Joanne M. Flood - Wiley Practitioner's Guide to GAAS 2020

The auditor should document the following:

The level of materiality for the financial statements as a whole

Materiality levels for particular classes of transactions, account balances, and disclosures

Performance materiality

Any revisions to the above during the audit

(AU-C 320.14)

Scope

Definitions of Terms

Objective of AU-C Section 330

Overview

Requirements

Overall Responses

Designing Further Audit Procedures

Tests of Controls

Substantive Procedures

Evaluating the Sufficiency and Appropriateness of the Audit Evidence Obtained

Documentation

Testing at Interim Dates

Misstatements Detected at Interim Dates

Designing Audit Procedures

Tests of Internal Control Operating Effectiveness

Types of Tests

AU-C 330 offers guidance to auditors when designing and implementing responses to risks of material misstatements identified under AU-C 330. (AU-C 330)

Source: AU-C 330.04.For definitions related to this standard, see Appendix A, “Definitions of Terms”: Substantive procedure, Test of controls.

The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement through designing and implementing appropriate responses to those risks. (AU-C Section 330.03)

AU-C 330 and 315 are the centerpiece of the risk assessment standards. Together, these two sections provide detailed guidance on how to apply the audit risk model described in Section 320. That model describes audit risk as:

AR = RMM × DR

where AR is audit risk, RMM is the risk of material misstatement, and DR is detection risk. The RMM is a combination of inherent and control risk. Although the standard describes a combined risk assessment, the auditor may perform separate assessments of inherent and control risks.

AU-C 330 provides guidance on the design, performance, and evaluation of further audit procedures, which consist of tests of controls (an element of RMM), and substantive procedures, which are related to detection risk.

The assessment of the risk of material misstatement serves as the basis for the design of further audit procedures. Further audit procedures should be clearly linked and responsive to the assessed risks.

To reduce audit risk to an acceptably low level, the auditor should:

Determine overall responses to address the assessed risks of material misstatement at the financial statement level, and

Design and perform further audit procedures responsive to the assessed risks of material misstatement at the relevant assertion level.

(AU-C 330.05–.06)

NOTE: Further audit procedures consist of either tests of controls or substantive tests. Often, a combined approach using both tests of controls and substantive procedures is an effective approach.

Audit procedures performed in previous audits and example procedures provided by illustrative audit programs may help the auditor understand the types of further audit procedures that can be performed. However, prior-year procedures and example audit programs do not provide a sufficient basis for determining the nature, timing, and extent of audit procedures to perform in the current audit. The assessment of the risk of material misstatement in the current period is the primary basis for designing further audit procedures in the current period.

The overall responses to financial-statement-level risks of material misstatement may include:

Emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence.

Assigning more experienced staff or those with specialized skills.

Using specialists.

Providing more supervision.

Incorporating additional elements of unpredictability in the selection of further audit procedures.

Making general changes to the nature, timing, or extent of further audit procedures, such as performing substantive procedures at period end instead of at an interim date.

(AU-C 330.A1)

The auditor should design and perform further audit procedures whose nature, timing, and extent are responsive to and clearly linked with the assessment of the risk of material misstatement. (AU-C 330.06) In designing further audit procedures, the auditor should consider matters such as:

The significance of the risk.

The likelihood that a material misstatement will occur.

The characteristics of the class of transactions, account balance, or disclosure involved.

The nature of the specific controls used by the entity, in particular whether they are manual or automated.

Whether the auditor expects to obtain audit evidence to determine if the entity’s controls are effective in preventing or detecting material misstatements.

(AU-C 330.07)

Regardless of the audit approach selected, the auditor should design and perform substantive procedures for all relevant assertions related to each material class of transactions, account balance, and disclosure.

The auditor should test controls when:

The auditor will rely on the operating effectiveness of controls to modify the nature, timing, and extent of substantive procedures, or

Substantive procedures alone will not be sufficient. Section 330 provides guidance on determining when substantive procedures alone will not be sufficient.

(AU-C 330.08)

NOTE: When determining whether to rely on the operating effectiveness of controls to modify the nature, timing, and extent of substantive procedures, the auditor may consider matters such as the following:

The incremental cost of testing controls, which includes the cost of testing not just the controls that have a direct effect on the assertion, but also those controls upon which the direct controls depend. When considering incremental testing costs, consider that the costs of evaluating control design have already been incurred (because the auditor must evaluate control design on every audit) and that the incremental cost of obtaining audit evidence about the effective operation of controls may not be substantial.

In many circumstances, audit evidence obtained from tests of controls may be relevant for more than one period. That is, the costs of testing controls may provide benefit for three audit periods.

The benefits to be derived from testing controls. In many cases, testing controls may have benefits that extend beyond the relevant assertion to be addressed by the substantive procedures. For example, testing controls may provide audit evidence about the reliability of the entity’s IT system, which can allow the auditor to rely on other information produced by the system to perform substantive tests. For example, information obtained from a reliable IT system can contribute to more reliable analytical procedures.

The auditor will perform risk assessment procedures to evaluate the design of the entity’s internal control, and these procedures may provide some limited audit evidence about the operating effectiveness of internal control. But risk assessment procedures by themselves generally will not provide sufficient appropriate audit evidence to support relying on controls to modify the nature, timing, and extent of substantive procedures.