Dr. Dan Kneer Advisory Group
|
Dr. Dan Kneer Advisory Group |
|
|
Robust Internal Control Testing: Tests of Effectiveness (TOEs) and Tests of Design (TODs)There is a unique difference in “reviews” versus “tests” of controls. Luckily, both SOX and the new suite of risk assessment SASs require Tests of Controls effectiveness. Tests of Controls (TOCs) can be divided into two genres: Tests of Effectiveness (TOEs) and the lesser Tests of Design (TODs). TODs reflect a lighter approach to controls reviews, consisting of review of documentation/inquiry as to the design of a control … but do not tell you if the control is working. TOEs “get at” the functionality of a control, in a production environment. It’s a true wind-tunnel test (sort of like the “flock of geese” test). At some point, an auditor must ask: “is this control WORKING?” What you need to know is … “when can/should I (e.g., must I) perform a TOE?” In this class we will examine the difference in TOEs and TODs, and consider the necessary audit procedures and sample sizes to achieve either test. Further, we will ask if we can leverage off of any Continuous Control Monitoring being performed. Do workpapers, or evidence differ for TOEs and TODs and, ironically, might CCM make TOEs easier (less audit effort) to perform than TODs? THIS CLASS HAS A STRONG HANDS-ON COMPONENT, WITH SEVERAL COMPUTERIZED CASES. |
|
Copyright © 2009 Dr. Dan Kneer Advisory Group.
All rights reserved. Last Updated: 30 July 2010 |
