Which approach is commonly used to test the operating effectiveness of controls?

The Test of Controls approach is essential in auditing because it directly assesses the design and operational effectiveness of internal controls within an organization. This method typically involves a systematic review of the controls in place to ensure they are functioning as intended.

During a Test of Controls, auditors gather evidence through various means, such as inspecting documentation, observing processes, and re-performing control activities. The goal is to verify that the controls are not only well-designed but also effectively operated over a defined period. This is fundamental in ensuring that the controls can adequately mitigate identified risks and align with the organization's objectives.

In contrast, other approaches listed, such as Risk Assessment, focus more on identifying and evaluating potential risks rather than testing the controls themselves. Quality Assurance Review is generally aimed at assessing the auditor's adherence to established quality standards, while Performance Evaluation measures the overall achievements and results of a system or process without specifically looking at the internal controls' effectiveness. Thus, while all options are important in the broader context of auditing, the Test of Controls is specifically tailored to measure how well the internal control system operates in practice.