Compare procedures for tests of controls over purchases in a manual system and in IT environment

Tests of controls-manual system

(a) Ordering

– Carry out sequence test of purchase orders
– Inspect signatures of the persons who have approved purchase orders
– Verify that the purchase orders have been approved within the authority limits.

(b) Receiving

– Carry out sequence check of GRNs
– Inspect cross referencing with suppliers invoices.

(c) Suppliers invoices

– Carry out sequence test (number assigned by the entity)
– Inspect initials of the persons who

  • Matched suppliers invoices with GRN and purchase orders
  • Checked arithmetical accuracy
  • Checked coding
  • Entries in the purchase day book.

(d) Credit notes

– Inspect initials of the person who approved credit note.

(e) Accounts payable

– Inspect reconciliation of control account and subsidiary ledger.

(f) Cut-off

– Obtain a sample of GRNs and agree to the inventory data base to verify that inventory data base has been correctly updated.
– Obtain a sample of invoices agree details to individual payable accounts in the payable data base it confirm that the liability has been recorded in the correct payable’s account.
– Select a sample of invoices and check arithmetical accuracy.
– Select a sample of invoices and agree with GRNs to confirm that quantities billed agree to quantities received.

Test of controls IT environment

1. Review entity’s purchasing input controls

Input controls over purchases are designed to provide reasonable assurance that:

• Suppliers invoices are authorized before being processed by computer
• Suppliers’ invoices are not lost, added, duplicated or improperly changed
• Suppliers invoices are accurately converted into machine readable form and recorded in the suppliers data files
• Incorrect invoices are rejected, corrected and if necessary resubmitted on a timely basis.

2. Review purchasing processing controls

• Suppliers’ invoices are properly processed by computer
• Suppliers’ invoices are not lost, added, duplicated or improperly changed
• Processing errors are indented and corrected on a timely basis.

3. Review purchasing output controls

• Results or processing are accurate
• Access to output is restricted to authorized persons
• Out put is provided on a timely basis.

4. Evaluate controls exercised by the user

(a) Manual controls exercised by the users:

If manual controls exercised by the user of the purchase application system are capable of providing reasonable assurance that the system’ output is complete, accurate and authorized, the auditor may decide to limit test of controls to those manual controls. For example:

• Anticipatory input control for purchase during a period
• Test checking of purchase output commutations
• Matching with goods received notes
• Approval of setting up liabilities
• Comparison with suppliers statements

In this case the auditor may wish to test only manual controls exercised by the user. The controls to be tested may use the output produced by the computer in the form of magnetic media, microfilm or printouts.

(b) Programmed controls procedures

If purchasing application performs tasks for which no visible evidence is available; it may be impracticable for the auditor to perform tests manually. The lack of visible  evidence may occur at different stages in the purchasing application. For example:

• Purchase orders may be non existent where such orders are entered on – line
• GRNs, purchase order and suppliers invoices may be matched by a computer program
• There may be no visible evidence that all suppliers’ invoices have been processed
• Output reports may not be produced by the system. The print out may only contain outstanding invoices, with supporting details retained in the computer.

5. Test data

In a purchasing system, test data techniques may include processing by the auditor some dummy suppliers invoices. Alternative techniques may be:

(a) Test specific controls in purchasing application such as on – line password and access to suppliers master file and transaction file

(b) Test specific processing characteristics of purchasing application on suppliers invoices created by the auditor. Such invoices are generally processed separately from the entity’s normal processing.

(c) Test suppliers invoices in an integrated test facility where a “dummy” entity is established and to which suppliers invoices created by the auditor are posted during normal processing cycle.

6. Application of test data to purchasing tests of controls

a) Create stimulated purchasing transactions, including records with errors.

The errors may include:
• Invalid suppliers name
• Excessive prices
• Extension error
• Incorrect product code

(b) Enter the transactions on work sheet along with predetermined computer results

(c) Process summarized transactions .with the client’s computer program

(d) Compare computer results. with predetermined results. If the two sets match, the controls are assumed to be effective.

The auditor should be cautious that the computer application is the same program as used in daily operations.

The auditor obtains evidence about the operating effectiveness of internal controls from tests of controls. What matters should be considered in determining extent of such tests?

Following matters should be considered in determining extent of the auditors’ test of controls:

  • the frequency of performance of the controls by the entity during the period
  • the length of time during the audit period that the auditor is relying on the operating effectiveness of control
  • the relevance and reliability of audit evidence
  • the extent to which audit evidence is obtained form tests of other controls related to assertion
  • the extent to which the auditor plans to rely on tests of controls in the assessment risks (and thereby reduce substantive procedures based on reliance of such controls)
  • the expected deviation from controls.

 Why the auditor should obtain evidence about implementation of internal controls throughout the year.

The auditor should obtain evidence regarding effective operation of control throughout the year as it may be possible that controls do not operate in certain months.

In the context of purchases give one example of test of control for each assertion.


Posted on November 3, 2015 in The Auditor Response to Assessed Risks

Share the Story

Back to Top
Share This