The Difference in a Control and a Process
May 08

Internal Control and a Process: The Difference

By Charles Hall | Accounting and Auditing

What is the difference in an internal control and a process? Most accounting directions do not clearly define what a control is. So it can be difficult to sift through a thick accounting manual and identify key controls. Below, I help you distinguish between controls and processes. Why? So you can see the controls that are relevant to your audit.

The Difference in a Control and a Process

Processes and Controls in Risk Assessment

As you perform your annual walkthroughs, you determine if the company's internal controls are designed properly and if they are implemented. But what are internal controls? And how do they differ from processes?

Processes are the primary actions performed by accounting personnel. For example, a cashier receives payments and places them in a cash drawer.

Controls are the actions that ensure accuracy and safety. A business can receive payments without controls. But monies might be stolen or amounts might be recorded incorrectly. In short, accounting controls lessen misstatements in the financial statements.

In performing risk assessment, you consider whether an account balance or transaction might be misstated, whether by error or fraud. And how do you do this? By performing certain procedures such as reviewing the internal control system. This is why it's important to know what the key controls are.

Below I provide examples of cashier processes and internal controls. Why? To help you distinguish between the two.

Cashier Processes

Remember a process is what is being done. The purpose of the process, in this example, is to receive and process payments.

The cashier's work manual might direct the processes as follows:

  • Take your cash drawer from the vault each morning
  • Turn on your computer by 7:50 a.m. to ensure it is working properly
  • Open your station at 8:00 a.m. 
  • Press the f7 key before entering the receipt
  • Ask customers to place their credit cards into the credit card machine at your window
  • Press the f3 key when the receipt entry is complete

Now, let's look at sample internal controls.

Cashier Internal Controls

The accounting manual might spell out the following controls (this list is not comprehensive):

  • No purses or handbags are allowed in the cash collections area
  • Station security cameras record all activity; retain video for at least one month
  • No person receiving cash can write down or eliminate receivables (of if they can, a second person reviews and signs off on all adjustments)
  • The receipts software flags all amounts greater than $1,000 (most receipts are less than $500)
  • Only one cashier can work from a cash drawer; the cashier must lock his or her drawer upon leaving their station and must log out of their computer
  • Cashiers issue a receipt for each payment received
  • The cash supervisor observes the daily closeout count of one cashier at least once per week
  • The cash supervisor creates the daily summary deposit and provides the same to the courier for delivery to the bank

And what risks are lessened with these controls? Errors and theft.

Notice the segregation of duties. And notice the second-person reviews. The design of the system lessens the potential for misstatements.

Some controls may sound like policies such as no purses in the collection area. But what is the purpose of the requirement? To lessen the potential for theft. So I consider this a control. Granted, the distinction can get blurry. 

Also notice that some controls are automated such as the entry flag for amounts greater than $1,000. The purpose of this control is to lessen data entry error.

(By the way, new receipting technology is available to lessen theft, increase accuracy of data entry, and speed the deposit process. See the article How You Can Help Limit Retail Theft and Streamline Daily Accounting.)

Difference in Internal Controls and Processes

In summary, we see that a processes are the actions performed to get something done. Cashiers receive and process payments. By contrast, controls ensure that the resulting numbers are correct and that assets are secure from theft. 

Understanding the differences in controls and processes helps you identify key controls. And why is this important? So you can clearly see key controls while performing audit risk assessment.

Control Risk Assessment

See my article titled Audit Risk Assessment: The Why and How for additional information about control risks. If you desire to test controls for effectiveness, see Test of Controls: The Why, How, and When.

test of controls
Apr 27

Test of Controls: The Why, How, and When

By Charles Hall | Auditing

A test of controls is a response to the risk a material misstatement. Today, I tell you when to use this response and how. 

test of controls

Three Responses to the Risk of Material Misstatement

The audit standards provide three potential responses to the risk of material misstatement:

  1. Test of details
  2. Substantive analytical procedures
  3. Test of controls

Today we look at the third option.

Why Test Controls?

Which response to a risk of material misstatement (RMM) is best? That depends on what you discover in risk assessment.

If, for example, your client consistently fails to record payables, then assess the completeness assertion for control risk at high. Your response? Perform a search for unrecorded liabilities, a test of details.

By contrast, if controls for receivables are strong, then assess the existence assertion for control risk at less than high. And test controls. 

Many auditors assess control risk at high (after risk assessment is complete) and use a fully substantive approach. That is fine, especially in audits of smaller entities. Why? Because smaller entities tend to have weaker controls. As a result, controls may not be effective. And you may not be able to assess control risk at less than high. (Nevertheless, most entities do have some controls that are effective.)

Control risk assessments of less than high must be supported with a test of controls. Why? To prove effectiveness. But if controls are not effective, you must assess control risk at high. This is why you might bypass control testing. You know, either from prior experience or from current-year walkthroughs, that controls are not effective. And if you test controls and find they are ineffective, you are back to square one: a control risk assessment of high.  And now you must respond with either a test of details or substantive analytics, or a combination of the two. Testing ineffective controls is a waste of time. 

Nevertheless, if controls are effective, why not test them? Doing so allows you to reduce your substantive procedures (test of details or substantive analytics).

Once risk assessment is complete, the decision regarding responses is largely based on efficiency. If control testing takes less time, then test controls. If substantive procedures takes less time, then perform a test of details or use a substantive analytical approach. But, regardless of efficiency considerations, address all risks with appropriate responses.

Next, we'll assume that controls are anticipated to be effective. And we'll look at how to test controls.

How to Test Controls 

So you've decided to test controls for effectiveness. But how? Let's look at an example starting with risk assessment.

Risk Assessment

Your approach to testing controls depends on risk identified during risk assessment. For example, your walkthrough reveals appropriate segregation of duties. And you also see that the client issues receipts for each payment. Additionally, total daily cash inflows are reconciled to the bank statement. In other words, controls are designed properly and they have been implemented. Also, as an example, you've determined completeness is a relevant assertion. Why? Theft is a concern. 

Control Test Supports Effectiveness

Now, it's time to test for effectiveness. You've already determined segregation of duties is present. If necessary, make additional observations regarding who is doing what. And document those observations. If the client has an accounting handbook, see if there were any amendments to the control system during the period being audited. Why? You want to know if the segregation of duties was present throughout the year. Make additional inquires, if needed.

Additionally, re-perform the receipt controls on a sample basis. But before doing so, determine the controls you are testing and the sample size. For example, your sample size might be 60 receipts and the control being tested is the issuance of a receipt by an authorized person. Additionally, you might sample 25 daily reconciliations to the bank statement. Document this information including how you determined your sample sizes. Now perform your tests and document whether the controls are effective. If yes, leave your control risk at less than high. You have support for that lower risk assessment. Additionally, you can now perform fewer substantive tests. 

Test Doesn't Support Effectiveness

If your test does not support effectiveness, expand your sample size and test additional receipts. Or you can punt on the testing controls and move to a substantive approach. Regardless, if controls are not effective, consider the need to communicate the control deficiency

So, when should you test controls?

When to Test Controls

Here are two situations where you are required to test controls:

  • When there is a significant risk and you are placing reliance on controls related to that risk
  • When substantive procedures don't properly address a risk of material misstatement

Allow me to explain.

Required Test of Controls

Auditing standards allow a three-year rotation for testing controls, as long as the area tested is not a significant risk. But if the auditor plans to rely on a test of controls related to a significant risk, operating effectiveness must be tested in the current period. Additionally, the auditor should perform substantive procedures responsive to the significant risk. And those substantive procedures must include a test of details.

Also a test of controls is necessary if substantive procedures don’t properly address a risk of material misstatement. For example, consider the controls related to reallocation of investments in a 401(k). The participant goes online and moves funds from one account to another. There are no humans involved in the process, other than the participant. When processes are fully automated, substantive procedures may not provide sufficient audit evidence. If that is your situation, you must test of controls. Thankfully, a type 2 service organization control report is usually available in audits of 401(k)s. Such a report provides evidence that controls have already been tested by the service organization's auditor. And you can leverage (place reliance upon) those tests.

Three Year Rotation

As I said earlier, audit standards allow a three-year rotation for testing effectiveness. For example, if you test accounts payable controls in 2020, then you can wait until 2023 to test them again. In 2021 and 2022, you need to ensure that these controls have not changed. You also want to determine that those controls have continuing relevance in the current audit. How? See if the controls continue to address a risk of material misstatement. And as you perform your annual walkthroughs, inquire about changes, observe the controls, and inspect documents. Why? You want to know that everything is working as before. And, yes, you do need to perform those walkthroughs annually, if that is how you corroborate your understanding of controls.

In short, testing for effectiveness can occur every three years, in most cases. But risk assessment procedures (e.g., walkthroughs) must be performed annually.

So should tests occur at interim or after year-end?

Interim or Year-End Tests

Some auditors test after the period has ended. Others at interim. Which should you choose?

It depends.

If it fits better into your work schedule, perform interim test of controls. Here's an example: You perform an interim test of controls on November 1, 2019. Later, say in February 2020, consider whether controls have changed during the last two months of the year. See if the same people are performing those controls. And consider performing an additional tests of controls for the November 1 to December 31 period. Once done, determine if the controls are effective. 

But testing on an interim date is not always the answer. For example, if management is inclined to manipulate earnings near year-end, then interim tests may not be appropriate. 

If you choose to test after year-end, then you'll examine controls for the full period being audited. Your sample should be representative of that timeframe.

So should you ever test at a point in time and not over a period of time? Yes, sometimes. For example, you might test inventory count controls at year-end.


Well, can you see why testing controls is confusing? There's a lot to think about. 

As I said above, many auditors tend to rely fully on substantive responses to the risks of material misstatement. But, in some cases, that may not be the best or wisest approach. If controls are designed well and functioning, why not test them? Especially if it takes less time than substantive procedures.

Finally, take a look at my two related articles regarding responses to the risk of material misstatement: (1) Test of Details: Substantive Procedures and (2) Substantive Analytics: Smart Audit Procedures.

Identifying audit stakeholders
Apr 04

How to Identify and Manage Audit Stakeholders

By Harry Hall | Auditing

This is a guest post by Harry Hall. He is a Project Management Professional (PMP) and a Risk Management Professional (PMI-RMP). He blogs at ProjectRiskCoach. You can also follow Harry on Twitter.

Some auditors perform the same procedures year after year. These individuals know the drill. Their thought is: been there; done that.

Imagine a partner or an in-charge (i.e., project manager) with this attitude. He does little analysis and makes some costly stakeholder mistakes. As the audit team starts the audit, they encounter surprises:

  • Changes in the client stakeholders – accounting personnel and management
  • Changes in accounting systems and reporting
  • Changes in business processes
  • Changes in third-party vendors
  • Changes in the client’s external stakeholders
Identifying audit stakeholders

Picture from

Furthermore, imagine the team returning to your office after the initial work is done. The team has every intention of continuing the audit; however, some members are being pulled for urgent work on a different audit.

These changes create audit risks–both the risk that the team will issue an unmodified opinion when it’s not merited and the risk that engagement profit will diminish. Given these unanticipated factors, the audit will likely take longer and cost more than planned. And here’s another potential wrinkle: Powerful, influential stakeholders may insist on new deliverables late in the project.

So how can you mitigate these risks early in your audit?

Perform a stakeholder analysis.

“Prior Proper Planning Prevents Poor Performance.” – Brian Tracy

Continue reading

auditing investments
Apr 04

Auditing Investments: The Why and How Guide

By Charles Hall | Auditing

Want to know how to audit investments? You're in the right place. 

Below I provide a comprehensive look at how you can audit investments effectively and efficiently.

The complexity of auditing investments varies. For entities with simple investment instruments, auditing is easy. Your main audit procedure might be to confirm balances. Complex investments, however, require additional work such as auditing values. As investment complexity increases, so will your need for stronger audit team members (those that understand unusual investments). Regardless, you need an audit methodology.

So, here we go.

auditing investments

How to Audit Investments

In this post, we will take a look at:

  • Primary investment assertions
  • Investment walkthroughs
  • Directional risk for investments
  • Primary risks for investments
  • Common investment control deficiencies
  • Risk of material misstatement for investments
  • Substantive procedures for investments
  • Common investment work papers

Primary Investments Assertions

First, let’s look at assertions.

Primary relevant investment assertions include:

  • Existence
  • Accuracy
  • Valuation
  • Cutoff

The audit client is asserting that the investment balances exist, that they are accurate and properly valued, and that only investment activity within the period is recorded

While investment balances in the financial statements are important, disclosures are also vital, especially when the entity owns complex instruments

Investment Walkthroughs

Second, perform your risk assessment work in light of the relevant assertions.

As you perform walkthroughs of investments, you normally look for ways that investments might be overstated (though investments can be understated as well). You are asking, “What can go wrong?” whether intentionally or by mistake. You want to know if:

  • The controls were appropriately designed, and 
  • The controls were implemented (in use)

Walkthrough Questions

In performing investment walkthroughs, ask questions such as:

  • What types of investments are owned?
  • Are there any unusual investments? If yes, how are they valued?
  • Is a specialist used to determine investment values?
  • Who determines the classification of investments (e.g., trading, available for sale, held to maturity) and how
  • Do the persons accounting for investment activity have sufficient knowledge to do so?
  • Are timely investment reconciliations performed by competent personnel?
  • Are all investment accounts reconciled (from the investment statements to the general ledger)?
  • Who reconciles the investment accounts and when?
  • Are the reconciliations reviewed by a second person?
  • Are all investment accounts on the general ledger?
  • How does the entity ensure that all investment activity is included in the general ledger (appropriate cutoff)?
  • Who has the ability to transfer investment funds and what are the related controls?
  • Is there appropriate segregation of duties for:
    • Persons that record investments, 
    • Persons that buy and sell investments, and
    • Persons that reconcile the investment statements
  • What investment accounts were opened in the period?
  • What investment accounts were closed in the period? 
  • Who has the authority to open or close investment accounts?
  • Are there any investment restrictions (externally or internally)?
  • What persons are authorized to buy and sell investments?
  • Does the entity have a written investment policy? 
  • Does the company use an investment advisor? If yes, how often does management interact with the advisor? How are investment fees determined?
  • Are there any investment impairments?
  • Who is responsible for investment disclosures and do they have sufficient knowledge to carry out this duty?
  • Are there any cost or equity-method investments?

As we ask questions, we also inspect documents (e.g., investment statements) and make observations (e.g., who reconciles the investment statements to the general ledger?).

If control weaknesses exist, we create audit procedures to address them. For example, if during the walkthrough we note that there are improperly classified investments, then will plan audit procedures to address that risk.

Directional Risk for Investments

Third, consider the directional risk of investments.

The directional risk for investments is that they are overstated. So, in performing your audit procedures, perform procedures to ensure that balances are properly stated.

Primary Risks for Investments

Fourth, think about the risks related to investments.

auditing investments

Primary risks include:

  1. Investments are stolen
  2. Investments are intentionally overstated to cover up theft
  3. Investments accounts are intentionally omitted from the general ledger
  4. Investments are misstated due to errors in the investment reconciliations 
  5. Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
  6. Investments are misstated due to improper cutoff
  7. Investment disclosures are not accurate or complete

Common Investment Control Deficiencies

Fifth, think about control deficiencies noted during your walkthroughs and other risk assessment work.

It is common to have the following investment control deficiencies:

  • One person buys and sells investments, records those transactions, and reconciles the investment activity
  • The person overseeing investment accounting does not possess sufficient knowledge or skill to properly perform the duty
  • Investment reconciliations are not performed timely or improperly
  • The company does not employ sufficient assistance in valuing complex assets such as hedges or alternative investments

Risk of Material Misstatement for Investments

Sixth, now its time to assess your risks.

In my smaller audit engagements, I usually assess control risk at high for each assertion. (You may, however, assess control risk at less than high, provided your walkthrough reveals that controls are appropriately designed and that they were implemented. If control risk is assessed at below high, you must test controls for effectiveness to support the lower risk assessment.)

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (control risk X inherent risk = risk of material misstatement). For example, if control risk is high and inherent risk is moderate, then my RMM is moderate. 

Important Assertions

The assertions that concern me the most are existence, accuracy, valuation, and cutoff.

The assertions that concern me the most are existence, accuracy, valuation, and cutoff. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, confirming investments, testing investment reconciliations, testing values, and vetting investment disclosures.

Substantive Procedures for Investments

And finally, it’s time to determine your substantive procedures in light of your identified risks.

My customary audit tests include:

  1. Confirming investment balances agreeing them to the general ledger
  2. Inspecting period-end activity for proper cutoff
  3. Using an investment specialist to value complex instruments (if any)
  4. Vetting investment disclosures with a current disclosure checklist

I don’t normally test controls related to investments. If controls are tested and you determine they are effective, then some of the substantive procedures may not be necessary. 

Common Investment Work Papers

My investments work papers normally include the following:

  • An understanding of investment-related internal controls 
  • Risk assessment of investments at the assertion level
  • Documentation of any control deficiencies
  • Investment audit program
  • Investment reconciliations 
  • Investment confirmations
  • Valuations performed by specialists
  • Documentation of the specialist’s experience, competence, and objectivity
  • Disclosure checklist

Auditing Investments - A Simple Summary

  • The primary relevant investment assertions include existence, accuracy, valuation, and cutoff
  • Perform a walkthrough of investments by making inquiries, inspecting documents, and making observations
  • The directional risk for investments is an overstatement
  • Primary risks for investments include:
    • Investments are stolen
    • Investments are intentionally overstated to cover up theft
    • Investments accounts are intentionally omitted from the general ledger
    • Investments are misstated due to errors in the investment reconciliations
    • Investments are improperly valued due to their complexity and management’s lack of accounting knowledge
    • Investments are misstated due to improper cutoff
    • Investments disclosures are not accurate or complete
  • The substantive procedures for investments should be responsive to the identified risks; common procedures include:
    • Confirming investments 
    • Inspecting period-end activity for proper cutoff
    • Using an investment specialist to value complex instruments 
    • Vetting investment disclosures with a current disclosure checklist

Now you know how to audit investments. 

Next, we’ll see how to audit payables and expenses.

This post is a part of my series The Why and How of Auditing. Check my other posts.

Auditing Plant, Property, and Equipment
Mar 29

Auditing Plant, Property, and Equipment: The Why and How Guide

By Charles Hall | Auditing

Today, we talk about auditing plant, property, and equipment (or capital assets if you work with governments).

Plant, property, and equipment is often the largest item on a balance sheet. But the risk is often low to moderate. After all, it’s difficult to steal land or a building. And the accounting is usually not difficult. So the dollar amount can be high but the risk low.

In this post, we’ll answer questions such as, “how should we test additions and retirements of property?” and “what should we do in regard to fair value impairments?” 

Auditing Plant, Property, and Equipment

Auditing Plant, Property, and Equipment — An Overview

I will—at times in this article—refer to plant, property, and equipment as property. Governments use the term capital assets to refer to plant, property and equipment, but again, I will, for the most part, use the term property in this article.

Property is purchased for use in a business. For example, a corporate office might be bought or constructed. The building is an asset that is depreciated over its economic life. As depreciation is recorded, the book value (cost less accumulated depreciation) of the building decreases as depreciation is recognized. In other words, you expense the building as it is used.

In most reporting frameworks, including GAAP, assets are recorded at cost. Appreciation in market value is not recorded, but significant decreases, known as impairments, are booked. Property improvements (e.g., adding a new room to an existing building) are capitalized and depreciated. Repairs (e.g., painting a room) that don’t extend the life of an asset are expensed.

Also, most businesses elect to use a capitalization threshold such as $5,000. For these entities, amounts paid below the threshold are not capitalized, even if they extend the life of the asset. The amounts below the threshold are expensed as incurred.

So, how do most entities track property purchases and compute the related depreciation? They use depreciation software. Then when property is purchased, it is added to the depreciation software and an economic life (e.g., ten years) is assigned.

Below we will cover the following:

  • Primary property assertions
  • Property walkthroughs
  • Directional risk for property
  • Primary risks for property
  • Common property control deficiencies
  • Risk of material misstatement for property
  • Substantive procedures for property
  • Common property work papers

Primary Property Assertions

The primary relevant property assertions are:

  • Existence and occurrence
  • Completeness
  • Valuation
  • Classification

Of these assertions, I believe—in general—existence, occurrence, and classification are most important. So, the client is asserting that property exists, that depreciation expense is appropriate, and that amounts paid for property are capitalized (and not expensed).

Property Walkthroughs

As we perform walkthroughs of property, we are looking for ways that property might be overstated (though understatements can occur as well). 

As we perform the property walkthrough, we ask, “what can go wrong, whether intentionally or by mistake?”

In performing the walkthrough, ask questions such as:

  • Are property ledgers reconciled to the general ledger?
  • Does the entity use reasonable and consistent depreciation methods?
  • Are the depreciation methods in accordance with the reporting framework (e.g., straight line for GAAP or accelerated for tax basis)
  • Who records depreciation? 
  • Are the economic lives assigned to property appropriate?
  • What controls ensure that property is recorded in the right period?
  • What controls ensure that capital leases are capitalized as property (if applicable, see GAAP lease standards)?
  • Is there appropriate segregation of duties between persons that purchase, record, reconcile, and physically possess property?
  • What software is used to compute depreciation?
  • Does the company perform periodic physical inventories of property?
  • Are assets removed from the depreciation schedule upon sale?
  • What controls ensure that property purchases are added to the depreciation schedule (and not expensed as repairs and maintenance)?
  • What controls ensure that repair expenses are not capitalized as property?
  • What is the capitalization threshold (e.g., $5,000)?

As we ask questions, we also inspect documents (e.g., depreciation reports) and make observations (e.g., who has access to moveable property?).

If control weaknesses exist, we create audit procedures to respond to them. For example, if—during the walkthrough—we see that one person purchases property, has physical access to equipment, and performs the related accounting, then we will perform theft-related substantive procedures.

Directional Risk for Property

The directional risk for property is overstatement. So, in performing your audit procedures, perform procedures to ensure that property is not overstated. For example, vouch all significant property additions to invoices. See if the amounts added are equal to or greater than the capitalization threshold (e.g., $5,000).

Primary Risks for Property

The primary risks for property are:

  1. Property is intentionally overstated
  2. Repair expenses (or any other expenses) are improperly capitalized as property
  3. Purchases that should be recorded as property are expensed
  4. Depreciation is improperly computed and recorded (e.g., accelerated depreciation is used when straight-line is more appropriate)
  5. Moveable property (e.g., equipment) is stolen

Common Property Control Deficiencies

auditing plant, property, and equipment

In smaller entities, it is common to have the following control deficiencies:

  • One person performs more than one of the following:
    • Authorizes the purchase of property
    • Enters the property in the general ledger and depreciation schedule
    • Has physical custody of the property
    • Has responsibility for reconciling the depreciation schedule to the general ledger
  • The person computing depreciation doesn’t have sufficient knowledge to do so 
  • A second person does not review the depreciation methods for appropriateness and economic lives assigned to each property
  • No one performs surprise audits of property
  • No one performs physical inventories of property
  • There are no controls over the disposal of property
  • Appropriate bidding procedures are not used
  • No one reconciles the depreciation schedule to the general ledger
  • Property is not reviewed for potential impairments of value

(See my article providing you with ways to prevent the theft of capital assets.)

Risk of Material Misstatement for Property

In smaller engagements, I usually assess control risk at high for each assertion. If control risk is assessed at less than high, then controls must be tested to support the lower risk assessment. Assessing risks at high is usually more efficient than testing controls.

When control risk is assessed at high, inherent risk becomes the driver of the risk of material misstatement (controls risk X inherent risk = risk of material misstatement). The assertions that concern me the most are existence (for additions to property), occurrence (for depreciation), and classification (of property). With regard to classification, the business determines whether the amount should be capitalized or expensed. So my RMM for these assertions is usually moderate to high.

My response to higher risk assessments is to perform certain substantive procedures: namely, the vouching of additions to property. As RMM increases I lower the dollar threshold for vouching property additions.  

If controls related to bids are weak, your RMM for existence can be high. Bid rigging or kickbacks—fraudulent vendor actions—can result in overstatements of asset additions. 

Substantive Procedures for Property

My customary audit tests are as follows:

1. Vouch property additions to related invoices

2. Agree opening property balances in the depreciation schedule to the prior year ending balances

3. Review economic lives assigned to new property for appropriateness

4. Review the selected depreciation method in light of the property’s life

5. Compute a ratio of depreciation to property and compare the result with prior periods

6. Review new lease agreements to determine if they should be capitalized

7. Inquire about potential decreases in the value of property and request valuations if necessary

Common Property Work Papers

My property work papers normally include the following:

  • An understanding of property-related internal controls
  • Risk assessment of property at the assertion level
  • Documentation of control deficiencies related to property
  • Property audit program
  • A copy of the depreciation schedule that agrees to the general ledger
  • A summary of additions and retirements of property in the current audit period
  • Bid documents for significant construction projects or other property purchases
  • A valuation of a significant asset by a valuation specialist, if merited (potential impairment)

In Summary

In this article, we looked at how to perform property risk assessment procedures, the relevant property assertions, the property risk assessments, and substantive property procedures.

Next it’s time to turn our attention to the audit of investments.