Professional Documents
Culture Documents
1, Cash
Overview
GENERAL INSTRUCTIONS
This template has been developed to provide illustrative examples to assist the auditors in addressing the Risks of Material Misstatement (ROMM) fo
The pre-populated risks of material misstatement (i.e., "what could go wrong") and relevant control activities included within this template are deri
Misstatement, Related Control Objectives and Control Activities" of the Guidance Note on Audit of Internal Financial Controls Over Financial Reportin
identified are are also illustrative.
Terminology
Within this template, the term class of transactions refers to Statement of Profit and Loss accounts and account balance refers to Balan
used to describe an activity or series of activities that results in one or more classes of transactions, account balances, and disclosures.
Transaction Types, Relevant Assertions, or Risks of Material Misstatement Referenced to Other Audit Area Documentation
To the extent that a relevant assertion or a transaction type is appropriately addressed and documented within documentation of another class of tr
template, redundant documentation is not necessary although specific referencing is appropriate. Consider referencing, as appropriate, to other
misstatement, relevant control activities, and planned procedures to test the operating effectiveness of the control activities and substantive proced
Combining Risks
Certain risks of material misstatement contain more than one risk; bullets are used to identify individual risks within the combined risk. These com
process and have a common control that mitigates the risk of material misstatement for each of the individual risks. Depending on the circumstanc
combined risks in a single business process or with a single control), you may need to separate the combined risks into individual risks.
Overview
bined risk. These combined risks ordinarily are part of a single business
ng on the circumstances of the entity (e.g., if the entity does not address the
dual risks.
ncluding the (1) relevant control activities and substantive procedures that
usions. The dashboard provides internal linking between the summarised
ets within the template.
ROMM Overview
CASH AND BANK: Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure ROMM Overview
Note 1
Cash
Cash
Note 2
Valuation and
Allocation
Completeness
Rights and
Obligations
Account
Balance/
Class of
Transactions/
Disclosure
Existence
Assertion Name
Relevant Assertion
at the Period-End
Risk Description
Note 3
X Cash receipts:
Have been recorded (when there
are non-existent cash receipts), or
have been improperly recorded
Have not been recorded/applied
Are not accurately recorded.
Classification of
Significant
Inherent Risk Risk of Material
Findings or
(Normal,
Misstatement
Issues?
Significant)
Due to Fraud?
Note 4
Note 5
Note 6
Risk Associated
with the
Control
(Not Higher,
Higher)
Note 7
Control
Control
Design
Implementation
Conclusion
Conclusion
(Effective,
(Implemented,
Ineffective) Not Implemented)
Control OE
Conclusion
(Effective,
Ineffective)
Note 9
ROMM Overview
Note 1
Cash
Note 2
Valuation and
Allocation
Completeness
Rights and
Obligations
Account
Balance/
Class of
Transactions/
Disclosure
Existence
Assertion Name
Relevant Assertion
at the Period-End
Risk Description
Note 3
Classification of
Significant
Inherent Risk Risk of Material
Findings or
(Normal,
Misstatement
Issues?
Significant)
Due to Fraud?
Note 4
Note 5
Note 6
Risk Associated
with the
Control
(Not Higher,
Higher)
Note 7
Control
Control
Design
Implementation
Conclusion
Conclusion
(Effective,
(Implemented,
Ineffective) Not Implemented)
Control OE
Conclusion
(Effective,
Ineffective)
Note 9
New bank accounts are only opened through the direction and approval of Board of Directors
Not all bank accounts have been
recorded in the general ledger.
ROMM Overview
CASH AND BANK: Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure ROMM Overview
Account
Balance/
Class of
Transactions/
Disclosure
Note 1
Cash
Note 10
Confirm Cash
AND
Perform Tests of Details on Bank Reconciliations (Additive Items)
AND
Perform Tests of Details on Bank Reconciliations (Subtractive Items)
Cash
Confirm Cash
Account
Balance/
Class of
Transactions/
Disclosure
Note 1
Cash
ROMM Overview
Note 10
Confirm Cash
CASH AND BANK: Account Balance (Balance Sheet)/Class of Transactions (Statement of Profit and Loss)/Disclosure Control Testing
Operating
Frequency
Control Operating
(Annually,
Effectiveness Testing
Quarterly,
Strategy
Monthly,
Is IPE Used in
(Test in Current Period,
Weekly, Daily,
Testing or
Using Prior Period
Control
Many Times
Performing a
Evidence, OE Testing Not Year Last per Day, As
Control
Relevant
Required)
Tested
Needed)
Automated?
Control?
Note 11
Note 12
Note 13
Note 14
List IPE
Application
System
Testing
Reference
IPE
Note 15
Note 16
Testing
Reference
Reference
to
General IT Evaluation
Controls
of D&I
Note 17
Note 18
CASH AND BANK: Account Balance (Balance Sheet)/Class of Transactions (Statement of Profit and Loss)/Disclosure Control Testing
Operating
Frequency
Control Operating
(Annually,
Effectiveness Testing
Quarterly,
Strategy
Monthly,
Is IPE Used in
(Test in Current Period,
Weekly, Daily,
Testing or
Using Prior Period
Control
Many Times
Performing a
Evidence, OE Testing Not Year Last per Day, As
Control
Relevant
Required)
Tested
Needed)
Automated?
Control?
Note 11
Note 12
Note 13
Note 14
List IPE
Application
System
Testing
Reference
IPE
Note 15
Note 16
Testing
Reference
Reference
to
General IT Evaluation
Controls
of D&I
Note 17
Note 18
CASH: Audit Plan by Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure Substantive Testing
Information Produced by the Entity
(IPE)
Confirm Cash
A. Obtain the schedule of bank accounts and the reconciliation of the schedule to
the general ledger. Agree applicable amounts from the cash accounts schedule and
reconciliation to the general ledger and trace significant reconciling items, if any, to
supporting documents.
B. Make an audit sample of bank accounts. Obtain reconciliations of the selected
accounts to the general ledger. For each selection, perform the following:
(1) Prepare, or have the entity prepare, standard bank confirmation requests for the
selected bank accounts. Mail the confirmation requests under our control,
determine that the requests are properly addressed (i.e., obtain audit evidence
about the accuracy and completeness of addresses provided by the entity), and
request that all replies be sent directly to our office.
(2) Send second requests for nonreplies.
(3) Compare replies to the balance-per-bank in the bank reconciliations. Agree all
other amounts reported in the replies to the general ledger or appropriate records.
Prepare, or have the entity prepare, reconciliations of exceptions. Trace reconciling
items to supporting documents.
(4) For confirmations not received, trace outstanding items listed on the bank
reconciliation to the subsequent month's bank statement and, for those not traced,
trace to the cash disbursements records for the period prior to the balance sheet.
Application
System
Note 15
Testing
Reference
IPE
Note 16
Testing
Reference
Substantive
Procedures
Note 20
Application
System
Note 15
Testing
Reference
IPE
Note 16
Testing
Reference
Substantive
Procedures
Note 20
Application
System
Note 15
Testing
Reference
IPE
Note 16
Testing
Reference
Substantive
Procedures
Note 20
CASH: Audit Plan by Material Account Balance (Balance Sheet)/Class of Transactions (Income Statement)/Disclosure Substantive Testing
Information Produced by the Entity
(IPE)
Confirm Cash
A. Obtain the schedule of bank accounts and the reconciliation of the schedule to
the general ledger. Agree applicable amounts from the cash accounts schedule and
reconciliation to the general ledger and trace significant reconciling items, if any, to
supporting documents.
B. Make an audit sample of bank accounts. Obtain reconciliations of the selected
accounts to the general ledger. For each selection, perform the following:
(1) Prepare, or have the entity prepare, standard bank confirmation requests for the
selected bank accounts. Mail the confirmation requests under our control,
determine that the requests are properly addressed (i.e., obtain audit evidence
about the accuracy and completeness of addresses provided by the entity), and
request that all replies be sent directly to our office.
(2) Send second requests for nonreplies.
(3) Compare replies to the balance-per-bank in the bank reconciliations. Agree all
other amounts reported in the replies to the general ledger or appropriate records.
Prepare, or have the entity prepare, reconciliations of exceptions. Trace reconciling
items to supporting documents.
(4) For confirmations not received, trace outstanding items listed on the bank
reconciliation to the subsequent month's bank statement and, for those not traced,
trace to the cash disbursements records for the period prior to the balance sheet.
Application
System
Note 15
Testing
Reference
IPE
Note 16
Testing
Reference
Substantive
Procedures
Note 20
Findings and
Observations
(None Noted, Change to
Plan, Identified or
Suspected Fraud,
Management Letter
Comment, Misstatement)
Note 21
Application
System
Note 15
Testing
Reference
IPE
Note 16
Testing
Reference
Substantive
Procedures
Note 20
Findings and
Observations
(None Noted, Change to
Plan, Identified or
Suspected Fraud,
Management Letter
Comment, Misstatement)
Note 21
Application
System
Note 15
Testing
Reference
IPE
Note 16
Testing
Reference
Substantive
Procedures
Note 20
Findings and
Observations
(None Noted, Change to
Plan, Identified or
Suspected Fraud,
Management Letter
Comment, Misstatement)
Note 21
Notes
NOTES
Note 1
Note 2
Relevant AssertionsThe assertions are considered at the class of transactions, account balance, and disclosure level. Se
NOTE: For a class of transactions ( Statement of Profit and Loss account), account balance (Balance Sheet account), or disclosure, if
relevant, include documentation in the working papers explaining why the assertion is not relevant for that class of transactions, acco
Note 3
Notes
Risks of material misstatement related to significant findings or issues, identified during planning and which affect the audit procedur
customisation of one or all of the related risks of material misstatement, control activities, and/or the related substantive procedures
Significant findings or issues for planning purposes include, but are not limited to, the following:
- Risks of material misstatement that are determined to be significant risks and the results of the auditing procedures performed in r
- Matters that are significant involving the selection, application, and consistency of accounting principles, including related disclosure
pronouncements)
- Accounting for complex or unusual transactions
- Accounting estimates highly dependent upon judgment
- Significant uncertainties
- Matters that led to the classification of engagement risk as greater than normal or much greater than normal
- Circumstances that cause us significant difficulty in applying necessary audit procedures.
Notes
Risks of material misstatement related to significant risks may result in customisation of one or all of the related risks of material mis
related substantive procedures described in this template.
In exercising judgment as to which risks are significant risks, the auditor is required to consider at least the following:
- Whether the risk is a risk of fraud
- Whether the risk is related to recent significant economic, accounting, or other developments and, therefore, requires specific atten
- The complexity of transactions
- Whether the risk involves significant transactions with related parties
- The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving
uncertainty
- Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise ap
Notes
The auditor is required to treat those assessed risks of material misstatement due to fraud as significant risks and accordingly, to the
required to obtain an understanding of the entitys related controls, including control activities, relevant to such risks, and evaluate w
suitably designed and implemented to mitigate such fraud risks.
Identifying potential fraud schemes may facilitate the evaluation of the design of relevant controls and the development of effective a
Note 7
The risk associated with a control consists of the risk that the control might not be effective and, if not effective, the risk that a mate
If the risk of material misstatement associated with the related account(s) or assertions(s) is a significant risk, the risk associated wi
Note 8
Audit of Financial Statements along with Audit of Internal Financial Controls Over Financial Reporting (Integrated Audit)
If an integrated audit is being performed, control activities that are relevant to the audit include those that address the assessed ris
relevant assertion.
Note 9
Nonintegrated Audits
The auditor isrequired
obtain an understanding
of control
activities relevant
to the audit, i.e. those that he judges necessary to un
Conclusion
Design,toImplementation,
Operating
Effectiveness
of Controls
of material
misstatement
at the
assertionDoes
levelaand
design further
audit
to assessed
risks.
Was
a deviation
or exception
identified?
deficiency
exist? If
yes,procedures
the auditorresponsive
needs to evaluate
the deficiency
individually and
deficiencies. He needs to determine if the deficiency is a deficiency, a significant deficiency, or a material weakness and communicat
He is required to obtain an understanding of the process for reconciling detailed records to the general ledger for material classes of
He should determine whether he has a basis for relying on those controls and whether he will be able to perform his planned extent
Control activities
thatneeds
are relevant
to the
are:
integrated
audit, he
to evaluate
theaudit
effect
on the IFC opinion.
- Those that are required to be treated as such, being control activities that relate to significant risks and those that relate to risks fo
do not provide sufficient appropriate audit evidence; or
- Those that are in the auditors judgment considered to be relevant.
Notes
The nature, timing, and extent of planned procedures may vary in response to the assessed risk of material misstatement at the ass
A substantive procedure may address more than one risk. The auditor should consider the audit procedures and risks which they add
substantive procedures so that the substantive procedures performed are effective and efficient.
Note 12
- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks
Control Operating Effectiveness Testing Strategy
In an integrated audit, the auditor is required to test the operating effectiveness of controls in each of the five components of interna
relevant controls within the control environment, entity's risk assessment process, information system relevant to financial reporting
components, and (2) those controls that address the assessed risks of material misstatement for each relevant assertion. The objec
of IFC is to obtain audit evidence about the effectiveness of controls to support the opinion on the entitys internal control over financ
Note 13
Operating Frequency
Depending on the circumstances, the auditor may use professional judgment to determine that larger sample sizes may be appropria
performing tests of controls that address one or more significant risks.
When testing the operating effectiveness of a control that operates less frequently than many times per day, depending on the natur
with the control, and the number of times that it is applied when it operates, additional selections to test its operating effectiveness m
Note 14
Notes
Types of IPE may include, but are not limited to:
- Standard "out of the box" reports as taken out from the system that have not been modified and do not allow for customisation of
- Parameter-driven reports generated by the entity's application system that allow for user selection of inputs (fields/parameters) to
- Custom-developed reports that are not standard to the application and are defined and generated by user-operated tools such as s
language, and query tools
- Spreadsheets that include relevant information (e.g., data (1) obtained from an outside source, (2) manually entered into a spread
using spreadsheet formulas or data exported from ledger system into an MS Access Database, and (4) then manipulated and summa
- Client-prepared analyses and schedules that are manually prepared by entity personnel either from information generated from the
or external sources.
Internal Controls IPE in the Context of Internal Controls
IPE in the context of substantive audit procedures includes information that the auditor uses when performing substantive audit proc
starting point or subject of substantive audit procedures, the planned substantive audit procedures will typically address the accuracy
and no additional procedures may therefore be necessary. In other cases, substantive audit procedures may use a report that is not
procedures and/or tests of relevant controls, and it may be necessary to perform additional procedures to address the completeness
Note 15
Application System
Document the names of relevant application systems.
Identifying the relevant application system allows the auditor to establish the linkage between the risks of material misstatement to
and IT infrastructure relate, the relevant IT risks related to these application systems and IT infrastructure, and the general IT contro
Notes
Planned Procedures to Obtain Audit Evidence of Accuracy and Completeness of IPE
Reference to where IPE testing is performed.
For nonintegrated audits performed, when using information produced by the entity the auditor is required to evaluate whether the i
purposes, including as necessary in the circumstances:
Obtaining audit evidence about the accuracy and completeness of the information
Evaluating whether the information is sufficiently precise and detailed for his purposes.
Note 17
Note 18
Include a tickmark or cross-reference to where the evaluation of design and implementation is documented. The evaluation of desig
Obtaining
audit evidence
about the accuracy
and completeness
of information
produced
bywithin
the entity
includes procedures to address
control activities
may be documented
in a separate
working paper
or within a tab
inserted
this template.
The accuracy and completeness of the source data
The creation
and modification
of the applicable report logic and parameters.
Evaluation
of Design
and Implementation
Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capa
detecting and correcting, material misstatements.
Implementation of a control means that the control exists and that the entity is using it.
The evaluation of the design of controls documentation may include consideration of the (1) the nature and significance of the risks o
the control, (2) the characteristics or details of the control, and (3) the following factors to determine whether the control is appropr
control) to address the identified risk.
Note 19
Planned Nature, Timing, and Extent of Procedures to Evaluate Operating Effectiveness of Controls
Consider nature, timing, and extent of tests when planning procedures to evaluate operating effectiveness of controls.
Notes
Testing Reference
Include tickmark or cross-reference (as specific as possible) to supporting working papers where testing is documented. Include refe
of others, use of specialists, and rollforward procedures if tested at an interim date.
Note 21
Note 22
The auditors evaluation of the effect of the findings of his substantive procedures on the effectiveness of internal control is required
following:
-Planned
The appropriateness
of the nature,
timing, and extent of substantive procedures, especially those related to fraud, based on the as
Extent of Substantive
Testing
-A Findings
with
respect
to
non-compliance
laws
related partyThe
transactions
substantive procedure may address morewith
than
oneand
riskregulations
of materialand
misstatement.
planned extent of substantive testing would
-extent
Indications
of
management
bias
in
making
accounting
estimates
and
in
selecting
accounting
of substantive testing for all risks of material misstatement to which the procedure has principles
been linked (e.g., if a substantive proc
-misstatements
The appropriateness
ofone
his conclusions
on risk,
the effectiveness
of internal
control
when
misstatements
are detected
by his
substantive
and only
is a significant
the substantive
procedure
would
be performed
to address
the extent
of testing
nece
Notes
and Loss accounts and account balance refers to Balance Sheet accounts.
ults in one or more classes of transactions, account balances, and disclosures.
account balance, and disclosure level. See the "Assertions" tab of this template for a description and examples of each assertion.
ance (Balance Sheet account), or disclosure, if an assertion is not considered
not relevant for that class of transactions, account balance, or disclosure.
Notes
supervising, and reviewing the audit. These items are categorised as significant
te them as matters for which the audit partner is required to perform a primary
response that is incremental to that required for a normal risk, a significant finding
wever, significant findings or issues are separately identified in audit documentation
nted.
g planning and which affect the audit procedures performed, may result in
es, and/or the related substantive procedures described in this template.
ollowing:
Notes
of one or all of the related risks of material misstatement, control activities, and/or
consider at least the following:
Notes
sumed risks due to fraud are revenue recognition and management override of
aud as significant risks and accordingly, to the extent not already done so, he is
ctivities, relevant to such risks, and evaluate whether such controls have been
ctive and, if not effective, the risk that a material weakness would result.
s(s) is a significant risk, the risk associated with the control is higher.
audit, i.e. those that he judges necessary to understand in order to assess the risks
ponsive
to assessed
risks.
eeds
to evaluate
the deficiency
individually and in combination with other
ency, or a material weakness and communicate the deficiency, as appropriate.
s to the general ledger for material classes of transactions and account balances.
he will be able to perform his planned extent of substantive procedures. In an
gnificant risks and those that relate to risks for which substantive procedures alone
Notes
design and perform substantive procedures for each relevant assertion related to
t and disclosure].
the audit procedures and risks which they address when planning and performing
efficient.
trols in each of the five components of internal control each year, including (1)
rmation system relevant to financial reporting and communication, and monitoring
ement for each relevant assertion. The objective of the tests of controls in an audit
nion on the entitys internal control over financial reporting.
mine that larger sample sizes may be appropriate, for example, when they are
n many times per day, depending on the nature of the control, the risk associated
selections to test its operating effectiveness may be made.
Notes
etween the risks of material misstatement to which the relevant application systems
nd IT infrastructure, and the general IT controls that address such risks.
Notes
f IPE
e auditor is required to evaluate whether the information is sufficiently reliable for his
s.
t.
e (1) the nature and significance of the risks of material misstatement addressed by
s to determine whether the control is appropriately designed (i.e., the precision of a
tiveness of Controls
erating effectiveness of controls.
ol, it may be appropriate to increase the extent of testing of the control. As well as
e extent of tests of controls include the following:
effectiveness of the control
Notes
ers where testing is documented. Include reference, if applicable, to use of the work
pecially those related to fraud, based on the assessed risk of material misstatement
transactions
he
planned extent of substantive testing would equate to the most extensive planned
ounting
ure has principles
been linked (e.g., if a substantive procedure is addressing multiple material
misstatements
are detected
by his
substantive
procedures.
erformed to address
the extent
of testing
necessary
to address the significant risk).
Assertions
Assertions used by us to consider the different types of potential misstatements that may occur (i.e., "what could go wrong") fall into the following three
categories and may take the following forms:
Assertions about classes of transactions and events for
the period under audit (Statement of Profit and Loss
Accounts):
Occurrence
Completeness
Accuracy
Potential Misstatements relating to the Assertion accuracy, for classes of transactions and
events for the period under audit, may result from:
- Input is inaccurately captured into the subsidiary ledgers.
- Input or subsequent processing reflects amounts in excess or less than appropriate
amounts.
- Processing of transactions is inaccurate (i.e., summarising, calculating, and posting).
- Inaccurate adjustments are made to the subsidiary ledgers or general ledger.
Cutoff
Potential Misstatements relating to the Assertion cutoff, for income statement account
balances, may result from:
- Transactions or events that have occurred or will occur are recorded too early (i.e., they
are recorded in a period prior to when they should have been recorded).
- Transactions or events that have occurred are recorded too late (i.e., they are recorded
in a period after the period in which they should have been recorded).
Classification
Potential Misstatements relating to the Existence assertion, for balance sheet account
balances, may result from:
- A balance sheet account balance that was previously correctly recorded no longer exists
and the sale/adjustment has not been recorded.
- Sale of an asset with no recording of the sale.
- Theft of an asset with no recording of the loss.
Rights and
obligations
Potential Misstatements relating to the Assertion rights and obligations, for balance sheet
account balances, may result from:
- The entity no longer having the right to an asset that was previously correctly recorded
- The entity no longer having an obligation to settle a liability that was previously
correctly recorded
Completeness
Potential Misstatements relating to the Assertion completeness, for balance sheet account
balances, may result from:
- A liability that should have been recorded has not been recorded (e.g., no accrual at
period-end for certain liabilities).
Valuation and
allocation
Potential Misstatements relating to the Assertion valuation and allocation, for balance
sheet account balances, may result from:
- Impairments of assets that are not identified and properly recorded
- Inaccurate adjustments that are made to a balance sheet account balance that
inappropriately adjust the value of that balance sheet account balance
- Assets which are amortised over the incorrect period resulting in the remaining asset
balance being incorrectly valued
- Fair value adjustments that are not identified and properly recorded
Classification and
understandability
Accuracy and
valuation
Potential Misstatements relating to the presentation and disclosure assertions may result
from:
- Fictitious or unauthorised disclosures are included in the Financial Statements.
- Disclosures of contingent liabilities for which the entity no longer has an obligation.
- Disclosures that are intentionally omitted from the Financial Statements.
- The captions in the Financial Statements result in amounts being presented in a
misleading way.
- Input is inaccurately captured into the Financial Statements.
- Input into the Financial Statements reflects amounts in excess or less than appropriate
amounts.
Walkthrough Documentation
Business Cycle/Sub cycle
Related Account Balances
Date(s) of walkthrough
Attendees (including job titles):
Controls included in this walkthrough (Include control activity
number
) to documentation of narratives
Reference
Description of the procedures to understand the process: