Welcome

Tests of controls - Purpose of tests of controls

ResourcesTests of controls - Purpose of tests of controls

Learning Outcomes

After studying this article, you will be able to explain the purpose of tests of controls within the audit process. You will learn why auditors perform these tests, how tests of controls differ from substantive procedures, and the impact of effective controls on audit assurance and work. You will also be able to identify when and how tests of controls are applied in major accounting cycles.

ACCA Foundations in Audit (FAU) Syllabus

For ACCA Foundations in Audit (FAU), you are required to understand how, when, and why auditors apply tests of controls. This article is particularly relevant for revision in the following areas:

  • The purpose of tests of controls in the audit process
  • The link between tests of controls, control risk, and audit evidence
  • The distinction between tests of controls and substantive procedures
  • Application of tests of controls to major transaction cycles (e.g. sales, purchases, payroll)
  • Factors influencing whether and to what extent tests of controls are performed
  • Influence of control effectiveness on the nature, timing, and extent of audit work

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

  1. What main objective do tests of controls help an auditor achieve during an audit engagement?
  2. When might an auditor decide not to perform tests of controls during the audit?
  3. State the difference between a test of control and a substantive procedure.
  4. Why does finding strong internal controls affect the amount of other audit work an auditor performs?

Introduction

In many audits, the auditor needs to decide whether they can rely on a client’s internal controls to support the figures in the financial statements. Even well-designed controls on paper may not always work in practice. To make this decision, the auditor uses tests of controls. Understanding why these tests are performed, and how their results influence the entire audit approach, is essential for exam success in audit and assurance.

Key Term: test of control
An audit procedure designed to evaluate whether a control in the client’s system is operating effectively to prevent, or detect and correct, material misstatements.

Key Term: control risk
The risk that a material misstatement will not be prevented, or detected and corrected, by the entity’s internal controls on a timely basis.

THE PURPOSE OF TESTS OF CONTROLS

Auditors perform tests of controls to determine whether key internal controls in the client’s systems are working as intended throughout the period. The results help the auditor assess the level of control risk and decide how much reliance can be placed on those controls for the audit.

If controls are shown to be effective, the auditor may reduce the amount of detailed substantive testing performed on transactions and balances. If controls are weak or not operating, the auditor must plan for more extensive substantive procedures.

Tests of controls focus on how the client’s staff perform their procedures in practice—not just on the documented policies. For example, simply having an approval process is not enough; it must operate consistently as described.

Key Term: substantive procedure
An audit procedure designed to detect material misstatements at the assertion level, such as tests of details or substantive analytical procedures.

WHEN ARE TESTS OF CONTROLS PERFORMED?

Tests of controls are performed when:

  • The auditor plans to place reliance on controls to reduce substantive work
  • The client’s systems are relevant to producing reliable financial statement information
  • Controls are judged, after walk-through or documentation, to be well-designed

Where controls are absent, weak, or not relevant, the auditor will proceed directly to detailed substantive testing.

EXAMPLES OF TESTS OF CONTROLS

Tests of controls may include:

  • Inspecting documents for evidence of signatures/approvals (e.g. reviewing invoices for sign-off)
  • Observing staff carrying out control activities (e.g. witnessing segregation of duties during cash handling)
  • Re-performing control procedures (e.g. recalculating batch totals)
  • Enquiring of staff about roles and their understanding of control procedures
  • Checking reconciliations have been performed and independently reviewed

Worked Example 1.1

Scenario:
You are auditing the payroll system at Larkspur Ltd. All overtime payments must be authorised in writing by department managers. As an auditor, how might you test this control?

Answer:

  • Select a sample of payroll periods including overtime claims.
  • Examine overtime claim forms for each sample, ensuring each is signed by the relevant manager.
  • Confirm that only claims with authorisation are included in the payroll.
  • This verifies both the design and operation of the control.

HOW TESTS OF CONTROLS DRIVE THE AUDIT STRATEGY

The overall audit strategy depends heavily on the assessed effectiveness of internal controls. If tests of controls provide evidence that controls operate effectively, the auditor can set control risk as low and carry out fewer or less detailed substantive procedures.

If, during tests, controls are found not to be operating (for instance, approval signatures are regularly missing), control risk will be set higher, and the audit will require more substantive testing.

Worked Example 1.2

Scenario:
During the audit of Meander Co's purchases system, you find that, although the policy is for all purchase orders above £10,000 to be authorised by a director, your test of 20 orders reveals that 6 lack appropriate sign-off. What does this mean for your audit?

Answer:

  • The control is not operating effectively; control risk is higher than expected.
  • You must increase the extent of your substantive work on purchases and payables.
  • You may also raise the issue with management as a control deficiency.

Exam Warning

It is a common error to assume that if a control exists, the auditor can always rely on it. In exams, you must state that controls must be tested for actual operation—not just for existence—before placing reliance on them.

THE LINK BETWEEN TESTS OF CONTROLS AND AUDIT RISK

Tests of controls help the auditor assess control risk, which is a component of overall audit risk.

  • If control risk is low (controls are effective), detection risk can be higher—meaning less work is required to detect errors.
  • If control risk is high (controls ineffective), detection risk must be lower—more work is needed to pick up possible material misstatements.

Remember: A single failure in a key control is enough to stop the auditor relying on it and can change the audit approach.

Revision Tip

When answering ACCA exam questions, always clearly state the relationship between effective controls, reliance on tests of controls, and the impact on the extent of substantive audit procedures.

TESTS OF CONTROLS VS. SUBSTANTIVE PROCEDURES

While tests of controls focus on whether the control activities are operating effectively, substantive procedures concentrate on whether the financial statement numbers are materially misstated—regardless of controls.

It is important not to confuse these two types of audit work. The results of tests of controls help determine how much substantive testing is necessary but are not a substitute for it.

Worked Example 1.3

Scenario:
An auditor wants to confirm that all sales in the year have been recorded completely. Should they perform a test of control or a substantive procedure?

Answer:

  • A test of control would check that the process for recording all dispatched goods as sales is followed, for example by reviewing matched despatch notes and sales invoices for completeness.
  • A substantive procedure would directly test the sales ledger for entries or missing items, for example by selecting despatch notes and tracing them through to the sales ledger.
  • Both tests may be needed, but they have different purposes.

Summary

Tests of controls are audit procedures that determine whether key controls in client systems operate effectively. Effective controls enable auditors to reduce the quantity and detail of other audit procedures. The results of these tests directly affect audit strategy by influencing the assessed control risk and the types and extent of further work required. Tests of controls must focus on actual operation, not mere existence, and are used together with, not in place of, substantive tests.

Key Point Checklist

This article has covered the following key knowledge points:

  • Explain the purpose and importance of tests of controls in an audit
  • Define a test of control and control risk
  • Identify examples of tests of controls in common transaction cycles
  • Understand when and why auditors perform tests of controls
  • State how results of tests of controls affect the audit strategy and extent of substantive work
  • Distinguish between tests of controls and substantive procedures

Key Terms and Concepts

  • test of control
  • control risk
  • substantive procedure

Assistant

How can I help you?
Expliquer en français
Explicar en español
Объяснить на русском
شرح بالعربية
用中文解释
हिंदी में समझाएं
Give me a quick summary
Break this down step by step
What are the key points?
Study companion mode
Homework helper mode
Loyal friend mode
Academic mentor mode
Expliquer en français
Explicar en español
Объяснить на русском
شرح بالعربية
用中文解释
हिंदी में समझाएं
Give me a quick summary
Break this down step by step
What are the key points?
Study companion mode
Homework helper mode
Loyal friend mode
Academic mentor mode

Responses can be incorrect. Please double check.