Testing Internal Controls and Evaluating Deviations

This chapter moves from understanding controls to testing whether they actually operate as expected. The central question is how control-testing results change risk assessment, reliance decisions, and required communication.

In This Chapter

• Performing Walkthroughs, Reperformance, and Inspection of Controls covers the main procedures used to test control operation directly.
• Assessing Control Deviations and Their Effect on Risk explains how exceptions affect reliance and planned audit work.
• Communicating Control Deficiencies to Management and Governance covers deficiency classification and required communication.
• Testing ICFR in Public-Company Integrated Audits explains issuer-specific work over internal control over financial reporting.

How to Use This Chapter

• Read this chapter after the general evidence chapter so control testing has procedural context.
• Focus on how a deviation changes the audit response rather than treating every exception as the same.
• Return here whenever an AUD question turns on reliance, deficiency communication, or integrated audits.

In this section

• Performing Walkthroughs, Reperformance, and Inspection of Controls
  How walkthroughs, reperformance, and inspection are used to test whether controls operate effectively.
• Assessing Control Deviations and Their Effect on Risk
  How control deviations affect reliance, risk assessment, and the need for further audit work.
• Communicating Control Deficiencies to Management and Governance
  How auditors classify and communicate control deficiencies to management and governance.
• Testing ICFR in Public-Company Integrated Audits
  How auditors test ICFR in integrated audits of public companies under SOX and PCAOB requirements.