Chapter 6

Tests of Controls
1. TESTS OF CONTROLS AND THE MAIN
TRANSACTION CYCLES
1.1 Planning tests of controls
The auditor takes a system-based approach and focusses on testing the systems and internal controls that
produce the financial reporting figures.
Two conditions are necessary:
The systems and controls in place should be designed to minimize the risks of misstatement.
The systems and controls should actually operate effectively.
Gains evidence by test of controls.
1.2 Computer-assisted audit techniques
In case of IT based systems, specialized techniques of obtaining audit evidence may be required, known as
computer-assisted audit techniques.
CAATs are often necessary in the audit of IT systems because these systems may not provide an adequate
audit trial.
The auditor needs to ‘get inside the computer’ to check the completeness and accuracy of the processing.
1. TESTS OF CONTROLS AND THE
MAIN TRANSACTION CYCLES
Two commonly used types of CAATs are:
Audit software: relevant to substantive testing
Test data: relevant to test of controls
Test Data: involves the auditor processing a sample of data through the IT system and comparing the results
obtained from the processing with pre-determined results.
Problem – it will only give audit evidence at the time that test data is processed.
Data will re-run for audit purpose by using log files.
The best way is to establish an extra dummy department for allocation of test data.
Only the auditor should have access to this department.
Disadvantages of CAATSs: They can be expensive and the use of CAATs should be evaluated on a cost benefit
basis. Cost includes:
Purchasing or developing the programs
Keeping programs up to date for changes in hardware and software
Training audit staff in the use of computer systems to run the CAATs.
1. TESTS OF CONTROLS AND THE
MAIN TRANSACTION CYCLES
1. TESTS OF CONTROLS AND THE MAIN
TRANSACTION CYCLES
1.3 The major transaction cycles
Sales, purchases and payrolls, identified as major transaction analysis, will have a direct effect the financial
statements.
Test of controls are also applied to key statement of financial position headings linking into the main transaction
cycles:
Bank and cash;
Inventory and
Revenue and capital expenditures (non-current assets)
1.4 Controls and tests of controls in the exam
1. Risks: What are the risks that weaknesses in the transaction processing system could mean that the financial
systems do not give a true and fair view.
2. What should be the control objectives? What is the purpose of having control? What should the control be intended
to achieve or prevent? The objective of the control should be to eliminate or reduce risk.
3. Having established the reason for needing controls, the next step is to devise controls that will help to achieve the
control objective.
4. An auditor should be aware of the control objectives for each of the transaction cycles, and should assess the
effectiveness of the controls that the client entity has in place to achieve those objectives.
5. If the auditor is satisfied with the controls seem adequate, he should devise tests to establish whether they work in
place.
1. TESTS OF CONTROLS AND THE
MAIN TRANSACTION CYCLES
Test of control should therefore be seen within the context of:
Risks
Control objectives
Controls
Tests of those controls
2. THE SALES SYSTEM
2.1 Elements of the sales system
Receiving orders from customers
Dispatching the goods and invoicing customers
Recording sales and amounts receivable in the account.
2.2 Customer ordering
Risks: (R) and Control Objectives (CO)
1. R: Orders may be accepted from new customers by giving credit, without checking the customer’s references without formal
authorization of a credit account.
CO: Giving credit to new customers and existing customers must be controlled.
2. R: Orders may be accepted from existing customers that take them over their credit limit.
CO: Orders should not be processed if they would take the customer above his agreed credit limit.
3. R: Some orders were overlooked and are not processed. Some orders are processed twice.
CO: All orders from customers are processed correctly.
4. R: The customer is given a price discount without proper authorization.
CO: Proper authorization should be checked.
 2. THE SALES SYSTEM
Principal Controls (PC) and Tests of Control (ToC):
1. PC: Should be a segregation of duties.
ToC: The auditor can establish the segregation of duties.
2. PC: Individuals who process orders from customers should not also carry out credit reference checks on new customers or
credit limit checks on existing customers.
ToC: The auditor could observe these individuals to see if procedures are being properly followed.
ToC: He could use test data in IT system to check that orders which would take a customer over his credit limit would be
rejected by the system.
3. PC: All new customer accounts, and their credit limit, should be authorized.
ToC: Evidence that new customer accounts have been approved should be checked by looking for the signature of the manager
giving the authorization on the appropriate approval document.
ToC: Evidence that the credit checks have been carried out can be checked by looking at the signatures or initials of credit
checking staff on customer orders.
4. PC: Orders should be recorded on sequentially-numbered documents. For every sales order, a dispatch note should be
produced.
ToC: The auditor can look at lists of customer orders, sequentially numbered, and confirm that for every customer order there is
a dispatch note number.
2. THE SALES SYSTEM
2.3 Dispatch of goods and invoicing
Risks (R) and Control Objectives (CO):
1. R: For some customer order, goods are not dispatched, or the goods are dispatched twice.
CO: Goods should be dispatched for every authorized customer order.
CO: Goods should not be ordered twice, for the same sales order.

2. R: Goods are dispatched to customers who do not have sufficient credit.

3. R: Invoices are not produced for dispatched goods.

CO: For every dispatch note, there must be an invoice.
CO: Invoices should be for the correct amount.
4. R: Customers claim that they did not receive the goods that they have actually been delivered to them.
CO: Customers should acknowledge the receipt of goods.
5. R: Returns from customers are not properly recorded, so client company does not know the correct figure of sales.
CO: For all the goods returned by the customers, there must be an authorized credit note.
 2. THE SALES SYSTEM
6. Principal Control:
1. PC: Dispatch notes or Goods Delivery Notes (GDNs) (signed by an authorized member) should be numbered sequentially, and
should be attached to a copy of a specific customer number.
ToC: Ensure that all GDNs are sequentially numbered, if not then the error report regarding the reason is generated.
2. PC: Customer should sign a delivery note as confirmation of receipt.
ToC: Some delivery notes should be checked to confirm that customers do sign them.
3. PC: The signed delivery note should be attached to a copy of the dispatch note and customer order and transfer to the accounts
department for the production of sales invoice.
ToC: Check that the lists of invoices show a customer order number and a dispatch note number.
4. PC: Each sales invoice should be linked to a copy of the dispatch note and customer order.
ToC: Can observe the dispatch process in operation.
5. PC: Sales invoice should be sequentially ordered.

6. PC: There should be a segregation of duties (goods dispatch, sales invoice or customer order)
ToC: Check that the segregation of duties does exist.
2. THE SALES SYSTEM
7. PC: Credit Notes should be sequentially numbered and authorized.
ToC: Check a list of credit notes to make sure that they cross-refer to a sales invoice number.
Credit notes should be checked to make sure the existence of the authorization signatures of the
appropriate manager.

8. PC: There should be strong check by someone (IT controls) in the account staff
on the accuracy of invoices.
ToC: There should be a documentary evidence that a member of the accounts staff has carried out
arithmetical checks on the accuracy of invoices.
2. THE SALES SYSTEM
2. The SALES SYSTEM
2.4 Recording sales and accounting
Risks and Control Objectives (CO)
1. R: Risk that invoices and credit notes may not be recorded in the accounting system.
CO: ensure that they all are recorded.
2. R: Risk that invoices and credit notes are recorded in the wrong customer accounts.
CO: prevent this from happening, or to detect errors when they do occur.
3. R: Risk that debts may be written off as uncollectable (‘bad’) without proper
consideration.
CO: make sure that this does not happen.
Principal Controls (PC) and Tests of Control (ToC)
1. PC: Invoices and credit notes should be sequentially numbered.
ToC: List of invoices and credit notes can be checked for sequential numbering
2. The SALES SYSTEM
2. PC: Regular statements should be sent to customers.
ToC: Check that the payments are produced and dispatched to customers.
3. PC: Control account reconciliations should be carried out on trade receivables.
ToC: Look for documentary evidence that control total checks have been made.
4. PC: Bad debts must be authorized.
ToC: Should be a documentary evidence that proper authorization is given for a debt to be written off as
bad.
5. PC: Procedure for identification and follow up of over-due accounts and unpaid invoices.
ToC: Segregation of duties (preparation of invoices, payment collection, follow up late payments)
ToC: Individuals should be present for collecting overdue payments. Alternatively, exception report should
be regularly produced.
3. THE PURCHASES AND THE
EXPENSE SYSTEM
3.1 Elements of the purchases and the expense system
Excludes the procedures for making payments to suppliers, main elements are:
Placing orders, receiving goods and invoices, recording and accounting.
3.2 Placing Orders
Risks (R) and Control Objectives (CO)
1. R: Orders for goods and services are made without approval or authorization.
CO: All purchases must be properly authorized
2. R: Orders may be placed with suppliers with who are not on the ‘approved list’.
CO: Should not be placed with non-approved suppliers.
3. R: For large orders, suppliers are not asked to submit tenders. In case of tender, the order might not be given
to the supplier quoting the lowest price.
CO: Competitive price quotations should be obtained.
3. THE PURCHASES AND THE
EXPENSE SYSTEM
Principal Controls (PC) and Tests of Controls (ToC):
1. PC: Segregation of duties (requisition for new supplies of inventory, placement of the order)
ToC: Check that the segregation of duties must exist.
2. PC: Purchase orders should be sequentially ordered.
ToC: looked at list of sequentially ordered list numbers.
3. PC: Procedures for making suppliers on the approved list
ToC: Should ask managers for providing documentary evidence.
4. PC: Include ‘approved supplier reference number’
ToC: checking of Purchase orders
5. PC: Orders above a certain limit must be authorized by senior manager.
ToC: Checked for management authorization.
3. THE PURCHASES AND THE
EXPENSE SYSTEM
3.3 Receiving Goods and Invoices
Risks (R) and Control Objectives (CO)
1. R: Goods accepted by a supplier without an order or goods delivered when they actually are not.
CO: Make sure that all receipts of goods are recorded and checked against a purchase order.
2. R: Company may fail to claim discounts from suppliers for orders above a certain size, or as regular
customers of the supplier.
CO: discounts are given by suppliers where these are available.
3. R: Suppliers may invoice for goods that have not actually been provided.
CO: to prevent this from happening, or detect when it does happen.
3. THE PURCHASES AND THE
EXPENSE SYSTEM
Principle Control (PC) and Tests of Control (ToC):
1. PC: Copy of all delivery notes should be retained, with a signature of the member of a staff who tool receipt and
checked the goods.
ToC: Check the delivery notes, goods received notes and purchases invoices are matched with each other.
ToC: Evidence: documents checked against each other, signatures on Purchase invoice.
2. PC: Goods received notes should be produced for each delivery, from the delivery note or after a physical count of the
item received.
3. PC: A member of the account staff or purchasing staff must be responsible for checking discounts allowed by suppliers.
ToC: Look for a documentary evidence that discounts are checked and claimed from suppliers when available.
4. PC: Segregation of duties (delivery of goods, order placement, recording of the purchase invoices)
ToC: Check that the segregation of duties must exist.
5. PC: All purchase invoices should be checked against a purchase order and a goods received note.
ToC: Look for any evidence that invoices, purchase orders or goods received notes cannot be properly matched.
3. THE PURCHASES AND THE
EXPENSE SYSTEM
3.4 Recording and accounting for purchases and expenses
Risks (R) and Control Objectives (CO):
1. R: Purchases invoices will be recorded for goods or services that were not provided.
CO: Make sure that this does not happen.
2. R: Purchase invoices will be indirectly recorded in the accounts of suppliers.
CO: To identify and correct any such errors that may occur.
3. R: Credit will not be claimed from suppliers for goods returned.
CO: Make sure that credit is taken for purchase returns.
3. THE PURCHASES AND THE
EXPENSE SYSTEM
Principle Control (PC) and Test of Control (ToC):
1. PC: Purchase invoices should be cross checked against purchase orders before they are recorded in the
accounts. In case if PO has no number, then it should be written by a person making check.
ToC: Look for an evidence for matching of PI with PO. Signatures and initials by the individual making a
check.
2. PC: Evidence that statements from suppliers are checked and approved. (signature or initials on evidence)
ToC: Regular statements should be received from suppliers. Cross checking of balance of statement with
the account balance.
3. PC: Should be regular control account reconciliations for trade payables.
ToC: Look for documentary evidence of control account reconciliations.
4. PC: Debit note should be created each time that goods are returned to a supplier. Sequentially number and
matched with supplier credit notes. Exception report of unmatched items should be produced by IT system.
ToC: Able to check a list of sequentially numbered debit notes, cross referenced to a supplier’s credit note.
THE PAYROLL SYSTEM
4.1. Elements of the payroll system
Calculating gross wages and salaries
Recording wages and salaries payables in the account
The calculation of tax and other deductions from wages and salaries.
The payment of wages and salaries.
4.2. Calculating gross wages and salaries
Risks (R) and Control Objectives (CO)
1. R: wages and salaries may be paid to individuals who are not employees.
CO: ensure that only real employees are paid.
2. R: Employees may be paid for work that have not done.
CO: Ensure that employees are paid only for work they have done.
3. R: Gross wages and salaries could be calculated incorrectly.
4. R: Taxation and other deductions could be calculated incorrectly.
CO: Ensure that gross pay, deductions (tax and other deductions) and net pay are calculated correctly.
THE PAYROLL SYSTEM
4.3. The calculation of tax and other deductions:
4.4. Recording wages and salaries payable in the accounts
4.5. Payment of wages and salaries
4.6. Possible control weaknesses in a payroll system
1. Weakness in the system for recording time and date.
2. Overtime payment may not be properly authorized.
3. Junior staff responsibility for making the payroll payments.
4. The payroll lists for each department may not be properly authorized.
5. Weaknesses in the use of password.
6. Password should be difficult to guess.
7. Overlooked and forgotten important information that was sent by an email.
5. THE BANK AND THE CASH
SYSTEM