CA.

Sudhir Sharma

1
Learning Objectives
• Auditor’s responsibility to design
and implement responses to the
1 risks of material misstatement

• Material misstatements
identified and assessed by the
2 auditor

• Obtaining appropriate audit

evidence about the assessed
3 risks of material misstatements

2
Addressing Material Misstatement Risks in Financial Statements

3
Overall Responses Explained…

Overall responses addressing assessed risks of material

misstatement at financial statement level:

• Audit team to necessarily maintain professional skepticism

• Assigning staff with experience, special skills or expertise coupled with supervision
• Making selection process of further audit procedures to be performed unpredictable
• Making general changes to the nature, timing or extent of audit procedures

Said assessment of risks and auditor’s overall responses are affected

by the auditor’s understanding of the control environment. In an
effective control environment, auditor has more confidence in internal
control and on reliability of audit evidence generated in the entity

4
Overall Responses Explained
In an effective control environment, auditor has more confidence in
internal control and on reliability of audit evidence generated in the
entity

Deficiencies in the control environment, however, have the opposite

effect; for example, the auditor may respond to an ineffective control
environment by:
• conducting more audit procedures at the period -end than at an interim date
• obtaining more extensive audit evidence from substantive procedures
• including large number of locations in audit scope

Such considerations significantly affect auditor’s general approach

using substantive approach or combined approach

5
Assessed Risks of Material Misstatement at Assertion Level

6
Nature, Timing and Extent of Further Audit
Procedures – Auditor Determining Approach
Performing only tests of controls to achieve an effective response to the
assessed risk of material misstatement for an assertion

Performing only substantive procedures appropriate for particular

assertions, which excludes the effect of controls from relevant risk
assessment because:
• auditor’s risk assessment procedures have not identified any effective controls relevant
to the assertion, or
• testing controls having become inefficient therefore auditor not relying on operating
effectiveness of controls in determining nature, timing & extent of substantive
procedures

Tests of controls & substantive procedures combined an effective

approach

7
Nature, Timing and Extent of Audit
Procedures – Briefly Defined
Nature most important in responding to the assessed risks and refers to (a)
audit procedures purpose and (b) their type

Timing is when to perform, or period /date audit evidence pertains to

Extent refers to a sample size of procedures to be performed or no. of

observations of a control activity

Designing & performing further audit procedures whose nature, timing &
extent:
• are based on assessed risks of material misstatement at the assertion
level & are also responsive them and
• provide a clear linkage between these procedures & risk assessment

8
Responding to Assessed Risks
at Assertion Level…
To design further audit procedures, auditor considers the
reasons given for the assessment of risk of material
misstatement at the assertion level for each class of
transactions, account balance, and disclosure, including:
• probability of material misstatement due to particular characteristics of
relevant class of transactions, account balance, or disclosure (i.e. the
inherent risk); and
• whether the risk assessment takes into account the relevant controls
(i.e., the control risk), thereby requiring the auditor to obtain audit
evidence to determine whether the controls are operating effectively
(i.e., the auditor intends to rely on the operating effectiveness of
controls in determining the nature, timing and extent of substantive
procedures);

9
Responding to Assessed Risks
at Assertion Level…
Assessed risk being high, auditor
Auditor’s assessed risks affect
confirms completeness of
both the types of audit
contract terms with the
procedures and their combination
counterparty in addition to
to be performed
document inspection

Nature of Audit
Procedures

Certain audit procedures more Reasons for assessment of a risk

appropriate for some assertions relevant in determining the nature
than others of audit procedures

10
Responding to Assessed Risks
at Assertion Level…
Tests of controls or substantive
procedures may be performed at
interim date / at period- end but certain
audit procedures can be performed only
at or after the period end
Performing audit procedures before
period end assists the auditor to:
• identify & resolve key matters earlier with
management’s assistance or
• develop an effective audit approach to address
such matters

Timing of Audit
Procedures

Auditor to perform audit procedures Other relevant factors affecting auditor’s

unannounced or at unpredictable times
particularly when considering response
to the fraud risks
consideration of audit procedures timing
are (a) Control environment (b) When
the relevant information is available;
(c)Nature of risk; (d) Period or date, the
audit evidence relates to

11
 Responding to Assessed Risks at
Assertion Level
Extent of procedure is determined after
considering the materiality, assessed risk,
and degree of assurance auditor plans to
obtain. Extent of each procedure is
considered separately when procedures
combined together meet single purpose
Extent of Audit
Procedures
In certain circumstances, audit
mandate and any special auditing
requirements may affect auditor’s
consideration of nature, timing &
extent of further audit procedures
The use of computer-assisted audit
techniques (CAATs) enables
extensive testing of electronic
transactions & account files, which
may be useful for auditor for any
modification of extent of testing.
Substantive audit procedures more
efficient in smaller entities due to (a) no.
of control activities being small or (b)
limited documentation of such activities
existence or operation & (c) lack of control
activities/control components making it
impossible to obtain sufficient appropriate
audit evidence
12
Auditor’s Steps – Assessed
Risks Higher
Auditor • quantity of audit
assessment of evidence, or
risks being • obtain more relevant
higher therefore or reliable evidence
to obtain more e.g. third party
evidence or
persuasive corroborating
audit evidence evidence from
auditor may independent sources
increase:

13
Detailed Explanation

14
Designing and Performing Tests
of Controls…
Tests of controls performed only on the controls determined by auditor as
suitably designed to prevent, or detect and correct a material misstatement in
an assertion. Substantially different controls used during audit period to be
considered separately

Auditor uses same audit procedures to test controls operating effectiveness

as well as to evaluate/ determines their design/ implementation though both
of them are different from each other

Some risk assessment procedures though not specifically designed as tests

of controls yet provide audit evidence on operating effectiveness of controls &
consequently serve as tests of controls. For example, auditor’s risk
assessment procedures may include:
• inquiring about management’s use of budgets
• observing management’s comparison of monthly budgeted & actual expenses

15
Designing and Performing Tests of
Controls
Auditor inspects investigation reports on variances between budgeted & actual
amounts to obtain:
• knowledge about entity’s budgeting policies’ design,
• information on policies implementation and
• audit evidence on budgeting policies effective operation in preventing or detecting material misstatements in
expenses classification

Auditor designing test of controls to be performed concurrently with a test of details

on the same transaction to accomplish two different purposes of said tests (known
as dual purpose test)

At times, auditor may not be able to design effective substantive procedures that
provide sufficient appropriate audit evidence at assertion level

Auditor gets higher level of assurance on operating effectiveness of controls when

tests of controls are used particularly where performing substantive procedures not
providing appropriate audit evidence.

16
Nature and Extent of Test of Controls…

In designing & performing tests of controls, auditor performs other audit procedures
combined with inquiry to obtain audit evidence on operating effectiveness of the controls,
including:

• How the controls were applied at relevant times during the period under audit
• The consistency with which they were applied
• By whom or by what means they were applied

Inquiry alone insufficient to test the operating effectiveness of controls and therefore
other audit procedures are performed in combination with inquiry i.e. inquiry with
inspection /re-performance provides more assurance than inquiry & observation because
observation is pertinent only at the point of time of occurrence

The nature of the particular control influences the type of procedure required to obtain
audit evidence about whether the control was operating effectively.

17
Nature and Extent of Test of
Controls…
To get more persuasive audit evidence on effectiveness
of a control, it is appropriate to increase the extent of
testing of the control. To judge degree of reliance on
controls, auditor may consider the following in
determining the extent of tests of controls:
• Frequency of performance of control by the entity during the period.
Length of time during audit period that the auditor is relying on the
operating effectiveness of the control
• Expected rate of deviation from a control
• Relevance and reliability of the audit evidence to be obtained regarding
the operating effectiveness of the control at the assertion level.
• Extent to which audit evidence is obtained from tests of other controls
related to the assertion

18
Nature and Extent of Test of
Controls…
Due to inherent consistency of IT processing, no need to increase extent of
testing of an automated control

However, changes in program, tables, files, or other permanent data may affect
consistency of an automated control

Once automated control functions as intended, auditor performs tests to

determine if control continues to function effectively and ensure that:
• no program changes made without being subject to appropriate program change controls
• authorized version of the program used for processing transactions
• other relevant general controls are effective

Such tests also include determining that changes to the programs have not
been made, as may be the case when the entity uses packaged software
applications without modifying or maintaining them.

19
Testing of indirect controls
Controls over accuracy of information in the reports (for example,
general IT-controls) are described as indirect controls

At times, it is necessary to obtain audit evidence that supports

effective operation of indirect controls

Due to IT processing inherent consistency, following audit

evidences provide substantial audit evidence on operating
effectiveness of indirect controls:
• audit evidence on implementation of an automated application control combined with
• audit evidence on operating effectiveness of the entity’s general controls (
particularly change controls)

20
Timing of Tests of Controls
When auditor • Audit evidence pertaining only to a point
in time may be sufficient for the audit
relying on a control purpose for example when testing
controls over the entity’s physical
at a point of time inventory counting at the period end
during a period

• Tests providing audit evidence, on the

Auditor intends to effective operation of control during the
period are more appropriate for example
rely on a control tests of entity’s monitoring of controls
over a period

21
Using Audit Evidence in Interim
Period
Relevant factors in determining the additional audit evidence to obtain
about the controls operating during the period remaining after an interim
period, include:
• Significance of assessed risks of material misstatement at the assertion level
• Specific controls tested during interim period and significant changes to them (including
changes in information system, processes & personnel) since they were tested
• Degree of audit evidence obtained about the operating effectiveness of these controls
• Length of period remaining after interim period
• Extent of further substantive procedures, auditor intends to reduce based on his
reliance on controls
• The control environment

Auditor may obtain additional audit evidence by extending tests of

controls over the remaining period or testing entity’s monitoring of
controls

22
Using Evidence of Previous
Audits
In certain circumstances, audit evidence obtained from previous audits may provide audit evidence
where the auditor performs audit procedures to establish its continuing relevance

For example in previous audit, auditor may have determined that an automated control was
functioning as intended. The auditor may obtain audit evidence to determine whether changes to
the automated control have been made that affect its continued effective functioning through
inquiries of management and the inspection of logs to indicate what controls have been changed.

Consideration of audit evidence about these changes may support either increasing or decreasing
the expected audit evidence to be obtained in the current period about the operating effectiveness
of the controls

23
Controls- Previous Audits
Controls changed from
previous audits
Basis for continued reliance on audit
evidence obtained in previous audits may
no longer exist due to changes affecting
relevance of such evidence
For example. changes in a system that
enable an entity to receive a new report from
the system do not affect the relevance of
audit evidence from a previous audit
However, a change causing data
to be accumulated or calculated
differently does affect it.
Controls not changed from previous
audits
Auditor to decide professionally on whether to
rely on audit evidence obtained in previous
audits for the controls (a) not changed since last
testing and (b) are not the controls that mitigate
a significant risk. Controls retesting at least once
in three years .
Higher risk of material misstatement or greater
reliance on controls means shorter time period for
retesting a control
Testing some of the controls (out of large no. of
controls) in each audit provides corroborating
information on continuing effectiveness of the control
environment and helps the auditor to decide relying
on audit evidence obtained in previous audits
24
Evaluating Operating
Effectiveness of Controls
Material misstatement detected by auditor indicates existence of
significant deficiency in internal control

Concept of controls operation effectiveness recognizes that while

applying controls in an entity some deviations from prescribed
controls may occur. The deviations are caused by :
• changes in key personnel.
• significant seasonal fluctuations in volume of transactions and
• human error.

Comparison of deviations’ detected rate with the expected rate

indicates that control cannot be relied on to reduce risk at the
assertion level to the level assessed by auditor

25
Detailed Analysis

26
Designing & Performing
Substantive Procedures
Irrespective of the assessed risks of material misstatement.
auditor to design and perform substantive procedures for:
• each material class of transactions,
• account balance,
• and disclosure,

This requirement reflects the facts that:

• auditor’s assessment of risk being judgmental and may not identify all risks
of material misstatement; and
• there are inherent limitations to internal control, including management
override.

27
Nature and Extent of Substantive
Procedures…
Auditor may determine that: Substantive analytical Nature of risk and assertion
procedures: is relevant to design tests of
• performing only details for example tests of
substantive analytical • Are generally more details related to:
procedures sufficient to applicable to large • existence or occurrence
reduce audit risk to an volumes of assertion involve selecting
acceptable low level for transactions that tend from items contained in
example audit evidence to be predictable over financial statement amount
from tests of controls time and obtaining relevant
supports auditor’s risk audit evidence
• establish requirements
assessment • completeness assertion
& provide guidance on involve selecting from the
• Only tests of details are the application of items expected to be
appropriate analytical procedures included in the relevant
• Substantive analytical during audit financial statement amount
procedures & tests of & checking if they are
details combined together included
are most responsive to
assessed risks

28
Nature and Extent of Substantive
Procedures
Assessment of material misstatement risk
• takes account of internal control,
• the extent of substantive procedures to be increased when tests of controls
results unsatisfactory.

However, increasing the extent of an audit procedure is appropriate

only if the audit procedure itself is relevant to the specific risk

In designing tests of details:

• sample size of transactions is considered to determine the extent of testing and
• other selective means of testing are also considered to see if they are more
effective to use.

29
Substantive Procedures –
Financial Statements Closing
Process
Agreeing or reconciling
the financial statements
with the underlying
Auditor’s substantive accounting records and
procedures related to
the financial statement
closing process are: Examining material
journal entries & other
adjustments made while
preparing the financial
statements
30
Substantive Procedures
Responsive to Significant Risks
Auditor to perform the substantive procedures specifically responsive to the
significant risks (identified by auditor) for example to meet earnings
expectations management may inflate sales by:
• improperly recognizing revenue related to sales agreements with terms precluding revenue
recognition or
• invoicing sales before shipment

Auditor, in such circumstances, may:

• not only design external confirmations to confirm outstanding amounts

• but also to confirm sales agreements details like date, rights of return & delivery terms and
• supplement such confirmations by inquiring entity’s non-financial personnel on sales agreements changes &
delivery terms

Substantive procedures related to significant risks mostly designed to obtain

high reliable audit evidence

31
 Timing of Substantive
Procedures…
Audit evidence from previous
audit’s substantive procedures
mostly provides little or no audit
evidence for current period. Using
such audit evidence is appropriate:
In some circumstances, the auditor
may determine that it is effective to
perform substantive procedures at
an interim date, and to compare
and reconcile information
concerning the balance at the
period end with the comparable
information at the interim date to:
• if that evidence and related subject
matter have not majorly changed and
• audit procedures have been performed
during the current period to establish
its continuing relevance.
• identify amounts that appear unusual;
• investigate any such amounts; and
• perform substantive analytical
procedures or tests of details to test
the intervening period
32
Timing of Substantive
Procedures…
Performing substantive procedures at an interim date with no
additional procedures later on increases the risk of not
detecting misstatements existing at the period end. Said risk
increases as the remaining period is lengthened. Following
factors influence performing the substantive procedures at
an interim date:
• Control environment & other relevant controls
• Availability of information necessary for auditor’s procedures at a later date
• Substantive procedures purpose
• Assessed risk of material misstatement
• Nature of transactions’ class or account balance and related assertions
• Auditor’s ability to perform appropriate substantive procedures or substantive
procedures combined with tests of controls to cover the remaining period to
reduce the risk of not detecting misstatements existing at the period end

33
Timing of Substantive
Procedures…
While performing substantive analytical procedures during
period between interim date & period-end, auditor determines
whether:
• period end balances of classes of transactions or account balances are
reasonably predictable w.r.t amount, relative significance & composition
• procedures are appropriate to analyze & adjust such classes of
transactions or account balances at interim dates and to establish proper
accounting cutoffs
• financial reporting information system provides sufficient information on
period end balances & transactions in remaining period to allow checking
of:
(a) key unusual transactions / entries (including ones at / near period-end):
(b) causes of significant fluctuations/expected fluctuations not occurred
(c) changes in composition of classes of transactions /account balances &
misstatements detected at an interim date

34
Timing of Substantive
Procedures
When auditor concludes that:
• the planned nature, timing or extent of substantive
procedures covering the remaining period need to
be modified as a result of unexpected
misstatements detected at an interim date,

• such modification may include extending or

repeating the procedures performed at the interim
date at the period end.

35
Adequacy of Presentation &
Disclosure…
Evaluation of financial statements overall presentation & related disclosures is meant to
determine whether individual financial statements presentation reflects appropriate
classification & description of financial information, the form, arrangement & content of the
financial statements and their appended notes

Financial statements audit is a cumulative and iterative process. As the auditor performs
planned audit procedures, the audit evidence obtained may cause the auditor to modify the
nature, timing or extent of other planned audit procedures. Information received by auditor may
differ significantly from the information that formed basis of risk assessment, for example
• Extent of misstatements detected by auditor through substantive procedures may alter auditor’s judgment on risk
assessments & indicate significant internal control deficiency
• Auditor may become aware of discrepancies in accounting records or of conflicting or missing evidence
• Analytical procedures performed on overall basis may indicate material misstatement risk not identified earlier

In such circumstances, the auditor may need to re-evaluate the planned audit procedures,
based on the revised consideration of assessed risks for all or some of the classes of
transactions, account balances, or disclosures and related assertions and revise auditor’s risk
assessment

36
Adequacy of Presentation and
Disclosure
An isolated instance of fraud or error is to be considered as to its effect on
assessed risks of material misstatement and determine if risk assessment remains
appropriate

Auditor’s judgment of what constitutes sufficient appropriate audit evidence is

influenced by following factors:
• Significance of potential misstatement in assertions and likelihood of its material effect (individually or
combined with other potential misstatements) on the financial statements
• Effectiveness of management’s responses and controls to address the risks
• Experience gained during previous audits with respect to similar potential misstatements
• Results of audit procedures performed including specific instances of fraud or error identified
• Source and reliability of the available information.
• Persuasiveness of the audit evidence.
• Understanding of entity and its internal control environment

The form & extent of audit documentation is influenced by the nature, size &
complexity of entity and its internal control, availability of information from the entity
and audit approach & technology used

37
Lesson Summary…
• Overall responses addressing Material Misstatement Risks in
1 Financial Statements

• Audit procedures responsiveness to assessed risks of material

2 misstatement at assertion level

• Nature, Timing and Extent of Further Audit Procedures – Briefly

3 defined and Auditor determining approach

• Responding to Assessed Risks at Assertion Level and Auditors

4 steps when risks are assessed higher

• Tests of controls – Design & performance, nature & extent and

5 timing

38
Lesson Summary
• Using audit evidence in interim period and one obtained in
7 previous audit and Controls obtained from previous audits

• Testing of indirect controls & evaluating operative effectiveness

8 of controls

• Substantive procedures - Design & performance, nature & extent

and timing, these procedures used in Financial Statements
9 Closing Process and their responsiveness to significant risks

• Adequacy of presentation & disclosure in financial statements

10

39
40