Procedures performed to detect material misstatement at the assertion level.

Substantive procedures comprise tests of details (of classes of transactions, account balances and disclosures) and substantive analytical procedures. A test of control would be to examine a sample of purchase orders to ensure that they have been appropriately authorised.

ISA 330 standard is the property of IAASB and this summary is only for educational purposes. For some sections where summary may not give exact meaning, extracts of the standard are posted here.

ISA 330 Definitions

Definition on substantive procedure

This standard defines substantive procedure as audit procedure that is designed to detect material misstatement at assertion level. These substantive procedure comprise of test of details (of classes of transactions, account balances, and disclosures) and substantive analytical procedures.

Definition on test of controls

This standard defines test of controls as audit procedure designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting material misstatements at assertion level.

ISA 330 Scope

This standard deals with the auditor’s responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor in accordance with ISA 315  in an audit of financial statements.

ISA 330 Objective

The objective of the auditor under ISA 330 is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks.

ISA 330 Requirements

1. This standard requires that auditors designs and implement overall response to address the assessed risk of material misstatement at the financial statement level.
2. This standard require that auditor design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.
3. This standard require that in designing further audit procedures inherent risk and control risk should be considered. Also more persuasive audit evidence is obtained higher assessed risk.

Test of control

ISA 330 require that auditor shall design and perform test of controls if;

• Audit assessment at assertion level include an expectation that controls are function effectively and auditor intend to rely on the operative effectiveness to determine the nature, timing and extent of substantive procedures; or
• Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

The more auditor intend to rely on the operating effectiveness, more perversive the audit evidence to the effectiveness should be.

Nature and Extent of Tests of Controls

ISA 330 require the auditor shall when design and performing test of control shall in addition to inquiry shall perform audit procedure to obtain evidence for:

• How controls are performed during the relevant time during the period
• The consistency with which they are applied
• By whom and by what means they are applied

If operating effective on control being tested depend upon the effectiveness of other indirect control, consider if it is necessary to obtain evidence to the effectiveness of those indirect controls

Timing of Tests of Controls

The timing of test can be particular or 12 months, this depends upon the period for which auditor intend to rely on the those controls.

Using audit evidence obtained during an interim period

If auditors intend to reply on the evidence from interim period, obtain evidence if there are any significant changes subsequent to interim period and determine if additional the additional audit evidence to be obtained for the remaining period.

Using audit evidence obtained in previous audits

Auditor should consider following when using the audit evidence from previous audit;

• Effectiveness of other elements of control;
• Risk arising from the nature of contract (Manual or automated)
• Effectiveness of general IT controls
• Control deviation changes noted in previous period and if any changes in personnel that may impact
• Whether the lack of a change in a particular control poses a risk due to changing circumstances
• The risks of material misstatement and the extent of reliance on the control

If auditor plans to use the audit evidence of control effectiveness from pervious period it should perform inquiry combined with observation or inspection evaluate continue relevance of the audit evidence.

If there are change that impact the relevance perform the test of control again.

Test the control once every three year. Test some control each year to avoid the possibility of checking all control in one year.

Controls over significant risks

These should be checked in the current audit period.

Evaluating the Operating Effectiveness of Controls

The auditor should consider the misstatement detected as part of substantive procedure to check effectiveness of the control.

If there is deviation in control detected, auditor should inquire to understand the deviation and assess;

• The tests of controls that have been performed provide an appropriate basis for reliance on the controls;
• Additional tests of controls are necessary; or
• The potential risks of misstatement need to be addressed using substantive procedures.

Substantive Procedures

Audit shall perform substantive procedure for all material class of transactions, account balance and disclosures.

The auditor shall consider whether external confirmation procedures are to be performed as substantive audit procedures

Substantive Procedures Related to the Financial Statement Closing Process

The auditor shall reconcile financial with underlying accounting record and also examine material journal entries and other adjustments made during the course of preparing the financial statements.

Substantive Procedures Responsive to Significant Risks

The auditor shall perform substantive procedures that are specifically responsive to identified significant risk.

When approach to the significant risk is only substantive procedure then it shall be test of details.

Timing of Substantive Procedures

If substantive procedures are performed at interim period the auditor shall cover the remaining period by performing substantive procedure with test of control or only substantive procedure if considered sufficient.

If an unassessed material misstatement is identified in interim period then auditor should consider if the risk assessment and associated response required to revisited.

Adequacy of Presentation and Disclosure

The auditor shall perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework

Evaluating the Sufficiency and Appropriateness of Audit Evidence

Before concluding audit, auditor shall assess the relevancy of risk assessment based on the audit procedure and evidence.

The auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, the auditor shall consider all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements.

If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements.

What are the three types of procedures performed to test design effectiveness?

What are the three 3 methods of collecting audit evidence?

How does the auditor respond to a high level of assessed risk of material misstatement at financial statement level?

What are the five procedures used for tests of controls?