The finance and investment cycle relies on internal controls like authorization, custody, record keeping, and periodic reconciliation to mitigate misstatement risks. Testing the operating effectiveness of these controls ensures they function as designed, particularly for high-value, infrequent transactions managed by senior officials. The document emphasizes that while substantive procedures are common due to transaction materiality, tests of controls are critical to assess reliability.
Auditors test controls through:
Inquiries: Asking management about control processes and oversight.
Observations: Watching control activities in action (e.g., reconciliation processes).
Document Inspection: Reviewing evidence of authorizations and reconciliations.
Walkthroughs: Tracing transactions to verify control operation, especially for fair value determinations.
The document provides examples of tests of controls within the context of the cycle’s financing and investing activities, aligned with significant accounts (Investments, Long-Term Debt, Capital Stock, Retained Earnings) and their assertions (Existence/Occurrence, Completeness, Valuation, Presentation/Disclosure).
Financial Planning
Control: Board-approved capital budget authorizes financing and investments.
Test of Control:
Inspect board minutes to verify capital budget approval, ensuring authorization for major financing activities.
Inquire with CFO about cash flow forecast preparation and integration with the budget to confirm completeness of planning.
Assertions Tested: Completeness, Presentation/Disclosure.
Purpose: Confirms the board oversees financing plans, reducing unauthorized transaction risks.
Control: Board authorization for stock/debt issuances, with executive signatures and external transfer agent/registrar tracking.
Test of Control:
Examine registration documents for directors’ signatures to verify authorization (Existence/Occurrence).
Obtain transfer agent reports and compare with company records to ensure all issuances are recorded (Completeness).
Inquire about delegation procedures to CFO/treasurer for routine transactions, checking for documented approvals.
Assertions Tested: Existence/Occurrence, Completeness, Presentation/Disclosure.
Purpose: Ensures only authorized issuances occur and are fully disclosed.
Control: CFO/controller compares payment notices, tracks due dates, prepares vouchers, and accrues interest, with control/subsidiary accounts for large firms.
Test of Control:
Inspect payment notices and trace to ledger entries to verify debt recording (Completeness).
Review interest accrual schedules for accuracy and vouch to supporting documents (Valuation).
Examine subsidiary accounts (if applicable) to ensure all debt is captured and classified correctly (Presentation/Disclosure).
Assertions Tested: Completeness, Valuation, Presentation/Disclosure.
Purpose: Validates accurate and complete debt records, preventing omissions or valuation errors.
Control: Stock reconciled with registrar/transfer agent reports; bonds with trustee reports; small firms inspect certificate books.
Test of Control:
Obtain registrar reports and compare to company records to confirm stock issuance accuracy (Completeness).
Observe bond reconciliation process with trustee reports to verify debt existence (Existence/Occurrence).
Inspect stock certificate books for smaller firms, checking independent review evidence (Completeness).
Assertions Tested: Existence/Occurrence, Completeness.
Purpose: Detects unrecorded or fictitious securities, ensuring accurate records.
Control: Board or investment committee approves investment policies and major transactions.
Test of Control:
Inspect board minutes for evidence of investment policy and transaction approvals (Existence/Occurrence).
Inquire with committee members about approval processes to ensure consistency (Completeness).
Assertions Tested: Existence/Occurrence, Completeness.
Purpose: Verifies investments are authorized, reducing unauthorized transaction risks.
Control: Securities in brokerage accounts or safes under dual control; intangibles in secure files.
Test of Control:
Observe safe access procedures to confirm dual control (e.g., two signatures) is enforced (Existence/Occurrence).
Inspect brokerage account agreements to verify securities are held securely (Valuation).
Examine file access logs for intangibles to ensure restricted access (Existence/Occurrence).
Assertions Tested: Existence/Occurrence, Valuation.
Purpose: Ensures assets are protected, supporting recorded balances.
Control: Authorized purchases via vouchers/checks (manual) or electronic controls; skilled accountants apply complex standards.
Test of Control:
Trace vouchers/checks to board approvals to confirm authorized purchases (Completeness).
Review electronic transaction logs for multifactor authentication evidence (Existence/Occurrence).
Examine valuation workpapers for fair value calculations, verifying accountant qualifications (Valuation, Presentation/Disclosure).
Assertions Tested: Existence/Occurrence, Completeness, Valuation, Presentation/Disclosure.
Purpose: Ensures accurate recording and valuation of investments.
Control: Broker confirmations or physical securities counts verify holdings, with detailed records.
Test of Control:
Obtain broker confirmations and compare to company records to verify holdings (Existence/Occurrence, Completeness).
Observe securities count to confirm details (e.g., CUSIP numbers) are recorded accurately (Valuation).
Inspect count schedules for evidence of regular execution (Completeness).
Assertions Tested: Existence/Occurrence, Completeness, Valuation.
Purpose: Prevents overstatement or omission, ensuring accurate investment records.
Tests of controls in the finance and investment cycle evaluate the operating effectiveness of controls like authorization, custody, record keeping, and reconciliation, ensuring they mitigate misstatement risks for significant accounts (Investments, Long-Term Debt, Capital Stock, Retained Earnings). Examples include:
Authorization: Inspecting board minutes for approvals (Existence, Completeness).
Custody: Observing dual control access (Existence, Valuation).
Record Keeping: Tracing documents to verify recording and valuation (Completeness, Valuation, Presentation/Disclosure).
Reconciliation: Comparing external reports to records (Existence, Completeness, Valuation).
These tests confirm controls function to support relevant assertions, though auditors often supplement with substantive procedures due to the cycle’s high materiality and management override risks.