The document discusses control risk assessment and evaluation. It covers: [1] assessing the control environment and internal control framework; [2] recording processes and systems using tools like flowcharts; and [3] evaluating internal controls through compliance testing and direct substantive testing. Compliance testing involves sampling to test if key controls were applied, while substantive testing uses analytical procedures and detailed tests to check account balances and transactions. The goal is to obtain reasonable assurance that financial statements are not materially misstated.

1. Control Risk
Assessment and evaluation
DR MUHAMMAD TAUSEEF JAVED
MBBS.DPH.FCPS(CM)M.Phil(CM).Dip-Card
DR MUHAMMAD TAUSEEF
JAVED

2. INTRODUCTION
The presentation is designed to cover the following
topics:
Assessing the control environment
Ascertaining internal control framework
Recording processes and the systems
Evaluation of internal control framework
Evaluation of control in critical systems
Compliance testing
Direct substantive testing
DR MUHAMMAD TAUSEEF
JAVED

3. Assessing the control environment
Components of internal control framework
Control environment
Risk assessment and risk management
Control activities
Information and communication
Monitoring
DR MUHAMMAD TAUSEEF
JAVED

4. Ascertain the control system
Sources of information
Information gathered and documented during planning
Internal and published communication of the entity
Interviews with the auditee management
Personal observation
Legislation and regulations
DR MUHAMMAD TAUSEEF
JAVED

5. Recording processes and the systems
Means available
Notes of meetings and interviews
Narrative descriptions
Flow charts
Organization charts
Internal Control Questionnaires
Control Evaluation Form
Record of system weaknesses
DR MUHAMMAD TAUSEEF
JAVED

6. Flow charting symbols
Input/output Decision
Process Off line storage
Manual operation
On line storage
Document Connector
Multi-documents Terminator
DR MUHAMMAD TAUSEEF
JAVED

7. Evaluation of control in critical systems
o Identify controls in the system or systems relating to
each audit issue.
o Determine if these controls are reasonably adequate
with reference to the organizational objectives.
o Identify any unusual activities or specific weaknesses,
or other risks, which need to be addressed.
DR MUHAMMAD TAUSEEF
JAVED

8. Ascertain and record
Identify controls in critical systems
Identify management objectives
Define control objectives
Record control objectives
DR MUHAMMAD TAUSEEF
JAVED

9. Compliance testing
The objective of compliance testing is to get assurance that
the internal controls on which the auditors have decided to
rely had been in place throughout the period of audit.
Sampling for compliance testing
Sample size for compliance testing depends on:
 Upper Error Limit (UEL)
 Expected number of deviations in the sample
 Confidence level to be obtained from audit procedures
Formula for calculating sample size
CF
SS =
UEL
DR MUHAMMAD TAUSEEF
JAVED

10. Compliance test program
 Specify its overall objective.
 List the tests the auditors should perform along with
the test technique.
 Be drawn up for controls of each audit issue to be
evaluated.
 Have its tests cross-referenced to the specific controls
in the control framework evaluation.
 Be revised after any major change in controls.
 Tests only key controls.
 Specify what is meant by a control failure.
 Specify when tests are to be performed.
 Specify the sample size and the length of observation
period. DR MUHAMMAD TAUSEEF
JAVED

11. Direct substantive testing
Substantive procedures involve the use of Analytical
Procedures and Substantive tests of details.
ANALYTICAL PROCEDURES
These are techniques by which the auditors:
o Study and use meaningful relationships among
elements of financial and non-financial information to
form expectations about what the recorded amounts
should be.
o Compare such expectations with the recorded amounts.
o Use the results of the comparisons to help determine
what, if any, other audit procedures are needed to obtain
reasonable assurance that the recorded amounts are not
materially misstated.
DR MUHAMMAD TAUSEEF
JAVED

12. Types of analytical procedures
o Reviews for reasonableness
o Comparative analysis
o Predictive analysis
o Statistical analysis
o Overall verification procedures
DR MUHAMMAD TAUSEEF
JAVED

13. Substantive tests of details
- 100% for very large transactions
- 100% for high risk transactions
- On sample basis for remainder
Objective of test
Balance sheet Income statement
o Completeness o Completeness
o Existence o Occurrence
o Valuation o Measurement
o Ownership o Compliance with authority
o Disclosure o Disclosure
DR MUHAMMAD TAUSEEF
JAVED

14. Methods of testing
- Physical verification
- Re-performance
- Independent third party confirmation
- Scrutiny
- Vouching
- Inspection
DR MUHAMMAD TAUSEEF
JAVED

15. Sample size for substantive test of details
Monetary Unit Sampling
Formula:
PV x CF
SS = , where
BP
SS = Sample size
PV = Population value
CF = Confidence factor
BP = Basic precision (One half of materiality amount)
DR MUHAMMAD TAUSEEF
JAVED

16. This concludes today’s session.
DR MUHAMMAD TAUSEEF
JAVED