When to perform Tests of Controls in an audit ?

The objective of the auditor while performing the audit is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through DESIGNING and IMPLEMENTING appropriate responses to those risks.

TESTS of CONTROLS is an audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.

As required by ISA 330, the auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level.

Further, paragraph 6 of ISA 330 states that the auditor shall design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.

In designing the further audit procedures to be performed, the auditor shall :

1. Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including :
• The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (that is, the inherent risk); and
• Whether the risk assessment takes account of relevant controls (that is, the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures);
2. Obtain more persuasive audit evidence the higher the auditor’s assessment risk.

The auditor shall design and perform TESTS of CONTROLS to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls IF :

1. The auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); OR
2. Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control (A higher level of assurance may be sought about the operating effectiveness of controls when the approach adopted consists primarily of tests of controls, in particular where it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures) (HRD).

Audit of leases, the audit objectives and audit program to be prepared while auditing the lessee obligation

For accounting and financial reporting purposes, an entity as the lessee has two alternatives in classifying a lease : (1) Operating Lease, (2) Finance Lease. The proper classification of a lease is determined by the circumstances surrounding the leasing transaction. According to IAS 17 : Leases, whether a lease is a finance lease or not will have to be judged based on the substance of the transaction, rather than on its mere form. If substantially all of the benefits and risks of ownership have been transferred to the lessee, the lease should be classified as a finance lease. Besides, IAS 17 also stipulates that substantially all of the risks or benefits of ownership are deemed to have been transferred if a lease transaction meets any one of criteria as prescribed in para. 10 and para. 11 of IAS 17.

While conducting an audit of lease transaction, the auditor shall take notes of the following principal objectives :

• Determine that all finance leases are recorded in the balance sheet with appropriate classification of the leased asset and the obligation
• Ascertain that depreciation expenses and interest expense relating to finance leases and rent expense on operating leases have been calculated and reported properly in the income statement
• Ascertain that footnote disclosure of finance lease and operating lease obligations are adequate and are in compliance with the disclosure requirements of IAS 17

The auditing procedures related to lessee obligations consist principally of a careful examination and study of the lease documents to determine the substance of the transaction and the proper accounting treatment. During the examination of the lease agreements, the auditor normally prepares a summary of the terms and provisions of each lease for his or her permanent file working papers documentation.

Then, how the auditor should prepare his or her audit program in relation with the audit of lease transaction ?

An audit program for lease obligations would include the following steps :

• Examine lease agreements and prepare a summary of key terms and pertinent data for the permanent file
• Determine that leases have been properly classified as either finance leases or operating leases using the criteria of IAS 17
• For capitalized leases, check the present value computations and determine the appropriateness of the discount rate used
• Determine that lease payments and expenses included in the accounts are in agreement with the provisions of the lease contracts
• Determine that executory costs to be paid by the lessee (property taxes, insurance, etc.) have been properly accrued and included in expenses
• Determine that any additional contingent rents payable have been accrued (such contingent rents may result from escalation clauses, gross receipts, provisions, etc.)
• Ascertain that footnote and balance sheet disclosures are in accordance with IAS 17

Source : Accountants’ Handbook – Lee.J.Seidler and D.R.Carmichael

For further reference, read also :

• The right way to classify a lease
• How is the treatment of land and buildings lease transaction ?
• Effect of operating and finance leases on lessee financial statements and key financial ratios

Audit Approach

The Audit Approach is a risk analysis methodology that focuses on the combined impact of the environment in which a client operates, the client's management information and financial results, and the effectiveness of the client's internal controls. It is based on a thorough, up-to-date understanding of the client's business and industry, which is obtained through a comprehensive analysis of the external and internal operating environments. It enables us to design an audit programme that includes the most effective and efficient combination of test responsive to a client's unique circumstances. In addition, it provides a uniform method for developing and documenting the basis for the audit programme.

The Audit Approach enables us to plan our effort to be proportionate to the risk of material error in specific accounts and transactions. This provides the basis for planning the minimum effort necessary to limit audit risk in each area to a low level. As a result, every audit procedure has a specific purpose that is related to the company's particular situation – nothing is "routine" and hence potentially unnecessary. By following this approach we can avoid overauditing and underauditing, and we can distribute our audit work more evenly throughout the year.

MATERIALITY AND AUDIT RISK

Professional standards require us to consider materiality and audit risk when planning the nature, timing and extent of our audit procedures, and when evaluating the results of those procedures. Materiality is determined at two levels during the initial planning stage :

1. An overall level as relates to the accounts taken as a whole – planning materiality; and
2. An individual balance or class of transactions level – tolerable error.

Audit risk is defined as the risk that an auditor may unknowingly fail to modify his or her opinion on accounts that are materially misstated. We address materiality and audit risk at an overall level to help us develop an audit strategy that will provide sufficient evidence to enable us to evaluate whether the accounts are materially misstated.

At the account balance or class of transactions level, audit risk is the product of the risks that :

1. Factors in a company's internal or external operating environment, before considering the functioning of internal controls, will lead to a material error – inherent risk;
2. A material error will not prevented or detected on a timely basis by the system of internal control – control risk; and
3. The auditor's procedures will fail to detect a material error not detected by the system of internal control – detection risk.

The Audit Approach provides a methodology for relating these risk concepts to materiality and correlating them to the nature, timing, and extent of our audit procedures. This is accomplished through the Specific Risk Analysis and the Preliminary Audit Approach.

SPECIFIC CONTROL OBJECTIVES

A key element of the Audit Approach is the relationship of specific control objectives to transactions and accounts. Specific control objectives are derived from the five general control objectives that an accounting system should be expected to achieve. The first three of the five – authorization, recording, and safeguarding – relate to establishing the system of accountability and provide for the prevention of errors and irregularities. The fourth general objective – reconciliation – ties together the system of accountability established by the first three and, along with the fifth objective – valuation – provides for the detection of errors and irregularities.

We have translated these general objectives into specific control objectives that are related to the accounts and transactions of a business. Specific control objectives relate to the activities in each operating component that originate and process transactions. Each type of transaction results in either debits or credits to various accounts. Because a number of accounts and transactions are normally affected by a single specific control objective, the specific control objectives provide convenient and efficient reference points for considering the inputs to the Specific Risk Analysis.

PHASES OF THE AUDIT APPROACH

We can divide an audit into three phases – initial planning, programme development, and programme execution. On paper, each phase – and each step within it – appears as a separate activity. However, in practice, the phases and steps are closely interrelated and should not be regarded as distinct steps that are set aside when done. Throughout any audit, we should be alert for new developments that may affect the client's business or industry. We should continue to challenge the effectiveness and efficiency of audit procedures, and modify them if necessary (Hrd).