Auditors can reduce their work in determining whether each financial statement amount and disclosure is fairly stated if they can assure themselves that the auditee’s business processes and, particularly, its accounting system incorporates effective internal controls which can be relied on to prevent and/or detect errors and irregularities in the accounting data. If such internal controls are in place and working effectively, the auditor can feel reasonably assured that the accounting data passing through the system and presented in the financial statements is reliable and accurate.
Thus, the performance of compliance procedures includes the following three distinct steps:
(i) A review of the accounting system
This review is undertaken for two main purposes, namely:
(a) to enable the auditor to understand how the accounting system captures and processes the accounting data, and how it converts the data into the information which is presented in the entity’s financial state men Is:
(b) to identify the system’s ‘strengths’ and ‘weaknesses’, that is, internal controls which, if operating properly, can be relied upon to prevent and/or detect errors and irregularities in the accounting data (strengths), and internal controls which are needed, but which are absent or ineffective (weaknesses).
In order to ensure the auditor has a proper understanding of the accounting system and its internal controls, a ‘walk through’ test is conducted. This test consists of following one or two transactions through the entire accounting system – from their initial recording on source documents to their fInal inclusion in the financial statements.
(ii) Testing internal control ‘strengths’
As noted above, during the initial review of the accounting system, the auditor identifies internal control ‘strengths’. These controls, if operating properly, will help to ensure that the data which passes through the accounting system is complete, valid, and accurate as to amount, account classifIcation and reporting period. However, before the auditor can rely on these internal controls to protect the integrity of the accounting data, they must be tested to establish that they are, in fact, operating effectively and that they have been so operating throughout the reporting period. Such tests are referred to as compliance procedures (or tests of control): they are tests or procedures which are performed in order to ascertain whether the internal controls on which the auditor pians to rely have been complied with by personnel within the reporting entity.
(iii) Testing the financial statetnent amounts and other disclosures
The auditor is required to form and express an opinion on the truth and fairness of the financial statements rather than on the internal controls Therefore irresnective of how effective rn entity’s in1erni1 controls may appear to be, tests must always be performed to substantiate, or to test the substance of, the information presented in the financial statements. Such tests are referred to as substantive procedures.