The Auditor's Responses to Assessed Risks

CAS 330

The Auditor's Responses to Assessed Risks

CAS 330

General

The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks

Definitions
  • Substantive procedure – An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise:
    • Tests of details (of classes of transactions, account balances, and disclosures); and
    • Substantive analytical procedures
  • Test of controls – An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level
Overall Responses
  • The auditor shall design and implement overall responses to address the assessed risks of material misstatement at the F/S level
  • Overall responses may include:
    • Emphasizing to the audit team the need to maintain professional skepticism
    • Assigning more experienced staff or those with special skills or using experts
    • Providing more supervision
    • Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed
    • Making general changes to the nature, timing or extent of audit procedures, for example: performing substantive procedures at the period end instead of at an interim date; or modifying the nature of audit procedures to obtain more persuasive audit evidence
  • An effective control environment may allow the auditor to have more confidence in internal control and the reliability of audit evidence generated internally within the entity and thus, for example, allow the auditor to conduct some audit procedures at an interim date rather than at the period end
Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level
  • The auditor should design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks of material misstatement at the assertion level
    • For example, the auditor may determine that:
      • Only by performing tests of controls may the auditor achieve an effective response to the assessed risk of material misstatement for a particular assertion
      • Performing only substantive procedures is appropriate for particular assertions
      • A combined approach using both tests of controls and substantive procedures is an effective approach
      • Note that irrespective of the approach selected, the auditor must design and perform substantive procedures for each material class of transactions, account balance, and disclosure
Tests of Controls
  • Tests of controls are performed only if:
    • The assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls); or
    • Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level
  • The auditor may design a test of controls to be performed concurrently with a test of details on the same transaction (i.e. a dual-purpose test)
    • i.e. when examining an invoice as part of test of details, you can perform a test of control on it by determining if it has been approved
  • In designing and performing tests of controls, the auditor should:
    1. Perform other audit procedures in combination with inquiry to obtain audit evidence about the operating effectiveness of the controls, including:
      1. How the controls were applied at relevant times during the period under audit;
      2. The consistency with which they were applied; and
      3. By whom or by what means they were applied
    2. Determine whether the controls to be tested depend upon other controls (indirect controls), and, if so, whether it is necessary to obtain audit evidence supporting the effective operation of those indirect controls
  • Test controls for the particular time or throughout the period, for which the auditor intends to rely on those controls
  • If the auditor obtains audit evidence about the operating effectiveness of controls during an interim period, the auditor shall:
    1. Obtain audit evidence about significant changes to those controls subsequent to the interim period; and
    2. Determine the additional audit evidence to be obtained for the remaining period (about controls that were operating after an interim period)
  • It may be appropriate to use audit evidence about the operating effectiveness of controls obtained in previous audits; but the auditor must consider the following
    1. The effectiveness of other elements of internal control (i.e. control environment, monitoring of controls, risk assessment process)
    2. The risks arising from the characteristics of the control, including whether it is manual or automated
    3. The effectiveness of general IT controls
    4. The effectiveness of the control and its application by the entity, including the nature and extent of deviations in the application of the control noted in previous audits, and whether there have been personnel changes that significantly affect the application of the control
    5. Whether the lack of a change in a particular control poses a risk due to changing circumstances
    6. The risks of material misstatement and the extent of reliance on the control
  • If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor should test the controls in the current audit
  • If there have not been such changes, you should test the controls at least once every third audit, and test some controls each audit to avoid the possibility of testing all the controls every third year
  • If the auditor plans to rely on controls over a risk the auditor has determined to be a significant risk, the auditor shall test those controls in the current period
Evaluating the Operating Effectiveness of Controls
  • When evaluating the operating effectiveness of relevant controls, the auditor shall evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively
  • If there are deviations from controls upon which the auditor intends to rely are detected; determine whether:
    1. The tests of controls that have been performed provide an appropriate basis for reliance on the controls
    2. Additional tests of controls are necessary
    3. The potential risks of misstatement need to be addressed using substantive procedures
Substantive Procedures
  • Irrespective of the assessed risks of material misstatement, the auditor should design and perform substantive procedures for each material class of transactions, account balance, and disclosure
    • the extent of substantive procedures may need to be increased when the results from tests of controls are unsatisfactory
    • In designing tests of details, the extent of testing is ordinarily thought of in terms of the sample size
  • The auditor shall consider whether external confirmation procedures are to be performed as substantive audit procedures (note, external confirms are not mandatory)
    • Consider the confirming party’s knowledge of the subject matter and the ability or willingness of the intended confirming party to respond
Substantive Procedures Related to the Financial Statement Closing Process
  • Substantive procedures should include the following audit procedures
    1. Agreeing or reconciling the financial statements with the underlying accounting records
    2. Examining material journal entries and other adjustments made during the course of preparing the financial statements.
Timing of Substantive Procedures
  • If substantive procedures are performed at an interim date, the auditor should cover off the remaining period by performing:
    1. Substantive procedures, combined with tests of controls for the remaining period; or
    2. If the auditor determines that it is sufficient, further substantive procedures only that provide a reasonable basis for extending the audit conclusions from the interim date to the period end
  • If misstatements that the auditor did not expect when assessing the risks of material misstatement are detected at an interim date, evaluate whether the assessment of risk and the nature, timing or extent of substantive procedures covering the remaining period need to be modified
Evaluating the Sufficiency and Appropriateness of Audit Evidence
  • Evaluate before the conclusion of the audit whether the assessments of the risks of material misstatement at the assertion level remain appropriate
  • Conclude whether sufficient appropriate audit evidence has been obtained
    • If not, obtain further audit evidence
    • If unable to obtain further audit evidence, express a qualified or disclaimer of opinion

Spread the Word!

Scroll to Top
Scroll to Top