Tuesday, August 11, 2015

When to perform Tests of Controls in an audit ?

The objective of the auditor while performing the audit is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through DESIGNING and IMPLEMENTING appropriate responses to those risks.

TESTS of CONTROLS is an audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.

As required by ISA 330, the auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level.

Further, paragraph 6 of ISA 330 states that the auditor shall design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.

In designing the further audit procedures to be performed, the auditor shall :

  1. Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including :
    • The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (that is, the inherent risk); and
    • Whether the risk assessment takes account of relevant controls (that is, the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures);
  2. Obtain more persuasive audit evidence the higher the auditor’s assessment risk.

The auditor shall design and perform TESTS of CONTROLS to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls IF :

  1. The auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); OR
  2. Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control (A higher level of assurance may be sought about the operating effectiveness of controls when the approach adopted consists primarily of tests of controls, in particular where it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures) (HRD).

Considering whether EXTERNAL CONFIRMATION procedures are to be performed as Substantive Audit Procedures

Substantive procedure is an audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise :

  1. Tests of details (of classes of transactions, account balances, and disclosures); and
  2. Substantive analytical procedures

While conducting substantive audit procedures, the auditor is required to consider whether EXTERNAL CONFIRMATION procedures are to be performed as part of substantive audit procedures.

ISA 330 paragraph A48 states that EXTERNAL CONFIRMATION procedures frequently are relevant when addressing assertions associated with account balances and their elements, but need not be restricted to these items. For example, the auditor may request external confirmation of the terms of agreements, contracts, or transactions between and entity and other parties. External confirmation procedures also may be performed to obtain audit evidence about the absence of certain conditions. For example, a request may specifically seek confirmation that no”side agreement” exists that may be relevant to an entity’s revenue cutoff assertion. Other situations where external confirmation procedures may provide relevant audit evidence in responding to assessed risks of material misstatement include :

  • Bank balances and other information relevant to banking relationships
  • Account receivable balances and terms
  • Inventories held by third parties at bonded warehouse for processing or on consignment
  • Property title deeds held by lawyers or financiers for safe custody or as security
  • Investments held for safekeeping by third parties, or purchased from stockbrokers but not delivered at the balance sheet date
  • Amounts due to lenders, including relevant terms of repayment and restrictive covenants
  • Account payable balances and terms

Although external confirmations may provide relevant audit evidence relating to certain assertions, there are some assertions for which external confirmations provide less relevant audit evidence. For example, external confirmations provide less relevant audit evidence relating to the recoverability of accounts receivable balance, than they do of their existence.

The auditor may determine that external confirmation procedures performed for one purpose provide and opportunity to obtain audit evidence about other matters. For example, confirmation requests for bank balances often include requests for information relevant to other financial statement assertions. Such considerations may influence the auditor’s decision about whether to perform external confirmation procedures.

As detailed in paragraph A51 of ISA 330, there are several factors that may assist the auditor in determining whether external confirmation procedures are to be performed as substantive audit procedures, include:

  • The confirming party’s knowledge of the subject matter – responses may be more reliable if provided by a person at the confirming party who has the requisite knowledge about the information being confirmed
  • The ability or willingness of the intended confirming party to respond – for example, the confirming party :
    • May not accept responsibility for responding to a confirmation request;
    • May consider responding too costly or time consuming;
    • May have concerns about the potential legal liability resulting from responding;
    • May account for transactions in different currencies; or
    • May operate in an environment where responding to confirmation requests is not a significant aspect of day-to-day operations

In such situations, confirming parties may not respond, may respond in a casual manner or may attempt to restrict the reliance placed on the response

  • The objectivity of the intended confirming party – if the confirming party is a related party of the entity, responses to confirmation requests may be less reliable.