TESTS OF P A R T

CONTROLS AND
TESTS OF DETAILS
three
Part 3 covers the major evidence-gathering procedures of the
assurance services engagements. Chapter 9 covers tests of controls for
the control risk assessment and Chapter 10 covers substantive tests of
transactions and balances for the detection risk assessment. Chapter 11
explains the specialised considerations associated with the use of
sampling as a form of evidence gathering.

C H A P T E R 9 Te s t s o f c o n t r o l s 381
C H A P T E R

9 Tests of Controls
LEARNING OBJECTIVES
After studying this chapter you should be able to:

1
appreciate that tests of controls are part of a co-
ordinated approach to the audit in order to gain the
most efficient and effective audit approach;

identify the types of tests of controls undertaken;

2
identify factors impacting the auditors assessment of
3
the sufficiency and appropriateness of evidence of
tests of controls;

describe the audit procedures for testing controls in

4
the revenues, receivables and receipts system;

describe the audit procedures for testing controls in

5
the expenditures, payables and disbursements system;

describe the audit procedures for testing controls

6
relating to contractual transactions;

understand the auditing approaches used to test the

7
controls contained in the clients program, including
test data and integrated test facilities; and

appreciate the impact of assessing strategic business

8
risk on undertaking tests of controls.
 Chapteroutline
Until this stage of the audit, the auditor has not controls (to support an assessed level of control risk) is
undertaken any testing of details. As part of the plan- very different from that of substantive tests of
ning process the auditor has undertaken an assessment transactions and balances (used to reduce the auditors
of strategic business risk and a preliminary evaluation detection risk). If control risk is assessed at any level less
of inherent and control risk. From these assessments than high (reliance is to be placed on controls) then
and evaluations the auditor has determined the risks tests of control must be undertaken to provide evidence
and accounts that require attention, and also deter- of the existence, effectiveness and continuity of these
mined the required detection risk. The auditor then key controls. In this chapter, tests of controls for the
prepares an audit program, which outlines the audit major systems of revenue, receivables and receipts, and
tests they intend to undertake. expenditures, payables and disbursements are covered.
There are two major types of audit tests, tests of Variations in testing for other types of expenditure
controls and substantive tests. The purpose of tests of transactions, including payroll, are also considered.

Relevantprofessionalguidance
Australian International
AUS 214 Auditing in a CIS Environment ISA 401 Auditing in a Computer Information
Systems Environment
AUS 402 Risk Assessments and Internal Controls ISA 400 Risk Assessment and Internal Controls
AUS 404 Audit Implications Relating to Entities Using ISA 402 Audit Considerations Relating to Entities
a Service Entity Using Service Organizations
AUS 502 Audit Evidence ISA 500 Audit Evidence
AGS 1060 Computer Assisted Audit Techniques IAPS 1006 Computer Assisted Audit Techniques

learning
objective 1
TESTS OF CONTROLS
The auditor must obtain evidence sufficient to support the assessed level of control risk. As
outlined in Chapter 8, if at the planning stage the auditor assesses control risk as high for an
account balance or assertion there will be no tests of controls for that account balance or
assertion. This is because the auditor does not plan to place any reliance on the related controls.
Control risk will be assessed as high if the auditor has determined that (i) controls do not exist, (ii)
the controls that do exist will not provide reliable evidence, or (iii) it is more efficient or effective
to gather the required evidence by undertaking substantive testing. In assessing the control risk at
less than high, the auditor has identified specific internal control structure policies and
procedures that they believe will prevent or detect misstatements for the assertion. Evidence is
needed to support the appropriateness of both (AUS 402.27/ISA 400.40).
Tests of controls are usually concerned with gathering evidence concerning the controls
associated with the processing of particular classes of transactions through the accounting
system. Transactions can also be substantively tested to provide evidence to support the
assessment of detection risk. The best way of distinguishing between tests of controls and
substantive tests of transactions is that tests of controls relate only to the assessment of controls
and do not directly measure monetary error in accounting records. Substantive tests, whether of
transactions or balances, are concerned with whether monetary errors have occurred.
The co-ordinated program of tests of controls and substantive tests of transactions and
balances (which will be discussed further in Chapter 10) is commonly referred to as the audit
program. The audit program sets out the combination of evidence-gathering procedures that the
auditor believes will result in the most efficient and effective audit. If at any stage during this

384 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
testing phase the auditor determines that controls are not working as they expected and that they
have placed too much reliance on these controls they can reduce the extent of tests of controls and
increase the extent of substantive testing.

Planning the scope of tests of controls

The auditors underlying objective in undertaking tests of controls is to gain reasonable assurance
that the controls associated with the processing of transactions of a particular class are working as
expected. This will enable the auditor to reduce substantive tests. The considerations that affect
the nature, timing and extent of tests of controls are explained in the following discussion.

Nature
Based on the understanding of the internal control structure gained in assessing control risk, the
auditor identifies whether there are internal control structure policies or procedures to provide
reasonable assurance of achieving control objectives. If such policies or procedures are
prescribed, the auditor designs tests of their functioning (tests of controls). If there are no internal
control structure procedures prescribed that provide reasonable assurance of achieving specific
control objectives, the auditor designs substantive tests of transactions or balances. This planning
process is best understood by considering the following example.

EXAMPLE 9.1 Controls for recording of sales

A specific control objective for sales transactions is that goods shipped (or services rendered) have
been recorded. A test of controls is to see that shipping documents are prenumbered, the numbers
are accounted for and the shipping documents are matched to sales invoices and approved sales
orders. The auditor would need to conduct a test of the numerical sequence of shipping documents
issued and select a sample of shipping documents and trace them to the related sales invoices.

Timing
To aid the auditors ability to meet deadlines and the scheduling of staff, the auditor sometimes
schedules tests of controls to provide audit evidence for an interim period (this testing is usually
undertaken one to three months before balance date). The auditor would not normally undertake
this testing at an early stage unless they believed that there were adequate controls in place to allow
roll-forward of testing (extending tests until year-end). When obtaining evidence about the design
or operation of internal control structure policies and procedures during this interim period, the
auditor determines what additional evidence should be obtained for the remaining period.
The factors that influence whether tests of control are necessary for the remaining period (the
period between the interim date and the balance date) are as follows:
Results of the tests of the interim period If results indicate that internal control structure
policies and procedures lack operating effectiveness, control risk should be assessed at a high
level and substantive tests of transactions and balances should be made for the remainder of
the period. If expanded tests show that the accounting data are not reliable, tests of controls
should not be relied on in determining the extent of substantive tests of transactions and
balances.
Response to inquiries concerning the remaining period The most important inquiries
should be directed at determining whether there were any significant changes in control or
accounting procedures during the remaining period.

C H A P T E R 9 Te s t s o f c o n t r o l s 385
 Nature and amount of the transactions and balances involved If the transactions occurring
between the completion of tests of controls and the end of the year are atypical of the
transactions for the year, this implies the need to test further. That is the case with a highly
seasonal business and with an entity that has several large or unusual transactions near the
end of the year.
Evidence of compliance within the remaining period obtained from substantive tests
Evidence obtained through tests such as the pricing of inventory or confirmation of accounts
receivable at balance date (covered in Chapter 10) shows both the accuracy of total debits and
credits to those accounts and the propriety of the ending balances. If these tests indicate
satisfactory results, there is less need to test transactions in the remaining period.
Other matters the auditor considers relevant in the circumstances These include the
auditors assessment of strategic business risk and inherent risk and the results of analytical
procedures applied as an aid in planning the audit program.

Extent
The extent of tests of controls that consist of inspecting documents for indication of the
performance of a checking routine or approval by stamps, initials or signatures and those
substantive tests that involve inspection of documents are determined using audit sampling
techniques. Determination of the extent of tests of controls using audit sampling is explained in
Chapter 11.
The extent of reperformance of completed accounting routines is not, however, determined
by reference to audit sampling. Many reconciling and balancing routines (for example, bank
reconciliations) are performed monthly by the client. A common audit approach is to
recompute one or a few such reconciliations or balancings and then see that the routine was
performed in the other months. If the routine is performed much more frequently, the common
approach is still to recompute only one or a few of the routines. However, a sample of routines
is selected, rather than all of them, to see whether the routine was performed throughout the
period. The rationale for this approach is that inspecting a reconciliation or trial balance
provides reasonable evidence that the routine was properly performed, and if not, sloppy or
improper performance will be apparent.

Q u i c k r e v i e w
1 Tests of controls are required to be undertaken if reliance is to be placed on controls (i.e.
control risk is assessed at a level less than high).
2 Tests of controls will only be undertaken if the increased effort is more than offset by a
reduced level of substantive testing. The auditor chooses the most efficient and effective
combination of tests of controls and substantive tests of transactions and balances.
3 The auditor does not have to undertake tests of controls if there is no reliance to be
placed on controls, or if a substantive approach will result in a more efficient or effective
audit. In either of these circumstances control risk should be assessed as high.
4 When planning the scope of tests of controls, the auditor considers the:
nature: the specific control objectives for a transaction class provide a framework for
designing tests of controls;
timing: many tests of control are undertaken at an interim period and the auditor
should determine what additional evidential matter should be obtained for the
remaining period; and
extent: usually determined by reference to audit sampling techniques.

386 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
TYPES OF TESTS OF CONTROLS 2 learning
objective

The suitability of the design of the internal control policy or procedure These tests help
evaluate whether the policy or procedure is suitably designed to prevent or detect material
misstatement in the specific assertion. They generally include inquiries of entity personnel,
inspection of documents and reports, and observation of the application of specific internal
control structure policies and procedures, including walk-throughs. These tests often require
the preparation of flowcharts or questionnaires if the internal control structure procedure is
complex.
The operation of the policy or procedure An assessment of the suitability of design is usually
made while control risk is being assessed at the planning stage of the audit (refer to Chapter 8).
Where design is determined to be suitable and control risk is assessed at low or medium, tests
concerning the operation will be performed to provide evidence on the three aspects of
internal control discussed in Table 9.1. The auditor must gather evidence on each of these
internal control aspects before they can place reliance on a control for reducing the risk of
misstatements being included in the financial report.

TABLE 9.1 Aspects of internal control operation for which evidence is gathered

Aspects Definitions How tested

Existence Whether prescribed internal control Sighting documents bearing evidence of the
procedures actually exist. For example, control (e.g. stamp, signature, etc.).
if a clerk is supposed to verify the If there is no documentary evidence of the
mathematical accuracy of an invoice, control, observing the control procedure
does he/she actually perform the being performed (e.g., for segregation of
verification? duties, observe to see that there is segregation).
If the control is programmed, such as
checking authorisation codes, review the
program to make sure that the control exists.

Effectiveness Whether the control is operating Re-performing the control (e.g. checking the
effectively. That is, does the control price, quantities and maths on invoices).
prevent or detect the misstatements Sighting documents to see that controls were
that it is designed to prevent or detect? complied with (e.g. checking that a voucher
contains supporting documentation).
If the control is programmed, such as checking
authorisation codes, run unauthorised trans-
actions through the program to make sure
they are correctly identified and excluded.

Continuity Whether the control operated through- Usually achieved by ensuring that the sample
out the period of intended reliance. of transactions to be tested is selected from
For example, if the control was oper- throughout the year.
ational for only part of the year, then
no reliance can be placed on the
control when it was not operating.

learning
SUFFICIENCY AND APPROPRIATENESS OF 3
objective

EVIDENCE
AUS 502.10 (ISA 500.10) requires the auditor to consider the sufficiency (quantity) and
appropriateness (quality) of the audit evidence to support the assessed level of control risk. The
quantity of evidence necessary to support a specific level of control risk is a matter of audit

C H A P T E R 9 Te s t s o f c o n t r o l s 387
 judgment. The auditor requires stronger evidence as to the adequate design and operation of a
procedure if the assessed level of control risk is low rather than medium. This is because a low
assessment of control risk indicates that the auditor is going to place greater reliance on this
procedure as an appropriate form of audit evidence: the greater the reliance, the greater the
evidence required. Other factors that the auditor considers in determining whether the tests of
controls have yielded sufficient appropriate evidence include: type and source of evidence;
timeliness of evidence; and interrelationship with other evidence.

EXAMPLE 9.2 Existence, effectiveness and continuity of controls

Assume there is a control where before cash payments are authorised, a manager must
ensure that there is appropriate supporting documentation (such as a suppliers invoice,
and evidence that goods were received) to support the payment. Existence will involve
ensuring that authorisation for the payment is signed. Effectiveness will involve ensuring
that the control is doing what it is supposed to do, which is stopping unauthorised
payments with insufficient supporting documentation. Continuity involves ensuring that
the control has been in existence and effective over the period of intended reliance, and
would involve sampling from all the cash payments in the period of audit. Only after the
auditor has gathered evidence on all threeexistence, effectiveness and continuitycan
reliance be placed on the controls.

Type and source of evidence

The auditor recognises that some audit tests provide stronger evidence than others (AUS 502.15/ISA
500.15). For example, inquiry and observation that the accounts payable manager reviews invoices
and supporting documents before cheques are written provide some evidence, but inspection of
written approvals for a sample of cheques throughout the period provides more assurance.

Timeliness
Timeliness enhances the amount of assurance provided by the evidence. The two factors in
timeliness are:
1 When the evidence was obtained For example, the auditor may look at evidence obtained from
interim testing. The auditor must then consider whether the procedure in place has changed,
and whether the assurance provided decreases as the amount of time since the test of controls
was performed lengthens.
2 Whether it applies to the entire audit period or only a portion of it To evaluate continuity of
controls, tests of controls should demonstrate the effectiveness of the policy or procedure for
the entire audit period.

Interrelationship of evidence
The auditor considers the combined effect of various pieces of evidence concerning a particular
assertion. Included in the consideration is the interaction of the control environment, accounting
system and control procedures and how this affects risk for the assertion. Individual pieces of
evidence that, taken alone, are not sufficient may be sufficient when taken together. Conversely,
evidence that is persuasive taken by itself may be relied upon less if, for example, there is evidence
that the control environment is weak.

388 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
Effect of documentation of controls along the
audit trail
The methods and procedures the auditor uses for tests of controls depend on whether the control
structure procedure leaves a documentary trail of its performance. If there is:
no documentation of controls along the audit trail, this involves inquiries and observation of
accounting personnel and routines to determine how control procedures are performed and,
especially, who performs them. For example, this approach is used to see whether cash is
handled by someone who does not record cash transactions.
a documentary trail, this involves inspection of documents supporting a particular type of
transaction to see whether a control procedure, such as approval or checking, was performed
(by noting signatures or initials) and whether the procedure was performed effectively.
The auditor usually observes the clients personnel and processing routines and makes
corroborative inquiries of appropriate personnel when on the clients premises for other purposes.
The inquiries and observations are done at this time, but the auditor is concerned with operations
in the entire period covered by the financial report. Thus, the auditors inquiries extend beyond the
immediate duties of the personnel being interviewed. The auditor inquires about the employees
understanding of the duties of others; what happens when review and reconciliation procedures
detect errors; who handles the investigation and resolution of errors; and what happens when
employees with key assigned duties are on vacation.
When documentary support of consistent application of a control procedure exists, the
auditor inspects a sample of the documents to see whether they were approved or checked as
prescribed and to see who performed the control procedures.

Documentation of high level controls

For many of the high level controls that are emphasised in todays audit (e.g. an ethical approach
by management) evidence may be indirect. Existence may be covered by the fact that there is a
code of ethics, effectiveness by the fact that the general environment has an ethical feel and
continuity by looking for evidence of breaches of this code over the period of audit.

Q u i c k r e v i e w
1 The auditor must undertake tests of controls to support an assessed level of control risk
at any level less than high. If control risk is assessed as high, no reliance is to be placed
on the particular internal control. If control risk is assessed at some level less than high,
then some evidence is required to support this assessment. The more reliance that is
placed on the particular internal control (the lower the assessment of control risk), the
greater the quantity of evidence through tests of controls that is required.
2 Other factors affecting sufficiency of evidence include:
type and source of evidence;
timeliness of evidence; and
interrelationship with other evidence.
3 The evidence should support both:
design: the internal control structure is suitably designed to prevent and/or detect and
correct material misstatements; and
operation: the internal control structure exists and has operated effectively
throughout the relevant period.

Continued

C H A P T E R 9 Te s t s o f c o n t r o l s 389
 4 Tests of controls directed toward design generally include inquiries of entity personnel,
inspection of documents and reports and observation of the application of specific
internal control structure policies and procedures, including walk-throughs. These tests
often require the preparation of flowcharts or questionnaires if the internal control
structure is complex.
5 Tests of control directed toward operation include inquiries of entity personnel,
inspection of documents and reports indicating performance of the policy or procedure,
observation of the application of the policy or procedure and reperformance of the
policy or procedure by the auditor.

AUDITING CONTROLS OF MAJOR ACTIVITIES

The next two sections of this chapter explain tests of controls for the central activities of most
businessesbuying and selling. Although some of the descriptive terms differ, most businesses
are engaged in acquiring goods or services from vendors or suppliers and providing goods or
services to customers. These activities are usually characterised by a large volume (many relatively
small transactions) and are repetitive and recurrent in nature (transactions of a particular type are
very similar and continuing). For these reasons, the audit approach in these areas often
emphasises tests of controls. When tests of controls are not feasible or efficient, the scope of
substantive tests of transactions or balances for the related account balance has to be expanded.

learning
objective 4
REVENUES, RECEIVABLES AND RECEIPTS
This section is primarily concerned with the controls relating to transactions of merchandise to
customers on credit. The sales accounting system of such an entity is relatively unaffected by
whether the merchandise is acquired from others (retailing or wholesale merchandising) or
produced by converting raw materials to a finished product (manufacturing). Thus, the discussion
applies to most manufacturing and retail entities. Some special considerations that apply to other
industries or other types of revenue-generating transactions are discussed briefly at the end of the
section.
One characteristic of this type of revenue accounting system is that the audit problems tend to
be those related to high-volume clerical processing rather than complex accounting principles.
For example, revenue is typically recognised when merchandise is shipped and recording of sales
and receivables is routine and does not involve complicated issues of revenue recognition. A
relatively large number of clerical staff work in the accounting and operating departments and
there is a fairly standard document flow among operating and accounting departments which can
be confusing to junior auditors.

An overview of functions, documents, inputs

and accounting systems
A narrative of a typical credit sales cycle is outlined below, while a corresponding flowchart is
shown in Figure 9.1. An order entry function is the starting point in the credit sales cycle. In this
function, orders are received, accepted and then translated into shipping and billing instructions.
Order entry may or may not be integrated with the accounting system. The original order may be
a written purchase order mailed in by a customer, or be taken over the phone or through electronic
lodgment by mechanisms such as the Internet. The first document or input by the audit client is
usually a sales order. At this point, a decision needs to be made concerning whether to accept the

390 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 391
C H A P T E R 9 Te s t s o f c o n t r o l s
FIGURE 9.1 Typical credit sales flowchart
Order Entry Credit Department Shipping Department Invoicing Department Accounting Department
Customer Customer Customer
Customer's Invoice
order (internal order order S
sales order) records S
3 2
1 (credit 2
approval) Sales
2
Shipping journal
3 order Enter in
2 sales
Prepare shipping order
and bill of lading journal and
Compare accounts
Bill of Accounts
order with lading receivable
records for 3 master
credit approval file
Bill of
Shipping order lading Reconcile Invoice
documents 1 documents and
variations from 2
Customer prepare sales
customer order 2 invoice
order S
1 3
1 Filed (P) by
2 customer
Invoice
(A)
Bill of lading 1
Filed (P) carriers copy to
by cus- Shipping obtain customer's 2
tomer order signature 3
(A)
1 1
Invoice to
customer
Filed (P) Bill of lading 1
by cus- for customer
tomer
(A) 2 Invoice
3
Filed (P) by
invoice no.
KEY (N)
S = Signed source document
A = Alphabetic filing
P = Permanent file
N = Numeric filing
 order. Specific approval of the credit department may be required; there may be a list of approved
customers determined by the credit department; or credit limits may be established that are
checked by order entry. The availability of the items ordered is also established by checking the
inventory records for the level of inventory items currently on hand.
After an order is accepted, a shipping order is sent to the shipping department and a copy of
the order is maintained in a pending file. The system generates an aged open order report. Usually
this report is used as a record of backlog orders (orders not completed) and a routine review of it
helps to prevent loss of orders. Physical control of the forms used as shipping orders and physical
inspection of shipments for a shipping document help to prevent unauthorised shipments.
The shipping function is an operating department that sends merchandise to customers. When
shipments are made, the shipping department completes a shipping notice. Input of the shipping
notice clears the open order file and initiates the process of invoicing the customer. If a common
carrier is used for shipments, the shipping notice is a copy of a bill of lading (the contract with the
carrier). Any source document that serves the purpose of recording the event of shipment is
normally referred to simply as a shipping document.
The invoicing function is usually the first department involved in the sequence that is part of
the accounting department. The invoicing department is responsible for ensuring that a sales
invoice is sent to bill the customer. Usually, a sales invoice is a multipart form: the original is
mailed to the customer and duplicates are used to notify other departments within the business.
Of primary concern to the auditor is the flow that creates the debit to accounts receivable. The
individual sales invoices are one of the inputs to accounts receivable processing. Sales invoices are
used to update the accounts receivable master file. The invoicing department also compares a
total of bills prepared (a control total of sales invoices). This total is sent to the general ledger
function to become the debit to the accounts receivable control account. The totals sent to the
general ledger function should not go through the accounts receivable function. If this separation
is maintained, a reconciliation of the control account with the total of the accounts receivable
master file can be a key control in the auditors assessment of control risk.
Cash collection is the next step in the cycle and several functions may be involved. A flowchart
of this part of the cycle is contained in Figure 9.2. The first step is opening mail and creating an
initial record of cash received. This function may be performed by a receptionist, although greater
control occurs if two people are present at the mail opening. The important consideration from a
control viewpoint is that this function should be separate from other functions which involve
handling and keeping cash and recording in the accounts receivable master file. The person
responsible for opening the mail creates a prelist of cash receipts, which is simply a list of the
amounts received and from whom they were received, and this is usually used strictly for control
purposes. Mail receipts are usually accompanied by a remittance advice, which is often a tear-off
portion of the sales invoice that is returned by the customer.
The remittance advices and the payments (usually cheques) are sent to the cashier function,
where the cashier prepares the bank deposit slip. The remittance advices are sent to the accounts
receivable function and become the input for posting to the accounts receivable subsidiary ledger.
The total of remittance advices is sent to the general ledger function to update the accounts
receivable control account in the general ledger.
Accounting systems differ substantially in the summarisation steps that take place between
the source document, such as a sales invoice or remittance advice, and the entries to the general
ledger. Computer reports and files are generally titled as they were historically in manual
systemsa sales journal for credit sales and a cash receipts journal for remittances. The systems
usually produce some form of printed report or computer-readable file that includes all daily

392 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
FIGURE 9.2 Typical cash collection flowchart

Mail Opening Accounting

Cheques
received

Prepare
receipt
listing
$

Prelisting with
Prelisting remittance advice
1 when available
2 2
Cash
receipts
journal
Prepare Reconcile prelisting to
bank deposit remittances; enter in cash
slip receipts journal and accounts
$ receivable master file Accounts
receivable
To Bank master
file
Prelisting
Bank
2
validated
deposit slip Use updated
accounts
receivable
Filed (P)
master
by date
file to
Prelisting prepare
customer's
1 statement

Filed (P)
Filed (P) by Customer's Key
by date
customer statement $ = Processing of cash
(A) P = Permanent file
1 A = Alphabetic filing
2 S = Signed source
document

activity. That is, all the transactions entered that day are recorded and retained for back-up and
recovery purposes. The auditor can generally use these daily activity reports or sales journals.
However, in some systems only summary information is retained for more than a short time and
advance arrangements must be made if more detail is required by the auditor.

Adjustments and cost of sales

From a control standpoint, these adjustments are of concern because they are less routine than
sales and collections and require the exercise of some discretion in deciding whether that
adjustment should be allowed. The usual approach is to use a specialised source document, a
credit memorandum or debit memorandum, and to require the approval of responsible
supervisors before processing.

C H A P T E R 9 Te s t s o f c o n t r o l s 393
 The other complication is the relation between sales and cost of sales. Ideally, there
should be a direct correlation between the items of merchandise recorded as sales and the
items recorded as cost of sales. In some accounting systems the recording of sales and cost of
sales are simultaneous, and copies of the shipping document are used as notification both for
billing the customer and for relieving the inventory of the quantity and cost of merchandise
sold. Although this chapter will not discuss in detail the integration of the recording of cost
of sales with the recording of sales, the correlation between sales and cost of sales should
always exist.

Transactions in a revenue, receivables and

receipts system
Usually, the transactions recorded in a revenue, receivables and receipts accounting system are:
credit sales to customers (recognition of revenue, recording of receivable owing);
cash collections from customers (recording that receivable owing is now paid and the cash
received); and
adjustments for return of merchandise, allowances for defective merchandise, and write-offs
or allowances of bad debts.
In addition, the revenue, receivables and receipts cycle includes accounting estimates that
are not exchange transactions but more in the nature of allocations of recorded amounts
among accounting periods that require the judgment of management. Invariably, an estimate
is necessary of customer accounts that will become uncollectable (doubtful debts expense
and provision for doubtful debts). In some cases liability under warranty arrangements has to
be estimated (warranty expense and provision for warranty expense). While, on the basis of
materiality, sales returns and allowances are normally recorded in the period in which they
occur, if the auditor believes that such items are becoming material, an adjusting entry for
expected returns and allowances should be suggested so that they are recorded in the period
of sale.
One of the areas that the strategic business risk audit approach emphasises is that control
systems around routine transactions (such as sales and cash collections) are usually very well
controlled, and well suited to tests of controls. Control systems for non-routine transactions,
such as the return of goods or the estimates of the doubtful debts provisions, are not usually well
developed. Because these non-routine transactions involve managerial discretion rather than
rules (and thus can be more easily manipulated) they will usually receive increased emphasis
from the auditor, although this will be more likely of a substantive testing nature (discussed in
Chapter 10).

Primary control-related features

Specific control procedures are considered later in relation to specific control objectives. However,
at this point it is worthwhile to summarise the primary control-related features of a sales
accounting system.

Segregation of duties
As explained in the overview of sales accounting, the departments or functions in Table 9.2 are
involved in processing transactions and handling assets.

394 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
TABLE 9.2 Operating departments and accounting functions involved in
transaction processing

Operating departments Accounting functions

Sales and order entry Invoicing

Credit approval Accounts receivable master file update
Opening mail General ledger update
Cashier

Ideally, all these functions should be independent. Combining them makes it easier to perpetrate
and conceal errors or irregularities. However, separation of these functions is usually an integral
part of the plan of organisation. In other words, separation can usually be achieved as a by-
product of efficient specialisation of tasks rather than as an overlay on existing processing and
handling of assets. A small business, however, may have too few people in the accounting
department to achieve an adequate separation of accounting functions. The most important
functions to keep separate are those that involve the handling of assets and those that involve the
recording of transactions. This will allow the recording function to act as a check or control and,
via inspection and reconciliation with accounting records, allow for a comparison of the assets
that should be there (as recorded) with the assets that are there. The authorisation of adjustments
to records, such as the issuing of credit notes or the writing off of bad debts, should also be kept
separate from the handling of assets and the recording function. This is done so that the
accounting records cannot be adjusted for items that are misappropriated or lost, and also to aid
the reconciliation process.

Control over source documents and inputs

The source documents created during processing, such as shipping documents, invoices and
credit notes, should be printed on prenumbered forms. Thus, personnel can account for the
sequence independent of processing to help ensure the completeness of processing. Missing or
out-of-sequence numbers may indicate lost or improper transactions. Adequate physical
safeguards are necessary for unused forms and files of forms used in processing.
Often copies of originals of prepared forms are maintained in the originating department.
These files usually serve both control and operating purposes. Table 9.3 provides examples.

TABLE 9.3 Examples of source documents and their maintenance

Department or
function Source document File

Sales and order entry Customer order Customer order file

Accepted sales order or shipping order Open order file (for orders accepted
but not yet shipped)

Shipping Bill of lading or shipping document Bill of lading file

Invoicing Sales invoice Sales invoice file

Opening mail Prelist of cash receipts Prelist file

Cashier Bank pay-in slip Bank records file

C H A P T E R 9 Te s t s o f c o n t r o l s 395
 These files, which are usually maintained in the departments responsible for organisation, are
technically not part of the accounting system. Even though invoicing is usually an accounting
department function, the initial entry in the accounting records is the debit to accounts
receivable. However, the files are used for implementation of control procedures and are part of
the internal control structure, hence they are inspected when applying audit procedures for tests
of controls.

Checks, approvals and reconciliations

The checks, approvals and reconciliations that are added to processing are overlays for
control purposes. For instance, independent approval could be required before each
processing step, each step could be checked for completeness and accuracy by a second
person, and many reconciliations between separate but related records and files could be
made. Review and approval by supervisors at various points are also possible. In general, the
more independent checks, reviews, approvals and reconciliations there are, the greater the
control.
Additional cost is associated with such controls and a balance must be achieved. The checks,
reviews, approvals and reconciliations that are commonly used to achieve specific control
objectives are discussed later in relation to specific tests of controls.

Tests of controls for sales

The exact nature and extent of tests of controls for sales are influenced by the specific control
procedures and the auditors consideration of the most efficient audit strategy. The auditor may,
on the basis of the understanding of the internal control structure, decide that it is more efficient
to apply more extensive substantive tests. In that case, tests of controls for a particular class of
transactions, such as sales, may be omitted. Substantive tests for related balances such as
accounts receivable and the relationship of those tests to tests of controls are discussed in Chapter
10. An auditor who plans to assess control risk at less than high for a particular transaction class
needs to identify specific control procedures that provide a basis for the risk assessment, and
perform tests of controls for those control procedures.

Identifying specific control objectives and procedures

Table 9.4 presents specific control objectives for sales transactions for the type of entity described
in the overview of functions, documents and accounting systems for the sales cycle. Because of the
correlation between sales and cost of sales, it is important to separate the functions of shipping,
invoicing and merchandise (inventory) storekeeping. It can be seen that the list of policies and
procedures outlined in this table covers the procedures outlined in Chapter 8 for determining the
accuracy and reliability of transactions. For example, the first control objective of bona fide
transactions includes policies and procedures for authorisation and approval, occurrence and
reconciliation. The second control objective of all sales shipped being invoiced and properly
recorded includes policies and procedures related to completeness. The third control objective,
relating to invoices having been recorded correctly as to amount and period, includes policies and
procedures related to measurement.
Common control procedures to achieve these specific control objectives are also presented in
Table 9.4. Not all the listed procedures are necessary in every circumstance to achieve the
objective, and other control procedures may achieve the objective.

396 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
TABLE 9.4 Control policies and procedures and tests of controls for sales transactions
Common control policies
Specific control objectives and procedures Tests of controls

All sales recorded are bona Policy of authorisation of Select a sample of sales
fide transactions for credit and terms transactions from sales
merchandise actually shipped Quantities shipped journal (daily activity report),
to customers periodically reconciled to check for appropriate
quantities invoiced authorisation and trace to
independently of shipping shipping document file
and invoicing Inspect reconciliation of
Monthly statements mailed shipments to invoices
to customers Observe mailing of monthly
Signed acknowledgment statements, examine
that goods are received by customer correspondence file
customers and investigate non-cash
credits to accounts receivable

All sales for the period of Shipping documents and Review the accounting for
merchandise shipped are sales invoices prenumbered numerical sequence of
invoiced and properly and sequence accounted for shipping documents and
recorded in accounting Quantities shipped sales invoices or test
records periodically reconciled to numerical sequence
quantities invoiced Inspect reconciliations of
independently of shipping shipments to invoices
and invoicing Select a sample of shipping
Open order file or backlog documents and trace to sales
report reviewed invoices and sales journal.
independently of shipping Inspect indication of
and invoicing supervisory review
Shipments checked for Observe checking of shipments
shipping documents or inspect selected shipments

Invoices have been recorded Approval of invoices Select a sample of

correctly as to amount and independent of preparer, transactions from the sales
period and summarised including recomputation and journal (daily activity report)
correctly comparison of details and apply the following
(quantity, price, terms) to procedures to supporting
supporting documents sales invoices and shipping
Separation of functions of documents:
billing, shipping, accounts trace prices to approved list
receivable and general recompute extensions and
ledger footings
Monthly statements mailed compare details
to customers trace posting to accounts
Authorisation and receivable master file
independent follow-up of Inspect sales invoices
correspondence with selected for indication of
customers approval
Supervisory review and Review customer
approval of summarisation correspondence and
and posting complaint files
Periodic ageing of accounts Inspect indication of
receivable, including supervisory review and
established collection approval
procedures and approval of Foot (add up) sales journal
write-offs of uncollectable (daily activity report) and
accounts trace to general ledger
Continued

C H A P T E R 9 Te s t s o f c o n t r o l s 397
 Common control policies
Specific control objectives and procedures Tests of controls

Inspect ageings and

indications of collection
follow-up and approval of
write offs
Check last sales recorded
before balance date and first
sales recorded after balance
date are recorded in correct
period (cut-off)

Sales are disclosed and Separate accounting in chart As part of testing of sample
classified in accordance with of accounts for related-party of transactions, review
disclosure policies sales account codings on sale
Appropriate account codings documents
on sales documents Inquire about any related-
party transactions. Review
sales journal for
transactions with known
related parties

The auditor needs to consider whether the specific control procedures the client has adopted
provide reasonable assurance of achieving the objective. Reasonable assurance is influenced by
the extent of supervision and the auditors assessment of the control environment. For example,
consider the objective that all merchandise shipped is invoiced. In an entity with a strong control
environment and good supervision of separate shipping and invoicing functions, an independent
reconciliation of quantities shipped to quantities invoiced may be unnecessary for reasonable
assurance of achieving the objective. However, some testing, be it a different control or a
substantive test, is necessary. In another entity, this independent reconciliation may be essential
for reasonable assurance.
The auditor identifies control policies and procedures that permit assessing control risk at less
than high when obtaining an understanding of the internal control structure. The next step is to
plan and conduct audit tests for the particular class of transactions reviewed.

Selecting audit procedures for tests of controls

Typical tests of controls are presented in Table 9.4. The arrangement of audit tests shown there
is often referred to as a design format for tests of controls. In the planning phase the auditor
plans tests, using specific control objectives as a guide. This format helps to ensure that the
auditor has not omitted consideration of the achievement of an important objective.
However, the audit procedures selected need to be rearranged in the most logical sequence,
and duplications need to be eliminated. Since some control procedures and some audit tests
relate to more than one objective, in the design format some audit tests are unavoidably listed
more than once. Sequence is also important: when the auditor selects a sample of documents,
it is efficient to apply all the planned procedures relevant to those documents at that point.
The listing of the procedures to be performed in the order of performance is the preliminary
audit program.
The most logical sequence for audit tests is affected by the nature of the test. The general
categories of tests of controls are listed below, with examples of such tests for sales transactions
being contained in Table 9.4.

398 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 1 Inquiry and observation of segregation of duties and restricted access to assets, documents,
records and online functions (if applicable):
Undertake observation and inquiries concerning the separation of the following
functions:
order entry;
shipping;
invoicing;
accounts receivable master file; and
general ledger.
Observe checking of shipments for shipping documents.
Observe mailing of monthly statements to customers and review customer correspon-
dence and complaint file.
2 Inspection of completed accounting routines and reperformance of one or a few such
routines:
Review the accounting for numerical sequence of shipping documents and sales invoices,
or test numerical sequence.
Inspect reconciliations of quantities shipped to quantities billed.
Inspect reconciliations of accounts receivable master file to control account in general
ledger, and sales journal (daily activity report) to accounts receivable master file.
Inspect periodic ageings of accounts receivable.
Inspect indication of supervisory review of footing and posting of sales journal (daily
activity report) to general ledger, and foot and trace a few postings.
3 Inspection of documents for indication of the performance of a checking routine or approval
and reperformance to establish effectiveness:
Select a sample of shipping documents from the shipping document file and trace to sales
invoices or sales journal (daily activity report).
Select a sample of sales transactions from the sales journal (daily activity report), obtain the
supporting documents and:
inspect sales order for approval of credit and terms;
compare details (customer, descriptions, quantities and prices) of sales order, shipping
document and sales invoice;
trace prices on sales invoice to approved price list or other indication of approval;
recompute extensions and footings on sales invoices; and
inspect sales invoices for indication of checking.

Tests of controls for cash receipts

The specific control objectives for cash receipts and examples of common control policies and
procedures and tests of controls are summarised in Table 9.5 (overleaf). In general, the concepts
discussed for sales transactionsidentifying control policies and procedures that achieve specific
control objectives and selecting audit procedures for tests of controls and substantive testsalso
apply to cash receipts transactions. This discussion concentrates on matters that might be
misunderstood without further explanation.
Notice that some control procedures for sales transactions, such as sending monthly
statements to customers, contribute to the achievement of specific control objectives for cash
receipts. Tests of these control procedures are performed either in testing sales transactions or in
testing cash receipts; they are not duplicated.

.
C H A P T E R 9 Te s t s o f c o n t r o l s 399
 TABLE 9.5 Control policies and procedures and tests of control for cash receipts
transactions

Common control policies

Specific control objectives and procedures Tests of controls

Recorded cash receipts are Cash receipts matched to Select a sample of entries in
for collection of receivables specific sales invoices in cash receipts journal and
from customers posting to accounts trace to remittance advices or
receivable master file sales invoices

All cash receipts are recorded Opening of mail and Observe opening of mail and
and deposited prelisting of cash receipts preparation of deposits
independently of cashier, Select a sample of remittance
accounts receivable master advices or items on prelist
file and general ledger and trace deposits on bank
Policy of depositing cash statement and recorded cash
receipts each day receipts
Comparison of deposit slips, Review the prelist forms for
prelists and posting from numerical sequence
cash receipts journal (daily Observe mailing of monthly
activity report) independent statements, examine
of cashier, accounts receiv- customer correspondence
able master file, general and complaints and
ledger and mail opening investigate non-cash credits
Prelist forms prenumbered to accounts receivable
and sequence accounted for
Monthly statements mailed
to customers

Cash receipts have been Cash handling (receipt and Select a sample of remittance
recorded correctly as to deposit) independent of advices for associated entries
account, amount and period accounting functions and in the cash receipts journal,
authorised cheque signing ensure discounts are
Authorisation of remittance appropriately authorised,
invoices for discounts and trace to accounts
Restrictive endorsement on receivable subsidiary ledger
cheques received Foot cash receipts journal
Supervisory review and (daily activity report) and
approval of posting to trace to general ledger
general ledger posting
Monthly statements mailed Inspect posting for indication
to customers of supervisory review and
All bank accounts are approval
reconciled promptly with Inspect client reconciliations
cash records independent of and reperform one or a few
cash handling, accounts reconciliations
receivable master file and Consider reasonableness of
general ledger reconciling items and
Review of reconciling items explanations of such items
and approval of bank
reconciliations

Potential misstatements
Generally, the types of misstatements that may occur in an accounting system are classified as:
clerical mistakes (omissions, misclassifications or miscalculations);
employee fraud;

400 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 misapplied accounting principles; and
management fraud.

Clerical mistakes
At each step in processing it is possible for transactions to be lost or for unauthorised or duplicate
transactions to be inadvertently added. If computations, such as extensions or summarisations,
are made in processing they can be done incorrectly.

Employee fraud
Many clerical mistakes can be made intentionally to conceal employee fraud. For employee fraud
to occur, the employee must have access to cash or other negotiable assets: either by handling the
asset, for instance having access to cash receipts (including cheques); by being an authorised
cheque signatory; or by being in a position to intercept signed cheques. However,
misappropriating the asset is only part of the problem. If the misappropriation is to be concealed
to avoid detection, the accounting records must be brought into agreement with the physical
asset. Concealment may take place before or after the misappropriation, as long as it occurs before
the accounting records are reconciled with the asset count.
One of the difficulties of concealing misappropriation of assets in a double-entry accounting
system is that credits achieve the concealment, but the problem is where to put the related debits.
For example, if cash is misappropriated, a fraudulent credit entry to cash can be made to bring the
cash account into agreement with cash in the bank. However, the debit half of the fraudulent entry
needs to be concealed in the accounting records. Accounts receivable is a possible storehouse for
concealing debits because it has a normal debit balance and often there are many individual
customer accounts. This is one of the reasons that audit procedures and control procedures
emphasise ensuring the existence of recorded accounts receivable.
A type of employee fraud associated with accounts receivable is called lapping. An employee
misappropriates cash received from a customer and covers the shortage the next day by using
receipts from another customer. Continued concealment requires continually delaying the
recording of credits to different customers accounts so that the receipts may be credited to
accounts affected by the initial misappropriation. To perpetrate this fraud, an employee must have
access to cash receipts and be able to make entries to the accounting records for both cash and
accounts receivable.

Misapplied accounting principles

As mentioned previously, when sale, delivery and collection occur within a relatively short period,
complex revenue recognition issues do not arise. When an extended period is required for sale
(real estate), delivery (construction contracting) or collection (instalment sales), the accounting
principles for revenue recognition are more often misapplied.
On the other hand, accounting estimates almost invariably create a risk of misapplication of
accounting principles. Accounts receivable should be stated at net realisable value. Failure to
identify promptly and provide an adequate allowance for uncollectible accounts may arise from
extending credit without control, poorly controlled billing practices or insufficient management
monitoring of the ageing and collection follow-up. Even if these areas are well controlled,
unanticipated changes in economic conditions or customer mix may cause a misstatement of
doubtful debts expense and the allowance. Other accounting estimates that may be misstated for
similar reasons include unissued credits for sales returns and allowances for warranty expenses.

C H A P T E R 9 Te s t s o f c o n t r o l s 401
 Management fraud
A management motivated to inflate net profit may engage in fictitious sales transactions. This risk
is more likely to be an audit problem in industries where revenue results from a relatively few large
transactions, such as real estate. The possibility of this type of fraud is the primary reason that
auditors assess inherent risk to identify circumstances that might predispose management to
make material misrepresentations. The audit procedures applied include:
scanning the accounting records for large or unusual transactions, particularly those recorded
late in the period;
identifying related parties and considering whether material transactions may involve parties
with an undisclosed relationship; and
making analytical tests to identify revenue or gross profit changes that are seriously
disproportionate to changes in the level or volume of activity.
Accounting estimates are also susceptible to management bias, which may range from
exaggerated optimism to outright misrepresentation. Generally, accounting estimates affect the
presentation of sales and receivables at net realisable amounts, but in industries using long-term
contracts, accounting estimates, such as percentage of completion, may affect revenue recognition.
In industries with a relatively large number of small-revenue transactions, the inherent risk of
recording fictitious sales and receivables is reduced but not eliminated. If management engages in
this type of deception to achieve an increase in earnings, it is usually necessary to reduce the
receivables in the next period by non-cash credits, such as sales returns and allowances, or by
writing off accounts as uncollectible.

Q u i c k r e v i e w
1 The revenue, receivables and receipts section is usually characterised by large volume and
repetitive transactions. For these reasons the audit approach often emphasises tests of
controls, with anticipated testing of control procedures providing the evidence to
support the earlier assessment of control risk at less than high.
2 The auditor should test both the design and operation of the internal control. The
auditor tests design by obtaining audit evidence that the internal control structure is
suitably designed to prevent and/or detect material misstatements. The aspects of major
interest to the auditor when undertaking tests of controls to gather evidence about the
operations of the internal control structure are the:
existence;
effectiveness; and
continuity
of the controls.
3 The common evidence-gathering procedures for tests of controls can be categorised
under:
inquiry and observation of segregation of duties and restricted access to assets;
inspection and reperformance of completed accounting routines;
inspection of a sample of shipping documents and sales transactions.

learning
objective 5
EXPENDITURES, PAYABLES AND DISBURSEMENTS
Conceptually, the expenditures cycle includes all exchange transactions in which assets or services
used in operating the business are acquired for cash or on credit. However, because of the diversity
of the buying activities of most entities, auditors often organise the audit approach by transaction

402 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
type (e.g. purchases from trade creditors, other purchases, payroll) within the expenditures
transaction class. This is one of several differences from the sales cycle, which is discussed in more
detail in the next section.

Differences from the sales cycle

The differences between the normal audit approach to the expenditures cycle and the approach
to the sales cycle are influenced by differences between the transaction types within each cycle
and matters related to audit efficiency.

Focus on type of transaction

The acquisition of assets and services, and payments for them, encompass many types of
transactions. For example, auditors often distinguish the following categories:
payroll costs, including salaries, wages and related benefits for production, service, selling or
administration;
property and equipment;
purchase of goods and services for inventory (production or merchandising);
income taxes;
selling and administrative expenses; and
miscellaneous expenses paid from petty cash.
Control risk assessments for specific control procedures are made separately for each type of
transaction. The central focus of the discussion of the expenditures cycle in this chapter is on
purchases of goods and services for inventory. The acquisition and payment of selling and
administrative expenses are similar to purchases of goods and services for inventory, and the
minor variations in controls and audit tests for these expenditure transactions are explained later
in this section. Payroll is largely a stand-alone accounting application, and some of the basic
features of controls tests for payroll are explained later in this section, along with controls tests for
petty cash disbursements (an inconsequential area in most audits).
The acquisition of property and equipment and payments for income taxes are discussed in
Chapter 10 because a substantive audit approach aimed at verifying the related account balances
is normally used for these items.

Concurrent testing of disbursements and acquisitions

Primarily for reasons of audit efficiency, the normal audit approach is to test concurrently the
items acquired and the related cash disbursement. For example, the auditor selects a sample of
cash disbursements for selling or administrative expense items and applies audit procedures to
the documents supporting acquisition of the goods or services. In contrast, the audit tests in the
sales cycle are normally applied separately to sales and cash receipts.

Increased concern with classification of debits

Another distinguishing feature of transactions in the expenditures cycle compared to the sales
cycle is the significantly greater number of account balances. For example, administrative
expenses include office supplies, rent, legal and audit fees, property taxes and insurance. Selling
expenses include advertising, commissions, travel and entertainment and freight out. For a
manufacturing entity, purchases of goods or services for inventory include raw materials purchases
and overhead expenses, such as supplies, electricity, repairs and maintenance and freight in.

C H A P T E R 9 Te s t s o f c o n t r o l s 403
 The greater number of account balances causes an increased concern with the proper classi-
fication of the debit when a liability is incurred or a cash disbursement made. The auditor is
concerned with proper classification in testing sales transactions also, but the relative risk of
misclassification is much greater for the expenditures cycle. Sales accounting systems are
generally designed to process credit sales to customers. The risk of another type of transaction,
such as disposition of manufacturing equipment or marketable securities, being recorded as a sale
in the ordinary course of business is usually relatively low. In contrast, the account classification
of an expenditure is far more susceptible to error.

Differences between accounts payable and accounts

receivable
In the sales cycle the account of primary concern in the statement of financial position is accounts
receivable. In the expenditures cycle it is accounts payable. Except for the obvious point that one
is an asset and the other a liability, the account balances are in some respects similar. Accounts
receivable represents uncollected sales invoices; accounts payable represents unpaid suppliers
invoices. However, important differences between the perspective of the clients management and
that of the auditor have auditing implications.
Generally, processing of accounts payable is influenced more by cash management concerns
than is processing of accounts receivable. An entity can only encourage prompt collections, but,
within limits, it can control precisely the timing of disbursements. Often, the system for
processing accounts payable is designed primarily to facilitate the timing of the payment of
individual supplier invoices on the most advantageous basis, such as realising discounts, and
there is less concern with the accuracy and completeness of recording the obligation to each
supplier or in total.
From the auditors perspective, the primary difference from accounts receivable is the focus on
detecting understatement of accounts payable. Many auditors emphasise detection of
understatement because of risk considerations. They argue that an overstatement of net assets
caused by understating liabilities is far more likely to result in litigation than an understatement
of net assets. Also, the inherent risk for accounts payable is one of understatement because of the
emphasis on timing of the payment of individual invoices, explained earlier, and the apparent
improvement in financial performance and position that can be achieved by omitting liabilities.

Functions, documents, inputs and accounting

systems
This section explains the functions, documents, inputs and accounting systems for purchases of
inventory items. In a manufacturing entity this includes raw materials and overhead expenses. In
a merchandising entity it includes goods acquired for resale and related acquisition costs.

An overview of functions, documents, inputs and

accounting systems
A narrative of a purchases and cash payments system is contained below, while a corresponding
flowchart is contained in Figure 9.3 (p. 406). A purchase requisition is the starting point for this
category of transactions in the expenditure cycle. It is a formal request from an operating department
for raw materials or merchandise, or goods or services used in production. For example, automatic
reorder points may be established for various inventory items that trigger a computerised request.

404 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 The purchase requisition is sent to the purchasing department. As far as possible, it is desirable
for acquisition of goods and services to be handled by a centralised purchasing function. This
permits centralised review of requisitions for compliance with established policy and sound
practices such as obtaining competitive bids. The purchasing department prepares a purchase order
and sends it to the supplier of the goods or services. The order is processed through the suppliers
sales accounting system and the result is shipment and billing or delivery of service and billing.
Goods received are accepted by a receiving department. The receiving department inspects
and counts the goods before determining whether to accept them. To evaluate whether the goods
conform to the specifications ordered, the receiving department is sent a copy of the purchase
order. The receiving department prepares a receiving report and forwards notification copies to the
purchasing department and the accounting department. The accepting of the goods is a very
important stage because at this point the entity incurs a liability for payment.
Within the accounting department, the accounts payable function receives suppliers invoices.
Services, such as electricity or insurance, are received directly by operating departments rather than
through the receiving department. The usual approach is to send invoices for such services to
supervisors in operating departments or to company officers, who approve the invoices and
acknowledge receipt of the service. They are one of the inputs that enable the processing of accounts
payable. Suppliers invoices are used to update the accounts payable master file. The system records
and summarises the days invoices in a purchases journal, which is a daily activity report.
To help ensure that disbursements are made only for goods or services that are authorised and
received, a specialised source document designed for control purposes is often used. This source
document, called a voucher, is simply a cover sheet or large envelope for collecting the source
documents that support disbursements. A type of expenditures accounting system, explained in
the next section, is called a voucher system. However, vouchers may be used in several types of
expenditures accounting systems. The account distribution (classification of debits) is normally
indicated on the voucher.
The cash disbursements function assembles the supporting documents for disbursements
(suppliers invoices, receiving reports and purchase orders). This is called putting together the
voucher package.
Most entities take all reasonable precautions possible to prevent unauthorised disbursements.
It is important to use prenumbered cheques, to protect unissued cheques and to account for the
numerical sequence of issued and unissued cheques. This includes defacing and retaining voided
cheques. Segregation of duties is also extremely important. In this respect, a distinction should be
made between preparing cheques for signature and actually signing cheques.
Personnel responsible for preparing cheques for signature should not be in a position to
initiate purchase requisitions or other requests for disbursement, or to prepare receiving reports.
Individuals with authority to sign cheques should be separated from the accounting function of
recording accounts payable and the general ledger. Usually an entity officer or another
responsible supervisor is responsible for signing cheques. For disbursements above a specified
amount, a co-signature may be required. Many entities use a cheque-signing machine because of
the large volume of cheques. The machine or its removable signature plates should be protected
and kept under the control of authorised cheque signers.
The scheduling of payments to suppliers and other creditors is an important part of cash
management. The computer may generate a report for manual identification of items to be
paid, or items may be selected for payment by computer. The output of computer selection may
be a report of the details necessary for manual review and approval, or may be cheques ready
for signature.

C H A P T E R 9 Te s t s o f c o n t r o l s 405
 FIGURE 9.3 Typical purchases and cash payments flowchart (voucher system)

Production Department

Purchase Accounts
requisition Receiving Payable Cash Payments
Department Department Department

Purchase order Purchase order Cheque with

Approved
(often with (with supporting
Purchasing vendor
quantity quantity) 4 documentation
Department file
omitted) 3

Purchase
order 1
2 Receiving
3 Review
4 Compare report 2
supporting
description of documentation
goods received and sign cheques
with purchase as deemed
Filed by (P) order Suppliers appropriate
vendor or invoice 1
date (A
or D)
Receiving Cheques to
report: quality vendors (S)
and quantity Match these
of goods documents
received 1 2 and prepare
voucher
package Supporting
documentation is
to be cancelled
Receiving and then filed
report 1 Voucher package
(checked by clerk
To
with control steps
Vendor
performed) Filed (P) by
Filed by (P) voucher
vendor or number
date (A (N)
or D)
Enter vouchers
into voucher
register

Prepare cheque Voucher

(net of returns, register
allowances, or
disbursements)

KEY
P = Permanent file
A = Alphabetic filing Update Cheque
N = Numeric filing cheque register
D = Filing by date register
S = Signed source document

Authorised cheque signatories should have evidence at the time of signing the cheque that
disbursement is appropriate. The cheque signatory should review the supporting documents
(suppliers invoice, receiving report and purchase order), inspect indication of prior checking and
assembly of supporting documents and indicate supervisory approval. Supporting documents
should be cancelled so they cannot be re-used to support another disbursement. Often, the

406 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
cheque number and date are written on the supporting documents for this purpose, but
additional alteration, such as cancellation by a PAID stamp, is desirable. The cheque should be
mailed directly to the payee without being returned to personnel who process disbursements.
The information for the individual cheques is generally the basis for recording in the cash
payments or cash disbursements journal. The details from the cash payments journal are used to
update the accounts payable master file and totals are posted to the general ledger accounts
(accounts payable control and cash). A daily activity report of cash payments is usually generated
as part of the updating of the accounts payable master file.

Voucher systems and other variations

A voucher system is designed to improve control over disbursements by establishing a sequential
prenumbered record of suppliers invoices and to improve efficiency by eliminating inessential
record keeping and facilitating timing of payments. A voucher number has to be issued as the sup-
pliers invoices are prenumbered for the suppliers system, and the sequence of suppliers invoices
cannot be accounted for by the purchaser. It is difficult to obtain control over some suppliers
invoices because there are no authorising documents associated with the service. For example, there
is no receiving report for electricity accounts. The electricity account is sent to an operating
department for approval and entered directly as a cash payment after the invoice is approved. Using
this approach, the transaction does not enter the accounting system until cash is disbursed.
Using a voucher system, the traditional books of original entry and accounts payable master
file are changed as follows:
voucher register replaces the purchases journal and accounts payable master file; and
cheque register replaces the cash payments journal.
The record-keeping sequence is as follows. All suppliers invoices are assigned to a
prenumbered source document, a voucher, on receipt. The voucher is input into the voucher
register file and sorted by due date. Vouchers are approved for payment on the basis of supporting
documents (suppliers invoice, receiving report, purchase order) collected in the voucher package.
A cheque is prepared and recorded in the cheque register and the voucher register is updated to
indicate payment. Paid vouchers are marked and stored in a paid voucher file by voucher number.
Posting from the cheque register and voucher register to the general ledger is done at the end
of the accounting period when the financial report is prepared. Usually this is done monthly but
is less frequent in many small businesses. The distribution of the debits to expense and asset
accounts is originally recorded in the voucher register and often also on the voucher. In summary
form, the entry is:

Dr (Expense or asset accounts) $ (Total)

Cr Cash $ (Paid vouchers)
Cr Accounts payable $ (Unpaid vouchers)

Notice that the determination of the accounts payable liability is based on the preparation of a
schedule of unpaid vouchers. There is no accounts payable master file with balances owed to each
supplier. This makes it difficult to reconcile suppliers statements (monthly statements mailed to
customers by suppliers, showing the balance owed) with the entitys records. However, within the
entitys accounting system there should be an independent reconciliation of the following:
1 total of the schedule of unpaid vouchers;
2 the accounts payable balance of the general ledger; and
3 total of vouchers in the unpaid vouchers file.

C H A P T E R 9 Te s t s o f c o n t r o l s 407
 Adjustments and inventory
The processing of accounts payable has additional complicating factors that are similar to those for
the processing of accounts receivable. In addition to the credits to accounts payable for purchases and
debits for cash disbursements, there are adjustments for such things as returns to suppliers of goods
that do not meet purchase order specifications. Controls and processing for those adjustments are
similar to those for sales accounting. Prenumbered debit memoranda are used and supervisory
approval is required before processing. Also, memoranda issued can be matched with shipping reports
for goods returned and the corresponding credit memoranda (credit notes) received from suppliers.
In an expenditures system, the receiving reports for raw materials or merchandise are the input
for updating inventory records. Perpetual inventory records are a running total of inventory items
on hand and they may be maintained in quantities only or in both quantities and dollars.
Perpetual records in dollars are integrated with sales accounting systems. However, personnel
responsible for inventory storekeeping should be separated from purchasing, receiving and
accounting. Audit considerations for inventory are further discussed in Chapter 10.

Primary control-related features

The primary control-related features of the expenditures cycle are concerned with: segregation of
duties; control over source documents; and checks, approvals and reconciliations.
Segregation of duties The basic separations that should be incorporated in the plan of
organisation are the purchasing, receiving, storekeeping, access to cash (cheque-signing) and
accounting functions. Within the accounting department, responsibility for the accounts
payable master file should be separated from the general ledger function. In a voucher system,
voucher preparation should be separated from voucher approval. Finally, any reconciliations
should be made independently of the other functions.
Control over source documents The source documents used in accounts payable processing
purchase orders, receiving reports, vouchers and chequesshould be prenumbered and the
sequence should be accounted for. The periodic accounting for cheques should include both
used and unused cheques, and they should be compared with recorded cash disbursements.
Unused documents should be maintained in a secure location such as a safe.
Checks,approvals and reconciliations In general, the more checks and approvals at each process-
ing step, the more effective the control. In an expenditures system, two very important controls are
the comparison of supporting documents (purchase order, receiving report, suppliers invoice) and
recomputation of the suppliers invoice, both of which should be made before approval for
payment. Reconciliations of physical holdings of assets to accounting records, or between differing
accounting records, are also important but vary with the type of accounting system.

Tests of controls for purchases for inventory

Conceptually, the approach to tests of controls for purchases of goods or services for inventory is
similar to that for testing controls in the sales system. The auditor needs to consider whether the
specific control procedures that the client follows provide reasonable assurance of achieving the
specific control objectives.
The specific control objectives for purchases of goods or services for inventory and examples of
common control procedures and tests of controls are summarised in Table 9.6. The arrangement
and approach to listing audit procedures is, as explained earlier, referred to as a design format. The
auditor needs to eliminate duplications and reorder the procedures into a logical and efficient
sequence. It can be seen that the list of policies and procedures outlined in this table covers the

408 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
procedures outlined in Chapter 8 for determining the accuracy and reliability of transactions. For
example, the first control objective of bona fide transactions includes policies and procedures
related to authorisation and approval, occurrence and reconciliation. The second control objective
of all purchases received being properly recorded includes policies and procedures related to
completeness. The third control objective relating to purchases being recorded correctly as to
amount and period includes policies and procedures related to measurement.

TABLE 9.6 Control policies and procedures and audit tests for purchases of
inventory transactions

Common control policies

Specific control objectives and procedures Tests of controls

All recorded purchases are Goods received are counted, Select a sample of order
bona fide transactions in that inspected and compared to entries in purchases journal,
they relate to goods or purchase order before trace back to vouchers and
services authorised or acceptance inspect for existence of
received Services received are supporting document
acknowledged in writing including receiving report,
Comparison of purchase ensuring agreement of
order, receiving report and details, indication of
suppliers invoice and recom- approval
putation of suppliers invoice Observe and inquire about
before recording liability receiving procedures

All purchases for the period Suppliers invoices numbered Review the accounting for
of inventory received are using an invoice register or numerical sequence by
recorded prenumbered vouchers and inspecting the invoice
the sequence accounted for register or voucher register
Suppliers invoices matched Review reports of unmatched
to receiving reports and items and inquire about
unmatched items investigated disposition
Receiving reports Review the accounting for
prenumbered and the numerical sequence of
sequence accounted for receiving reports, select a
sample and trace to purchases
journal or voucher register

Purchases of goods or Established procedures for For the sample of vouchers

services for inventory are review of voucher and selected, review for correct
recorded correctly as to account distribution (expense classification and accounting
account, amount and period, classification) before period and indication of
and summarised correctly recording and also for review review and approval
of summarisation and Foot voucher register file (or
posting purchases journal) and trace
to general ledger (or
accounts payable master file)
and inspect supervisory
review and approval of
summarisation and posting

Purchases are disclosed and Procedures to ensure Check the review of account
classified in accordance with appropriate account coding coding on purchase
disclosure policies on purchases documents documents, and appropriate
Separate accounts in Chart of authorisation
Accounts for purchases from
related parties, and possibly
additional authorisation for
related-party transactions

C H A P T E R 9 Te s t s o f c o n t r o l s 409
 Tests of controls for cash disbursements
The specific control objectives for cash disbursements and examples of common control policies
and procedures and tests of controls are summarised in Table 9.7. For tests that involve inspection
of documents, audit sampling is used. The appropriate sample size of the number of documents
to inspect can be determined in accordance with the procedures outlined in Chapter 11.

TABLE 9.7 Control policies and procedures and audit tests for cash disbursements
transactions

Common control policies

Specific control objectives and procedures Tests of controls
Recorded cash disbursements Cheques printed or prepared Select a sample of cash
are for goods or services only when receipt of goods disbursement transactions
authorised and received or services and approval are from cash payments journal
documented (e.g. supporting and inspect supporting
documents compared, documentation for indication
recomputed and voucher of checking, review and
approved) approval, and reperform
Cheques signed only after checking
viewing supporting documen- Observe and inquire about
tation and prior approval cheque preparation and
Cheque signing independent signing and protection of
of initiating or approving unissued cheques
purchases, cheque preparation For the sample of cash
and accounting functions disbursement transactions
Co-signature required for inspect supporting
disbursements above a documents for cancellation,
specified amount and cheque number and
advance signing prohibited endorsement
Supporting documentation Observe and inquire about
cancelled and reference to cheque signing and mailing
cheque number and protection of unissued
Signed cheques mailed cheques
directly to payees
All cash disbursements are Cheques prenumbered and Observe and inquire about
recorded the sequence accounted for preparation of bank
Unissued cheques protected reconciliation and reperform
and the sequence accounted one or a few, including
for numerical sequence testing
Voided cheques defaced and and tracing presented
retained cheques listed on bank
Presented cheques listed on statement
bank statement compared to Observe and inquire about
cash payment records (The cheque signing, including
above control procedures are protective measures for
usually done as part of the unissued cheques and
bank reconciliation) cheque-signing devices

Cash disbursements are Cheques signatory reviews For the sample of cash
recorded correctly as to account distribution (expense disbursements transactions
account, amount and period classification) selected to test that recorded
Bank transfers (both deposits cash disbursements are for
and withdrawals) reviewed goods or services authorised
for recording in proper period and received compare
Summarisation and posting amount, payee and date with
of cash disbursement records cash payment record
reviewed and approved

410 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 Common control policies
Specific control objectives and procedures Tests of controls

Consider whether issued

cheques cleared the bank
within a reasonable period
after recording and were
treated properly in bank
reconciliation
Foot the cash payments
journal or cheque register
and trace to general ledger
and bank statement

Potential misstatements
One goal of developing specific control objectives as a basis for designing tests of controls is to
avoid the need for memorisation of long lists of control procedures or misstatements that can
occur. However, auditors should be aware of the following types of irregularities that may occur in
the expenditures cycle:
Classic disbursements fraud The classic pattern for employee fraud in the disbursements area
involves the preparation of fraudulent supporting documents that are used to obtain an autho-
rised cheque. Because this fraud requires careful planning the deception is often elaborate. Some
frauds of this type have included the opening of post office boxes and bank accounts in the names
of fictitious entities. Clever frauds may be difficult for internal auditors or independent auditors to
detect as long as the perpetrator is not too greedy. The listing of approved suppliers, and checking
this list, becomes an important control. If the discrepancy between goods or services received and
goods or services paid for becomes too great, accountability tests may disclose the fraud. This
fraud is one of the reasons that auditors investigate unusual or unfamiliar names of suppliers.
Kickbacks Personnel responsible for purchasing may enter into arrangements with suppliers
to receive kickbacks on goods or services purchased from them. Since collusion is involved, it
could be argued that auditors have no responsibility to detect kickbacks. However, when
competitive bidding practices are not followed, many auditors compare unit prices on items of
the same type acquired from different suppliers in order to consider the possibility of a
kickback scheme.
Illegal acts The auditors responsibility with respect to illegal acts is explained in Chapter 4.
Questionable transactions that may indicate bribery or other illegal payments are most likely to
come to the auditors attention in the examination of disbursement transactions. The most likely
transaction type is selling or administrative expense. For example, a sales commission may be a
bribe to obtain business. As explained in Chapter 4, the auditor does not undertake audit
procedures specifically to detect illegal acts but remains aware of the possibility of such acts.
Unauthorised executive perks The personal use of business assets is inappropriate unless the
use is authorised and appropriately considered as part of executive compensation. For public
companies, the Australian Stock Exchange requires disclosure of management remuneration.
For private companies and other entities, the auditor may still be concerned with such practices
because they affect the tax return preparation responsibilities and liability for fringe benefits tax.
Kiting The term kiting is used to describe the practice of inflating the cash balance by using the
fact that cash which is recorded as a deposit on one day may not be considered withdrawn from
another bank account until the next banking day. Cash is transferred from one bank account to

C H A P T E R 9 Te s t s o f c o n t r o l s 411
 another and the cash receipt (deposit) is recorded in the period under audit, but the
disbursement (withdrawal) is not recorded until the following period. During this period, the
money transferred appears to be in both bank balances. This device may be used by an employee
to conceal a cash shortage or by management to improve the entitys financial position.

Q u i c k r e v i e w
1 The expenditures, payables and disbursements section is usually characterised by large-
volume and repetitive transactions. For these reasons the audit approach often
emphasises tests of controls.
2 From the auditors perspective, the primary difference between accounts receivable (and
associated cash receipts) and accounts payable (and associated cash payments) is
generally that the auditor is more concerned with detecting overstatement of accounts
receivable and understatement of accounts payable.
3 As completeness of accounts payable and cash payments is a concern, a voucher system
is commonly implemented to establish a sequential prenumbered record for payments
and payables.
4 The numerical sequencing and accounting for receiving reports are also an important
control for completeness because on the acceptance of the goods a liability is established
for the entity.

learning
objective 6
VARIATIONS FOR OTHER TYPES OF EXPENDITURE
TRANSACTIONS, INCLUDING CONTRACTUAL
TRANSACTIONS
The following discussion explains the primary variations in the nature of control policies and
procedures and audit tests for some other categories of types of expenditure transactions.

Selling and administrative expenses

The processing and related control policies and procedures for selling and administrative
expenses are similar to those for purchases for inventory. The primary difference is a greater
emphasis on budgetary control of selling and administrative expenses. Review and approval of
budgets and obtaining satisfactory explanation of variances are important. For some expenses,
such as travel and entertainment, a well-defined expense reimbursement policy is important. The
auditor needs to understand the business purpose of selling and administrative expense
transactions examined, and should review supporting documentation, such as expense reports for
appropriate approval.

Petty cash disbursements

The expenses paid out of petty cash are usually so insignificant (immaterial) to the business as a
whole that the auditor applies no tests. However, the primary control procedure is an imprest
fund. The total of cash on hand and the documentation of expenses paid out of the fund should
always equal a pre-established control total. When the fund is reimbursed, someone other than
the custodian counts the cash and documents. If audit procedures are applied, the auditor counts
the fund in the custodians presence and examines the supporting documents for disbursements
out of the fund for propriety and reasonableness.

412 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
Payroll
Effective analytical procedures are often possible for payroll, due to the fact that periodic payrolls
(weekly, fortnightly or monthly) can be compared and analysed for explanation of fluctuations. In
undertaking such comparisons the auditor would have to establish that the base payroll to which
other payrolls are compared is appropriate. This may be achieved by undertaking tests of controls.
Important control procedures for payroll include segregation of the following duties:
approval of hiring and firing and determination of pay rates (personnel or senior management);
approval of time worked (supervisor);
payroll preparation;
payroll distribution; and
where cheques are not paid into a nominated bank account, custody of unclaimed pay cheques.
Instead of maintaining a separate large payroll department, many organisations engage a
service entity to perform their payroll function. The audit implications arising from the use of such
a service entity are contained in AUS 404 (ISA 402) (Considerations), Audit Implications Relating
to Entities Using a Service Entity (Organisation), and are discussed in Chapter 17.
The primary misstatements that may occur are a padded payroll (fictitious employees) and
misappropriation of unclaimed pay cheques. Generally, employees can be relied on to detect
errors of understatement. Audit procedures for payrolls are similar to those for other expenditures,
but the terms for source documents differ. For example, time cards may be used instead of
vendors invoices. The auditor is concerned with assessing the validity and accuracy of pay rates
and time worked. The personnel department should be separated from other payroll-related
functions, and payroll data can be compared to personnel records. On the disbursement side, an
important control is comparison of net payroll with payroll cheques issued. Identification of
employees on the payroll, once a common audit procedure, is now used only when there is a
serious risk of fictitious employees on the payroll. Also, many employers, rather than distributing
pay cheques, pay directly into an employees nominated bank account.
Payroll is characterised by enterprise and industrial agreements and various state and federal
awards. These contracts and agreements often specify the kinds of service to be performed by the
employee and the compensation to be paid, as well as the pay period. The compensation may be
in the form of cash each payday; it may, in addition, include bonuses at year-end and
contributions toward superannuation. Generally, all these specifications are spelled out in the
award or contract, which should be known by the auditor.
If the auditor finds that tests of controls are necessary, the following may be undertaken.
The main controls for which the auditor is seeking evidence are the authorisation of time
worked (by supervisors) and the approval of pay rates (by personnel department). The documents
to be examined relative to payroll are time cards for those employees who must use them, as well
as personnel department records to establish wage or salary rates and to make sure that the
employees names and rates correspond to those on time cards. Main sources of information are
the applicable industrial awards for correctness of rates of pay, and the board of directors minutes
authorising executive salary rates and/or bonuses and commissions.
Under the provisions of the Australian taxation system, employees may claim the general
exemption from tax on the first portion of their taxable income, and have any dependant or other
rebates reflected in the tax instalments deducted from their earnings. To do so, they must lodge an
Income Tax Instalment Declaration with their employer. These forms should be examined, as should
employee authorisations for deductions such as medical fund contributions, superannuation
contributions and union fees.

C H A P T E R 9 Te s t s o f c o n t r o l s 413
 Retracing data processing
Data found in original personnel records, industrial awards and minutes of the board of directors
meetings are traced to time cards and time reports. In addition, the proper percentages for required
deductions from payroll amounts are traced to journal entries and ledger accounts. The total
amounts of payrolls are traced through the journals to the appropriate ledger accounts. The auditor
also traces amounts under superannuation plans to the appropriate journals and ledger accounts.
There are many deductions from an employees wage or salary for such things as medical funds
and union fees. Normally awards or laws that ought to be known to the auditor can substantiate
these items. Therefore, the audit of these items usually consists of recomputation, using the
appropriate percentages or amounts and tracing to the appropriate ledger accounts.

Interest payments
The audit of interest is generally easy. The auditor merely finds the contracts, the interest rate and
the time the particular instrument has been outstanding during the fiscal period under audit and
determines the total interest expense. A comparison is then made with the entries, both payment
and accrual, made by the client and any discrepancy is reconciled. Thus, interest is almost totally
determined by the contract under which this transaction exists. The control that the auditor is
most concerned about is evidence of authorisation, the authorisation of any contractual
obligations and evidence of the checking of mathematical accuracy in accordance with the terms
of the loan.

Rent, lease and insurance payments

Lease transactions are becoming common, and the auditor can find such transactions in the audit
of almost any client. Many businesses also rent some kind of property or asset, even if it is not
leased, and most carry insurance against fire, theft and loss of profits. The details of these
transactions are set out in contracts: rental agreements, lease agreements and insurance
contracts. The auditors primary concern with lease contracts is to determine that the entity is in
fact receiving the services for which it is paying and that these services are being used in a manner
that was intended under the contract. The auditor also is interested in whether or not the client is
performing all the tasks required under the contract, for example keeping the item in good repair.
Finally, the auditor is concerned that the accounting treatment for leases is in accordance with
AASB 1008 (IAS 17), Accounting for Leases. Again the auditor is most concerned with obtaining
evidence that the controls of authorisation and checking of mathematical accuracy in accordance
with the term of the contract are working.

Q u i c k r e v i e w
1 Procedures for the audit of selling and administrative expenses are similar to those for
purchases for inventory, with the primary difference being the greater emphasis on
budgetary control of selling and administrative expenses. The analytical procedure of
comparing actual expenses with both budgeted and previous years expenses is an
important audit procedure.
2 Petty cash disbursements are usually immaterial, so the auditor applies no direct tests.
3 Effective analytical procedures are often possible for payroll. Tests of control include
segregation of duties, vouching to agreements and awards, recomputation and retracing
data processing.

414 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 4 The audit of interest is relatively easy, being determined by the contract under which the
transaction exists.
5 Rent, lease and insurance payments should also be made in accordance with a contract.
The auditor examines the contract, recomputes the rates specified and retraces the data
processing to the supporting documentation.

TESTING CONTROLS IN CLIENT COMPUTER 7 learning

objective

PROGRAMS
As explained in Chapter 8, client application programs include programmed accounting
procedures for calculating and summarising data, and programmed control procedures for
providing reasonable assurance that data are authorised, valid, complete and accurate. If the
auditor tests the clients programs, both aspects are usually tested.
Auditing through the computer techniques are predominantly tests of controls and will be
used where control risk is less than high and the auditor wishes to place reliance on controls in the
programs. The need for computer-assisted audit techniques that test controls is greater in
complex systems with real-time processing. Auditing firms that have relatively large numbers of
computer audit specialists also use such computer-assisted techniques more frequently.
This section explains some common computer-assisted audit techniques for testing controls
contained in client programs. One of the categories of computer-assisted audit techniques as
outlined in AGS 1060 (IAPS 1006) is test data techniques, which covers the concepts of test data
and integrated test facility.

Test data
The test data approach is explained first not because it is the most widely used, but because it
demonstrates what the auditor is trying to accomplish by testing client programs.
When using this approach, the auditor prepares simulated transaction data. These test
transactions include both correct data to test processing and incorrect data to test control
procedures in the clients application program. The auditor manually calculates what the
processing results should be and compares them to the results produced when the test data are
processed by the clients application program (see Figure 9.4 (overleaf)).
The auditor needs to ensure that the program tested is the production program used in actual
processing, and that the same program was used throughout the period covered by the control risk
assessment. Generally, it is necessary to identify general controls and consider their effectiveness
for that assurance.
The test data approach may be used in a system with online entry capability if the auditor
obtains client permission to use a terminal to enter transactions. In most circumstances the
program is tested in a non-live environment (on a copy of the clients files) to ensure that there is
no risk of corrupting the clients files. The use of test data is illustrated in Example 9.3 (overleaf).

Integrated test facility

An integrated test facility (ITF) is an adaptation of the test data approach. Dummy records are
included in the clients files. For example, dummy customers might be included for an accounts
receivable application. The auditors simulated transactions are processed with the production
program against the live files during regular processing. This approach overcomes several of the

C H A P T E R 9 Te s t s o f c o n t r o l s 415
 drawbacks of the test data approach, but the auditor must still assess general controls for
reasonable assurance that the program tested is not changed during the period. It is essential to
prevent dummy records from being summarised with live data when financial reports or other
reports are prepared.
A diagrammatic representation of the integrated test facility is contained in Figure 9.5. The
method outlined for excluding the ITF transactions in this figure is to produce one report without
the ITF data for the client, and one containing the ITF data for the auditor.

FIGURE 9.4 Processing of test data

Client's
Auditor's computer Actual processed
simulated program result in visible
transactions form

Client's
computer system

Copy of Predetermined
client's processing
master file results

electronic processing
manual processing

EXAMPLE 9.3 Using test data

The auditor is undertaking testing of the clients payroll system. They undertake an
evaluation of the general control environment and conclude that this is strong. They then
start to test the application controls, and in particular want to collect audit evidence on
some of the limit and reasonable tests that are contained in the program. One of these
programmed controls is that the number of payroll hours per week cannot exceed 50. To
test this control the auditor designs test transactions, such as employee A having payroll
hours per week equalling 50 and employee B having payroll hours equalling 51. (The
auditor tends to work around the parameters set in the program.) The expectation is that
if the programmed control is working as the auditor believes, employee As transaction
will be accepted and employee Bs transaction will be rejected and written to an error or
exception report.

Both test data and ITF, which use simulated data, are tests of controls only (they are not dual-
purpose tests because they do not substantiate real transactions). The use of the integrated test
facility is illustrated in Example 9.4.

416 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
FIGURE 9.5 Integrated test facility for a payroll system

Production ITF
input transaction
transaction file
file

Computer Data files

application production data
system
ITF data

Production
Reports without reports
ITF data containing ITF
(management information
use) (auditor use)

EXAMPLE 9.4 Using integrated test facility

Following on from Example 9.3, the auditor can test the programmed control of maximum
weekly hours by including a dummy record (employee) in the payroll master file. They can
then feed through test transactions designed to test this control at any stage during the
year. Thus in a payroll file they may have a dummy employee working 51 hours in the
week, and they would expect this dummy employees hours not to be processed, but to be
written to some exception report for follow-up.

Processing client data

Both the test data approach and the ITF use simulated transactions. Another group of techniques
for testing client programs uses actual client data to test processing, and simulated data to test
controls. These techniques are presented together below because of this similarity, but the auditor
might use only one of the techniques for a particular computerised accounting application:
Controlled processing The auditor establishes control over client input and independently
calculates key processing results, such as the ending balance of a control account. The auditor
maintains control over the computer processing and output, and compares the computer
output to the calculated results.
Controlled reprocessing The auditor maintains control over the reprocessing of previously
processed results, having tested the appropriate version of the program, and compares the
computer output of the original processing and reprocessing.
Parallel processing (parallel simulation) The auditor compares the results of the clients
processing with results obtained by using the clients input and files and the auditors own
program. The program used for this purpose may be custom-designed or generalised audit
software (see the next section of this chapter). Generally, the auditors program calculates key
processing results rather than duplicating all the clients processing.

C H A P T E R 9 Te s t s o f c o n t r o l s 417
 These techniques are generally more useful for testing the processing accuracy of the clients
programs than for testing programmed control procedures.

Reviewing clients program code or results of

job processing
Program code review involves the auditor reviewing the clients program documentation, and the
source code. The auditor goes over the relevant code line by line and considers whether the
processing steps and control procedures are properly coded and logically correct. This approach
is widely used as a prelude to the use of test data, and is one of the main ways in which the auditor
identifies key programmed controls that they may wish to test through the use of test data.
Software that aids this approach includes programs that can be used to map or flowchart systems.
This will help the auditor understand the logic flow of the program being evaluated.
Review of job (batch) accounting data involves the auditor reviewing the printed log
produced as jobs (or batches of transactions) are run, and considers any excessive processing
time, error conditions or abnormal halts. (While this technique does not test the clients program,
it has similar objectives.) This helps the auditor identify potential batches of transactions on which
they should concentrate their audit attention.

Advanced computer-assisted audit techniques

There are a number of advanced computer-assisted audit techniques that are very useful in
helping the auditor establish reliance on controls in the computer programs. These techniques
use live data, files or programs and are especially useful when computer reliance is necessary and
there is no visible audit trail, as in some real-time processing systems. These techniques produce
evidence on current system performance and require extensive on-site audit supervision. For
these reasons, they are currently used more frequently by internal auditors than by external
auditors. However, there is increased advocation for their use associated with the greater
prevalance of e-commerce applications and the move towards providing continuous assurance
(discussed in Chapter 17).
Some examples of these advanced computer-assisted audit techniques are:
Systems control audit review file (SCARF) Audit modules embedded in application programs
monitor transaction activity at designated points and select transactions for the auditors
review. The auditor provides criteria when the application program is developed so that the
auditors program module can be inserted at the point in processing logic where errors are
most likely to occur, and so that transactions selected meet the auditors specifications. The
auditor will then apply normal evidence-gathering techniques to these high-risk transactions.
Snapshot Transactions are tagged (an indicator is added to the data) at input, and at selected
points in the system the tagged transactions are recorded. Tags may be assigned randomly or
in accordance with specified criteria. An application program which encounters a tagged
transaction writes the detailsthe transaction data, date and time of occurrence, the
application program involved and the point in the program at which generatedto an audit
log. This provides the auditor with a picture, hence the term snapshot, of the data at particular
points in processing. It gives more detailed information than is provided by a technique such
as SCARF and permits review of intermediate results during processing.
Audit hooks Exit points are provided in application programs that allow the auditor to insert
commands for special processing. For example, a database system might contain an audit

418 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 hook that allows the auditor to insert additional coding to obtain independent control totals as
a result of normal processing.
It should be noted that two of these techniques, SCARF and snapshots, outlined as CAATs in
AGS 1060 (IAPS 1006), are under the common heading embedded audit modules. These tech-
niques all permit the auditor to conduct testing during normal computer processing. However,
they require advanced computer knowledge and training, and can cause modification of trans-
action data; thus they should only be undertaken by computer audit specialists.

Q u i c k r e v i e w
1 Using the test data approach the auditor prepares simulated transaction data to test
program control procedures. The auditor manually calculates what the processing results
should be and compares them to the results obtained by processing the test data with
the clients application program.
2 The integrated test facility is an adaptation of the test data approach using simulated
transactions. Dummy records are included on the clients files, and simulated transactions
are processed against the live files during regular processing.
3 It is possible that actual client data may be used to test the processing of the IT systems. These
techniques include controlled processing, controlled reprocessing and parallel simulation.
4 Non-processing approaches may also be used to provide confidence concerning the
clients programs. These are usually used in conjunction with computer-assisted
techniques, and include program code review and review of job accounting data.
5 Systems control audit review, snapshot and audit hooks are advanced computer-assisted audit
techniques which permit the auditor to conduct testing during normal computer processing.
They are still rarely used in practice, although there is greater advocacy of their use.

learning
IMPACT OF STRATEGIC BUSINESS RISK ON TESTS 8
objective

OF CONTROLS
The emphasis under the strategic business risk approach is to increase the audit attention paid to
non-routine transactions and decrease the attention paid to routine transactions. This assumes
that there is usually a satisfactory internal control structure built around routine transactions. The
auditor would need to verify this by undertaking tests of controls. Thus it could be argued that
there is either no change in the emphasis or increased emphasis given to tests of controls.

Impact of proposed business risk standards

STOP One of the draft business risk standards is entitled The Auditors Procedures in Response to
PRESS! Assessed Risks. It outlines in more detail the nature, timing and extent of tests of controls than
do the current standards. One of the major underlying premises of the draft standards is that
where the auditor has determined that it is not possible or practicable to reduce risk of material misstatement
at the assertion level to an acceptably low level with audit evidence obtained from only substantive procedures,
the auditor should perform tests of controls on operating effectiveness. Thus for these key controls it is not
possible to evaluate control risk as high by default, and it would be necessary to undertake tests of controls.
The draft standards include an increased number of basic principles and essential procedures regarding the
nature, timing and extent of tests of controls compared to the current standards. The auditor needs to obtain
evidence about whether controls upon which they intend to rely have changed during the year. If they have
changed, the auditor should test the operating effectiveness of such controls in the current audit. If they
havent changed, the auditor should test the operating effectiveness at least every third audit.

C H A P T E R 9 Te s t s o f c o n t r o l s 419
 Summary
Tests of controls are an important source of audit evi- most efficient and effective combination of audit
dence. If the auditor assesses control risk at any level procedures.
below high, the auditor has identified specific internal Strategic business risk evaluation suggests the test-
control policies and procedures that are capable of ing of controls for routine transactions and substantive
being relied upon. Evidence gathered to determine the testing for non-routine material transactions. The
appropriateness of this intended reliance is known as auditor organises the testing plan to ensure that all
tests of controls. objectives are met in the most efficient and logical
The auditor undertakes that combination of tests manner.
of controls and substantive tests that results in the

Keyterms
Audit hooks 418 Non-routine transactions 394
Audit program 384 Operation of internal control structure 385
Classic disbursements fraud 411 Program code review 418
Completeness 395 Review of job (batch) accounting data 418
Embedded audit modules 419 Routine transactions 394
Footing 397 Snapshot 418
Imprest fund 412 Systems control audit review file (SCARF) 418
Integrated test facility (ITF) 415 Test data 415
Kickbacks 411 Tests of controls 384
Kiting 411 Unauthorised executive perks 411
Lapping 401 Voucher system 405

References
Armour, M. (2000) Internal control: Governance framework and Kinney, W.R. (2000) Research opportunities in internal control
business risk assessment, Auditing: A Journal of Practice and quality and quality assurance, Auditing: A Journal of Practice
Theory, Supplement, 7582. and Theory, Supplement, 8390.
Basu, P. and Wright, A. (1997) An exploratory study of control Messier, W.F. Jr (2003) Auditing and Assurance Services: A
environment risk factors: Client contingency considerations Systematic Approach, 3rd edn, McGraw-Hill/Irwin, New York.
and audit testing strategy, International Journal of Auditing, Reimers, J., Wheeler, S. and Dunsenbury, R. (1993) The effect of
June, 7796. response mode on auditors control risk assessments,
Brown, C.E. and Solomon, I. (1990) Auditor configural Auditing: A Journal of Practice and Theory, Fall, 6278.
information processing in control risk assessment, Auditing: Simpson, B. (1993) Using flowcharts as an information systems
A Journal of Practice and Theory, Fall, 1738. audit tool, EDPACS, February, 1519.
Daniel, S.J. (1988) Some empirical evidence about the Waller, W.S. (1993) Auditors assessments of inherent and
assessment of audit risk in practice, Auditing: A Journal of control risk in field settings, The Accounting Review, October,
Practice and Theory, Spring, 17481. 783802.

Assignments
MAXIMISE
YOUR MARKS! REVIEW QUESTIONS
There are
approximately 9.1 The following questions relate to aspects of interest in general when undertaking tests of
30 interactive controls.
questions on (a) Test of controls must be performed:
tests of controls
available online
A when inherent risk is high
at www.mhhe. B to ensure that the control exists and is operating effectively throughout the entire
com/au/gay2e year

420 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 C when control risk is high
D in areas of strategic business risk
(b) When control risk is evaluated at less than high, tests of control should be under-
taken of:
A both design and operation of the internal control structure
B existence, effectiveness and continuity of controls
C design of the internal control structure
D operation of the internal control structure
(c) Tests of controls:
A allow the auditor to increase the level of acceptable detection risk
B should focus on transactions with high dollar value
C should not be used in areas where inherent risk is evaluated as high
D allow the auditor to reduce the level of inherent risk
(d) Which of the following audit tests would be regarded as a test of controls?
A Test of the signatures on purchase documents to appropriate authorisations
B Tests of additions to property, plant and equipment by physical inspections
C Tests of the specific items making up the balance in a given general ledger account
D Tests of the inventory pricing to vendors invoices
(e) After obtaining an understanding of an entitys internal control system, an auditor
may assess control risk at the maximum level for some account balances because he
or she:
A performs tests of controls to restrict detection risk to an acceptable level
B identifies internal controls that are likely to prevent material misstatements
C believes the internal controls are unlikely to be effective
D determines that the pertinent internal control components are not well documented
9.2 The following questions relate to the revenue, receivables and receipts cycle. Select the best
response.
(a) Which of the following tests of control would provide audit evidence for the
management assertion of completeness of revenue?
A For each sales invoice, verify that there is an appropriately authorised dispatch.
B Ensure customers credit limit is checked prior to each sale.
C Observe separation of duties between filling and dispatching orders.
D Check to ensure that all dispatch orders have been properly matched to a sales
invoice.
(b) At which point in an ordinary sales transaction of a wholesaling business would a
lack of specific authorisation be of least concern to the auditor in the conduct of
an audit?
A Determination of discounts
B Selling of goods for cash
C Granting of credit
D Shipment of goods
(c) Tracing copies of sales invoices to shipping documents will provide evidence that all:
A debits to the accounts receivable master file are for sales shipped
B shipments to customers were billed
C shipments to customers were recorded as receivables
D billed sales were shipped
(d) Tracing bills of lading to sales invoices provides evidence that:
A recorded sales were shipped
B invoiced sales were shipped
C shipments to customers were invoiced
D shipments to customers were recorded as sales

C H A P T E R 9 Te s t s o f c o n t r o l s 421
 (e) For the internal control procedures to be effective, employees maintaining the
accounts receivable subsidiary ledger should not also approve:
A write-offs of customer accounts
B cash disbursements
C employee overtime wages
D credit granted to customers
(f ) Which of the following controls is most likely to help ensure that all credit revenue
transactions of an entity are recorded?
A The accounting department supervisor controls the mailing of monthly
statements to customers and investigates any differences reported by customers.
B The billing department supervisor matches prenumbered shipping documents
with entries in the sales journal.
C The billing department supervisor sends a copy of each approved sales order to
the credit department for comparison to the customers authorised credit limit
and current account balance.
D The accounting department supervisor independently reconciles the accounts
receivable subsidiary ledger to the accounts receivable control account monthly.
(g) Which of the following internal controls would be most likely to deter the lapping of
collections from customers?
A Segregation of duties between receiving cash and posting the accounts receivable
ledger
B Supervisory comparison of the daily cash summary with the sum of the cash
receipts journal entries
C Independent internal verification of dates of entry in the cash receipts journal with
dates of daily cash summaries
D Authorisation of write-offs of uncollectible accounts by a supervisor independent
of the credit approval function
9.3 The following questions relate to the expenditures, payables and disbursements cycle.
Select the best response.
(a) To ensure the completeness of purchases made during the year, the auditor should:
A select a sample of invoices received before the year-end and ensure that they are
appropriately recorded in the accounts payable master file
B select a sample of transactions from the accounts payable master file and vouch to
related invoices
C select a sample of receiving reports before and after the year-end and ensure they
have been appropriately recorded
D perform a bank reconciliation
(b) Which of the following is a primary function of the purchasing department?
A Verifying the propriety of goods acquired
B Reducing expenditures for goods acquired
C Authorising the acquisition of goods
D Ensuring the acquisition of goods of a specified quality
(c) Which of the following procedures would prevent a paid disbursement voucher from
being presented for payment a second time?
A The date on a disbursement voucher is within a few days of the date the voucher
is presented for payment.
B The official who is signing the cheques compares the cheque with the voucher and
cancels the voucher documents.
C Vouchers are prepared by individuals who are responsible for signing
disbursement cheques.
D Disbursement vouchers are approved by at least two responsible managers.

422 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 (d) Which of the following control procedures is not usually performed in the vouchers
payable department?
A Controlling the mailing of the cheque and remittance advice
B Matching the receiving report with the purchase order
C Determining the mathematical accuracy of the vendors invoice
D Having an authorised person approve the voucher
(e) Which of the following is the most effective control procedure to detect vouchers that
were prepared for the payment of goods that were not received?
A Compare goods received with goods requisitioned in receiving department.
B Verify vouchers for accuracy and approval in internal audit department.
C Count goods upon receipt in storeroom.
D Match purchase order, receiving report and vendors invoice for each voucher in
accounts payable department.
9.4 (a) In a properly-designed accounts payable system, a voucher is prepared after the
invoice, purchase order, requisition and receiving report are verified. The next step in
the system is:
A entering of the voucher into the voucher register
B approval of the voucher for payment
C cancellation of the supporting documents
D entry of the cheque amount in the cheque register
(b) When goods are received, the receiving clerk should match the goods with:
A the vendor shipping document and the purchase order
B the receiving report and the vendor shipping document
C the purchase order and the requisition form
D the vendor invoice and the receiving report
(c) Internal control is strengthened when the quantity of merchandise ordered is omitted
from the copy of the purchase order sent to the:
A purchasing agent
B accounts payable department
C department that initiated the requisition
D receiving department
(d) Which of the following internal control procedures is not usually performed in the
accounts payable department?
A Indicating the asset and expense accounts to be debited
B Accounting for unused prenumbered purchase orders and receiving reports
C Matching the vendors invoice with the related receiving report
D Approving vouchers for payment by having an authorised employee sign the
vouchers
(e) In a properly-designed purchasing process, the same employee most likely would
match vendors invoices with receiving reports and also:
A reconcile the accounts payroll ledger
B cancel vendors invoices after payment
C post the detailed accounts payable records
D recompute the calculations on vendors invoices
9.5 The following questions relate to the business processes cycle including payroll.
(a) Which of the following procedures would be most likely to be considered a weakness
in an entitys internal controls over payroll?
A The employee who distributes payroll cheques returns unclaimed payroll cheques
to the payroll department.
B The personnel department sends employees termination notices to the payroll
department.

C H A P T E R 9 Te s t s o f c o n t r o l s 423
 C A voucher for the amount of the payroll is prepared in the general accounting
department based on the payroll departments payroll summary.
D Payroll cheques are prepared by the payroll department and signed by the
treasurer.
(b) The purpose of segregating the duties of hiring personnel and distributing payroll
cheques is to separate the:
A authorisation of transactions from the custody-related assets
B operational responsibility from the custody-related assets
C human resources function from the controllership function
D administrative controls from the internal accounting controls
9.6 The following question relates to the use of test data techniques. Select
the best response.
(a) An auditor will use test data in order to gain certain assurances with
respect to the:
A controls contained within the program
B degree of keying accuracy
C input data
D machine capacity
(b) Which of the following statements is not true of the test data
approach when testing a computerised accounting system?
A The test data must consist of all possible valid and invalid
conditions.
B Test data are processed by the clients computer programs under
the auditors control.
C The test data need only consist of those valid and invalid
conditions which interest the auditor.
D Only one transaction of each type need be tested.
(c) An approach to testing real-time processing of a computer-based
information system is known as the integrated test facility (ITF)
technique. This approach involves:
A validating as well as editing of all input transactions entering the
real-time system
B testing the computer hardware at the same time as test
transactions enter the real-time system
C setting up a small set of records for a fictitious entity in the
master files, and then processing dummy transactions against
the fictitious entity
D running monthly activities simultaneously with current
transactions so that the two are integrated in the result of the test
(d) An auditor who is testing CIS controls in a payroll system would
most likely use test data that contain conditions such as:
A time cards with invalid job numbers
B payroll cheques with unauthorised signatures
C deductions not authorised by employees
D overtime not approved by supervisors
learning
objective 1,2 Test of controls overview
9.7 How are tests of controls related to the evaluation of control risk?
9.8 Distinguish between the types of testing that the auditor would undertake
in testing the design of an internal control versus the operation of an
internal control.

424 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
9.9 Identify the three internal control aspects for which the auditor has to
gather audit evidence for the verification of the operation of internal
control.
3 learning
Sufficient appropriate evidence objective

9.10 Identify the factors that will determine whether the auditor has obtained sufficient
appropriate audit evidence to support their assessed level of control risk.
4 learning
Testing controls in the revenues, receivables and receipts system objective

9.11 What are the two major controls for sales returns and allowances transactions?
9.12 Define lapping and kiting and explain the audit procedures used to detect these
irregularities.
5 learning
Testing controls in the expenditures, payables and disbursements system objective

9.13 Briefly describe each of the following documents or records: purchase requisition,
purchase order, receiving report, vendor invoice, and voucher. Why would an entity
combine all documents related to a purchase transaction into a voucher packet?
9.14 List the key segregation of duties in the purchasing process. What errors or fraud can occur
if such duties are not segregated?
9.15 List two inherent risk factors that directly affect the purchasing process. Why should
auditors be concerned about issues such as the supply of raw materials and the volatility of
prices?
6 learning
Testing controls relating to contractual transactions objective

9.16 How do contractual transactions differ from other major classes of transactions?
7 learning
Testing controls contained in the clients computer program objective

9.17 What are the fundamental differences between test data and an integrated test facility?

DISCUSSION PROBLEMS AND CASE STUDIES

4 primary learning
Testing controls in the revenues, receivables and receipts system objective

9.18 Basic You have been assigned to the audit of Moroney Ltd, a large manufacturing
company. The audit strategy indicates that a lower assessed level of control risk strategy
has been adopted. Key controls on which the team intends to rely for the revenue cycle are
as follows:
1 All sales orders are taken over the phone. At the time the sale is taken the customer
service officer checks that the customer is an approved customer and that the sale will
not result in the customer exceeding their credit limit.
2 All sales must be followed up by a written sales order (in triplicate) before goods are
shipped from the warehouse.
3 On receipt of the sales order, one copy is matched to the computer records and the
customer order is flagged as OK to proceed within the system. A second copy is sent
to the debtors clerk and a third copy is forwarded to the warehouse.
Required
For each of the controls identified above:
(a) indicate the purpose of the control (i.e. what is the control designed to prevent or
detect?);
(b) indicate the balance and assertion which this control will have an effect on in the
financial report; and
(c) provide an example of one procedure which could be used to test the control.

C H A P T E R 9 Te s t s o f c o n t r o l s 425
 9.19 Complex You are engaged in your first audit of Pesky Pest Control Pty Ltd for the year
ended 30 June. The company began doing business in July of the previous year and
provides pest control services for industrial enterprises. Additional information is as
follows:
1 The office staff consists of a bookkeeper, a typist and the president, V. Tran. In
addition, the company employs 20 service representatives on an hourly basis who are
assigned to individual territories to make both monthly and emergency visits to
customers premises. The service representatives submit weekly time reports, which
include the customers name and the time devoted to each customer. Time charges for
emergency visits are shown separately from regular monthly visits on the reports.
2 Customers are required to sign annual contracts which are prenumbered and
prepared in duplicate. The original is filed in numerical order by contract anniversary
date and the copy is given to the customer. The contract entitles the customer to pest
control services once each month. Emergency visits are billed separately.
3 Fees for monthly services are payable in advancequarterly, semi-annually or
annuallyand recorded on the books as income from services when the cash is
received. All payments are by cheques received by mail.
4 Prenumbered invoices for contract renewals are prepared in triplicate from
information in the contract file. The original invoice is sent to the customer 20 days
prior to the due date of payment, the duplicate copy is filed chronologically by due
date and the triplicate copy is filed alphabetically by customer name. If payment is not
received by 15 days after the due date, a cancellation notice is sent to the customer,
and a copy of the notice is attached to the customers contract. The bookkeeper
notifies the service representatives of all contract cancellations and reinstatements,
and requires written acknowledgment of receipt of such notices. Tran approves all
cancellations and reinstatements of contracts.
5 Prenumbered invoices for emergency services are prepared weekly from information
shown on the service representatives time reports. The customer is billed at 200 per
cent of the service representatives hourly rate. These invoices, prepared in triplicate
and distributed as shown above, are recorded on the books as income from services
at the billing date. Payment is due 30 days after the invoice date.
6 All remittances are received by the typist, who prepares a daily list of collections and
stamps a restrictive endorsement on the cheques. A copy of the list is forwarded with
the cheques to the bookkeeper, who posts the date and amount of each cheque
received on the copies of the invoice in both the alphabetical and the chronological
files. After posting, the copy of the invoice is transferred from the chronological file to
the daily cash receipts binder, which serves as a subsidiary record for the cash receipts
book. The bookkeeper totals the amounts of all remittances received, posts this total
to the cash receipts book and attaches the daily remittance tapes to the paid invoices
in the daily cash receipts binder.
7 The bookkeeper prepares a daily bank deposit slip and compares the total with the
total amount shown on the daily remittance tapes. All remittances are deposited in the
bank the day they are received. (Cash receipts from sources other than services need
not be considered.)
8 The financial report is prepared on an accrual basis.
Required
List the audit procedures you would employ in the examination of the revenue from
services account for the year ended 30 June.
9.20 Complex The following flowchart depicts activities relating to the sales, shipping, billing,
and collection processes used by Newton Hardware, Inc.

426 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 Required
Identify the weaknesses in internal control relating to the activities of:
(a) the warehouse clerk;
(b) bookkeeper A; and
(c) the collections clerk.
Do not identify weaknesses relating to the sales clerk or bookkeepers B and C. Do not
discuss recommendations concerning the correction of these weaknesses.

Sales Clerk Warehouse Clerk Bookkeeper A Bookkeeper B Bookkeeper C Collection Clerk

Receives Sales order Receives

Sales order Sales order Invoice
customer cheques from
order 1 2 1 3 customer
Shipping
advice
1
Approved
sales order
2
Prepares Prepares Immediately
Authorises Invoice Posts to
2-copy 3-copy stamps FOR
customers sales
sales shipping 2 DEPOSIT ONLY
credit journal
order advice and dates
cheques

By invoice
number
Investigates
Sales order Prepares 3-copy Matches and postdated
Sales order Sales
invoice from accounts for cheques and
1 journal
2 Shipping approved prenumbered checks for
Sales order price list documents errors
advice Cheques
1 1
awaiting
Shipping deposition
advice To
2 Posts to cash
customer
Shipping receipts
To advice Invoice By journal
3
inventory 3 customer
control Approved
sales order
2 Posts to
Invoice ledgers
Cash receipts
Releases 2 journal
To merchandise
customer to Invoice
To
carrier 1 Customer
customer
cheques
General
ledger

Subsidiary
Receives accounts Deposits
receipt from receivable ledger cheques
carrier
weekly

Prepares
aged
By trial Bank From
customer balance statement bank

Authorises Aged trial

accounts balance Reconciles
receivable bank
write-offs statement

Source: Messier, 2003, p. 417.

5 primary learning
Testing controls in the expenditures, payables and disbursements system objective

9.21 Moderate You have been assigned to the audit of Carey Ltd and are currently involved in
a review of control procedures in the cash disbursement area. As part of your review you
have noted the following procedures:

C H A P T E R 9 Te s t s o f c o n t r o l s 427
 1 A prenumbered cheque requisition is prepared by the clerk for all payments.
2 The cheque requisition requires the clerk to indicate that he has performed the
following procedures for each payment:
Checked the additions on the invoice
Ensured that the details on the invoice have been matched to a delivery note by the
warehousing department
Ensured a valid purchase order exists for the goods
3 The cheque requisition together with supporting documentation (invoice and any
other relevant correspondence) is forwarded to the financial controller for approval.
Required
For each of the controls identified above:
(a) indicate the purpose of the control (i.e. what is the control designed to prevent or
detect?);
(b) indicate the balance and assertion which this control will have an effect on in the
financial report; and
(c) provide an example of one procedure which could be used to test the control.
9.22 Complex The flowchart opposite depicts the activities relating to the purchase, receiving
and account payable departments of Georgie Girl Ltd Inc.
Required
Based only on the flowchart, describe the internal control procedures that most likely
would provide reasonable assurance that specific internal control objectives with regards
purchases and accounts payable will be achieved. Do not describe weaknesses in internal
control. Outline how you would test these identified internal controls.
9.23 Complex In 2003 Pearson Company purchased more than $10 million worth of office
equipment under its special ordering system, with individual orders ranging from $5000
to $430 000. Special orders entail low-volume items that have been included in an
authorised users budget. Department heads include in their annual budget requests the
types of equipment and their estimated cost. The budget, which limits the types and dollar
amounts of office equipment a department head can requisition, is approved at the
beginning of the year by the board of directors. Department heads prepare purchase
requisition forms for equipment and forward them to the purchasing department.
Pearsons special ordering system functions as follows:
Purchasing: Upon receiving a purchase requisition, one of five buyers verifies that the
person requesting the equipment is a department head. The buyer selects the
appropriate vendor by searching the various vendor catalogues on file. The buyer then
phones the vendor, requests a price quotation, and gives the vendor a verbal order. A
prenumbered purchase order is processed with the original sent to the vendor, a copy
to the department head, a copy to receiving, a copy to accounts payable and a copy filed
in the open requisition file. When the buyer is orally informed by the receiving
department that the item has been received, the buyer transfers the purchase order
from the unfilled file to the filled file. Once a month the buyer reviews the unfilled file
to follow up on and expedite open orders.
Receiving: The receiving department receives a copy of the purchase order. When
equipment is received, the receiving clerk stamps the purchase order with the date
received and, if applicable, in red pen prints any differences between the quantity
shown on the purchase order and the quantity received. The receiving clerk forwards
the stamped purchase order and equipment to the requisitioning department head and
orally notifies the purchasing department.
Accounts payable: Upon receiving a purchase order, the accounts payable clerk files it in
the open purchase order file. When a vendor invoice is received, the invoice is matched

428 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 429
C H A P T E R 9 Te s t s o f c o n t r o l s
Purchasing Receiving Accounts Payable
From From
dept. dept. From
From From From vendor
head head
purchasing purchasing purchasing
Purchase order Requisition Rec. report Invoice
Approved with quantity
requisition blacked out P.O.
4 1 2
form in
duplicate
2
Goods received
and counted Matches four doc.
Assures best price and recomputes
independently By vendor
is obtained math
in secure pending
and request accuracy of
facility invoice
is within invoices
budget receipt
limits
Prepares
four-copy Approves and Compares invoice
receiving prepares quantity and
Verifies adequacy report
of vendors past three-copy price to P.O. and
record and voucher (pre- rec. report
prepares five- numbered) quantity
copy purchase
order Rec. report
P.O.
Requisition 4
Rec. report
P.O. 4 Voucher Voucher Rec. report
2
Rec. report
P.O. 3 Requisition
5 To 3 2 2
purchasing
P.O. Receiving 2 P.O.
4 report 1
(prenumbered)
1 Recorded in voucher Invoice
Requisition 3 To 2
By P.O. register and
no. general
By P.O. acctg. independently
P.O. reconciled Voucher
1 no.
monthly to
control
Purchase order 2 To dept. accounts 1
From
(prenumbered) head for To
dept.
head count and accounts
1 quantity payable
check By
To voucher
To receiving no.
accounts dept.
To payable
vendor
Source: Messier, 2003, p. 457.
 with the applicable purchase order, and a payable is set up by debiting the equipment
account of the department requesting the items. Unpaid invoices are filed by due date,
and at the due date a cheque is prepared. The invoice and purchase order are filed by
purchase order number in a paid invoice file, and the cheque is then forwarded to the
treasurer for signature.
Treasurer: Cheques received daily from the accounts payable department are sorted
into two groups: those over $10 000 and those $10 000 and less. Cheques for $10 000 and
less are machine signed. The cashier keeps the key and signature plate to the cheque-
signing machine and records all use of the cheque-signing machine. All cheques over
$10 000 are signed by the treasurer or the controller.
Required
(a) Prepare a flowchart of Pearson Companys purchasing and cash disbursements
system.
(b) Outline the tests of controls that may be undertaken for Pearson Companys
purchasing and cash disbursement system. Consider the use of test data techniques.
(c) Describe the internal control weaknesses relating to purchase of and payments for
special orders of Pearson Company for the purchasing, receiving, accounts payable,
and treasurer functions.
9.24 Complex Pearce, CPA, prepared the flowchart opposite, which portrays the raw materials
purchasing function of one of Pearces clients, a medium-sized manufacturing company,
from the preparation of initial documents through the vouching of invoices for payment.
The flowchart represents a portion of the work performed on the audit engagement to
evaluate internal control.
Required
Identify and explain the control strengths and weaknesses evident from the flowchart.
Include the internal control strengths and weaknesses resulting from activities performed
or not performed. What tests of controls will be undertaken? (Consider the use of test data
techniques.) All documents are prenumbered.
primary learning 6
objective Testing controls relating to contractual transactions
9.25 Moderate We Build Pty Ltd (WB) is a small company that builds duplex units for the
rental market. The usual arrangement is that WB retains ownership of the units and
leases the buildings to a wholly owned subsidiary, We Rent Pty Ltd (WR), for the expected
life of the building. WR then rents to occupiers for periods of between 12 months and five
years, with an option to renew. The usual length of time a tenant occupies the buildings
is three years.
You have been assigned to the audit of the WB group and are currently preparing a
program for the audit of the leasing transactions.
Required
For each of WB and WR, indicate three procedures which could be used to audit the leasing
transactions.
9.26 Complex An auditors audit work papers contain a narrative description of a segment of
the Croyden Factory payroll system and an accompanying flowchart, on page 433.
The control procedures of the internal control structure with respect to the personnel
department function well and are not included in the accompanying flowchart.
At the beginning of each work week, Payroll Clerk No. 1 reviews the payroll department
files to determine the employment status of factory employees, and then prepares time
cards and distributes them as each individual arrives at work. This payroll clerk, who is also
responsible for custody of the signature stamp machine, verifies the identity of each payee
before delivering signed cheques to the supervisor.

430 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 Date
Medium-sized Manufacturing Company Prepared by
Flowchart of Raw Materials Purchasing Function Approved by

Manufacturing Division Accounts Payable

Stores Purchasing Office Receiving Room Controllers Division

A Purchase Purchase Purchase

requisition requisition order
1 1 4

3 By
requisition By
B no. vendor
Purchase 2
requisition
1
Purchase
By 6 order 1
requisition 5
no.
4
By
Purchase 3 purchase
requisition To order
Purchase 3 vendor Purchase 2
order order 1 Purchase
5 order 4

Purchase Purchase
requisition order 3
C
Invoice
Receiving
{
D report
Requisition C
{ Purchase
order
3
Purchase
1

5 order 3
Requisition F
3
Purchase

EXPLANATORY NOTES
order
6
1
{ Receiving 2
report
1
Voucher
A Prepare purchase requisition with
(3 copies) as needed. By documents
B Prepare purchase order purchase
(6 copies). order By
C Attach purchase requisition vendor
to purchase order. G
D Merchandise is received and
counted, and receiving
report (3 copies) is prepared Requisition Receiving 2
based on count and From report
purchase order. vendor 1 1
Purchase
E Match purchase order, order
purchase requisition, 6
receiving report, and invoice.
F Prepare voucher after E
comparing data on purchase Invoice
order, invoice, and receiving
report.
G To cash disbursements in
Requisition Invoice
{
Purchase 1
controllers division for Receiving
payment. Receiving 6 report By
report 1 purchase
2 order
{

Source: Messier, 2003, p. 512

C H A P T E R 9 Te s t s o f c o n t r o l s 431
 At the end of each week, the supervisor distributes payroll cheques for the preceding
week. At the same time, the supervisor reviews the current weeks employee time cards,
notes the regular and overtime hours worked on a summary form and initials the time
cards. The supervisor then delivers all time cards and unclaimed payroll cheques to Payroll
Clerk No. 2.
Required
(a) Using the description above and the flowchart opposite, list the deficiencies in the
internal control structure.
(b) What inquiries should be made with respect to clarifying the existence of possible
additional deficiencies in the internal control structure?
(c) Outline the tests of controls that could be undertaken in verifying payroll.
Note: Do not discuss the control procedures of the personnel department.

primary learning 7
objective Testing controls contained in the clients computer program
9.27 Complex You have been assigned to conduct an audit of your clients database system.
Through previous work you know that the system includes a centralised database shared
by all users. Access to the database is direct by the users through remote terminals and is
controlled by the database software system. The IT department includes a manager of
operations and a manager of computer programming, both of whom report to the IT
director.
Your preliminary understanding of the database system includes the following
points:
1 There are no restrictions regarding the type of transactions or access to the online
terminals.
2 All users and IT personnel have access to the extensive system documentation.
3 Before being entered into the user authorisation table, user passwords and access
codes are established by user management and approved by the manager of computer
programming.
4 The manager of computer programming established the database directory and
controls it. Users approve any changes in data definition.
5 User requests for data are validated by the system against a transactions-conflict
matrix to ensure that data is transmitted only to authorised users.
6 System access requires the users to input their passwords, and terminal activity logs
are maintained.
7 Input data are edited for reasonableness and completeness, transaction control totals
are generated, and transactions logs are maintained.
8 Processing control totals are generated and reconciled to changes in the database.
9 Output is reconciled to transaction and input control totals. The resulting reports are
printed and placed in a bin outside the IT room for pickup by the users at their
convenience.
10 Back-up copies of the database are generated daily and stored in the file library area,
access to which is restricted to IT personnel.
Required
(a) From the results of your preliminary review, describe five controls in the system.
(b) List five specific audit steps you would include in your audit program to determine
whether transaction input is properly authorised.
(c) Explain how you may use test data to gather audit evidence in this system.
(d) Evaluate the relative strengths of the general and application controls for the database
system.

432 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s
 Factory Factory Payroll Payroll
Employees Supervisor Personnel Clerk No. 1 Clerk No. 2 Bookkeeping

Payroll update
& w/h forms
copy

copy
E
copy Clock
cards F

Clock Clock Reviewed Regular and

E F wkly clock A overtime hrs
cards cards
cards compiled &
prepared noted on
clock cards

Time clock Time clock

punched punched Gross & net
in and out in and out pay compiled
daily daily payroll
register
prepared

Clock cards Clock

for cards F Clock Payroll Payroll
approval cards F register register
E
weekly 1 1
E
2

Clock cards reviewed Column

& initialled. D C totals D
Summary cross-
of reg. & ovtm. footed
hrs prepared

Clock Summary of Sequence

cards F regular and numbered,
overtime cheques
E hours prepared

Delivered to Payee Regular and Gross & net Payroll

Payroll D verified, overtime pay & cheques
Clerk cheques hours numerical seq. (Foreman)
No. 2 signed verified of cheques
verified
(Employees)

Payroll Cheques
cheques delivered
(Foreman) to Factory
Foreman
(Employees)

Payroll
cheques
distributed

C H A P T E R 9 Te s t s o f c o n t r o l s 433
 CONTINUOUS CASE STUDY

9.28 Complex This is a continuation of question 8.30. It may be completed independently of

that question.
You are currently involved in the audit of HomeChef Pty Ltd (HC), a large private
company operating in the boutique food and beverages market. The company has a
balance date of 31 December. To maximise audit efficiency, the audit partner has decided
to use the work of the internal audit group (IAG).
The manager of IAG has now given you a copy of the work performed to ensure
payments made to creditors throughout the year were in accordance with procedures laid
down in the Accounting Manual.
The relevant work papers are reproduced below:
Work paper IA 4 Prepared by: A
Reviewed by: M
Date: 3.2.02
Objective:
To examine payments made to creditors throughout the year and determine whether the
procedures laid down in the Accounting Manual have been properly followed.
Work performed:
Payments were selected from the cheque register of creditors for the year ended
31 December. A sample size of 60 was determined and cheques were selected randomly.
A copy of the latest Accounting Manual was obtained. Evidence of control procedures
carried out on the payments was compared to the control procedures laid down in the
Accounting Manual and any exceptions noted.
Results:
A summary of the results obtained is given below:

Payments which showed evidence that all control procedures had been followed 40
Payments which were not matched to an approved purchase order, however all other
documentation was attached3 5
Payments which were not made to an approved supplier3 5
Payments which were authorised by a second party, although this was not required1 2
Payments which had no supporting documents attached2 5
Payments which did not bear evidence that computation on creditors invoices had been
checked3 3
Total sample size 60

1 Breach due to new financial accountant being unaware of firm policynow

remedied.
2 Payments relate to rental on the firms leased printer and photocopier. The cheque
requisition referred to a cheque requisition number that contained a copy of the
original lease agreements. No change in the amount has occurred.
3 No explanation given.
Required
(a) Discuss the implications of the errors noted by the internal auditor.
(b) What additional work do you believe should now be performed?

434 PA R T T H R E E Te s t s o f c o n t r o l s a n d t e s t s o f d e t a i l s