Form 18**S.

1, Cash

Overview

Risk of Material Misstatement Worksheet Overview

GENERAL INSTRUCTIONS
This template has been developed to provide illustrative examples to assist the auditors in addressing the Risks of Material Misstatement (ROMM) fo
The pre-populated risks of material misstatement (i.e., "what could go wrong") and relevant control activities included within this template are deri
Misstatement, Related Control Objectives and Control Activities" of the Guidance Note on Audit of Internal Financial Controls Over Financial Reportin
identified are are also illustrative.

Terminology
Within this template, the term class of transactions refers to Statement of Profit and Loss accounts and account balance refers to Balan
used to describe an activity or series of activities that results in one or more classes of transactions, account balances, and disclosures.

Transaction Types, Relevant Assertions, or Risks of Material Misstatement Referenced to Other Audit Area Documentation
To the extent that a relevant assertion or a transaction type is appropriately addressed and documented within documentation of another class of tr
template, redundant documentation is not necessary although specific referencing is appropriate. Consider referencing, as appropriate, to other
misstatement, relevant control activities, and planned procedures to test the operating effectiveness of the control activities and substantive proced

Combining Risks
Certain risks of material misstatement contain more than one risk; bullets are used to identify individual risks within the combined risk. These com
process and have a common control that mitigates the risk of material misstatement for each of the individual risks. Depending on the circumstanc
combined risks in a single business process or with a single control), you may need to separate the combined risks into individual risks.

ROMM Overview Tab

This worksheet within the template is intended to be a dashboard presenting a summary of the audit plan for the account including the (1) releva
address each risk of material misstatement and (2) related control design, implementation, and operating effectiveness conclusions. The dashboard
description and the more extensive description of the control activities and/or substantive procedures on subsequent worksheets within the templat

Form 18**S.1, Cash

Overview

sstatement (ROMM) for material classes of transactions and account balances.

this template are derived from Appendix IV "Illustrative Risks of Material
Over Financial Reporting. The substantive procedures responsive to the risks

lance refers to Balance Sheet accounts. The term transaction type is

sclosures.

n of another class of transactions, account balance, or disclosure ROMM

appropriate, to other audit sections that document the risks of material
nd substantive procedures.

bined risk. These combined risks ordinarily are part of a single business
ng on the circumstances of the entity (e.g., if the entity does not address the
dual risks.

ncluding the (1) relevant control activities and substantive procedures that
usions. The dashboard provides internal linking between the summarised
ets within the template.

Form 18**S.1, Cash

ROMM Overview

CASH AND BANK: Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure ROMM Overview

Note 1

Cash

Cash

Note 2

Valuation and
Allocation

Completeness

Rights and
Obligations

Account
Balance/
Class of
Transactions/
Disclosure

Existence

Assertion Name
Relevant Assertion
at the Period-End

Identification of Risk of Material

Misstatement
("What Could Go Wrong")

Risk Description
Note 3

X Cash receipts:
Have been recorded (when there
are non-existent cash receipts), or
have been improperly recorded
Have not been recorded/applied
Are not accurately recorded.

Classification of
Significant
Inherent Risk Risk of Material
Findings or
(Normal,
Misstatement
Issues?
Significant)
Due to Fraud?
Note 4

Note 5

Note 6

Risk Associated
with the
Control
(Not Higher,
Higher)
Note 7

Control That Addresses Risk of Material

Misstatement
Control Name
Note 8

Control
Control
Design
Implementation
Conclusion
Conclusion
(Effective,
(Implemented,
Ineffective) Not Implemented)

Control OE
Conclusion
(Effective,
Ineffective)

Note 9

Bank Statements Reconciled to General Ledger; Differences Investigated and ResolvedOn a

Bank Statements Reconciled to General Ledger; Differences Investigated and ResolvedAccou

Cash exists in bank accounts that
have not been recorded in the
general ledger.

Form 18**S.1, Cash

ROMM Overview

Note 1

Cash

Note 2

Valuation and
Allocation

Completeness

Rights and
Obligations

Account
Balance/
Class of
Transactions/
Disclosure

Existence

Assertion Name
Relevant Assertion
at the Period-End

Identification of Risk of Material

Misstatement
("What Could Go Wrong")

Risk Description
Note 3

Classification of
Significant
Inherent Risk Risk of Material
Findings or
(Normal,
Misstatement
Issues?
Significant)
Due to Fraud?
Note 4

Note 5

Note 6

Risk Associated
with the
Control
(Not Higher,
Higher)
Note 7

Control That Addresses Risk of Material

Misstatement
Control Name
Note 8

Control
Control
Design
Implementation
Conclusion
Conclusion
(Effective,
(Implemented,
Ineffective) Not Implemented)

Control OE
Conclusion
(Effective,
Ineffective)

Note 9

New bank accounts are only opened through the direction and approval of Board of Directors
Not all bank accounts have been
recorded in the general ledger.

Form 18**S.1, Cash

ROMM Overview

CASH AND BANK: Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure ROMM Overview

Account
Balance/
Class of
Transactions/
Disclosure

Substantive Procedures Planned

Note 1

Cash

Note 10

Confirm Cash

AND
Perform Tests of Details on Bank Reconciliations (Additive Items)

AND
Perform Tests of Details on Bank Reconciliations (Subtractive Items)

Cash

Confirm Cash

Form 18**S.1, Cash

Account
Balance/
Class of
Transactions/
Disclosure

Substantive Procedures Planned

Note 1

Cash

ROMM Overview

Note 10

Confirm Cash

Form 18**S.1, Cash

Plan Control Testing

CASH AND BANK: Account Balance (Balance Sheet)/Class of Transactions (Statement of Profit and Loss)/Disclosure Control Testing

Control That Addresses Risk of Material Misstatement

Description
Note 8

Bank Statements Reconciled to General Ledger; Differences

Investigated and Resolved
Bank statements are reconciled to the general ledger regularly and
differences are investigated and resolved on a timely basis.
On a daily basis, cash receipts recorded to the general ledger are
agreed to bank deposit slips by accounting personnel. Discrepancies
are investigated and resolved.
Accounts personnel record bank account transactions to the general
ledger on a daily basis; Accounts Manager (Management) reviews
recorded transactions and cash position regularly for unusual activity
and investigates and resolves issues on a timely basis.

New Bank Accounts Require Approval; Management Approves

New GL Account and JE Prior to Posting
New bank accounts are only opened through the direction and
approval of management. When new bank accounts are approved
and opened, finance personnel create the general ledger account and
prepare the journal entry to record the initial balance in the account.
Management [Title/Role] reviews and approves the new general
ledger account and journal entry, including supporting
documentation, before the journal entry is recorded.

Operating
Frequency
Control Operating
(Annually,
Effectiveness Testing
Quarterly,
Strategy
Monthly,
Is IPE Used in
(Test in Current Period,
Weekly, Daily,
Testing or
Using Prior Period
Control
Many Times
Performing a
Evidence, OE Testing Not Year Last per Day, As
Control
Relevant
Required)
Tested
Needed)
Automated?
Control?
Note 11

Note 12

Note 13

Note 14

List IPE

Application
System

Testing
Reference
IPE

Note 15

Note 16

Testing
Reference
Reference
to
General IT Evaluation
Controls
of D&I
Note 17

Note 18

Form 18**S.1, Cash

Plan Control Testing

CASH AND BANK: Account Balance (Balance Sheet)/Class of Transactions (Statement of Profit and Loss)/Disclosure Control Testing

Control That Addresses Risk of Material Misstatement

Description
Note 8

Bank Statements Reconciled to General Ledger; Differences

Investigated and Resolved
Bank statements are reconciled to the general ledger regularly and
differences are investigated and resolved on a timely basis.
On a daily basis, cash receipts recorded to the general ledger are
agreed to bank deposit slips by accounting personnel. Discrepancies
are investigated and resolved.
Accounts personnel record bank account transactions to the general
ledger on a daily basis; Accounts Manager (Management) reviews
recorded transactions and cash position regularly for unusual activity
and investigates and resolves issues on a timely basis.

New Bank Accounts Require Approval; Management Approves

New GL Account and JE Prior to Posting
New bank accounts are only opened through the direction and
approval of management. When new bank accounts are approved
and opened, finance personnel create the general ledger account and
prepare the journal entry to record the initial balance in the account.
Management [Title/Role] reviews and approves the new general
ledger account and journal entry, including supporting
documentation, before the journal entry is recorded.

Operating
Frequency
Control Operating
(Annually,
Effectiveness Testing
Quarterly,
Strategy
Monthly,
Is IPE Used in
(Test in Current Period,
Weekly, Daily,
Testing or
Using Prior Period
Control
Many Times
Performing a
Evidence, OE Testing Not Year Last per Day, As
Control
Relevant
Required)
Tested
Needed)
Automated?
Control?
Note 11

Note 12

Note 13

Note 14

List IPE

Application
System

Testing
Reference
IPE

Note 15

Note 16

Testing
Reference
Reference
to
General IT Evaluation
Controls
of D&I
Note 17

Note 18

Planned Nature, Tim

Form 18**S.1, Cash

Plan Substantive Testing

CASH: Audit Plan by Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure Substantive Testing
Information Produced by the Entity
(IPE)

Substantive Procedures Planned

Note 10

Confirm Cash
A. Obtain the schedule of bank accounts and the reconciliation of the schedule to
the general ledger. Agree applicable amounts from the cash accounts schedule and
reconciliation to the general ledger and trace significant reconciling items, if any, to
supporting documents.
B. Make an audit sample of bank accounts. Obtain reconciliations of the selected
accounts to the general ledger. For each selection, perform the following:
(1) Prepare, or have the entity prepare, standard bank confirmation requests for the
selected bank accounts. Mail the confirmation requests under our control,
determine that the requests are properly addressed (i.e., obtain audit evidence
about the accuracy and completeness of addresses provided by the entity), and
request that all replies be sent directly to our office.
(2) Send second requests for nonreplies.
(3) Compare replies to the balance-per-bank in the bank reconciliations. Agree all
other amounts reported in the replies to the general ledger or appropriate records.
Prepare, or have the entity prepare, reconciliations of exceptions. Trace reconciling
items to supporting documents.
(4) For confirmations not received, trace outstanding items listed on the bank
reconciliation to the subsequent month's bank statement and, for those not traced,
trace to the cash disbursements records for the period prior to the balance sheet.

Planned Extent of Substantive Testing

[Risk (Not Significant) and Relying on Controls Low
Extent of Testing
Risk (Not Significant) and Relying on Controls Normal Is IPE Used
Extent of Testing
in
Significant Risk and Relying on Controls
Performing
Risk (Not Significant) and Not Relying on Controls
Substantive
Significant Risk and Not Relying on Controls]
Testing?
List IPE
Note 22
Note 14

Application
System
Note 15

Testing
Reference
IPE
Note 16

Testing
Reference
Substantive
Procedures
Note 20

Form 18**S.1, Cash

Plan Substantive Testing

Information Produced by the Entity
(IPE)

Substantive Procedures Planned

Note 10

C. Determine if there is a system or process in place that facilitates electronic

confirmation between us and the confirmation respondent.
(1) If we plan to rely on such a system or process, assess the design and operating
effectiveness of the electronic and manual controls with respect to such process.
a. An assurance trust services report or another auditors' report on such a process
may assist us in assessing the design and operating effectiveness of the electronic
and manual controls.
i. Such a report would usually address risks related to the reliability of the
information obtained through the confirmation process that we will use as audit
evidence, including the risks that:
The information obtained may not be from an authentic source
A respondent may not be knowledgeable about the information to be confirmed
The integrity of the information may have been compromised.
ii. If the above risks are not adequately addressed in the report, perform additional
procedures to address such risks.
(2) National Office has approved the use of Capital Confirmation Inc. (CCI), for
electronic confirmations from banks that have designated CCI to process
confirmation requests from auditors.

Perform Tests of Details on Bank Reconciliations (Additive Items)

A. For those bank accounts selected in "Confirm Cash" procedure B, perform the
following:
(1) Make an audit sample of additive reconciling items and perform the following:
a. Examine related accounting records, subsequent or current bank statements,
bank credit advices, or other evidence, and determine that the selected items are
properly included as additive reconciling items.

Planned Extent of Substantive Testing

[Risk (Not Significant) and Relying on Controls Low
Extent of Testing
Risk (Not Significant) and Relying on Controls Normal Is IPE Used
Extent of Testing
in
Significant Risk and Relying on Controls
Performing
Risk (Not Significant) and Not Relying on Controls
Substantive
Significant Risk and Not Relying on Controls]
Testing?
List IPE
Note 22
Note 14

Application
System
Note 15

Testing
Reference
IPE
Note 16

Testing
Reference
Substantive
Procedures
Note 20

Form 18**S.1, Cash

Plan Substantive Testing

Information Produced by the Entity
(IPE)

Substantive Procedures Planned

Note 10

Perform Tests of Details on Bank Reconciliations (Subtractive Items)

A. For those bank accounts selected in "Confirm Cash" procedure B for the testing of
the Existence assertion of cash, perform the following:
(1) Make an audit sample of items from subsequent bank statements representing
paid checks, bank debit advices, and other items that potentially should be
subtractive items in the bank reconciliations items and perform the following:
a. Examine related accounting records, subsequent or current bank statements,
bank credit advices, or other evidence, and determine that the selected items are
properly included as subtractive reconciling items.

Planned Extent of Substantive Testing

[Risk (Not Significant) and Relying on Controls Low
Extent of Testing
Risk (Not Significant) and Relying on Controls Normal Is IPE Used
Extent of Testing
in
Significant Risk and Relying on Controls
Performing
Risk (Not Significant) and Not Relying on Controls
Substantive
Significant Risk and Not Relying on Controls]
Testing?
List IPE
Note 22
Note 14

Application
System
Note 15

Testing
Reference
IPE
Note 16

Testing
Reference
Substantive
Procedures
Note 20

Form 18**S.1, Cash

Plan Substantive Testing

CASH: Audit Plan by Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure Substantive Testing
Information Produced by the Entity
(IPE)

Substantive Procedures Planned

Note 10

Confirm Cash
A. Obtain the schedule of bank accounts and the reconciliation of the schedule to
the general ledger. Agree applicable amounts from the cash accounts schedule and
reconciliation to the general ledger and trace significant reconciling items, if any, to
supporting documents.
B. Make an audit sample of bank accounts. Obtain reconciliations of the selected
accounts to the general ledger. For each selection, perform the following:
(1) Prepare, or have the entity prepare, standard bank confirmation requests for the
selected bank accounts. Mail the confirmation requests under our control,
determine that the requests are properly addressed (i.e., obtain audit evidence
about the accuracy and completeness of addresses provided by the entity), and
request that all replies be sent directly to our office.
(2) Send second requests for nonreplies.
(3) Compare replies to the balance-per-bank in the bank reconciliations. Agree all
other amounts reported in the replies to the general ledger or appropriate records.
Prepare, or have the entity prepare, reconciliations of exceptions. Trace reconciling
items to supporting documents.
(4) For confirmations not received, trace outstanding items listed on the bank
reconciliation to the subsequent month's bank statement and, for those not traced,
trace to the cash disbursements records for the period prior to the balance sheet.

Planned Extent of Substantive Testing

[Risk (Not Significant) and Relying on Controls Low
Extent of Testing
Risk (Not Significant) and Relying on Controls Normal Is IPE Used
Extent of Testing
in
Significant Risk and Relying on Controls
Performing
Risk (Not Significant) and Not Relying on Controls
Substantive
Significant Risk and Not Relying on Controls]
Testing?
List IPE
Note 22
Note 14

Application
System
Note 15

Testing
Reference
IPE
Note 16

Testing
Reference
Substantive
Procedures
Note 20

Findings and
Observations
(None Noted, Change to
Plan, Identified or
Suspected Fraud,
Management Letter
Comment, Misstatement)
Note 21

Form 18**S.1, Cash

Plan Substantive Testing

Information Produced by the Entity
(IPE)

Substantive Procedures Planned

Note 10

C. Determine if there is a system or process in place that facilitates electronic

confirmation between us and the confirmation respondent.
(1) If we plan to rely on such a system or process, assess the design and operating
effectiveness of the electronic and manual controls with respect to such process.
a. An assurance trust services report or another auditors' report on such a process
may assist us in assessing the design and operating effectiveness of the electronic
and manual controls.
i. Such a report would usually address risks related to the reliability of the
information obtained through the confirmation process that we will use as audit
evidence, including the risks that:
The information obtained may not be from an authentic source
A respondent may not be knowledgeable about the information to be confirmed
The integrity of the information may have been compromised.
ii. If the above risks are not adequately addressed in the report, perform additional
procedures to address such risks.
(2) National Office has approved the use of Capital Confirmation Inc. (CCI), for
electronic confirmations from banks that have designated CCI to process
confirmation requests from auditors.

Perform Tests of Details on Bank Reconciliations (Additive Items)

A. For those bank accounts selected in "Confirm Cash" procedure B, perform the
following:
(1) Make an audit sample of additive reconciling items and perform the following:
a. Examine related accounting records, subsequent or current bank statements,
bank credit advices, or other evidence, and determine that the selected items are
properly included as additive reconciling items.

Planned Extent of Substantive Testing

[Risk (Not Significant) and Relying on Controls Low
Extent of Testing
Risk (Not Significant) and Relying on Controls Normal Is IPE Used
Extent of Testing
in
Significant Risk and Relying on Controls
Performing
Risk (Not Significant) and Not Relying on Controls
Substantive
Significant Risk and Not Relying on Controls]
Testing?
List IPE
Note 22
Note 14

Application
System
Note 15

Testing
Reference
IPE
Note 16

Testing
Reference
Substantive
Procedures
Note 20

Findings and
Observations
(None Noted, Change to
Plan, Identified or
Suspected Fraud,
Management Letter
Comment, Misstatement)
Note 21

Form 18**S.1, Cash

Plan Substantive Testing

Information Produced by the Entity
(IPE)

Substantive Procedures Planned

Note 10

Perform Tests of Details on Bank Reconciliations (Subtractive Items)

A. For those bank accounts selected in "Confirm Cash" procedure B for the testing of
the Existence assertion of cash, perform the following:
(1) Make an audit sample of items from subsequent bank statements representing
paid checks, bank debit advices, and other items that potentially should be
subtractive items in the bank reconciliations items and perform the following:
a. Examine related accounting records, subsequent or current bank statements,
bank credit advices, or other evidence, and determine that the selected items are
properly included as subtractive reconciling items.

Planned Extent of Substantive Testing

[Risk (Not Significant) and Relying on Controls Low
Extent of Testing
Risk (Not Significant) and Relying on Controls Normal Is IPE Used
Extent of Testing
in
Significant Risk and Relying on Controls
Performing
Risk (Not Significant) and Not Relying on Controls
Substantive
Significant Risk and Not Relying on Controls]
Testing?
List IPE
Note 22
Note 14

Application
System
Note 15

Testing
Reference
IPE
Note 16

Testing
Reference
Substantive
Procedures
Note 20

Findings and
Observations
(None Noted, Change to
Plan, Identified or
Suspected Fraud,
Management Letter
Comment, Misstatement)
Note 21

Form 18**S.1, Cash

Notes

NOTES
Note 1

Account Balance/Class of Transactions/Disclosure

Within this template, the term class of transactions refers to Statement of Profit and Loss accounts and account balance r
The term transaction type is used to describe an activity or series of activities that results in one or more classes of transactions, acc

Note 2

Relevant AssertionsThe assertions are considered at the class of transactions, account balance, and disclosure level. Se
NOTE: For a class of transactions ( Statement of Profit and Loss account), account balance (Balance Sheet account), or disclosure, if
relevant, include documentation in the working papers explaining why the assertion is not relevant for that class of transactions, acco

Note 3

Risk of Material Misstatement

For the material classes of transactions, account balances, and disclosures [significant accounts and disclosures] identified, the audit
material misstatement at the relevant assertion level to provide a basis for designing and performing further audit procedures.
Consideration of transaction types may be relevant to such identification and assessment of risks of material misstatement at the rel
transactions, account balances, and disclosures.

Form 18**S.1, Cash

Note 4

Notes

Significant Findings or Issues

Significant Findings or Issues
Significant findings or issues represent matters of importance to the audit in planning, supervising, and reviewing the audit. These it
findings or issues to draw the attention of engagement leaders to them and to designate them as matters for which the audit partner
review in addition to that of the manager. While a significant risk gives rise to an audit response that is incremental to that required f
or issue may not result in changes to the nature, timing, or extent of audit testing. However, significant findings or issues are separa
(including planning ) and a more detailed review by the audit partner could be warranted.

Risks of material misstatement related to significant findings or issues, identified during planning and which affect the audit procedur
customisation of one or all of the related risks of material misstatement, control activities, and/or the related substantive procedures
Significant findings or issues for planning purposes include, but are not limited to, the following:

- Risks of material misstatement that are determined to be significant risks and the results of the auditing procedures performed in r
- Matters that are significant involving the selection, application, and consistency of accounting principles, including related disclosure
pronouncements)
- Accounting for complex or unusual transactions
- Accounting estimates highly dependent upon judgment
- Significant uncertainties
- Matters that led to the classification of engagement risk as greater than normal or much greater than normal
- Circumstances that cause us significant difficulty in applying necessary audit procedures.

Form 18**S.1, Cash

Note 5

Notes

Classification of Inherent Risk

As part of the risk assessment, the auditor is required to determine whether any of the risks identified are, in their judgment, a signi
judgment, they are required to exclude the effects of identified controls related to the risk.
A significant risk is an identified and assessed risk of material misstatement that, in the auditor's judgment, requires special auditor

Risks of material misstatement related to significant risks may result in customisation of one or all of the related risks of material mis
related substantive procedures described in this template.

In exercising judgment as to which risks are significant risks, the auditor is required to consider at least the following:
- Whether the risk is a risk of fraud
- Whether the risk is related to recent significant economic, accounting, or other developments and, therefore, requires specific atten
- The complexity of transactions
- Whether the risk involves significant transactions with related parties
- The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving
uncertainty
- Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise ap

Form 18**S.1, Cash

Note 6

Notes

Risk of Material Misstatement Due to Fraud?

The auditor is required to use professional judgment to determine whether a fraud risk factor is present and whether it is to be consi
misstatement of the financial statements due to fraud.
There are certain risks that are presumed to exist on each audit engagement. The presumed risks due to fraud are revenue recognit
controls.

The auditor is required to treat those assessed risks of material misstatement due to fraud as significant risks and accordingly, to the
required to obtain an understanding of the entitys related controls, including control activities, relevant to such risks, and evaluate w
suitably designed and implemented to mitigate such fraud risks.

Identifying potential fraud schemes may facilitate the evaluation of the design of relevant controls and the development of effective a
Note 7

Risk Associated with the Control

The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a mate

If the risk of material misstatement associated with the related account(s) or assertions(s) is a significant risk, the risk associated wi

Note 8

Identification and Documentation of Relevant Control Activities

Audit of Financial Statements along with Audit of Internal Financial Controls Over Financial Reporting (Integrated Audit)
If an integrated audit is being performed, control activities that are relevant to the audit include those that address the assessed ris
relevant assertion.

Note 9

Nonintegrated Audits
The auditor isrequired
obtain an understanding
of control
activities relevant
to the audit, i.e. those that he judges necessary to un
Conclusion
Design,toImplementation,
Operating
Effectiveness
of Controls
of material
misstatement
at the
assertionDoes
levelaand
design further
audit
to assessed
risks.
Was
a deviation
or exception
identified?
deficiency
exist? If
yes,procedures
the auditorresponsive
needs to evaluate
the deficiency
individually and
deficiencies. He needs to determine if the deficiency is a deficiency, a significant deficiency, or a material weakness and communicat
He is required to obtain an understanding of the process for reconciling detailed records to the general ledger for material classes of
He should determine whether he has a basis for relying on those controls and whether he will be able to perform his planned extent
Control activities
thatneeds
are relevant
to the
are:
integrated
audit, he
to evaluate
theaudit
effect
on the IFC opinion.
- Those that are required to be treated as such, being control activities that relate to significant risks and those that relate to risks fo
do not provide sufficient appropriate audit evidence; or
- Those that are in the auditors judgment considered to be relevant.

Relevant controls include:

- Controls that address significant risks
- Controls that address risks for which substantive procedures alone are not sufficient
- Controls that the auditor plans to rely upon to reduce substantive testing
- Controls over journal entries
- Controls that the auditor believes are necessary to understand in order to plan substantive procedures as part of their further audit
appropriate audit evidence
- Reconciliations of detailed records to the general ledger for material classes of transactions and account balances.

Form 18**S.1, Cash

Note 10

Notes

Substantive Procedures Planned

Irrespective of the assessed risks of material misstatement, the auditor is required to design and perform substantive procedures for
each material class of transactions, account balance, and disclosure [significant account and disclosure].

The nature, timing, and extent of planned procedures may vary in response to the assessed risk of material misstatement at the ass

A substantive procedure may address more than one risk. The auditor should consider the audit procedures and risks which they add
substantive procedures so that the substantive procedures performed are effective and efficient.

Nature and Extent of Substantive Procedures

Depending on the circumstances, the auditor may determine that:
- Performing only substantive analytical procedures will be sufficient to reduce audit risk to an acceptably low level (e.g., where the a
audit evidence from tests of controls)
- Only tests of details are appropriate
- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks
Note 11

Note 12

- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks
Control Operating Effectiveness Testing Strategy
In an integrated audit, the auditor is required to test the operating effectiveness of controls in each of the five components of interna
relevant controls within the control environment, entity's risk assessment process, information system relevant to financial reporting
components, and (2) those controls that address the assessed risks of material misstatement for each relevant assertion. The objec
of IFC is to obtain audit evidence about the effectiveness of controls to support the opinion on the entitys internal control over financ

Control Year Last Tested

The "Control Year Last Tested" represents the last year the relevant control was tested using a normal extent of testing.

Note 13

Operating Frequency

Depending on the circumstances, the auditor may use professional judgment to determine that larger sample sizes may be appropria
performing tests of controls that address one or more significant risks.

When testing the operating effectiveness of a control that operates less frequently than many times per day, depending on the natur
with the control, and the number of times that it is applied when it operates, additional selections to test its operating effectiveness m

Note 14

Information Produced by the Entity (IPE)

Form 18**S.1, Cash

Notes
Types of IPE may include, but are not limited to:

- Standard "out of the box" reports as taken out from the system that have not been modified and do not allow for customisation of
- Parameter-driven reports generated by the entity's application system that allow for user selection of inputs (fields/parameters) to
- Custom-developed reports that are not standard to the application and are defined and generated by user-operated tools such as s
language, and query tools
- Spreadsheets that include relevant information (e.g., data (1) obtained from an outside source, (2) manually entered into a spread
using spreadsheet formulas or data exported from ledger system into an MS Access Database, and (4) then manipulated and summa
- Client-prepared analyses and schedules that are manually prepared by entity personnel either from information generated from the
or external sources.
Internal Controls IPE in the Context of Internal Controls

IPE in the context of internal controls may include the following:

- Information that the auditor uses to test a relevant control
- Information that entity personnel are dependent upon to perform a relevant control
Substantive Procedures
IPE in the Context of Substantive Audit Procedures

IPE in the context of substantive audit procedures includes information that the auditor uses when performing substantive audit proc
starting point or subject of substantive audit procedures, the planned substantive audit procedures will typically address the accuracy
and no additional procedures may therefore be necessary. In other cases, substantive audit procedures may use a report that is not
procedures and/or tests of relevant controls, and it may be necessary to perform additional procedures to address the completeness

Note 15

Application System
Document the names of relevant application systems.

Identifying the relevant application system allows the auditor to establish the linkage between the risks of material misstatement to
and IT infrastructure relate, the relevant IT risks related to these application systems and IT infrastructure, and the general IT contro

General IT-controls may be relevant to the audit if:

- The entity relies on data related to significant accounts and disclosures that by their nature require general IT controls to address t
- Any of the entity's relevant controls are automated controls
- Any of the entitys relevant controls rely on information produced by the entity or if the auditor intends to make use of information
and performing further procedures and he plans to obtain evidence of the accuracy and completeness of such information by testing
maintenance of the information
- The auditor has judged that it is not possible or practicable for him to obtain sufficient appropriate audit evidence to address certain
through performing substantive procedures and the relevant controls identified over such risks are automated controls or controls th

Form 18**S.1, Cash

Note 16

Notes
Planned Procedures to Obtain Audit Evidence of Accuracy and Completeness of IPE
Reference to where IPE testing is performed.

For nonintegrated audits performed, when using information produced by the entity the auditor is required to evaluate whether the i
purposes, including as necessary in the circumstances:
Obtaining audit evidence about the accuracy and completeness of the information
Evaluating whether the information is sufficiently precise and detailed for his purposes.
Note 17

Note 18

Testing Reference General IT Controls

Include tickmark or cross-reference (as specific as possible) to the IT Risk Worksheet General Information Technology or other su
For
an audit of IFC which is integrated with the audit of the financial statements (an integrated audit), when testing a relevant contro
is documented
produced by the entity (and the effectiveness of the control is therefore dependent upon the accuracy and completeness of such info
identify controls that address the accuracy and completeness of such information produced by the entity and (2) test the design and
controls.
Reference to Evaluation of D&I

Include a tickmark or cross-reference to where the evaluation of design and implementation is documented. The evaluation of desig
Obtaining
audit evidence
about the accuracy
and completeness
of information
produced
bywithin
the entity
includes procedures to address
control activities
may be documented
in a separate
working paper
or within a tab
inserted
this template.
The accuracy and completeness of the source data

The creation
and modification
of the applicable report logic and parameters.
Evaluation
of Design
and Implementation

Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capa
detecting and correcting, material misstatements.
Implementation of a control means that the control exists and that the entity is using it.

The evaluation of the design of controls documentation may include consideration of the (1) the nature and significance of the risks o
the control, (2) the characteristics or details of the control, and (3) the following factors to determine whether the control is appropr
control) to address the identified risk.
Note 19

Planned Nature, Timing, and Extent of Procedures to Evaluate Operating Effectiveness of Controls
Consider nature, timing, and extent of tests when planning procedures to evaluate operating effectiveness of controls.

Nature of Tests of Controls

Nature of tests of controls includes inspection of documentation supporting the auditors inquiries, reperformance supporting such inq
such inquiries.
Extent of Tests of Controls
When more persuasive audit evidence is needed regarding the effectiveness of a control, it may be appropriate to increase the exten
the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the followi
- The frequency of the performance of the control by the entity during the period
- The length of time during the audit period that the auditor is relying on the operating effectiveness of the control
- The expected rate of deviation from a control
- The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control at the assertio
- The extent to which audit evidence is obtained from tests of other controls related to the assertion.
In addition, matters the auditor may also consider in determining the extent of tests of controls include the following:
- The nature of the control, including, in particular, whether it is a manual control or an automated control
- For an automated control, the effectiveness of relevant general IT controls.

Form 18**S.1, Cash

Notes

Timing of Tests of Controls

The auditor is required to test controls for the particular time, or throughout the period, for which he intends to rely on those control
basis for his intended reliance.
Note 20

Testing Reference
Include tickmark or cross-reference (as specific as possible) to supporting working papers where testing is documented. Include refe
of others, use of specialists, and rollforward procedures if tested at an interim date.

Note 21

Findings and Observations

NOTE: When evaluating the operating effectiveness of relevant controls, the auditor is required to evaluate whether misstatements t
procedures indicate that controls are not operating effectively. The absence of misstatements detected by substantive procedures, ho
evidence that controls related to the assertion being tested are effective. The identification by the auditor of a material misstatemen
audit in circumstances that indicate that the misstatement would not have been detected by the entitys internal control is an indicat

Note 22

The auditors evaluation of the effect of the findings of his substantive procedures on the effectiveness of internal control is required
following:
-Planned
The appropriateness
of the nature,
timing, and extent of substantive procedures, especially those related to fraud, based on the as
Extent of Substantive
Testing
-A Findings
with
respect
to
non-compliance
laws
related partyThe
transactions
substantive procedure may address morewith
than
oneand
riskregulations
of materialand
misstatement.
planned extent of substantive testing would
-extent
Indications
of
management
bias
in
making
accounting
estimates
and
in
selecting
accounting
of substantive testing for all risks of material misstatement to which the procedure has principles
been linked (e.g., if a substantive proc
-misstatements
The appropriateness
ofone
his conclusions
on risk,
the effectiveness
of internal
control
when
misstatements
are detected
by his
substantive
and only
is a significant
the substantive
procedure
would
be performed
to address
the extent
of testing
nece

Form 18**S.1, Cash

Notes

and Loss accounts and account balance refers to Balance Sheet accounts.
ults in one or more classes of transactions, account balances, and disclosures.

account balance, and disclosure level. See the "Assertions" tab of this template for a description and examples of each assertion.
ance (Balance Sheet account), or disclosure, if an assertion is not considered
not relevant for that class of transactions, account balance, or disclosure.

accounts and disclosures] identified, the auditor is required to identify risks of

nd performing further audit procedures.
nt of risks of material misstatement at the relevant assertion level for classes of

Form 18**S.1, Cash

Notes

supervising, and reviewing the audit. These items are categorised as significant
te them as matters for which the audit partner is required to perform a primary
response that is incremental to that required for a normal risk, a significant finding
wever, significant findings or issues are separately identified in audit documentation
nted.

g planning and which affect the audit procedures performed, may result in
es, and/or the related substantive procedures described in this template.

ollowing:

ults of the auditing procedures performed in response to those risks

counting principles, including related disclosures (e.g., new accounting

uch greater than normal

res.

Form 18**S.1, Cash

Notes

risks identified are, in their judgment, a significant risk. In exercising this

risk.
e auditor's judgment, requires special auditor consideration.

of one or all of the related risks of material misstatement, control activities, and/or
consider at least the following:

opments and, therefore, requires specific attention

risk, especially those measurements involving a wide range of measurement

of business for the entity, or that otherwise appear to be unusual.

Form 18**S.1, Cash

Notes

factor is present and whether it is to be considered in assessing the risks of material

sumed risks due to fraud are revenue recognition and management override of

aud as significant risks and accordingly, to the extent not already done so, he is
ctivities, relevant to such risks, and evaluate whether such controls have been

ant controls and the development of effective audit procedures.

ctive and, if not effective, the risk that a material weakness would result.

s(s) is a significant risk, the risk associated with the control is higher.

cial Reporting (Integrated Audit)

dit include those that address the assessed risks of material misstatement for each

audit, i.e. those that he judges necessary to understand in order to assess the risks
ponsive
to assessed
risks.
eeds
to evaluate
the deficiency
individually and in combination with other
ency, or a material weakness and communicate the deficiency, as appropriate.
s to the general ledger for material classes of transactions and account balances.
he will be able to perform his planned extent of substantive procedures. In an

gnificant risks and those that relate to risks for which substantive procedures alone

antive procedures as part of their further audit procedures to obtain sufficient

ctions and account balances.

Form 18**S.1, Cash

Notes

design and perform substantive procedures for each relevant assertion related to
t and disclosure].

essed risk of material misstatement at the assertion level.

the audit procedures and risks which they address when planning and performing
efficient.

k to an acceptably low level (e.g., where the assessment of risk is supported by

onsive to the assessed risks

onsive to the assessed risks

trols in each of the five components of internal control each year, including (1)
rmation system relevant to financial reporting and communication, and monitoring
ement for each relevant assertion. The objective of the tests of controls in an audit
nion on the entitys internal control over financial reporting.

using a normal extent of testing.

mine that larger sample sizes may be appropriate, for example, when they are

n many times per day, depending on the nature of the control, the risk associated
selections to test its operating effectiveness may be made.

Form 18**S.1, Cash

Notes

modified and do not allow for customisation of inputs/outputs

user selection of inputs (fields/parameters) to generate the report output
nd generated by user-operated tools such as scripts, report writers, programming

de source, (2) manually entered into a spreadsheet, (3) summarised or analysed

tabase, and (4) then manipulated and summarised)
nel either from information generated from the entity's system or from other internal

uses when performing substantive audit procedures. If the information is the

procedures will typically address the accuracy and completeness of the information,
audit procedures may use a report that is not the subject of the substantive audit
ional procedures to address the completeness and accuracy of the report.

etween the risks of material misstatement to which the relevant application systems
nd IT infrastructure, and the general IT controls that address such risks.

nature require general IT controls to address their integrity and reliability

he auditor intends to make use of information produced by the entity in designing

d completeness of such information by testing controls over the preparation and

t appropriate audit evidence to address certain risks of material misstatement only

ch risks are automated controls or controls that rely on general IT-controls.

Form 18**S.1, Cash

Notes

f IPE

e auditor is required to evaluate whether the information is sufficiently reliable for his

s.

General Information Technology or other supporting working papers where testing

egrated audit), when testing a relevant control that is dependent upon information
on the accuracy and completeness of such information), the auditor is required to (1)
uced by the entity and (2) test the design and operating effectiveness of such

tation is documented. The evaluation of design and implementation of relevant

dted
bywithin
the entity
includes procedures to address:
this template.
or in combination with other controls, is capable of effectively preventing, or

t.

e (1) the nature and significance of the risks of material misstatement addressed by
s to determine whether the control is appropriately designed (i.e., the precision of a

tiveness of Controls
erating effectiveness of controls.

s inquiries, reperformance supporting such inquiries, and observation supporting

ol, it may be appropriate to increase the extent of testing of the control. As well as
e extent of tests of controls include the following:
effectiveness of the control

ting effectiveness of the control at the assertion level

the assertion.
controls include the following:
automated control

Form 18**S.1, Cash

Notes

, for which he intends to rely on those controls, in order to provide an appropriate

ers where testing is documented. Include reference, if applicable, to use of the work

required to evaluate whether misstatements that have been detected by substantive

ments detected by substantive procedures, however, does not provide audit
ation by the auditor of a material misstatement of the financial statements under
ed by the entitys internal control is an indicator of a material weakness.

he effectiveness of internal control is required to include, at a minimum, the

pecially those related to fraud, based on the assessed risk of material misstatement
transactions
he
planned extent of substantive testing would equate to the most extensive planned
ounting
ure has principles
been linked (e.g., if a substantive procedure is addressing multiple material
misstatements
are detected
by his
substantive
procedures.
erformed to address
the extent
of testing
necessary
to address the significant risk).

Form 18**S.1, Cash

Assertions

Assertions used by us to consider the different types of potential misstatements that may occur (i.e., "what could go wrong") fall into the following three
categories and may take the following forms:
Assertions about classes of transactions and events for
the period under audit (Statement of Profit and Loss
Accounts):

The following are examples of potential Misstatements relating to the assertions

below. These examples are neither exhaustive nor always applicable as facts
and circumstance may vary from one entity to the next.

Occurrence

Transactions and events that have

been recorded have occurred and
pertain to the entity.

Potential Misstatements relating to the Assertion occurrence, for classes of transactions

and events for the period under audit, may result from:
- Fictitious or unauthorised transactions are entered on source documents or directly into
the application system (input).
- Transactions are duplicated when input.
- Invalid input is captured in the subsidiary ledgers.

Completeness

All transactions and events that

should have been recorded have
been recorded.

Potential Misstatements relating to the Assertion completeness, for classes of transactions

and events for the period under audit, may result from:
- Transactions or events that are not identified and therefore are not entered on a source
document or directly into the application system (input)
- Input is not captured into the subsidiary ledgers
- Input that is rejected is not resubmitted for capture in the subsidiary ledger.

Accuracy

Amounts and other data relating to

recorded transactions and events
have been recorded appropriately.

Potential Misstatements relating to the Assertion accuracy, for classes of transactions and
events for the period under audit, may result from:
- Input is inaccurately captured into the subsidiary ledgers.
- Input or subsequent processing reflects amounts in excess or less than appropriate
amounts.
- Processing of transactions is inaccurate (i.e., summarising, calculating, and posting).
- Inaccurate adjustments are made to the subsidiary ledgers or general ledger.

Cutoff

Transactions and events have been

recorded in the correct accounting
period.

Potential Misstatements relating to the Assertion cutoff, for income statement account
balances, may result from:
- Transactions or events that have occurred or will occur are recorded too early (i.e., they
are recorded in a period prior to when they should have been recorded).
- Transactions or events that have occurred are recorded too late (i.e., they are recorded
in a period after the period in which they should have been recorded).

Classification

Transactions and events have been

recorded in the proper accounts.

Potential Misstatements relating to the Assertion classification, for classes of transactions

and events for the period under audit, may result from:
- Input is recorded in the incorrect subsidiary ledger or general ledger account.
- Subsequent processing of a transaction results in it being reflected in the incorrect
subsidiary ledger or general ledger account.

Assertions about account balances at the period-end

(balance sheet accounts):
Assets, liabilities, and equity interests
Existence
exist.

Potential Misstatements relating to the Existence assertion, for balance sheet account
balances, may result from:
- A balance sheet account balance that was previously correctly recorded no longer exists
and the sale/adjustment has not been recorded.
- Sale of an asset with no recording of the sale.
- Theft of an asset with no recording of the loss.

Rights and
obligations

The entity holds or controls the rights

to assets, and liabilities are the
obligations of the entity.

Potential Misstatements relating to the Assertion rights and obligations, for balance sheet
account balances, may result from:
- The entity no longer having the right to an asset that was previously correctly recorded
- The entity no longer having an obligation to settle a liability that was previously
correctly recorded

Completeness

All assets, liabilities, and equity

interests that should have been
recorded have been recorded.

Potential Misstatements relating to the Assertion completeness, for balance sheet account
balances, may result from:
- A liability that should have been recorded has not been recorded (e.g., no accrual at
period-end for certain liabilities).

Valuation and
allocation

Assets, liabilities, and equity interests

are included in the financial
statements at appropriate amounts
and any resulting valuation or
allocation adjustments are
appropriately recorded.

Potential Misstatements relating to the Assertion valuation and allocation, for balance
sheet account balances, may result from:
- Impairments of assets that are not identified and properly recorded
- Inaccurate adjustments that are made to a balance sheet account balance that
inappropriately adjust the value of that balance sheet account balance
- Assets which are amortised over the incorrect period resulting in the remaining asset
balance being incorrectly valued
- Fair value adjustments that are not identified and properly recorded

Assertions about presentation and disclosure:

Occurrence and
Disclosed events, transactions, and
rights and
other matters have occurred and
obligations
pertain to the entity.
Completeness

All disclosures that should have been

included in the financial statements
have been included.

Classification and
understandability

Financial information is appropriately

presented and described, and
disclosures are clearly expressed.

Accuracy and
valuation

Financial and other information are

disclosed fairly and at appropriate
amounts.

Potential Misstatements relating to the presentation and disclosure assertions may result
from:
- Fictitious or unauthorised disclosures are included in the Financial Statements.
- Disclosures of contingent liabilities for which the entity no longer has an obligation.
- Disclosures that are intentionally omitted from the Financial Statements.
- The captions in the Financial Statements result in amounts being presented in a
misleading way.
- Input is inaccurately captured into the Financial Statements.
- Input into the Financial Statements reflects amounts in excess or less than appropriate
amounts.

Template for performing walkthroughs

Walkthrough Documentation
Business Cycle/Sub cycle
Related Account Balances
Date(s) of walkthrough
Attendees (including job titles):
Controls included in this walkthrough (Include control activity
number
) to documentation of narratives
Reference
Description of the procedures to understand the process:

Description of specific transaction(s) (if any) selected to trace

from initiation to recording.
Purpose of the Control and its correlation to the risk/assertion
Nature and significance of the Risk
Competence and authority of the person(s) performing the
Frequency and consistency with which the control is performed
Level of aggregation and predictability
Criteria for investigation and process for follow-up
Dependency on other controls
Dependency on Information Produced by the Entity (IPE)

Conclusion regarding control design

Conclusion regarding control implementation
Are there any significant processes not included or inadequately
documented by the client? If so, describe.
What were the points in the process at which a misstatement,
including a misstatement due to fraud, could arise that,
individually or in combination with other misstatements, would
be
material?
How
are these potential errors addressed by the controls in

Are there any circumstances where the control(s) included in

this walkthrough are/have been overridden or bypassed? What
are those circumstances?