Testing for Design and Implementation 3182



  • I have a question with regards to testing D_and_I, specifically with regards to testing implementation.
    If one is performing a walkthrough and the sample that is selected during the walkthrough has an exception, do we consider that as a failure of D_and_I or would it be okay to reselect another sample which has no exception?
    Given that we are simply checking that the control is implemented (as opposed to operating effectively), my thoughts are that this would be okay?
    For example, I feel that it would not make sense if we got ‘unlucky’ and selected a sample with an exception in it, and thus fail D_and_I, whereas had we selected a good sample for the walkthrough (but found exceptions during testing of operating effectiveness), we would say that the control is properly designed and implemented, but not operating effectively?
    Could you guys offer your insight on this? Also, is there any guidance that anyone could point me to that resolves this?



  • I would think that you would consider the ‘exception’ when selecting your sample size to do actual testing. What would a typical sample size be for the control you were documenting? If it is 1-10, then you clearly have a control failure that needs to be remediated. If the sample size is much larger, then it is possible that you have identified an exception.
    It really does not matter how you come about finding out about an exception or control failure (through formal testing, auditor inquiry, management inquiry, internal audit testing, etc.) for you to consider it a deficiency.


Log in to reply