Aura V6 Click an area to zoom in Testing considerations Print

Business Combinations CpM

Control Title Control Title Control Title IPOs
IPOs Assertion(s) IPOs Assertion(s) Assertion(s)
C1. Business performance reviews C4. Standing data change controls - Business
User assigned C A V C A CO E/O R&O P&D V C7. Use of service organization - Business User assigned
- Business Combinations† Combinations
Combinations
C2. Segregation of duties - Business R C A CO E/O R&O P&D V C5. System posts Business Combinations
Process-wide Combinations transactions based on a pre-defined account A A C8. Use of internal audit function - Business User assigned
Process-wide
considerations mapping Combinations considerations
C3. Access rights are reviewed by R E/O
C6. Relevant source systems are reconciled - C A C A
management - Business
Combinations Business Combinations
† A customizable Direct ELC for business performance reviews that can relate to more than
one sub-process is included within Process-wide considerations of the Aura Controls Library

Business Adjustments &

Combination period-end close –
Accounting Business Combinations

Control Title IPOs Assertion(s) Control Title IPOs Assertion(s)

C9. Non-controlling interest adjustments are determined based C A V A E/O P&D V C18. Account analysis of details and adjustments – Business C A P&D

on subsidiary financial information and adjustments and Combinations

disclosures are reviewed and approved C19. Adjustments are approved - Business Combinations A V A E/O R&O P&D V

C10. Business acquisitions are communicated to accounting C A C A CO E/O R&O P&D V

C20. Comparison between adjustments posted and source documents - A V C A CO E/O
and finance Business Combinations
C11. Purchase price for use in the fair value allocation is C A C A E/O P&D V
C21. Comparison of items on a list of period-end recurring entries to C C CO
reviewed and approved entries recorded - Business Combinations
C12. Purchase accounting adjustments are appropriately A V
C22. Review and approval of general ledger reconciliations - Business C A C A CO E/O R&O P&D V
determined and reviewed Combinations
C13. A list of assets acquired and liabilities assumed in a C C A E/O
C23. System translates business combination transactions and A A
business combination is maintained and reviewed balances denominated in foreign currencies
C14. Potential measurement period adjustments are C A C A CO E/O V

accumulated and reviewed

C15. Contingent consideration adjustments are reviewed A V

and approved
C16. Acquisition-related costs are separately identified and C A C A CO E/O

recorded
C17. Qualified independent valuation experts/specialists are V
involved as appropriate

Business Close Sub-ledger General

combination and Post to G/L Ledger
register
Contract details
Business
combination
register Fair value allocation Fair value allocation
Prepare Adjusting
Fair value tables tables
10,11,13,16 Entries
allocation Fair value
allocation tables

19
9,12,14,15,17
Business
Business Business Combination
combination combination register
register Fair value allocation
register Record Adjusting
tables
Record business Entries
combination
adjustments General
Ledger
Fair value
allocation tables General 18,20,21,22,23
Ledger

Controls highlighted in burgundy are included in the Standard Business Processes – Less Complex Systems controls library.
PwC ControlprocessMate (CpM) 5a
Aura V6 Click here to return Testing considerations Print
Business Combinations CpM
Control Title Control Title Control Title IPOs
IPOs Assertion(s) IPOs Assertion(s) Assertion(s)
C1. Business performance reviews C4. Standing data change controls - Business
User assigned C A V C A CO E/O R&O P&D V C7. Use of service organization - Business User assigned
- Business Combinations† Combinations
Combinations
C2. Segregation of duties - Business R C A CO E/O R&O P&D V C5. System posts Business Combinations
Process-wide Combinations transactions based on a pre-defined account A A C8. Use of internal audit function - Business User assigned
Process-wide
considerations mapping Combinations considerations
C3. Access rights are reviewed by R E/O
management - Business C6. Relevant source systems are reconciled - C A C A
Combinations Business Combinations
† A customizable Direct ELC for business performance reviews that can relate to more than
one sub-process is included within Process-wide considerations of the Aura Controls Library

Process-wide Control Title IPOs Assertion(s)

considerations
C1. Business performance reviews - Business User assigned
Combinations †

C2. Segregation of duties - Business Combinations R C A CO E/O R&O P&D V

C3. Access rights are reviewed by management -

R E/O
Business Combinations

C4. Standing data change controls - Business C A V C A CO E/O R&O P&D V

Combinations

C5. System posts Business Combinations transactions A A

based on a pre-defined account mapping

C6. Relevant source systems are reconciled - Business C A C A

Combinations

C7. Use of service organization - Business Combinations User assigned

C8. Use of internal audit function - Business Combinations User assigned

† A customizable Direct ELC for business performance reviews that can relate to more than
one sub-process is included within Process-wide considerations of the Aura Controls Library

Controls highlighted in burgundy are included in the Standard Business Processes – Less Complex Systems controls library.
PwC ControlprocessMate (CpM) 5a
Aura V6 Click here to return Testing considerations Print
Business Combinations CpM
Control Title Control Title Control Title IPOs
IPOs Assertion(s) IPOs Assertion(s) Assertion(s)
C1. Business performance reviews C4. Standing data change controls - Business
User assigned C A V C A CO E/O R&O P&D V C7. Use of service organization - Business User assigned
- Business Combinations† Combinations
Combinations
C2. Segregation of duties - Business R C A CO E/O R&O P&D V C5. System posts Business Combinations
Process-wide Combinations transactions based on a pre-defined account A A C8. Use of internal audit function - Business User assigned
Process-wide
considerations mapping Combinations considerations
C3. Access rights are reviewed by R E/O
management - Business C6. Relevant source systems are reconciled - C A C A
Combinations Business Combinations
† A customizable Direct ELC for business performance reviews that can relate to more than
one sub-process is included within Process-wide considerations of the Aura Controls Library

Business Adjustments &

Combination period-end close –
Accounting Business Combinations

Control Title IPOs Assertion(s)

Business
Combination C9. Non-controlling interest adjustments are C A V A E/O P&D V
Accounting determined based on subsidiary financial
information and adjustments and Contract details
disclosures are reviewed and approved
Business
C10. Business acquisitions are communicated to C A C A CO E/O R&O P&D V combination
accounting and finance register
Fair value
C11. Purchase price for use in the fair value C A C A E/O P&D V 10,11,13,16
allocation
allocation is reviewed and approved Fair value
allocation tables
C12. Purchase accounting adjustments are A V
appropriately determined and reviewed
9,12,14,15,17
C13. A list of assets acquired and liabilities C C A E/O Business
assumed in a business combination is combination
maintained and reviewed register Business
combination
C14. Potential measurement period adjustments register
C A C A CO E/O V Record business
are accumulated and reviewed combination
adjustments
C15. Contingent consideration adjustments are A V General
reviewed and approved Fair value Ledger
allocation tables
C16. Acquisition-related costs are separately C A C A CO E/O
identified and recorded

C17. Qualified independent valuation experts/ A V

specialists are involved as appropriate

Controls highlighted in burgundy are included in the Standard Business Processes – Less Complex Systems controls library.
PwC ControlprocessMate (CpM) 5a
Aura V6 Click here to return Testing considerations Print
Business Combinations CpM
Control Title Control Title Control Title IPOs
IPOs Assertion(s) IPOs Assertion(s) Assertion(s)
C1. Business performance reviews C4. Standing data change controls - Business
User assigned C A V C A CO E/O R&O P&D V C7. Use of service organization - Business User assigned
- Business Combinations† Combinations
Combinations
C2. Segregation of duties - Business R C A CO E/O R&O P&D V C5. System posts Business Combinations
Process-wide Combinations transactions based on a pre-defined account A A C8. Use of internal audit function - Business User assigned
Process-wide
considerations mapping Combinations considerations
C3. Access rights are reviewed by R E/O
C6. Relevant source systems are reconciled - C A C A
management - Business
Combinations Business Combinations
† A customizable Direct ELC for business performance reviews that can relate to more than
one sub-process is included within Process-wide considerations of the Aura Controls Library

Business Adjustments &

Combination period-end close –
Accounting Business Combinations

Adjustments & Control Title IPOs Assertion(s)

period-end close –
Business C18. Account analysis of details and adjustments – C A P&D
Business Combinations Business Close Sub-ledger General
Combinations and Post to G/L
combination Ledger
C19. Adjustments are approved – Business A V A E/O R&O P&D V register
Combinations

C20. Comparison between adjustments posted and A V C A CO E/O

source documents - Business Combinations Fair value allocation Fair value allocation
Prepare Adjusting
tables tables
Entries
C21. Comparison of items on a list of period-end C C CO
recurring entries to entries recorded –
Business Combinations

C22. Review and approval of general ledger C A C A CO E/O R&O P&D V

reconciliations - Business Combinations 19
C23. System translates business combination A A
transactions and balances denominated in Business
foreign currencies Combination
register
Fair value allocation
Record Adjusting
tables
Entries

General
Ledger
18,20,21,22,23

Controls highlighted in burgundy are included in the Standard Business Processes – Less Complex Systems controls library.
PwC ControlprocessMate (CpM) 5a
Testing considerations
Evaluating Design Effectiveness
The effectiveness of the design of a control in any organization is
dependent on a range of factors and judgment is needed. These
factors include the following:
Alignment between the controls and the business and
audit risks identified. Our evaluation will focus on whether the
business processes and related controls appear to be effective in
achieving management’s stated objectives and managing the
related risks.
Accomplishment of information processing objectives.
We determine whether the control helps to satisfy the information
processing objectives of completeness, accuracy, validity and
restricted access.
Nature of the control, including its level of
disaggregation. For example, a high-level business performance
review may provide some assurance across a range of assertions,
but detailed information processing controls may provide more
assurance over specific assertions.
Frequency of the control. This will affect whether the control
will detect or prevent the risk identified on a timely basis. In some
cases, a detective control may be adequate, but in other cases,
the entity should ensure there are adequate preventive controls.
Nature of Testing
The nature of testing refers to the purpose (tests of controls or
substantive procedures) and the type (inspection of information/
data, inspection of tangible assets, observation, inquiry,
reperformance, analytical procedures) of audit procedures.
There are four main techniques relevant to testing controls, each
providing a different level of evidence. Combining these can
provide more audit evidence than using only one technique. We
should perform other audit procedures in combination with inquiry
to test the operating effectiveness of controls.
Inquiry – asking our client about controls – provides us with some
relevant information, especially when we apply professional
skepticism in the discussions. However, inquiry alone will not
provide sufficient evidence to support a conclusion about the
effectiveness of a specific control. We usually need to get further
support, by corroborating inquiry with others in the entity, or by
examining reports, manuals, or other documents used in or
generated by the performance of the control. Accordingly, while
inquiry can be useful, it is best used in combination with other
control testing techniques, by applying the show me process.
Observation is an appropriate way to obtain evidence if there is
no documentation of the operation of a control, like segregation
of duties. Observation is also useful for physical controls, e.g.,
seeing that the warehouse door is locked, or that blank checks
are safeguarded. Generally, evidence we obtain directly, such as
through observation, provides more assurance than that obtained
indirectly or by inference, such as through inquiry. We need to
consider, however, that the control we observe might not be
performed in the same manner when we are not present.
PwC
Knowledge and experience of the people involved in
performing the controls.
Follow up actions taken by the entity. For a control to be
effective, there needs to be adequate follow up of issues and
exceptions, in a timely manner.
Segregation of duties relevant to the process
being controlled.
Reliability of the information used in the performance of
the control. We should understand how management gets
assurance that financial information is reliable.
Period covered by the control. For audit purposes, we may need
to obtain evidence that a control is effective for the reporting period.
Consistency and timeliness of the control. This will affect
whether the control will detect or prevent the risk identified on a
timely basis.
Inspection (examination of evidence) often is used to determine
whether manual controls, like the follow-up of exception reports,
are being performed. Evidence could include written explanations,
check marks, or other indications of follow-up documented on
the exception report itself. We should examine evidence of the
performance of a control when it might reasonably be expected
to exist. Absence of evidence may indicate that the control is not
operating as prescribed and further procedures will be necessary
to determine whether there is in fact an effective control.
Reperformance generally provides better evidence than the other
techniques and is therefore used when a combination of inquiry,
observation and examination of evidence does not provide sufficient
assurance that a control is operating effectively. However, if
extensive reperformance is likely to be necessary, we should
reconsider whether it is efficient to perform tests of controls
to restrict the scope of substantive testing. If we consider
reperformance is appropriate, we should remember that it is the
performance of the control that we are assessing and not the
existence or accuracy of specific transactions. Because we are
reperforming a control, it is not necessary to select high value
items for testing or to select different types of transactions, if they
are processed using the same controls.
Click here to return
Extent of Testing
We design tests of controls to obtain sufficient appropriate audit
evidence that controls operated effectively throughout the period
of reliance. The more extensively a control is tested, the greater
the evidence obtained from that test.
The extent of validation of the controls we seek to rely on will vary
depending on the type of control we plan to validate and the
factors indicated below. When deciding on the extent of our direct
testing of controls, we should consider the following factors that
affect the risk associated with a control:
· The nature and materiality of misstatements that the control is
intended to prevent or detect;
· The inherent risk associated with the related account(s)
and assertion(s);
· The assessed level of susceptibility of the control to
management override;
· Whether there have been changes in the volume or nature of
transactions that might adversely affect control design or
operating effectiveness;
· Whether the account has a history of errors;
· The effectiveness of entity-level controls, especially controls that
monitor other controls;
· The nature of the control and the frequency with which it operates;
· The level of manual oversight or judgment associated with
the control;
Considering Whether Evidence Is Available for the Whole Period
When the auditor obtains audit evidence about the operating
effectiveness of controls during an interim period, the auditor
should determine what additional audit evidence should be
obtained for the remaining period. We need evidence for the
whole period on which we need to rely.
Deciding on the nature and extent of additional testing, if any,
for a given control is a matter of judgment based on the above
considerations. Additional audit evidence may be obtained by
extending the testing of controls over the remaining period, or
considering the entity’s monitoring of controls. In deciding on the
specific tests needed to gain the required assurance with regard
to the remaining period, we should consider:
· Management’s monitoring of controls, such as managements
monitoring of the effectiveness of exception report reviews.
Testing such controls in the remaining period may provide
evidence of the continued operation of control activities.
· Operation of high-level control activities. Testing the
continued operation of control activities performed by
management at high levels in the organization during the
remaining period may provide evidence about the effective
operation of controls at lower levels, both automated and
manual. These controls may be high level business performance
reviews operated by senior management.
· Manual controls are more prone to random failures than
automated controls. Where we seek audit evidence from such
controls, we should obtain evidence of their continued operation
considering such factors as the frequency of reports, the number
of people exercising the control, and the number of locations at
which the control is exercised.
Testing considerations Print
· The extent to which audit evidence is obtained from tests of
others controls related to the assertion (e.g., the control
environment or information technology general controls);
· The competence of the personnel who perform the control
or monitor its performance and whether there have been
changes in key personnel who perform the control or
monitor its performance;
· Whether the control relies on performance by an individual
or is automated (i.e., an automated control would generally
be expected to be lower risk if relevant information technology
general controls are effective);
· The nature, timing, and extent of procedures performed in
previous audits;
· The results of the previous years’ testing of the control;
· Whether we are engaged to audit shorter period financial
statements (e.g. where an entity has been formed during the
year) or to audit both annual financial statements and shorter
period financial statements for the same year. For shorter
periods the sample size is selected based on the assumed
population of the control. Refer to PwC Audit 6053 for
guidance; and
· Whether there has been change in the design or operation of
the controls.
We should vary the nature, timing, and extent of testing of controls
from year to year to introduce unpredictability into the testing and
respond to changes in circumstances.
· Automated controls are not subject to random failures or
deterioration over time, provided that relevant Information
Technology General controls are operating effectively. Testing
the continued operation of effective monitoring of controls in the
information systems and technology area during the remaining
period may provide sufficient evidence about the effective
operation of IT general controls over maintenance, information
security and computer operations activities.
· We may consider limiting our testing in the remaining
period to inquiries about a controls continued operation and
examination of evidence indicating that the control was
performed, e.g., reviewing annotated copies of reports and/or
follow-up communications.
· Spreading tests throughout the remaining period is not always
necessary where controls are cumulative, e.g., reviewing and
following up an exception report that lists items until such time
as they are resolved, or the reconciliation of control accounts to
the related detail. In such cases, tests that provide evidence that a
control operated effectively at the year-end also may provide
evidence about its operation during the remaining period.
ControlprocessMate (CpM) 5b