DataSnipper Reaches $1B Valuation with $100M Funding


How to Document a Test of Control for Purchases Control in 5 steps

May 26, 2023

Auditors, picture this: you’ve been tasked with conducting a test of control for purchases controls. A process that helps you assess the effectiveness of controls put in place to prevent fraudulent purchases.

However, as you know, documenting this process can be tricky, especially if you’re still at the start of your auditing career. Where should you begin?

Worry not! In this guide, we will provide a step-by-step approach to documenting a test of control for purchases controls.

What is a Test of Control for Purchases Control?

Before diving into the details of documenting a test of control for purchases controls, it is important to understand the purpose of this test. Don’t jump to the how before understanding the why. 

The aim of this test is to identify any weaknesses in the controls used to prevent fraudulent purchases. By conducting this test, you can help strengthen the control environment and provide assurance to stakeholders.

Effective purchases controls are vital for organizations to safeguard against fraudulent activities and ensure the legitimacy of all purchases. These controls play a crucial role in ensuring that goods and services are procured at the right price, from trusted suppliers, and in the correct quantities.

Without robust controls, unauthorized purchases can occur, leading to financial losses and damage to the organization's reputation.

As mentioned a couple of times already, identifying weaknesses in purchases controls is essential to prevent fraudulent activities.

The test of control for purchases controls is designed to assess the operating effectiveness of the controls in place and identify any gaps that need to be addressed.

This test involves reviewing the policies and procedures related to purchases, as well as testing the controls to ensure they are operating effectively.

By identifying weaknesses in purchases controls, you can help strengthen the control environment and provide assurance to stakeholders. This will help to build trust in the organization and ensure that it is operating in a transparent and ethical manner.

Additionally, by addressing any weaknesses in the control environment, you can help prevent financial loss and reputational damage, which can have a significant impact on the organization.

How to Document a Test of Controls for Purchases Control in 5 steps

1. Understand the Objective of the Test

When it comes to testing controls for purchases, it is crucial to have a clear understanding of the objective of the test. This means identifying the specific controls that will be tested and determining the purpose of these controls.

For example, you may be testing controls related to the verification of purchase orders, approval of invoices, or segregation of duties.

By understanding the objective of the test, you can ensure that the test is relevant and adds value to the audit process. This will help you to identify any weaknesses or deficiencies in the controls and make recommendations for improvements.

It is also important to involve all stakeholders in the process of documenting the objective of the test. This includes management, auditors, and other relevant parties.

By involving everyone in the process, you can ensure that everyone is aligned with the goals of the test and that the test is conducted in an efficient and effective manner.

Furthermore, documenting the objective of the test can help you to stay focused and on track throughout the testing process. It provides a clear roadmap for what needs to be tested and why, which can help you to avoid unnecessary or irrelevant testing.

Overall, understanding the objective of the test is a crucial first step in testing controls for purchases. By taking the time to document the objective and involve all stakeholders, you can ensure that the test is relevant, adds value, and is conducted in an efficient and effective manner.


Audit without automain means countless late nights in the office.

2. Identify the Key Control Activities

Once you've identified the objective of the test, the next step is to identify the key control activities.

These are the specific actions that have been implemented to mitigate the risk of fraudulent purchases. Control activities can include policies, procedures, authorizations, verifications, and reconciliations.

It's important to document all the control activities you plan to test, and how they relate to the objective of the test. This information will help you identify any potential gaps in the control environment and provide recommendations for improvement.

3. Define the Test Procedures

After identifying the key control activities, you need to define the test procedures that you will use to test them. This includes determining the sample size, selecting items for testing, and designing the procedures you will use to test each control.

Test procedures can include observation, inspection of documentation, inquiry, and re-performance. It's essential to document the test procedures you plan to use carefully.

4. Document the Test Results

When conducting the test, you need to document the results of each procedure. This includes the sample size, any exceptions found, and the impact of these exceptions. Documenting the results will help you provide a clear picture of the control environment to stakeholders.

In addition, it is crucial to ensure that you have sufficient documentation to support your conclusions thoroughly. This evidence should be recorded in a neat and organized manner, and any relevant information should be highlighted.

5. Analyze and Evaluate the Results

Finally, you need to analyze and evaluate the test results to assess the effectiveness of the control environment. This includes identifying any gaps in the controls, assessing the severity of any exceptions found, and determining whether any further action is required.

It's important to take a multi-faceted approach to analyzing and evaluating the results, considering all angles before drawing conclusions and making recommendations for improvement.

Automation and Test of Control Documentation

Using automation to document your test of control can ease the burden of repetitive documentation tasks and enhance the consistency of your documentation process.

Automation tools can also help with sorting and categorizing large amounts of information and improve collaboration around working on documentation across a team.

How to Document a Test of Control for Purchases Control with DataSnipper

Did you know? You can use DataSnipper to assist you in documenting Test of Controls related to the purchases cycle by creating cross references between evidence and your testing workbook. 

Check out how in the video below!


Become a DataSnipper Expert

Knowledge Base
Learn how to perform audit and finance use cases
Attend our latest events