What audit procedures are designed to detect material misstatements at the assertion level?

SAS No. 04 Audit Evidence

Status

Revised by Auditing Standards Committee in Taiwan on 31 December, 1985.

Summary

“Audit evidence” is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based, and includes the information contained in the accounting records underlying the financial statements and other information. Auditors are not expected to address all information that may exist.

The reliability of audit evidence is influenced by its source and by its nature and is dependent on the individual circumstances under which it is obtained. The following generalizations about the reliability of audit evidence are useful:

Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.
Audit evidence that is generated internally is more reliable when the related controls imposed by the entity are effective.
Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference.
Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or other medium.
Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles.

When information produced by the entity is used by the auditor to perform audit procedures, the auditor should obtain audit evidence about the accuracy and completeness of the information.

The auditor should use assertions for classes of transactions, account balances, and presentation and disclosures in sufficient detail to form a basis for the assessment of risks of material misstatement and the design and performance of further audit procedures.

The auditor obtains audit evidence to draw reasonable conclusions on which to base the audit opinion by performing audit procedures to:

Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels;
When necessary or when the auditor has determined to do so, test the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level; and
Detect material misstatements at the assertion level.

The auditor uses one or more types of audit procedures below in order to obtain audit evidence. These audit procedures, or combinations thereof, may be used as risk assessment procedures, tests of controls or substantive procedures, depending on the context in which they are applied by the auditor.

Inspection

Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. Inspection of tangible assets may provide reliable audit evidence with respect to their existence, but not necessarily about the entity’s rights and obligations or the valuation of the assets.

Observation

Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place and by the fact that the act of being observed may affect how the process or procedure is performed.

Inquiry

Inquiry is an audit procedure that is used extensively throughout the audit and often is complementary to performing other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process.

Confirmation

Confirmation, which is a specific type of inquiry, is the process of obtaining a representation of information or of an existing condition directly from a third party. Confirmations are frequently used in relation to account balances and their components, but need not be restricted to these items.

Recalculation

Recalculation consists of checking the mathematical accuracy of documents or records.

Reperformance

Reperformance is the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control.

Analytical Procedures

Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data. Analytical procedures also encompass the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts.

Effective date

This Statement is effective from 1 October, 1984.

ISA 330 standard is the property of IAASB and this summary is only for educational purposes. For some sections where summary may not give exact meaning, extracts of the standard are posted here.

ISA 330 Definitions

Definition on substantive procedure

This standard defines substantive procedure as audit procedure that is designed to detect material misstatement at assertion level. These substantive procedure comprise of test of details (of classes of transactions, account balances, and disclosures) and substantive analytical procedures.

Definition on test of controls

This standard defines test of controls as audit procedure designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting material misstatements at assertion level.

ISA 330 Scope

This standard deals with the auditor’s responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor in accordance with ISA 315 in an audit of financial statements.

ISA 330 Objective

The objective of the auditor under ISA 330 is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks.

ISA 330 Requirements

This standard requires that auditors designs and implement overall response to address the assessed risk of material misstatement at the financial statement level.
This standard require that auditor design and perform further audit procedures whose nature, timing and extent are based on and are responsiveto the assessed risks of material misstatement at the assertion level.
This standard require that in designing further audit procedures inherent risk and control risk should be considered. Also more persuasive audit evidence is obtained higher assessed risk.

Test of control

ISA 330 require that auditor shall design and perform test of controls if;

Audit assessment at assertion level include an expectation that controls are function effectively and auditor intend to rely on the operative effectiveness to determine the nature, timing and extent of substantive procedures; or
Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

The more auditor intend to rely on the operating effectiveness, more perversive the audit evidence to the effectiveness should be.

Nature and Extent of Tests of Controls

ISA 330 require the auditor shall when design and performing test of control shall in addition to inquiry shall perform audit procedure to obtain evidence for:

How controls are performed during the relevant time during the period
The consistency with which they are applied
By whom and by what means they are applied

If operating effective on control being tested depend upon the effectiveness of other indirect control, consider if it is necessary to obtain evidence to the effectiveness of those indirect controls

Timing of Tests of Controls

The timing of test can be particular or 12 months, this depends upon the period for which auditor intend to rely on the those controls.

Using audit evidence obtained during an interim period

If auditors intend to reply on the evidence from interim period, obtain evidence if there are any significant changes subsequent to interim period and determine if additional the additional audit evidence to be obtained for the remaining period.

Using audit evidence obtained in previous audits

Auditor should consider following when using the audit evidence from previous audit;

Effectiveness of other elements of control;
Risk arising from the nature of contract (Manual or automated)
Effectiveness of general IT controls
Control deviation changes noted in previous period and if any changes in personnel that may impact
Whether the lack of a change in a particular control poses a risk due to changing circumstances
The risks of material misstatement and the extent of reliance on the control

If auditor plans to use the audit evidence of control effectiveness from pervious period it should perform inquiry combined with observation or inspection evaluate continue relevance of the audit evidence.

If there are change that impact the relevance perform the test of control again.

Test the control once every three year. Test some control each year to avoid the possibility of checking all control in one year.

Controls over significant risks

These should be checked in the current audit period.

Evaluating the Operating Effectiveness of Controls

The auditor should consider the misstatement detected as part of substantive procedure to check effectiveness of the control.

If there is deviation in control detected, auditor should inquire to understand the deviation and assess;

The tests of controls that have been performed provide an appropriate basis for reliance on the controls;
Additional tests of controls are necessary; or
The potential risks of misstatement need to be addressed using substantive procedures.

Substantive Procedures

Audit shall perform substantive procedure for all material class of transactions, account balance and disclosures.

The auditor shall consider whether external confirmation procedures are to be performed as substantive audit procedures

Substantive Procedures Related to the Financial Statement Closing Process

The auditor shall reconcile financial with underlying accounting record and also examine material journal entries and other adjustments made during the course of preparing the financial statements.

Substantive Procedures Responsive to Significant Risks

The auditor shall perform substantive procedures that are specifically responsive to identified significant risk.

When approach to the significant risk is only substantive procedure then it shall be test of details.

Timing of Substantive Procedures

If substantive procedures are performed at interim period the auditor shall cover the remaining period by performing substantive procedure with test of control or only substantive procedure if considered sufficient.

If an unassessed material misstatement is identified in interim period then auditor should consider if the risk assessment and associated response required to revisited.

Adequacy of Presentation and Disclosure

The auditor shall perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework

Evaluating the Sufficiency and Appropriateness of Audit Evidence

Before concluding audit, auditor shall assess the relevancy of risk assessment based on the audit procedure and evidence.

The auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, the auditor shall consider all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements.

If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements.

Documentation

Auditor shall include following in the documentation;

responses to address the assessed risks of material misstatement at the financial statement level
the nature, timing and extent of the further audit procedures performed
The linkage of those procedures with the assessed risks at the assertion level
The results of the audit procedures, including the conclusions where these are not otherwise clear
Conclusion of reliance on the audit evidence obtained in previous period in the context of test of controls
Agreement and reconciliation of underlying accounting record with financial statement.

What is material misstatement at the assertion level?

The risk of material misstatement on an assertion level is composed of an assessment of inherent risk and control risk – inherent risk being the auditor's statement regarding the client's susceptibility of an assertion to being materially misstated. This is before the consideration of the client's internal controls.

What is the auditor required to identify and assess the risks of material misstatement?

In identifying and assessing risks of material misstatement, the auditor should: Identify risks of misstatement using information obtained from performing risk assessment procedures (as discussed in paragraphs . 04-. 58) and considering the characteristics of the accounts and disclosures in the financial statements.

Are tests to detect material misstatements in the financial statements?

(ii) Substantive procedures are aimed at detecting material misstatements at the assertion level. They include tests of details of transactions, balances, disclosures and substantive analytical procedures.

What is audit risk at assertion level?

The auditor uses the assessed risk of material misstatement to determine the appropriate level of detection risk for a financial statement assertion. The higher the risk of material misstatement, the lower the level of detection risk needs to be in order to reduce audit risk to an appropriately low level.