Test of control is a testing mechanism or procedure designed by auditors to test/assess the functional ability of the internal controls implemented by the audit client. The internal controls are designed and implemented to prevent/detect material misstatements in the business’s financial statements.
So, why do auditors need to test internal controls?
The auditors perform a test of control (TOC) at the planning stage to assess the level of risk carried by audit engagement. In simple words, if the result of the test of control suggests that the internal control implemented by the audit client is strong, it reflects lower audit risk. On the other hand, if TOC finds that internal controls implemented by audit clients are weak, it results in higher risk and extensive audit procedures to get reasonable assurance.
How do auditors perform tests of controls?
Auditors generally adopt the following ways to assess the efficiency of internal controls.
Observation—Observation refers to the auditor’s physical appearance when testing internal controls. For instance, when counting inventory, auditors usually ensure their physical presence and observe stock movement. This helps auditors assess whether the audit client has been actively complying with internal controls related to inventory count and vice versa.
Inspection—This involves reviewing the supporting documents to understand and ascertain audit evidence. For instance, auditors can access and inspect documents like purchase orders, invoices, delivery notes, payment support, and other documents related to financial transactions under consideration. The inspection enables auditors to understand whether the audit client has complied with the internal controls. For instance, the signature/approval on the purchase order depicts that the PO was approved.
Inquiry refers to asking questions from the audit client. The purpose of asking questions is to understand technical aspects, assess risk, and plan/perform audit procedures accordingly.
Recalculation– It’s about re-adding the numbers to ensure the total reached does not have inaccuracy.
Walkthrough testing involves going through detailed aspects of recording transactions in the accounting record. For instance, walkthrough testing for a specific purchase transaction is expected to follow a given order.
- Review of purchase order—The purchase order needs to be authorized by the appropriate approving authority within the business. So, if there is an approval/signature, the implemented control seems reliable, and vice versa.
- Signed goods received a note – There should be approval or signature on the goods received note as evidence that the goods received were checked in terms of quality and quantity. So, the signature on the receiving note signals favorable test results and vice versa.
- Signed supplier invoice—The Signature on the invoice depicts that the invoice was reviewed in terms of units and rates received from the supplier.
- Singed accounting voucher—The signature of the accounts manager on the voucher indicates that the accounting entry was reviewed.
- Signed payment voucher—The voucher’s signature, which is on the appropriate-level authority, indicates that the appropriate authority approved the payment.
Depending on the complexity of the functions and processes, various controls can be implemented in the purchase, payable, and payment processes.
Impact of TOC on the Audit
The results obtained via TOC have a direct impact on audit risk. So, if TOC identifies weak internal controls, it leads to higher risk, extended audit procedures, and a higher audit fee. On the contrary, if TOC identifies strong internal controls, it leads to lower risk, limited audit procedures, and a lower audit fee.
How to test management override of controls
The test of control (TOC) is the way to test management override of controls. Management override of controls refers to the adverse attitude of the audit client/management towards internal controls. So, if you find that management is not committed to implementing controls and has developed an attitude that does not carry value for the internal controls, this situation is referred to as management override of controls.
Conclusion
Test of control refers to audit procedures designed to assess the functional efficiency of the implemented internal controls. In the first place, auditors use tests of controls to determine the level of risk carried by audit engagement. TOC results have a significant impact on engagement risk. For instance, weak internal control leads to higher risk and extended audit procedures and vice versa.
Secondly, TOC can be used to collect sufficient and appropriate audit evidence. However, it should be done in addition to substantive procedures. Similarly, audit engagement is riskier when management overrides the controls.
Daniyal Khatri, ACCA, is a seasoned bookkeeping specialist with over a decade of experience in designing precise, compliant financial systems. His expertise spans daily transaction tracking, ledger management, and financial record accuracy, ensuring businesses maintain organized, audit-ready books. Daniyal excels at aligning processes with evolving compliance standards, integrating user-friendly tools to automate workflows, and translating regulatory complexities into actionable steps. By combining technical proficiency with a focus on clarity, he empowers organizations to achieve error-free bookkeeping, minimize risk, and build a foundation for informed financial decisions.
Leave a Reply