Fundamentals of Auditing Lecture 12 AUDIT TESTS Audit evidence
advertisement
Fundamentals of Auditing Lecture 12 AUDIT TESTS Audit evidence through Audit Procedures The auditor needs to generate sufficient appropriate audit evidence that will allow a conclusion to be reached based on this. Audit evidence, is obtained from audit procedures performed during the course of audit, such as: • Test of control (compliance test) • Test of details (substantive test) • Analytical procedures (substantive test) Audit Procedures based on the understanding of Internal Control Auditor’s understanding of the control environment, determines the audit procedures. A strong control environment would provide more confidence about the effectiveness of internal control and the reliability of audit evidence generated internally within the entity and thus, for example, allows the auditor to conduct some audit procedures at an interim date rather than at period end. If there are weaknesses in the control environment, the auditor ordinarily conducts more audit procedures at period end rather than at an interim date, seeks more extensive audit evidence from substantive procedures, modifies the nature of audit procedures to obtain more persuasive audit evidence, or increases the number of locations to be included in the audit scope. Appropriate Audit Approach The auditor’s understanding of the internal control would enable him to select an appropriate audit approach. These audit approaches may be as follows: 1. Apply tests of control only for a particular assertion. 2. Apply substantive procedures only for a particular assertion may be because auditor failed to identify any effective controls relevant to assertion. 3. Combined approach i.e. applying both tests of operating effectiveness of control’s and substantive procedures for the same assertion. St. Paul’s University Page 1 However, irrespective of the approach selected, the auditor designs and performs substantive procedures for each material class of transactions, account balance and disclosures. In the case of very small entities, there may not be control activities and auditor may have to apply only substantive procedures. Considering the Nature, Timing and Extent of Audit Procedures Nature The nature refers to: • the purpose i.e. (tests of controls or substantive procedures) and • their type, i.e. inspections, observation, inquiry confirmation, recalculation, reperformancesor analytical procedures. Timing Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies. Extent Extent refers to sample size or number of observations of a control activity (quantity of audit evidence). It depends on auditor’s judgment after considering materiality, the assessed risk and the degree of assurance the auditor plans to obtain. Nature The nature refers to the purpose i.e. (tests of controls or substantive procedures) and their type, that is, inspections, observation, inquiry confirmation, recalculation, re-performances or analytical procedures. Certain audit procedures may be more appropriate for some assertions than others. St. Paul’s University Page 2 Fundamentals of Auditing The types of procedures to be performed and their combination would be affected by the auditor’s assessment of the risk. The higher the risk, the more reliable audit procedure would be required. In determining the audit procedures to be performed, auditor considers inherent and control risks associated with the particular account balance or class of transactions. Auditor is required to obtain audit evidence about the accuracy and completeness of information produced by the entity’s information system when that information is used for performing audit procedures. Timing Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies. Tests of control and substantive procedures may be performed either at an interim date or at period end. The higher the risk of material misstatement, the more likely it is that the auditor may consider it more effective to perform substantive procedures near to or at the period end rather than at an earlier date or to apply audit procedures unannounced or at unpredictable times. On the other hand performing audit procedures before the period end may assist the auditor in identifying significant matters at early stage of the audit, which in turn would help in resolving them or developing an effective audit strategy. In considering when to perform audit procedures, the auditor also considers such matters as the following: • The control environment • When relevant information is available (for example, electronic files may subsequently be overwritten or procedures to be observed may occur only at certain times). • The nature of the risk (for example, if there is a risk of inflated revenues to meet earnings expectations by subsequent creation of false sales agreements, the auditor may wish to examine contracts available on the date of the period end). • The period or date to which the audit evidence relates. St. Paul’s University Page 3 Certain audit procedures can be performed only at the period end. Examples are: • Agreeing the financial statements to the accounting records. • Examining adjustments made during the course of preparing the financial statements. • To cover the risk of overstatement the auditor ordinarily inspects transaction near the period end. Extent Extent refers to sample size or number of observations of a control activity (quantity of audit evidence). It depends on auditor’s judgement after considering materiality, the assessed risk and the degree of assurance the auditor plans to obtain. Extent of audit procedures is increased when the risk of material misstatement increases. The use of computer-assisted audit techniques (CAATs) may enable more extensive testing of electronic transaction and account files. Such techniques can be used to select sample transaction from key electronic files, to sort transactions with specific characteristics or to test an entire population instead of a sample. Valid conclusions may be drawn using sampling approaches. However, in certain circumstances examination of entire population may be more appropriate to reach a valid conclusion about that population. Test of Control The auditor is required to perform tests of controls when the internal controls are operating effectively or when substantive procedures alone do not provide sufficient appropriate audit evidence at the assertion level. Tests of controls comprise of testing three things: 1. Design – that the internal controls are properly designed to cover the risk it is meant for. (examined through ICQs and ICECs) 2. Implementation – that the internal controls have been put into operation.(examined through a walk through test with a little sample) 3. Operating effectiveness – that the systems of internal control were operating St. Paul’s University Page 4 effectively at relevant times during the period. ( examined through compliance tests based on a judgmental sample) Nature of Tests of Controls These are as follows: • Inquiry and observation (e.g. inquiry about and observation of controls over opening of mail to verify controls over cash receipts). • Re-performance (e.g. preparation of bank reconciliation statement); • Inspection of documentation relevant to performance of controls; • Applying CAATs. • Tests of controls and tests of details may be applied simultaneously on the same transaction; tests of control see whether e.g. invoice is approved and tests of details to detect material misstatement in that invoice. Timing of Tests of Controls These may be performed at 1. a particular time or 2. on the information relating to the entire audit period. – If performed at a particular time, it would provide evidence of operating effectiveness ofcontrols at that particular time. Such evidence may be sufficient for the auditor e.g. observation of counting of inventories. – However, if auditor wants to obtain evidence about the effective operation of controlsthroughout the period under audit, then tests of control’s should be applied on transactions of the entire period. If auditor wants to rely on controls tested in prior periods, he should make inquiry that there is no change in such controls. If these controls have changed, these should be tested for operating effectiveness first before relying on these. The auditor may not test all the controls every audit if there is no change in them. However, such controls must be tested at least every third audit. St. Paul’s University Page 5 Extent of tests of controls The auditor designs tests of controls to obtain sufficient appropriate audit evidence that the controls operated effectively throughout the period of reliance. Matters the auditor may consider in determining the extent of the tests of controls include the following: 1. The frequency of the performance of the control by the entity during the period. 2. The length of time during the audit period that the auditor is relying on the operating effectiveness of the control. 3. The relevance and reliability of the audit evidence to be obtained in supporting that the control prevents, or detects and corrects, material misstatements. 4. The extent to which the auditor plans to rely on the effectiveness of the control (and thereby reduce substantive procedures based on the reliance on such control). 5. The expected deviation from the control. Substantive Procedures Substantive procedures are performed in order to detect material misstatements at the assertion level, and include tests of details of classes of transactions, account balances and disclosures and substantive analytical procedures. The auditor plans and performs substantive procedures to be responsive to the related assessment of the risk of material misstatement. Irrespective of the assessment of risk of material misstatement, the auditor should design and perform substantive procedures for each material class of transactions, account balance, and disclosure. The auditor’s substantive procedures should include the following audit procedures related to the financial statement closing process: • Agreeing the financial statements to the underlying accounting records; and • Examining material journal entries and other adjustments made during the course of preparing the financial statements. St. Paul’s University Page 6 Fundamentals of Auditing When the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, the auditor should perform substantive procedures that are specifically responsive to that risk. Nature of Substantive Procedures Substantive analytical procedures are applied on large volume of transactions, which are predictable over time. Tests of details are ordinarily more appropriate to obtain audit evidence regarding certain assertions about account balances, including existence and valuation. In designing substantive analytical procedures, the auditor considers such matters as the following: • The suitability of using substantive analytical procedures given the assertions. • The reliability of the data, whether internal or external from which the expectation of recorded amounts or ratios is developed. • Whether the expectation is sufficiently precise to identify a material misstatement at the desired level of assurance. • The amount of any difference in recorded amounts from expected values that is acceptable. Timing of Substantive Procedures When substantive procedures are performed at an interim date, the auditor should perform further substantive procedures or substantive procedures combined with tests of controls to cover the remaining period that provide a reasonable basis for extending the audit conclusions from the interim date to the period end. In considering whether to perform substantive procedures at an interim date the auditor considers such factors as the following: • The control environment and other relevant controls. St. Paul’s University Page 7 • The availability of information at a later date that is necessary for the auditor’s procedures. • The objective of the substantive procedure. • The assessed risk of material misstatement. • The nature of the class of transactions or account balance and related assertions. • The ability of the auditor to perform appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that exist at period end are not detected. If substantive procedures are performed at an interim date, the auditor may sometimes consider applying tests of controls also on the transactions of remaining period while extending his substantive procedures from interim date to the period end. In situations of actual or expected fraud, auditor may prefer applying substantive procedures at period end. If misstatements are detected in classes of transactions or account balances at an interim date, the auditor ordinarily modifies the related assessment of risk and the planned nature, timing or extent of the substantive procedures covering the remaining period. Substantive procedures applied in a prior period are not sufficient to address a risk of material misstatement in the current year except in certain circumstances. Extent of performance of substantive procedures Greater the risk of material misstatement due to weaknesses in the system of internal control, the greater would be the risk of material misstatement in the financial statements. In designing tests of details, the auditor may use either audit sampling or may choose to select items to be tested by some other selective means of testing. Adequacy of Presentation and Disclosure The auditor should perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, are in accordance with the applicable financial reporting framework. St. Paul’s University Page 8
