Module: Audit and Assurance
Lecture 9 – Audit Testing & Analytical Review
Auditing testing types
It’s about testing transactions, account balances, controls.
The first stage of audit is understanding the internal control
system/environment of the client.
Systems-based – evaluating how well the internal control system works. Example: to
walk through all the buildings in this university to test whether you can see a security
officer in every building. This is to test out the internal control environment. Or you
might test out 10 computers at this university to see if you can use it without a
password.
Risk-based – identifying and focusing on high risk areas rather than testing out
everything.
Audit Testing – Compliance
Compliance tests are tests to obtain audit evidence about the effective operation of
the control environment, in particular the operation of the control procedures.
You would review the system notes and flowcharts that has been given to you
by the organisation. You would try it out in reality.
Internal control questionnaires (ICQs) – these questionnaires are used by
organisations which asks about a particular process – who does this, when is
this done, who signs this, how do you know that etc. They are a series of
short answer questions to test whether the control environment is strong
enough.
Discussions with management regarding any changes to the system. You are
checking whether the business is compliant with its control procedures.
The compliance testing dictates how much work you do in the substantive
testing stage.
Audit Testing – Substantive
These are detailed tests of transactions and balances.
2 types:
1. Tests of details of transactions and balances
2. Analytical procedures
Lecture 9 – Audit Testing & Analytical Review
Auditing testing types
It’s about testing transactions, account balances, controls.
The first stage of audit is understanding the internal control
system/environment of the client.
Systems-based – evaluating how well the internal control system works. Example: to
walk through all the buildings in this university to test whether you can see a security
officer in every building. This is to test out the internal control environment. Or you
might test out 10 computers at this university to see if you can use it without a
password.
Risk-based – identifying and focusing on high risk areas rather than testing out
everything.
Audit Testing – Compliance
Compliance tests are tests to obtain audit evidence about the effective operation of
the control environment, in particular the operation of the control procedures.
You would review the system notes and flowcharts that has been given to you
by the organisation. You would try it out in reality.
Internal control questionnaires (ICQs) – these questionnaires are used by
organisations which asks about a particular process – who does this, when is
this done, who signs this, how do you know that etc. They are a series of
short answer questions to test whether the control environment is strong
enough.
Discussions with management regarding any changes to the system. You are
checking whether the business is compliant with its control procedures.
The compliance testing dictates how much work you do in the substantive
testing stage.
Audit Testing – Substantive
These are detailed tests of transactions and balances.
2 types:
1. Tests of details of transactions and balances
2. Analytical procedures
