In addition to a library of risks v26 also incorporates a library of controls.
These are added from the process and controls documentation and testing pages in the B section. The controls relate to inherent risks identified in the A section.
For example here we have some risks identified on the A17 - Risk Identification page relating to expenditure (sorted by account):
- Note that these risks have been allocated to the B12 "Expenditure and Creditors System" Process page
- All assertion level risks should be assigned to a "Process" page
- Open the B12 page
- The "Add Control" button suggests controls relevant to the system - use the dropdown to identify controls related to the identified risks
- Select the relevant control and update the default frequency and type (IT, IT-manual or Manual)
- The system is summarised (below the table) and walk-through performed to confirm that the system is effectively designed and implemented - complete options on table
- Then a decision is made by the auditor is made whether to test those controls:
- Multiple pages may be created if required to cover off the controls (for instance some daily controls may be combined and tested as part of a sample, but some monthly controls may be tested over the whole year, or 1 per quarter)
- When adding additional pages, the names should be updated to reflect the content, and "Controls to test" should be selected to indicate which controls are included on that page.
For a full list of controls see below: