Thursday, September 21, 2006

Don't Test Internal Controls, Test the Circumvention

People have asked me recently at seminars how I perform internal control testing. I replied that I focus not so much on testing internal controls (i.e., how many time did Joe, the rightful approver, approve an invoice). Rather, I focus on testing for any circumvention (i.e., how many times did Sue post invoices just under the approval limit so that Joe would not need to approve and therefore ever see the invoice).

Consider this in your query approach....focus on the circumvention and therefore the potential issues that could arise in the internal control structure. The test results will be more fruitful.

Comments are welcome.

0 Comments:

Post a Comment

<< Home