A test of controls is an audit procedure to test the effectiveness of a control used by a client entity to prevent or detect material misstatements. Depending on the results of this test, auditors may choose to rely upon a client's system of controls as part of their auditing activities. However, if the test reveals that controls are weak, the auditors will enhance their use of substantive testing, which usually increases the cost of an audit. The following are general classifications of tests of controls:
- Reperformance. Auditors may initiate a new transaction, to see which controls are used by the client and the effectiveness of those controls.
- Observation. Auditors may observe a business process in action, and in particular the control elements of the process.
- Inspection. Auditors may examine business documents for approval signatures, stamps, or review check marks, which indicate that controls have been performed.
If the inspection approach is used, a test of controls is typically conducted for a sample of documents related to transactions that occurred throughout the year. Doing so provides evidence that the system of controls has operated in a reliable manner throughout the reporting period.
A test of controls is made irrespective of the dollar amount of the underlying business transaction. The main point of the test is to see if a control functions properly, so the dollar amount of a transaction is not of consequence to the goal of the test.
If the auditors encounter an error in a test of controls, they will expand the sample size and conduct further testing. If additional errors are found, they will consider whether there is a systematic controls problem that renders the controls ineffective, or if the errors appear to be isolated instances that do not reflect upon the overall effectiveness of the control in question.