Which audit technique can find flaws but might not identify overlapping controls?

The integrated test facility is a technique used during audits that incorporates a simulated environment, allowing auditors to conduct test transactions within the same system environment as real transactions. This approach is valuable because it enables auditors to assess the functioning of controls in real-time alongside operational processes.

While integrated test facilities can effectively reveal flaws in controls or processes because they mimic real-world conditions, they might not always identify overlapping controls—situations where multiple controls serve the same purpose or risk. Since the focus of this technique is generally on testing specific functions or processes, it may not provide a comprehensive view of all controls within the system, especially overlapping ones that might not be tested directly in the simulated environment.

In contrast, reviewing documentation focuses on established procedures and protocols and can uncover a broader range of control descriptions, making it easier to identify overlaps. Manual testing of controls typically involves checking individual controls in detail, which can also highlight redundancies. Automated monitoring solutions continuously evaluate and report on controls but may not be specifically designed to test for overlaps.