FACULTY OF BUSINESS

INTERNATIONAL BUSINESS SCHOOL

ACADEMIC REPORT

EVIDENCE OF COMPANY COMPLIANCE

COURSE:

AUDITORIA FINANCIERA

AUTHOR:

CHULLY CHUNGA, LUIS FRANCISCO

TEACHER:

AREVALO AGUIRRE, HENRY

Piura - Perú

(2023)
INDICE:

I.- INTRODUCTION:.................................................................................................................3
II.- DEVELOPMENT:................................................................................................................4
III.- BIBLIOGRAPHIC REFERENCES:..................................................................................8
I.- INTRODUCTION:

The objective of this research work is to evaluate the compliance tests of the
company, for the efficient management of economic resources. This research
was carried out under the quantitative approach, it has been developed using a
non-experimental design methodology.
For the collection of information, pages, magazines, journalistic notes selected
for the investigation were used as a data collection instrument.
Which can be defined as compliance tests those whose purpose is to verify
internal and external risks and the effectiveness of control systems or called
according to the international standards NIA 400 (risk assessment and Internal
Control) as "control tests" to identify the risks included in the transactions, such
as their characteristics or attributes that indicate the effectiveness or deviation
of them.
The compliance tests are designed to obtain reasonable assurance that the
procedures are met, which we will distribute in the 4 very important points:
Control Tests, Steps to follow, techniques and how to check the fully
computerized processes.
Which in the steps to follow we have, test and evaluation of the design of a
control, How to test and evaluate the operation of a control?
And regarding the technique, we will know what the respective techniques are:
observation, inquiry, inspection, repetition.
II.- DEVELOPMENT:
CONTROL TESTS
Tests of controls allow the auditor to assess control risk. This evaluation is
determinative with respect to the fulfillment of the relevant audit objectives.
Therefore, control risk is the risk that the controls established by the client will
not prevent or detect a material misstatement.
The combination of inherent risk and control risk make up the Risk of Material
Misstatement (RMM). Based on this, the amount of audit evidence that needs to
be collected through substantive procedures is determined to reduce audit risk
to an acceptable level.
General guidelines for the auditor when performing tests of controls are set out
below.
1. CONTROL TESTS
Tests of controls are performed only on those controls that the auditor has
considered adequately designed to prevent, or to detect and correct, a material
misstatement of a material assertion and when the auditor intends to test those
controls. If substantially different controls were used at different times during the
period being audited, each is considered separately.
Testing the operating effectiveness of controls is not the same as obtaining and
evaluating their design and implementation. However, the same types of audit
procedures are used. Consequently, the auditor may decide that it is efficient to
test the operating effectiveness of controls at the same time as evaluating their
design and determining whether they have been implemented.
2. STEPS TO FOLLOW
When planning to obtain audit evidence for tests of controls, the following steps
are taken:
Test and evaluate the control design.
Test and evaluate the operation of the control.
2.1       Test and evaluate the design of a control
When we test and evaluate the design of a control, we evaluate its potential.
Audit evidence is collected to test the effectiveness of a control, whether it is
working properly. If the test results indicate that this is the case, it means that
the control design is adequate and gives us the green light to move forward with
obtaining the evidence.
The group of controls that can provide the necessary audit evidence in the most
effective way is established. Then the tests of its design and operation are
planned. Preferably, high level controls are tested over low level ones.
First, a control design is tested against the auditor's benchmarks based on
professional and academic experience. It tests whether the control can prevent
irregularities and significant errors, or detect and correct them, that is, if it works
according to its design.
If it is concluded that the control can do so, the design is evaluated as
satisfactory for the proposed objectives.
On the contrary, if it is considered that it is not effective to prevent or detect
errors, the evaluation of the design will not be satisfactory. Therefore, control
risk is high and cannot be reduced by testing control performance. In that vein,
management should be immediately informed of the potential weakness, along
with recommendations for improvement. Planned audit procedures will surely
be modified.
2.2.- How to test and evaluate the operation of a control?
The audited control procedures may depend on any of the five components of
internal control, namely: control environment, risk assessment, control activities,
information and communication, and supervision and monitoring.
Depending on the results of tests of the performance of a control, the
preliminary assessment of control risk in relation to the corresponding audit
objective is confirmed or modified. If the modification is due to an unfavorable
finding, we provide constructive feedback to management and weigh the effect
of the initially planned audit approach.
3. TECHNIQUES
The table below describes the ways in which the operation of the controls can
be tested.
 TECHNIQUE DESCRIPTION EXAMPLE

OBSERVATIO See how the procedure is executed. In this way, evidence is High level. Cycle inventory count procedures are observed.
N obtained that the control works at the time the audit test was
performed.

INQUIRY Request financial or non-financial information from a Low level. Observe an employee entering data to confirm
knowledgeable person. Responses to inquiries may provide the the controls governing their entry.
auditor with previously unavailable information or corroborative
audit evidence.

INSPECTION It is the examination of records or documents, whether internal or High level. Credit control is inquired about: what size and
external, or a physical examination of an item or asset. age of the debts is intended to be collected; What security
Examination of records or documents provides audit evidence measures are taken.
with varying degrees of reliability, depending on the nature and
source of the records and, in the case of internal document
records, the effectiveness of controls over their production.

REPETITION It consists of performing an activity a second time to determine Low level. The procedures for capturing cash inflows are
that the employee performing the control did it correctly. Normally, inquired about.
calculations, comparison, inquiry, inspection and observation are
performed.
4. HOW TO TEST FULLY COMPUTERIZED PROCESSES
4.1 ¿How does management know that their computerized processes
work?
In principle, it is valid to affirm that, to the extent that a computerized process is
programmed correctly, it will always process the information completely and
accurately. The use of audit process management tools such as analytics
whose objective is the treatment, inspection and transformation of data to obtain
conclusions that serve as a basis for decision-making in the field of auditing
allows to improve efficiency and quality. audit firms and, incidentally, contribute
so that management feels safe and trusts in the operation of the process.
4.2 How do we satisfy ourselves with respect to existing systems?
To evaluate existing systems it is best to take a detector approach and consider
the function of the controls rather than their design. You can solicit user
feedback on the process and inquire about the levels of program change
requests and bugs being reported. As an alternative, if it is favorable in cost /
benefit, the operation of the process can be proven with test data, which entails
the approval of the client and, sometimes, the participation of a Technology and
Information Technology specialist.
4.3 How do we get satisfaction from the new systems?
Greater attention needs to be paid to cases where notable changes have
occurred or are close to occurring within the period under review.
To obtain assurance that the system is effective, it may be necessary to
consider whether controls over the development and maintenance of the
application systems were in place when the process was programmed or
acquired; that is, consider the most appropriate specific application of this
element of the general controls of Technology and Information Technology.
Alternatively, you can work with test data. In this sense, management will
normally have used test data or parallel operation with real data to test the
program. It is usually more efficient for the auditor to review management's
tests, rather than develop and test their own test program.
4.4 Final consideration
International Standard on Auditing (ISA) 315 (Revised 2019) “Identifying and
Assessing the Risk of Material Misstatement” requires the auditor to identify
related risks arising from the use of Information Technology and the entity's
general controls that address such risks... For each of these identified controls,
it should be assessed whether the control is effectively designed to support the
operation of other controls and inform their implementation. If control
deficiencies are identified, the auditor should consider the impact they may
have on the design of additional audit procedures, in accordance with the
provisions of ISA 330 – Auditor Responses to Assessed Risks.
III.- BIBLIOGRAPHIC REFERENCES:

 https://www.auditool.org/blog/auditoria-externa/que-son-las-
pruebas-de-control-en-auditoria
 https://vlex.com.co/vid/pruebas-cumplimiento-58156698