## Tests of Controls

After understanding the internal control system, the auditor performs tests of controls to obtain audit evidence about whether controls are effective in design and operation throughout the period under audit.

---

## Two Dimensions of Control Effectiveness

Dimension	Question Asked
Design effectiveness	Is the control capable of preventing or detecting material misstatements?
Operating effectiveness	Did the control actually function as designed throughout the period?

---

## Four Procedures Used in Tests of Controls

### 1. Re-performance

The auditor independently re-executes a procedure or control that was originally performed as part of the entity's internal control.

> Example: Independently reconciling bank accounts to confirm the entity's reconciliation was correctly performed.

### 2. Inspection of Documents

Examining documents supporting transactions and other events to gain evidence that controls have operated properly.

> Example: Verifying that a transaction has been authorised (signature, approval stamp).

### 3. Inquiry and Observation

Inquiring about controls and observing who actually performs each function — particularly important for controls that leave no audit trail.

> Example: Determining who actually performs a segregation-of-duties function vs. who is supposed to.

### 4. Testing Computerised Controls

Testing automated controls operating on specific applications or over the overall IT function.

> Example: Testing whether only authorised users can access certain system modules; testing access or program change controls.

---

## Controls Leaving No Audit Trail

For controls with no documentary evidence (verbal authorisations, physical supervision), the only available tests are inquiry + observation.

---

## Re-performance vs. Inspection

	Re-performance	Inspection
Nature	Auditor independently redoes the control	Auditor reviews existing documentary evidence
Best for	Reconciliations, recalculations	Authorisation trails, approvals
Audit trail needed	No — auditor creates own evidence	Yes — documents must exist

Worked example

### Example 1

Q (PYP SEP 24 — 4 marks): CA B, auditor of Star Limited, wanted to ensure the company had correctly reconciled its bank accounts and wanted to understand how far the internal control system was operating. What kind of test of control was CA B performing? What are the other procedures?

Answer: CA B was performing Re-performance — the auditor's independent execution of procedures or controls that were originally performed as part of the entity's internal control (e.g., reconciliation of bank accounts) to ensure they were correctly performed by the entity.

Other procedures for tests of controls:

1. Inspection of documents — examining documents supporting transactions to verify controls operated properly, e.g., verifying that a transaction has been authorised.

2. Inquiry and Observation — inquiring about controls and observing who actually performs each function, especially for controls leaving no audit trail.

3. Testing computerised controls — testing automated controls operating on specific applications, e.g., access controls or program change controls.

⚠️ Common exam mistakes

Confusing 're-performance' with 'inspection' — re-performance means the auditor independently redoes the control, not merely reviews evidence that it was done
Forgetting that tests of controls assess both design AND operating effectiveness
Missing that inquiry and observation are specifically used for controls that leave no audit trail
Omitting computerised control testing as a fourth procedure — exam answers often list only three

Reference:

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →

Tests of Controls — Procedures and Re-performance

Worked example

⚠️ Common exam mistakes