Textbook Notes (280,000)
CA (160,000)
UTSC (20,000)
MGA (400)
Chapter 8

MGAD10H3 Chapter Notes - Chapter 8: Sample Size Determination, Audit Risk, Internal Control


Department
Financial Accounting
Course Code
MGAD10H3
Professor
Kevin Ha
Chapter
8

This preview shows half of the first page. to view the full 2 pages of the document.
Chapter 8 Execution of the audit testing of controls
1. Identify the different types of controls
2. Understand the different techniques for testing controls
3. Explain how to select and design tests of controls
4. Understand how to interpret the results of testing of controls
5. Explain how to document tests of controls
CAS 230 audit documentation
CAS 260 communication with those charged with governance
CAS 265 communicating deficiencies in internal control to those charged with governance and
management
CAS 315 identifying and assessing the risks of material misstatement through understanding the entity
and its environment
8.1 types of controls
Controls have two main objectives: to prevent or detect misstatements or to support the
automated parts of the business in the functioning of the controls in place
8.1.1 preventive and detective controls
Preventive controls WCGWs
Controls may not provide evidence of control (i.e. signatures do not guarantee review)
Detective controls should: completely and accurately capture all relevant data, identify all
potentially significant errors, performed consistently and regularly, and include timely follow-up
(i.e. management reviews, performance indicators, reconciliations, reports showing
transactions)
Preventive controls are programming driven, whereas detective controls are physical evidence
driven
Detective controls do rely heavily on preventive controls
8.1.2 manual and automated controls
Manual controls (i.e. locked safe for cash)
ITGCS clients controls over the hardware and software it uses, including acquisition and
maintenance of equipment, backup, and recovery procedures, and the organization of the IT
department to ensure the appropriate segregation of duties
o Program change controls only appropriately authorized, tested, and approved changes
are made to programs
o Logical access controls only authorized personnel have access to IT equipment
o Other ITGCS ensuring regular and timely backups of data
Application controls are fully automated controls that apply to the processing of individual
transactions
o Input controls are designed to detect and prevent errors during the data input stage (i.e.
verification controls)
o Processing controls are the controls in place to ensure the data is processed as intended
o Output controls ensure that the processed results are correct and that only authorized
personnel have access
IT-dependent manual controls
You're Reading a Preview

Unlock to view full version