Para 2.1.14 — MSO
Original Rule Text
2.1.14 Various steps involved in compliance testing are as follows;
(i) The first step in actually conducting a compliance test will be to identify the sub-system in which the controls are to be tested. For example, if the Customs Department is to be audited, one of the sub-systems could be 'Assessment of Duty'.
(ii) The next step will be to identify the control objectives for each sub-system. For example, the control objective for the sub-system 'Assessment of Duty' could be that the tariff applied for the purpose is an approved one in accordance with the Customs Act.
(iii) The third step will be to identify the key controls that have been established to achieve the control objective for the sub-system. There may be several controls for achieving each control objective. However, because of constraints of time and resources, it may not be possible for Audit to test every one of these controls. Audit should, therefore, identify initially the key or important control for each control objective. Continuing the earlier example, one of the controls for achieving the objective mentioned at
(ii) above could be that the staff engaged in assessment work should be imparted refresher training at least once in three years. Audit may decide that this is not a key control and instead identify the stipulation that the Assessment Supervisor should test check at least 20 per cent of the assessments made by the assessment staff as a key control.
(iv) In addition, evidence gathering techniques like review of documents, review of performance, physical observation or interviews will be used to test check whether the key control function as envisaged has been achieved.
Based on the results of the test check, the auditor will arrive at a conclusion whether the controls are reliable and the extent of their reliability. If necessary, the auditor may also indicate loopholes in the internal control systems and suggest what additional controls could be introduced to remove such loopholes.