AA
Audit tests: the difference between tests of control and substantive tests
The purpose of audit tests
The purpose of audit tests, or audit procedures, is to allow the auditor to collect sufficient appropriate audit evidence to be able to conclude with reasonable assurance that the financial statements (FS) are free of material misstatement. If sufficient appropriate audit evidence cannot be obtained, or the evidence points to a material misstatement in the FS, the auditor will have to issue a modified audit opinion.Misstatements will find their way into published financial statements only if three events all happen:
- An error is made in the first place. The risk of that happening is known as ‘inherent risk’, and assessing that is a very big part of audit planning (not the subject of this article).
- The client’s internal control system does not prevent, identify or correct the error. This is known as ‘control risk’.
- The auditor does not detect the error during the audit. This is known as ‘detection risk’.
Therefore, the auditor must:
- Assess the effectiveness of the internal control system. This means investigating both its design and its operation. The operation of the internal controls is assessed by carrying out tests of control.
- Obtain additional, direct evidence about the amounts shown in the FS. This evidence is obtained using substantive testing.
The controls that would help to prevent that include:
- Take up credit references on new customers.
- Establish a credit limit.
- Producing aged receivables analyses.
- The follow up amounts that are not paid on time.
The operation of these controls needs to be tested. For example:
- Look at the client’s files where credit references are kept to ensure that every customer was investigated. The auditor would inspect the references.
- Look for evidence of new orders being rejected if they would breach the credit limit. This could be tested by inspecting copies of notifications sent to customers. The auditor might also consider using test data to observe if an order exceeding the credit limit is actually rejected.
- Inspecting notes made by the credit controller of conversations held with slow payers and perhaps enquiring about the follow-up procedures that are carried out.
Tests of control can be grouped into:
Enquiry and confirmation. For example, ask the credit controller about the way in which customers are encouraged to pay and ask how these customers are identified and how often they are followed up. This is a relatively weak source of evidence because the credit controller might exaggerate his or her efforts. Inspection. For example, the credit references or notes made by the credit controller of conversations. Observation. For example, observing the credit controller at work. Recalculation and reperformance. For example, ensuring that the aged receivables analysis seems to be accurate. Even when internal control systems are very good, the auditor will always carry out tests on the figures in the FS. The work has to address all the assertions made by each material figure. For example, valuation, completeness, existence etc. These tests are substantive tests and consist of:- Analytical procedures and
- Tests of detail.
- Writing to customers asking them to confirm the amount owed (existence and ownership).
- Tracing, by inspection, some sales invoices to the Dr side of customers’ accounts (existence and ownership).
- Observation/inspection of amounts received after year end. This gives evidence about valuation because if a payment is received subsequently the debt was obviously not bad.
- Recalculation of bad debt provisions.


Keep it up.
You are the real buddies
********NOT********