Walkthrough Test

What is a walkthrough test?

A walkthrough test is a risk assessment procedure, not a test of controls. ISA 315 (Revised 2019).25 requires the auditor to understand the entity's information system, including how transactions are initiated, recorded, processed, and reported. Paragraph A32 specifically identifies tracing transactions through the information system as a procedure to obtain that understanding.

You pick one transaction. Not a sample. One. You follow it from the moment it enters the system to the point it appears in the general ledger and the financial statements. Along the way, you identify each control point, ask the person who performs the control to describe what they do, and observe the evidence the control produces. If the process flow in your working papers does not match what you see during the walkthrough, the documented understanding is wrong and the risk assessment built on it is unreliable.

This is where the distinction matters. A walkthrough does not tell you whether the control worked 500 times during the year. It tells you whether the control exists, who performs it, and what evidence it leaves. If you plan to rely on that control, you still need tests of controls under ISA 330.8.

Why it matters in practice

Worked example: Hoffmann Pharma Handels GmbH

Client: Austrian pharmaceutical distributor, FY2024, revenue €34M, Austrian UGB reporter. Hoffmann distributes pharmaceuticals to hospitals and pharmacies across Austria. The engagement team performed a walkthrough of the sales-to-cash process during planning.

Select the transaction: The team selected a single delivery to Landeskrankenhaus Graz, invoice HF-2024-07221 for €14,800 (48 line items of pharmaceutical products), dated 15 September 2024.

Trace through initiation: The hospital placed the order via Hoffmann's online portal. The order entry clerk confirmed that the system automatically checks product availability, flags controlled substances for additional verification, and generates a picking list for the warehouse.

Trace through processing and controls: The warehouse team picked the order. A second warehouse employee verified the pick against the picking list (control point 1: independent verification of pick accuracy). For the three controlled substances, the warehouse supervisor performed an additional check against the narcotics register (control point 2: narcotics reconciliation). The dispatch team scanned each item at loading; the system matched scans to the picking list and generated the delivery note.

Trace through recording: The system generated the sales invoice upon dispatch confirmation. The invoice posted automatically to trade receivables and revenue. The team confirmed the posting in the general ledger and verified that the revenue recognition occurred on the dispatch date, consistent with Hoffmann's policy (transfer of risk on delivery to the carrier).

The walkthrough confirmed that the documented process flow matches the actual process, identified two manual control points and one automated control, and provided the basis for designing tests of controls on the pick verification and narcotics register controls.

Key standard references

• ISA 315 (Revised 2019).25: Requires the auditor to understand the entity's information system, including how transactions are initiated, recorded, processed, and reported.
• ISA 315 (Revised 2019).A32: Identifies tracing transactions through the information system (a walkthrough) as a procedure to obtain that understanding.
• ISA 315 (Revised 2019).26: Requires the auditor to identify controls relevant to the audit, including the individuals who perform them.
• ISA 330.8: Requires tests of controls (not walkthroughs) when the auditor plans to rely on control effectiveness.

Related terms

Related reading

Frequently asked questions