Overall Audit Planand Audit Program Chapter 13
Types of Audit Tests Procedures to obtain an understanding of internal control (Ch 10) Focused on understanding the design and operation of aspects of I/C necessary to plan the rest of the audit Tests of control (Ch 10) Procedures used to obtain evidence needed to assess control risk.
Types of Audit Tests Substantive tests of transactions Procedures designed to test for dollar misstatements of financial statement balances. • Analytical procedures (Ch 8) • To indicate possible misstatements • To reduce tests of details of balances Tests of details of balances Focus on ending G/L balances
Audit risk model AAR IR × CR = PDR Types of audit tests Procedures to obtain an understanding of internal control + Tests of controls (TOC) + Substantive tests of transactions (STOC) Types of Audit Tests and the Audit Risk Model
Audit risk model AAR IR × CR = PDR Types of audit tests Analytical procedures (AP) + Tests of details of balances (TDP) = Sufficient competent evidence per GASS Types of Audit Tests andthe Audit Risk Model
Type of Evidence Physical examination Confirmation Documentation Observation Type of Test Procedures for I/C Tests of controls Substantive T.O.T. Analytical procedures Tests of details Relationship Between Types of Tests and Evidence (Table 13-2) Reperformance Analytical proc. Inquiries of the client
C3 Acceptable assurance Audit assurance from control risk assessment and tests of control C2 AUDIT ASSURANCE C1 Audit assurance from substantive tests No assurance A C B INTERNAL CONTROL EFFECTIVENESS Weak control Strong control Reliance on controls: C3 – None, C2 – Some, C1 – Maximum Audit Assurance at Different Levels of Internal Control Effectiveness (Figure 13-3)
Impact of Information Technology onAudit Testing SAS 80 (AU 326) and SAS 94 (AU 319) provide guidance for auditors of entities that transmit, process, maintain, or access significant information electronically.
Program change controls Access controls Impact of Information Technology on Audit Testing Computer assisted audit techniques (CAATS) may be used to test automated controls or data. Reports produced by IT may be used to test the effectiveness of IT general controls.
Designing the Audit Program Auditing standards require auditors to use a Written audit program. • It is convenient to think of the audit program as • consisting of the three major classes of tests: • Tests of controls • Substantive tests of transactions • Analytical procedures