7.4. OPERATING EFFECTIVENESS
7.4.1. Test Design Considerations
Your tests of application-level controls should allow you to gather sufficient evidential matter to support your conclusion about the effectiveness of internal control. To be "sufficient," the evidence should be persuasive or convincing. A preponderance of the evidence gathered should support your conclusion. The evidence does not have to be incontrovertible to support your conclusion. You do not have to prove your point beyond a shadow of a doubt.
Your tests of operating effectiveness should be designed to determine:
How the control procedure was performed
The consistency with which it was applied
By whom it was applied
7.4.2. Risk-Based Approach to Designing Tests
Chapter 1 discusses the risk-based, top-down approach to evaluating internal control. That approach, as described by the Securities and Exchange Commission's interpretative guidance, directs management to consider risk when designing tests of controls. The greater the risk of misstatement associated with a control, the more reliable your tests should be. Less reliable tests can be performed when risks are lower.
The reliability of a test is influenced by three factors:
Nature. The type of the test you perform is referred to as its "nature." There are three types of tests:
Inquiry. Think of inquiry as providing circumstantial evidence about the performance of a control. For example, if you ask the accounting clerk "Did you perform the month-end reconciliation," ...
Get How to Comply With Sarbanes-Oxley Section 404: Assessing the Effectiveness of Internal Control now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
