Testing Effectiveness of Controls and Other Risk Management Techniques
by Rainner Marcellino
1. Testing Determinations
1.1. Is there any losses
1.1.1. Determine the extent of the losses
1.2. The design has weakness
1.2.1. Clarify and quantify the risk
2. Types of Audit Evidence
2.1. Testimonial evidence
2.2. Documentary evidence
2.3. Physical Evidence
2.4. Analytical Evidence
3. Standards of Audit Information
3.1. Sufficient
3.2. Reliable
3.3. Relevant
3.4. Useful
4. Manual Testing Methods
4.1. which are
4.1.1. Interviews
4.1.2. Surveys
4.1.3. Internal control questionnaires (ICQs)
4.1.4. Observation
4.1.5. Inspection
4.1.6. Confirmations
4.1.7. Tracing
4.1.8. Vouching
4.1.9. Reperformance
4.1.10. Analytical procedures
5. Testing Soft Controls
5.1. Structured interviews
5.2. Facilitated workshops
5.3. Employee surveys
6. Computer-Assisted Audit Techniques (CAATS)
6.1. generalized audit software by
6.1.1. ISACA
6.1.2. ACL
6.1.3. IDEA
6.1.4. Easytrieve
6.1.5. SAS
7. Sampling
7.1. Statistical sampling
7.2. Random sampling
7.3. Judgemental sampling
8. Testing Application Controls
8.1. The types
8.1.1. Input controls
8.1.2. Processing controls
8.1.3. Output Controls
8.1.4. Integrity Controls
8.1.5. Management Trail
9. Continuous Monitoring and Continuous Auditing
9.1. Less error
9.2. Less risk
9.3. Less fraud
10. General IT Controls
10.1. common forms
10.1.1. Logical access controls over infrastructure, applications, and data
10.1.2. System development life cycle controls and program change management controls
10.1.3. Other IT operational controls