Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
SUBSTANTIVE TESTING:
A PRACTICAL APPROACH
1
INTRODUCTION
What are the common audit problems?
Inadequacy of Inadequacy of Inadequacy of Inadequacy of
acceptance Planning Execution Completion
2
INTRODUCTION
How do we know these are the common problems?
https://www.ifiar.org/IFIAR-Global-Survey-of-Inspection-Findings.aspx
3
ROOT CAUSE ANALYSIS
Finding – insufficient work performed on a significant Audit
Risk
• The audit team member performing the work did not
First why: understand how to address the audit risk
• The audit manager was not briefed by the audit partner and
Second why: so could not adequately brief the audit team
The audit partner did not adequately brief the audit team
Third why: member on the audit strategy
4
AUDIT APPROACHES
Essentially there are four different audit approaches:
The substantive
procedures approach
The systems-based
This is also referred to as The balance sheet approach The risk-based approach
the vouching approach approach
Requires auditors to Audit resources are
or the direct verification Substantive procedures
assess the effectiveness directed towards those
approach. In this are focused on balance
of the internal controls of areas of the financial
approach, audit sheet (statement of
an entity, and then to statements that may
resources are targeted financial position)
direct substantive contain misstatements
on testing large volumes accounts, with only very
procedures primarily to (either by error or
of transactions and limited procedures being
those areas where it is omission) as a
account balances carried out on income
considered that systems consequence of the risks
without any particular statement/profit and loss
objectives will not be faced by the business
focus on specified areas account items.
met
of the financial
statements
5
INTERNAL CONTROL TESTING
ISA 315: Requirements
“The auditor shall obtain an understanding of internal
control relevant to the audit. Although most controls
relevant to the audit are likely to relate to financial
reporting, not all controls that relate to financial reporting
are relevant to the audit. It is a matter of the auditor’s
professional judgment whether a control, individually or in
combination with others, is relevant to the audit.”
6
INTERNAL CONTROL TESTING
• Important to remember - ISAs require the auditor to evaluate the design and
implementation of the client’s internal controls.
• Requirements from ISA 315 Identify and assess the Risks of Material
Misstatement through understanding the entity and its Environment. It is clear
that the internal controls should be understood and evaluated. The ISA goes
on to say that enquiry alone is not sufficient to perform this evaluation. Usually
walk through tests are the best way to check that the controls have been
implemented and to confirm that the auditor has correctly documented the
systems and controls. The evaluation should cover all significant transaction
cycles and the auditor should assess the strength or otherwise of the control
system.
• If the auditor’s assessment is positive, the auditor may decide that testing
internal
ICPAK controls will be an effective approach.
7
INTERNAL CONTROL TESTING
13
ISA’S 330 AND 315 CONTROL v/s SUBSTANTIVE
ISA 330
The auditor should design and perform further audit procedures whose nature, timing, and
extent are responsive to the assessed risks of material misstatement at the assertion level
The auditor’s assessment of the identified risks at the assertion level provides a basis for
considering the appropriate audit approach for designing and performing further audit
procedures.
In the case of very small entities, there may not be many control activities that could be
identified by the auditor.
When the auditor’s assessment of risks of material misstatement at the assertion level includes
an expectation that controls are operating effectively, the auditor should perform tests of
controls to obtain sufficient appropriate audit evidence that the controls were operating
effectively at relevant times during the period under audit.
When, in accordance with paragraph 115 of ISA 315, the auditor has determined that it is not
possible or practicable to reduce the risks of material misstatement at the assertion level to
an acceptably low level with audit evidence obtained only from substantive procedures, the
auditor should perform tests of relevant controls to obtain audit evidence about their
operating effectiveness 14
ISA’S 330 AND 315 (CONTROL v/s SUBSTANTIVE
ISA 315
The auditor shall obtain an understanding of internal control
relevant to the audit. Although most controls relevant to the audit
are likely to relate to financial reporting, not all controls that relate
to financial reporting are relevant to the audit. It is a matter of the
auditor’s professional judgment whether a control, individually or
in combination with others, is relevant to the audit.
An understanding of internal control assists the auditor in
identifying types of potential misstatements and factors that
affect the risks of material misstatement, and in designing the
nature, timing and extent of further audit procedures.
16
EXAMPLE: CONTROL’S
The division does not necessarily reflect how an entity designs, implements and
maintains internal control, or how it may classify any particular component.
Auditors may use different terminology or frameworks to describe the various
aspects of internal control, and their effect on the audit than those used in this
ISA, provided all the components described in this ISA are addressed. 18
CONTEXT DIAGRAM
MATERIALITY
AUDIT REPORT
SAMPLING
SUBSTANTIVE APPROACH
AUDIT RISK MODEL
CONTROL’S APPROACH
INHERENT RISK
CONTROL RISK
19
AIM
20
CONTROL’S ENVIRONMENT
CONTROL
ENVIRONMENT
21
TRANSACTION LEVEL CONTROLS
OR
23
TYPES OF CONTROLS
2. 3. 4.
Automated/ IT IT
1. Manual application generated dependent
controls controls control
24
TYPES OF CONTROLS cont.…
Speed Cameras - preventive
Alco-blow - Photo
DETECT DETECT
IT
NORMAL DEPENDENT AUTOMATED
CONTROLS MANUAL CONTROLD
CONTROLS
PREVENT PREVENT
25
TYPES OF CONTROLS cont.…
Automated Controls normally becoming bigger based on size of
Business
• No internet
• No WIFI
Manual Automated • No Battery
• No Back - up
26
WHAT IS THE TEST OF CONTROL
27
PREVENT CONTROLS
Can be applied to each transaction during normal processing to avoid errors
occurring
What
could go Prevent
Assertion
wrong Control
Sales occur that are Occurrence The computer programme will not allow a sale to be
not recoverable Existence processed if a customer has exceeded its credit
Fictitious employees Occurrence Amounts are not able to be paid to the employees
are paid without first matching a valid tax file number to the
employee master file
Sales are recorded at Accuracy Sales invoices are automatically priced using the
an incorrect value information in the price master file
Transactions are Classification Account coding on each purchase order is checked
classified and coded by the computer to a table of valid account numbers,
to incorrect accounts and then various logic tests are performed by the
computer 28
DETECTING CONTROLS
These are necessary to identify and correct errors that do enter the records. Not
normally applied to transactions during normal flow and processing
Example: IA reports that are never acted upon
What could go wrong Assertion Detect Control
Cash is received but not recorded Completeness Bank reconciliation and follow – up of unexpected
in the ledger, payments are made Occurrence outstanding items (e.g. unexpected or large deposits
but not recorded, cash Cut-off not yet cleared by the bank, cheques presented by
receipts/payments are not real or the bank but not recorded in the general ledger
not recorded on a timely basis
Shipments not billed and Completeness The computer performs a daily comparison of
recorded, and billings are not Occurrence quantities shipped to quantities billed. If differences
related to the actual shipments or are detected, a report is generated for review and
product follow up by the billing supervisor
Unrecorded billings and errors in Completeness Quarterly reviews of credit balances in accounts
classifying sales or cash receipts Classification receivable to determine their causes
Among other things, errors in the Accuracy The sales manager reviews daily shipments, total
number of units or unit prices sales, and sales per unit shipped
being calculated or applied
incorrectly 29
AUTOMATED CONTROLS - IT CONTROLS
Normal IT Development
LIVE/
DEVELOPERS TESTING PRODUCTION
TESTS STAFF/CLIENTS
30
TECHNIQUES FOR TESTING CONTROLS
1
• Enquiry
2
• Observation
3
• Inspection of physical evidence
4
• Re-performing tasks
5
• Professional judgement and Professional skepticism
31
SELECTING AND DESIGNING TESTS OF CONTROL
32
RESULTS OF THE CONTROL TESTING
33
DOCUMENTING CONCLUSIONS
4. Results of testing
Document in sufficient detail to allow another auditor to perform the same tests
Give example of UN (E-mails behind documentation of field offices, receipts lost)
34
TODAY’S CONTROLS
35
SUBSTANTIVE TESTING
Introduction to Principle of Directional Testing
37
SUBSTANTIVE TESTING
Which key substantive standards apply to substantive
tests?
ISA 330 (Auditor response to assessed Risk)
The greater the risk of material misstatement, the greater
the extent of substantive procedures. Because the risk of
material misstatement takes account of internal control,
the extent of substantive procedures may be increased as
a result of unsatisfactory results from tests of the operating
effectiveness of controls. However, increasing the extent of
an audit procedure is appropriate only if the audit
procedure itself is relevant to the specific risk.
38
SUBSTANTIVE TESTING
The auditor designs tests of details responsive to the assessed risk with the objective of
obtaining sufficient appropriate audit evidence to achieve the planned level of assurance at
the assertion level
In designing substantive analytical procedures, the auditor considers such matters as the
following:
•The suitability of using substantive analytical procedures given the assertions.
•The reliability of the data, whether internal or external, from which the expectation of recorded
amounts or ratios is developed.
•Whether the expectation is sufficiently precise to identify a material misstatement at the desired
level of assurance.
•The amount of any difference in recorded amounts from expected values that is acceptable
The greater the risk of material misstatement, the greater the extent of substantive procedures.
Because the risk of material misstatement takes account of internal control, the extent of
substantive procedures may be increased as a result of unsatisfactory results from tests of the
operating effectiveness of controls.
39
SUBSTANTIVE TESTING
Even when controls are good , the auditor will carry out test on the figures
in the FS. The audit has to address all assertions made by each material
figure. These are substantive tests. They comprise of:
1. Analytical procedure
2. Tests of details
➢ Physical examinations
➢ Confirmations
➢ Documentation
➢ Inquiries
➢ Recalculations
➢ Observation
40
SUBSTANTIVE TESTING
Examples:
• Payroll
• Travel Ratios
• Trend Ratios
• Trend analysis
• Reasonableness Testing
41
ANALYTICAL PROCEDURES
42
TEST OF DETAIL vs CONTROL TESTS
SUBSTANTIVE TESTING IN THE REVENUE CYCLE
Planning for Direct Tests of Transactions and Account Balances
• Audit objectives and assertions
• Account balance relationships
• Risk of material misstatement
• Composition of the account
• Persuasiveness of audit procedures
• Cost of audit procedures
• Timing of audit procedures
• Determining optimal mix of audit procedures
43
TEST OF DETAIL vs CONTROL TESTS
Assertions related to revenue transactions:
▪ Occurrence: Have the transactions occurred and pertain to the
entity
47
TEST OF DETAIL vs CONTROL TESTS
Substantive Tests of Revenue for Completeness
48
FRAUD INDICATORS AND AUDIT ROCEDURES
51
ASSESSMENT OF ENVIRONMENTAL RISK
• Document operation of accounting applications and important
controls
• Management's integrity
55
UNDERSTANDING INTERNAL CONTROLS Cont.….
Internal control procedures should be sufficient to ensure the
management assertions are achieved:
56
WHAT ARE THE 3 COMPONENTS OF CONTROL RISK
57
MONITORING CONTROLS
Designed to signal failures in transaction processing, and determine if timely, corrective action is
taken
58
TEST OF DETAIL vs CONTROL TESTS
THANK YOU
Q&A
59