for the job; training them effectively, motivating and

rewarding employees in an appropriate way.  

h) Segregation of duties 

 There should be an appropriate division of responsibilities to reduce the opportunity for fraud and

 manipulation. 

 This is a fundamental control procedure designed to ensure that one person does not have sole

 charge of a transaction from beginning till end. Perfect segregation of duties exists where each of

 the main stages in a transaction are under the control of a different person.

Possible application:

Consider an inventory purchasing system in a manufacturing company: 

Stage    Documentation   Responsibility 

Initiation   Stores requisition   Stores keeper 

Authorization   Purchase order    Purchasing officer 

Custody   Goods received note   Receiving officer 

Recording   Invoice     Account department 

Documenting the system

Documenting the system is an extremely important stage in the audit; 

Auditing standards state that in planning the audit, auditors should obtain and document an understanding

of the accounting system and control environment

sufficient to determine their audit approach.

The various methods of ascertaining and recording the system may be summarized as follows:  

1. Organization chart 

2. Narrative notes 

3 Flowcharts 

4 Internal control questionnaires (ICQs) 

5 Internal control evaluation checklists (ICEC) 

59

  

Organization Chart

Production

Director

Production 

Planning

Factory 

Manager

Managing Director

Distribution

Manager

Purchases 

Controller

Sales

Director

Advertising

Manger

Chief 

Accountant

Narrative Notes 

Finance

Director

Manager 

Accounts

This is a simple and apparently convenient way of describing systems. Having ascertained the system, the

auditor draws up a narrative description of it for the audit files. An example might be:

Sales invoices are prepared by Mr._____ They are checked by Mr. _____ and then passed to Mr. _____ for

recording in the customer’s account in the sales ledger etc.

Shortcomings of the method:

1. Notes can take up a disproportionate amount of space

2. Notes may be difficult to interpret

3. What happens it personnel change? 

Flowcharts

This is becoming an increasingly widely used technique for recording accounting systems in audit files.

A flowchart is a diagrammatical representation of an accounting system.

A good flowchart will be supplemented with narrative.

Flowcharts have the following advantages: 

(i) They portray the flow of documents through the system and enable the auditor to relate those 

movements with procedures and checks carried out as part of that system. 

(ii) They show the movement of documents in such a way that, when properly prepared, the 

sources and destinations of all documents will be clear. 

(iii) They help to highlight weaknesses in the control of the business. 

(iv) They enable audit tests to be clearly related to weaknesses in the accounting system.  

Standard symbols

 are used to represent documents, operations and checks carried out. 

Flow lines

 are used to join up the symbols and represent the movement of documents. 

Dotted lines

 are used to represent the flow of information between documents. 

Essentials of flowchart

Internal control evaluation flowcharts must highlight the following:  

(a) the sequence of operations happening to each document (e.g. authorization, checking, matching, filing)

(b) the segregation of staff duties and who is responsible for each operation.  

60

  

Symbols used in manual systems flowcharts

• A document     

• A multi-part set of documents 

• Pre-numbered document 

• A book of account 

• An operation performed on a document 

• A check performed on a document 

• Filing a book or document 

• Document flow 

• Information flow 

• Connector with another page/flow-line  

N 

61

  

Flowchart of purchases 

Narratives:

1 Requisition note raised when goods

are at a pre-set re-order level. Order

quantity is pre-determined by use of a

copy of the previous purchase order. 

2 Signed by store manager.

3 Buyer checks authorization.

4 Purchase order set prepared.

8 P02 filed temporarily to act as a check

on overdue deliveries.

10 P04 and P05 are filed until goods are

received.

11 Weekly check on overdue deliveries.

12 Goods checked to PO to ensure they 

are in agreement. 

13 If not damaged, goods are accepted

and a goods received note set is raised.

Where quantity received is below order a

shortage memo set is also raised and a

note made on the purchase order.

14 P05 is sent back to the warehouse to 

act as the next requisition note.

Commentary on the above flowchart

(a) All operations and checks are positioned on vertical lines within a particular department. 

(b) Horizontal lines show the movement of a document between departments. 

(c) In practice the flowchart would continue, dealing with the processing of the purchase invoice/credit

note/day books/payables ledger/cash book etc. The 

flow-lines at the bottom of the page would continue to page 2 of the flowchart.  

(d) Note that the narrative to the flowchart does not deal with all of the operation numbers since some

should be self-explanatory e.g. operation 9 represents the 

numerical filing of P03 in the buying department.  

62

  

Lesson 18

EVALUATING THE INTERNAL CONTROL SYSTEM

Flow Charts and Internal Control Questionnaires:

Use of the major symbols in flow charts

The Document symbol

Each document in the flowchart should have a vertical flow-line. Such vertical flow-lines represent a 

movement in time within a particular department. When the document is moved to another

department, this movement in position will be represented by a horizontal line; departments are

therefore listed across the page.  

 Here the document is originated in Dept

A. It is moved to Dept B, then Dept D and then Dept C. Note that only vertical and horizontal lines are

used, never diagonal lines. 

The Operation symbol

Various operations will be performed on a document. 

It will, for instance: be prepared, added up, used to prepare other documents, etc. 

Any operation, other than a check function, is represented by the cross symbol. 

Each operation symbol should be supported by a brief narrative explaining the nature of the operation. 

Invoice

etc.

Kamran totals the invoice 

Note that the operation symbol is positioned on a

vertical flow-line. It should never appear on a

horizontal flow-line since that would suggest in this

case that Kamran totals the invoice while it is

moving from one department to another.  

63

  

The Information flow symbol

Fauzia prepares an invoice

from the sales order

This example is wrong because:

(a) no narrative exists to explain

the nature of the operation; 

(b) the sales invoice has no 

flow-line, it disappears into

thin air. 

Sales

order

Sales

order

Here one document is

prepared from

another.

The movement of

information to the

sales invoice is shown

by a dotted line. Such

information flow-lines

are always horizontal,

never vertical.

Note that flow-lines

then continue for both

the order and the

invoice. 

Sales

Invoice

The Check symbol

Sattar totals the invoice

Wajid checks the totals

Pasha checks that all

goods dispatched have

been invoiced.

Delivery

Note

Sales

Invoice

Sales

Invoice

This example

shows a simple 

check on a single

document. 

This shows a check

between two

documents. 

Note the use of the

information flow-line

again and that both the

delivery note and the

sales invoice continue

with vertical flow-lines

of their own. 

64

  

The filing symbol

Once documents have been processed they will often be filed away.

Such files are either permanent or temporary. 

The two sorts of file are denoted by the same symbol but the

temporary files are marked with a letter ‘T’.

It will often be useful to indicate the order of filing either numerically,

alphabetically or in chronological order. This can be done by

marking the symbol with the letter N, A, or D. 

Filed awaiting delivery of

goods. 

Checked by Zahoor

(weekly) got late delivery 

When goods are received

purchase order initialed by

Safdar 

Purchase

Order

TN

N

Note that with the temporary

filing symbol the flow-line of the

document must continue. 

With the permanent filing symbol

the flow-line stops since the 

document has reached its

ultimate destination 

The book of account symbol

The flowchart should use the book symbol to show the book which is

already in existence. It should also show the book being re-filed once the

posting is completed. 

Sohail posts invoices to the SDB

Sales

Invoice

Sales

Daybook

D

Note that the same flow-line principles apply to books as to documents. A vertical flowline

is

needed

which

ends

with

the

re-filing

of

the

sales

day

book

which

will

be

kept

chronologically. 

65

  

Depicting multi-part sets of documents

Rauf prepares

purchase order sets

Requisition

Note

Purchase

order

To supplier

N

Note that each part of the set must have a flow-line emanating from it. In this

example; PO1 is sent to the supplier, PO2 goes off to another department and PO3 

is filed numerically

Preliminary Evaluation of the System 

Having ascertained, confirmed and recorded the system, the auditor now needs to carry out a preliminary

evaluation of the system in order to make a decision as to whether he will: 

• Rely on internal controls and adopt a systems audit approach, or, 

• Perform extensive substantive testing. Using a verification approach to the audit.  

Internal Control Questionnaire

Features: 

• Used in large company audit

• Used to place reliance on internal controls

• Used to design audit approach 

Definition:

 An ICQ is a formal and usually standardized document which comprises: 

1. A list of internal controls in existence and 

2. Highlights any weaknesses.  

Objectives:

(i) To ascertain a clients systems of accounting and internal control 

(ii) To evaluate the control system thus recorded, and hence 

(iii) To identify those controls which indicate strengths in the system upon which the auditor 

will seek to place reliance, and 

(iv) To identify those areas over which there are weak or no controls and which therefore 

must be subjected to more extensive substantive testing and reported by inclusion in the

Management Letter.  

Construction of an ICQ 

I) It is good practice when designing ICQs to state, as a brief introduction: 

i. A list of control objectives

 which each sub-system under consideration should 

seek to achieve

ii. Any business considerations specific to the enterprise under review

 which 

should be taken into account.  

66

  

The reason for this is essentially to highlight for the audit staff key areas for their consideration to the audit

staff.  

II) The questions in an ICQ should be designed to ascertain whether the control objectives are being

achieved and should therefore cover such aspects as:  

a. Instructions given to staff in the performance of their duties

b. Authorization procedures

c. Documents and procedures used to originate transactions

d. Recording procedures

e. Sequence of procedures

f. Custody procedures

g. Relative independence of the persons involved at each stage 

of a transaction (i.e. segregation of duties). 

III) The questions should be framed such that a Yes/No answer is given, with a No answer usually 

indicating a control weakness. 

IV) An ICQ should carry such basic information as: 

(a) The name of the document (ICQ)

(b) the system to which it relates (e.g. purchasing cycle)

(c) the client to whom it relates

(d) the accounting period under review

(e) evidence of who has prepared and reviewed the document 

(f) the provision of columns for:  

 - Yes and No answers 

 - comments where neither Yes or No are applicable 

 - indicating the significance or otherwise of apparent weaknesses 

 - references to audit programs 

 - references to Management Letters.  

Lesson 19

INTERNAL CONTROL QUESTIONNAIRE

Having ascertained, confirmed and recorded the system, the auditor now needs to carry out a preliminary

evaluation of the system in order to make a decision as to whether he will: 

• Rely on internal controls and adopt a systems audit approach, or, 

• Perform extensive substantive testing. Using a verification approach to the audit.  

Internal Control Questionnaire

 An ICQ is a formal and usually standardized document which comprises: 

3. A list of internal controls in existence and 

4. Highlights any weaknesses.  

Features:

• Used in large company audit

• Used to place reliance on internal controls

• Used to design audit approach 

Objectives:

(i) To ascertain a clients systems of accounting and internal control 

(ii) To evaluate the control system thus recorded, and hence 

(iii) To identify those controls which indicate strengths in the system upon which the auditor 

will seek to place reliance, and 

(iv) To identify those areas over which there are weak or no controls and which therefore 

must be subjected to more extensive substantive testing and reported by inclusion in the

Management Letter.  

Construction of an ICQ

(I) It is good practice when designing ICQs to state, as a brief introduction:  

(a) a list of control objectives

 which each sub-system under consideration should seek to achieve

(b) any business considerations specific to the enterprise under review

 which should be taken into 

account. 

The reason for this is essentially to highlight for the audit staff key areas for their consideration to the audit

staff. 

II) The questions in an ICQ should be designed to ascertain whether the control objectives are being

achieved and should therefore cover such aspects as:  

(a) instructions given to staff in the performance of their duties 

(b) authorization procedures 

(c) documents and procedures used to originate transactions 

(d) recording procedures 

(e) sequence of procedures  

(f) custody procedures 

(g) relative independence of the persons involved at each stage of a transaction (i.e. segregation of 

duties). 

(III) The questions should be framed such that a Yes/No answer is given, with a No answer usually

indicating a control weakness. 

(IV) An ICQ should carry such basic information as:  

(a) the name of the document (ICQ)

(b) the system to which it relates (e.g. purchasing cycle)

(c) the client to whom it relates

(d) the accounting period under review 

(e) evidence of who has prepared and reviewed the document

(f) the provision of columns for:  

 - Yes and No answers 

 - comments where neither Yes or No are applicable 

 - indicating the significance or otherwise of apparent weaknesses  

68

  

 - references to audit programs 

 - references to Management Letters.  

Example of part of an ICQ

INTERNAL CONTROL QUESTIONNAIRE 

Prepared by: ________  Date: ________

CLIENT: ___________  PERIOD: _____

Reviewed by:________  Date: ________

THE PURCHASING CYCLE

(a) Control objectives. 

(b) Business considerations. 

(c) The questionnaire 

a) Control objectives 

To ensure that:  

(i) Purchased goods/services are ordered under proper authorities and procedures

(ii) Purchased goods/services are only ordered as necessary for the proper conduct of the business 

operations and are ordered to suitable suppliers 

(iii) Goods/services received are effectively inspected for quality, quantity and condition 

(iv) Invoices and related documentation are properly checked and approved as being valid before 

being entered as trade payables 

(v) All transactions relating to trade payables are valid (suppliers invoices, credit notes and 

adjustments), and only those valid transactions should be accurately recorded in the accounting

records.  

b) Business considerations

Points

     Effect on audit procedures and on financial statements 

(i) Nature of the company’s  - Auditor must be aware of the 

purchases.    Varying nature of goods purchased. 

(ii) The existence of a   - As far as possible ordering should 

purchasing department.   be centralized. 

(iii) The company’s   - The fixing of minimum/maximum 

purchasing policy.  Inventory and re-order levels should ensure efficient control. However, 

buying in bulk, with resulting higher inventory levels may be part of a

company policy to reduce unit costs, in which case inventory

obsolescence and storage cost problems may arise.  

(iv) The selection of suppliers.  - The purchasing department should maintain a supplier’s register to 

record past purchases, prices, and satisfaction received etc. The constant

seeking of alternative sources of supply at keener prices is an indication of

efficient management  

69

  

(C) Questionnaire 

Initiation and authorization

• Are standard (Purchase) order 

forms (SOFs) issued showing

names of suppliers, quantities

ordered and prices? 

• Are copies of SOFs retained on

file? 

• Who authorizes orders and

what are their authority limits?

• Are the persons in 3 above

independent of those who issue

requisitions? 

• Is a record kept, of orders placed

but not executed? (If yes, specify

type of record kept and filing

sequence).

Custody

• Are goods from suppliers

inspected on arrival as to quantity

and quality? 

• How is the receipt of supplies

recorded (e.g. by Goods Received

Notes)? 

• Are these records prepared by a

person independent of those

responsible for:

- ordering functions?

-processing and

- recording? 

Yes/ No Comments References 

Criticism on ICQs 

• ICQs represent an attempt at a formalized, systematic, approach to the audit of large complex 

organizations. 

• It is however increasingly apparent that such questionnaires can become too complex, lengthy and 

detailed for meaningful evaluation of accounting systems.

• There is a danger that ICQs can provoke too formalized an approach to an assignment; that will  be 

concentrating as they do on the controls themselves rather than upon the fraud or irregularity that the controls

are designed to prevent.  

Internal Control Evaluation Checklists

To overcome the above discussed possible shortcomings, many auditing practices have amended their

approach to internal control evaluation by the adoption of a different type of document, Internal Control

Evaluation Checklists (ICEC). 

The ICEC is designed to determine; whether desirable internal controls are present?, using key control

questions to ascertain where specific frauds or errors are possible. 

It is normally employed where system’s information has already been recorded (usually in the form of

flowcharts). 

Key questions are asked in an ICEC, the answers to which prompt further supplementary questions.  

Reference is made to a supporting flowchart which is the means of ascertaining the existing systems. This

makes the ICEC document shorter and less complex, but it may require more skill and judgment on the

part of the auditor to interpret the completed form. 

Note that virtually all the rules applicable to the construction of an ICQ apply to the construction of an

ICEC. 

70

  

Example of ICEC

INTERNAL CONTROL EVALUATION CHECKLIST 

Prepared by: ________  Date: ________

CLIENT: ___________  PERIOD: _____

Reviewed by:________  Date: ________

PURCHASES – PAYABLES – PAYMENTS

(a) Control objectives. 

(b) Business considerations. 

(c) The checklist 

a) Control Objectives

As per ICQ 

b) Business Consideration

As per ICQ 

c) The Checklist

1 Purchases 

       Comments  Reference

1.1 Can goods be purchased without authority? 

(a) purchase requisitions and order approvals? 

(b) limit of buyers authority to order? 

(c) purchasing segregated from receiving, 

accounts payable and inventory records? 

(d) un issued orders safeguarded against loss? 

1.2 Can liabilities be incurred although goods 

not received? 

(a) receiving segregated from purchasing, 

accounts payable and inventory records? 

(b) are all goods passed directly to stores? 

(c) GRNs or equivalent prepared independently? 

(d) adequate comparison with order, claims for 

short shipment etc? 

(e) invoices, GRNs, direct to accounts payable not 

purchasing? 

(f) invoices checked to order and GRNs, prices 

checked? 

(g) check of extensions, additions, discounts?  

(h) documents cancelled to prevent re-use? 

(i) unmatched documents investigated regularly? 

(j) freight checked, bills matched to 

consignments? 

(k) purchase returns and allowances controlled - 

follow-up? 

(I) forward purchases controlled?

1.3 Can cut-off errors occur? 

(a) time lapse from receipt of goods to invoice processing? 

(b) valuation of unmatched GRNs? 

(c) adequate control and recording of receipts?  

1.4 Can invoices be wrongly allocated? 

(a) nominal ledger analysis? 

(b) analysis independently checked? 

(c) staff purchases controlled? 

(d) independent and regular review?  

71

  

1.5 Can liabilities be recorded for goods or services not ordered? 

(a) goods received without authority? 

2 Payables 

2.1 Can liabilities be incurred but not recorded? 

(a) payables balances agreed periodically? 

(b) suppliers statements independently reconciled? 

(c) invoice register? 

(d) forward contracts? 

(e) order backlog follow up? 

(f) debit balances controlled? 

3 Payments 

3.1 Can payments be made if not properly supported? 

(a) discounts taken? 

(b) control over invoices before validating complete? 

(c) cheque signatories independent of purchasing, receiving, accounts payable and cheque 

preparation?

(d) signatories examine support for payment, 

check completeness, cancel support? 

(e) control over signature plates or pre-signed 

cheques? 

(f) control where one signature? 

(g) frequency with which cheques mailed? 

(h) independent regular bank reconciliation, with 

cheques directly from bank and review 

reconciliation? 

(i) cheques crossed account payee only, 

continuity accounted for, control over unused 

cheques? 

(j) bank transfers controlled - standing orders? 

(k) issue of bearer or cash’ cheques? 

(I) advances and loans controlled? 

(m) bank transfer payments, traders credits, direct 

debits? 

3.2 Can payments for non-routine purchases be made if not authorized or properly 

supported? 

(a) services, expense accounts, taxation payments 

in advance, staff purchases and goods on 

consignment? 

3.3 Can non-current assets be acquired or removed without proper authorization and recording?  

(a) approved work orders for non-current assets 

and major repairs? 

(b) approval of cost over-runs? 

(c) reporting of scrapping or disposals? 

(d) detailed non-current asset register, regular 

physical inspection and review of values? 

(e) periodic insurance appraisals, adequate 

coverage? 

(f) control over loose tools?

Limitations of the effectiveness of Internal Control 

It is possible to reduce the volume of transaction testing required in conducting an audit if the internal

controls are sound and are operating effectively, but it is not likely that an auditor will be able to rely on

internal controls entirely. This is because all control systems have inherent limitations such as: 

a) The need to balance the cost of the control with its benefits 

72

  

b) The fact that internal controls are applied to regular, recurring transactions, not one off year

end adjustments or unusual transactions, which are often large and subject to error. 

c) The potential for human error

d) The possibility of fraudulent collusion (two or more persons operating together) to ‘get round’ 

controls that segregate duties. For example; the supervisor responsible for checking and

authorizing overtime claims could collude with employees, to enable excess overtime payments

to be claimed. 

e) The abuse of authority and override of controls by senior managers or the owners of the

business. Abuse of authority might involve ordering personal goods through the firm. It is very

easy for directors and managers of organizations of any size to instruct staff to bypass normal

procedures such as the requirement for authorization for payments. 

f) The obsolescence of controls which have not changed to reflect changes in the business

activities or organization. 

In practice, the training of auditors always involves a warning never to rely on internal controls entirely, no

matter how effective they may appear to be. Hence some verification of transactions is always carried out as

part of the auditor’s work. 

73

  

Lesson 20

AUDIT TESTS

Audit evidence through Audit Procedures

The auditor needs to generate sufficient appropriate audit evidence that will allow a conclusion to be

reached based on this. Audit evidence, is obtained from audit procedures performed during the course of

audit, such as: 

• Test of control (compliance test)

• Test of details (substantive test)

• Analytical procedures (substantive test) 

Audit Procedures based on the understanding of Internal Control

Auditor’s understanding of the control environment, determines the audit procedures.

A strong control environment would provide more confidence about the effectiveness of internal control

and the reliability of audit evidence generated internally within the entity and thus, for example, allows the

auditor to conduct some audit procedures at an interim date rather than at period end.

If there are weaknesses in the control environment, the auditor ordinarily conducts more audit procedures

at period end rather than at an interim date, seeks more extensive audit evidence from substantive

procedures, modifies the nature of audit procedures to obtain more persuasive audit evidence, or increases

the number of locations to be included in the audit scope.

Appropriate Audit Approach

The auditor’s understanding of the internal control would enable him to select an appropriate audit

approach. These audit approaches may be as follows: 

1. Apply tests of control only for a particular assertion.

2. Apply substantive procedures only for a particular assertion may be because auditor failed to 

identify any effective controls relevant to assertion.

3. Combined approach i.e. applying both tests of operating effectiveness of control’s and 

substantive procedures for the same assertion.

However, irrespective of the approach selected, the auditor designs and performs substantive procedures

for each material class of transactions, account balance and disclosures.

In the case of very small entities, there may not be control activities and auditor may have to apply only

substantive procedures. 

Considering the Nature, Timing and Extent of Audit Procedures 

Nature

The nature refers to: 

• the purpose i.e. (tests of controls or substantive procedures) and 

• their type, i.e. inspections, observation, inquiry confirmation,  recalculation, re-performances 

or analytical procedures. 

Timing

Timing refers to when audit procedures are performed or the period or date to which the audit evidence

applies.

Extent

Extent refers to sample size or number of observations of a control activity (quantity of audit evidence). It

depends on auditor’s judgment after considering materiality, the assessed risk and the degree of assurance

the auditor plans to obtain. 

Nature 

The nature refers to the purpose i.e. (tests of controls or substantive procedures) and their type, that is,

inspections, observation, inquiry confirmation, recalculation, re-performances or analytical procedures.

Certain audit procedures may be more appropriate for some assertions than others.

74

  

The types of procedures to be performed and their combination would be affected by the auditor’s

assessment of the risk. The higher the risk, the more reliable audit procedure would be required.

In determining the audit procedures to be performed, auditor considers inherent and control risks

associated with the particular account balance or class of transactions.

Auditor is required to obtain audit evidence about the accuracy and completeness of information produced

by the entity’s information system when that information is used for performing audit procedures.

Timing

Timing refers to when audit procedures are performed or the period or date to which the audit evidence

applies.

Tests of control and substantive procedures may be performed either at an interim date or at period end.

The higher the risk of material misstatement, the more likely it is that the auditor may consider it more

effective to perform substantive procedures near to or at the period end rather than at an earlier date or to

apply audit procedures unannounced or at unpredictable times. On the other hand performing audit

procedures before the period end may assist the auditor in identifying significant matters at early stage of

the audit, which in turn would help in resolving them or developing an effective audit strategy.

In considering when to perform audit procedures, the auditor also considers such matters as the following: 

• The control environment

• When relevant information is available (for example, electronic files may subsequently be 

overwritten or procedures to be observed may occur only at certain times).

• The nature of the risk (for example, if there is a risk of inflated revenues to meet earnings 

expectations by subsequent creation of false sales agreements, the auditor may wish to examine

contracts available on the date of the period end). 

• The period or date to which the audit evidence relates.

Certain audit procedures can be performed only at the period end.

Examples are: 

• Agreeing the financial statements to the accounting records.

• Examining adjustments made during the course of preparing the financial statements.

• To cover the risk of overstatement the auditor ordinarily inspects transaction near the period end. 

Extent

Extent refers to sample size or number of observations of a control activity (quantity of audit evidence). It

depends on auditor’s judgement after considering materiality, the assessed risk and the degree of assurance

the auditor plans to obtain. Extent of audit procedures is increased when the risk of material misstatement

increases.

The use of computer-assisted audit techniques (CAATs) may enable more extensive testing of electronic

transaction and account files. Such techniques can be used to select sample transaction from key electronic 

files, to sort transactions with specific characteristics or to test an entire population instead of a sample.

Valid conclusions may be drawn using sampling approaches. However, in certain circumstances

examination of entire population may be more appropriate to reach a valid conclusion about that

population.

Test of Control

The auditor is required to perform tests of controls when the internal controls are operating effectively or when

substantive procedures alone do not provide sufficient appropriate audit evidence at the assertion level.

Tests of controls comprise of testing three things: 

1. Design – that the internal controls are properly designed to cover the risk it is meant for.

(examined through ICQs and ICECs) 

2. Implementation – that the internal controls have been put into operation.(examined through a

walk through test with a little sample) 

3. Operating effectiveness – that the systems of internal control were operating effectively at

relevant times during the period. ( examined through compliance tests based on a judgmental

sample) 

75

  

Nature of Tests of Controls

These are as follows: 

• Inquiry and observation

 (e.g. inquiry about and observation of controls over opening of mail to

verify controls over cash receipts). 

• Re-performance

 (e.g. preparation of bank reconciliation statement);

• Inspection of documentation

 relevant to performance of controls;

• Applying CAATs.

• Tests of controls and tests of details may be applied simultaneously on the same transaction; tests 

of control see whether e.g. invoice is approved and tests of details to detect material misstatement

in that invoice. 

Timing of Tests of Controls

These may be performed at  

1. a particular time or 

2. on the information relating to the entire audit period.  

– If performed at a particular time, it would provide evidence of operating effectiveness of

controls at that particular time. Such evidence may be sufficient for the auditor e.g.

observation of counting of inventories.  

– However, if auditor wants to obtain evidence about the effective operation of controls

throughout the period under audit, then tests of control’s should be applied on

transactions of the entire period. 

If auditor wants to rely on controls tested in prior periods, he should make inquiry that there is no change

in such controls. If these controls have changed, these should be tested for operating effectiveness first

before relying on these.

The auditor may not test all the controls every audit if there is no change in them. However, such controls

must be tested at least every third audit.

Extent of tests of controls

The auditor designs tests of controls to obtain sufficient appropriate audit evidence that the controls

operated effectively throughout the period of reliance. Matters the auditor may consider in determining the

extent of the tests of controls include the following: 

1. The frequency of the performance of the control by the entity during the period.

2. The length of time during the audit period that the auditor is relying on the operating effectiveness 

of the control.

3. The relevance and reliability of the audit evidence to be obtained in supporting that the control 

prevents, or detects and corrects, material misstatements.

4. The extent to which the auditor plans to rely on the effectiveness of the control (and thereby 

reduce substantive procedures based on the reliance on such control).

5. The expected deviation from the control. 

Substantive Procedures

Substantive procedures are performed in order to detect material misstatements at the assertion level, and

include tests of details of classes of transactions, account balances and disclosures and substantive analytical

procedures. 

The auditor plans and performs substantive procedures to be responsive to the related assessment of the

risk of material misstatement.

Irrespective of the assessment of risk of material misstatement, the auditor should design and perform

substantive procedures for each material class of transactions, account balance, and disclosure.

The auditor’s substantive procedures should include the following audit procedures related to the financial

statement closing process: 

• Agreeing the financial statements to the underlying accounting records; and

• Examining material journal entries and other adjustments made during the course of preparing 

the financial statements. 

76

  

When the auditor has determined that an assessed risk of material misstatement at the assertion level is a

significant risk, the auditor should perform substantive procedures that are specifically responsive to that

risk.

Nature of Substantive Procedures

Substantive analytical procedures are applied on large volume of transactions, which are predictable over

time. Tests of details are ordinarily more appropriate to obtain audit evidence regarding certain assertions

about account balances, including existence and valuation.

In designing substantive analytical procedures, the auditor considers such matters as the following: 

• The suitability of using substantive analytical procedures given the assertions.

• The reliability of the data, whether internal or external from which the expectation of recorded 

amounts or ratios is developed.

• Whether the expectation is sufficiently precise to identify a material misstatement at the desired 

level of assurance.

• The amount of any difference in recorded amounts from expected values that is acceptable. 

Timing of Substantive Procedures

When substantive procedures are performed at an interim date, the auditor should perform further

substantive procedures or substantive procedures combined with tests of controls to cover the remaining

period that provide a reasonable basis for extending the audit conclusions from the interim date to the

period end.

In considering whether to perform substantive procedures at an interim date the auditor considers such

factors as the following: 

• The control environment and other relevant controls.

• The availability of information at a later date that is necessary for the auditor’s procedures.

• The objective of the substantive procedure.

• The assessed risk of material misstatement.

• The nature of the class of transactions or account balance and related assertions.

• The ability of the auditor to perform appropriate substantive procedures or substantive procedures 

combined with tests of controls to cover the remaining period in order to reduce the risk that

misstatements that exist at period end are not detected. 

If substantive procedures are performed at an interim date, the auditor may sometimes consider applying

tests of controls also on the transactions of remaining period while extending his substantive procedures

from interim date to the period end.

In situations of actual or expected fraud, auditor may prefer applying substantive procedures at period end.

If misstatements are detected in classes of transactions or account balances at an interim date, the auditor

ordinarily modifies the related assessment of risk and the planned nature, timing or extent of the substantive

procedures covering the remaining period. 

Substantive procedures applied in a prior period are not sufficient to address a risk of material misstatement

in the current year except in certain circumstances.

Extent of performance of substantive procedures

Greater the risk of material misstatement due to weaknesses in the system of internal control, the greater

would be the risk of material misstatement in the financial statements.

In designing tests of details, the auditor may use either audit sampling or may choose to select items to be

tested by some other selective means of testing.

Adequacy of Presentation and Disclosure

The auditor should perform audit procedures to evaluate whether the overall presentation of the financial 

statements, including the related disclosures, are in accordance with the applicable financial reporting

framework.