Audit Procedures Overview

Questions and Answers

What must changes to a program be subjected to?

Random testing procedures

User approval only

Fast track processing

Program change controls (correct)

Why might an auditor inspect the record of IT security administration?

To verify the costs of security measures

To analyze user satisfaction with security

To ensure that authorized access has occurred

To collect evidence against unauthorized access (correct)

What defines 'indirect' controls in the context of auditing?

Controls over management decisions only

Controls that affect general IT operations

Controls that are directly observed by the auditor

Controls over the accuracy of information in reports (correct)

When is audit evidence pertaining only to a point in time sufficient?

When testing controls over physical inventory counting

What is crucial when the auditor intends to rely on a control over a period?

Tests that provide evidence of operating effectiveness throughout the period

Which example indicates a user review of relevant controls?

Assessing sales in excess of authorized credit limits

What type of audit evidence can provide substantial proof of an automated application control’s effectiveness?

Audit evidence about change controls

What should NOT be done when using packaged software applications during an audit?

Making modifications without following controls

What aspects influence the form and extent of audit documentation?

Nature, size, complexity of the entity, and availability of information.

Which of the following statements about PSA 330 (Redrafted) is true?

PSA 330 (Redrafted) focuses on the auditor's responses to assessed risks.

Who unanimously approved PSA 330 (Redrafted) for adoption?

The Auditing and Assurance Standards Council.

Which statement regarding the variables affecting audit documentation is inaccurate?

The complexity of internal controls does not affect audit documentation.

What is the primary focus of the guidance provided in PSA 330 (Redrafted)?

Responses to assessed risks during an audit.

What should an auditor consider regarding the predictability of account balances when planning substantive analytical procedures?

Whether the account balances are reasonably predictable in terms of amount, significance, and composition

Which factor significantly affects the decision to perform substantive analytical procedures between interim date and period end?

The entity's procedures for analyzing and adjusting account balances at interim dates

What is one of the purposes of investigational procedures related to unusual transactions?

To investigate significant unusual transactions or entries occurring near the period end

What might an auditor need to do if unexpected misstatements are detected at an interim date?

Extend or repeat the substantive procedures at the period end

What element is considered when evaluating the adequacy of presentation and disclosure in financial statements?

The terminology used and the detail provided in the financial statements

Why is the composition of classes of transactions or account balances important for auditors?

To assess the risk of material misstatements

What does the adequacy of presentation and disclosure include when evaluating financial statements?

The appropriate classification and description of financial information

What role does an information system play in relation to financial reporting for auditors?

It provides sufficient information for investigating balances and transactions

What is the primary purpose of performing tests of controls in an audit?

To evaluate the effectiveness of the internal control system

Under which circumstance might an auditor choose to perform only substantive procedures?

When testing controls is deemed inefficient

What does the term 'extent' refer to in audit procedures?

The quantity of procedures performed, such as sample size

What approach can be used to effectively respond to assessed risks of material misstatement?

A combination of both tests of controls and substantive procedures

Which type of audit procedures is primarily focused on testing controls?

Tests of controls

Why is it important for the nature of audit procedures to be responsive to assessed risks?

To maintain a clear linkage between audit procedures and risk assessment

If an auditor's risk assessment procedures identify no effective controls, what is the likely consequence?

Substantive procedures will be performed without control reliance

What does the term 'timing' refer to regarding audit procedures?

When the procedures are performed or the applicable period

Under what circumstances may an auditor appropriately use audit evidence from a previous audit's substantive procedures?

If audit procedures have been performed during the current period to establish its continuing relevance.

What is one potential consequence of performing substantive procedures at an interim date without further procedures later?

A lower chance of detecting year-end misstatements.

Which factor is NOT mentioned as influencing the decision to perform substantive procedures at an interim date?

The prior unmodified opinions by an external auditor.

What should an auditor do when identifying unusual amounts during substantive procedures at an interim date?

Perform tests of details to investigate the identified amounts.

Which of the following is a significant risk factor that increases the necessity for additional audit procedures later?

The long remaining period before year-end.

What is the purpose of comparing and reconciling information at the period end with the interim date?

To detect any unusual amounts that may need further investigation.

Which audit procedure may combine with substantive procedures to reduce the risk of undetected misstatements?

Tests of controls.

Which of the following statements about the use of interim audit evidence is correct?

It is effective only if the environment and controls are stable.

Study Notes

Audit Procedures

• Auditors can choose between several approaches to respond to the assessed risk of material misstatement for a particular assertion
• They can perform tests of controls to achieve an effective response
• They can perform only substantive procedures when the auditor's risk assessment procedures did not identify any effective controls, or when testing controls is seen as inefficient
• A combined approach using both tests of controls and substantive procedures is also an effective approach

Nature of Audit Procedures

• The nature of an audit procedure refers to its purpose (test of controls or substantive procedure) and its type - inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedure
• The nature of the audit procedures is crucial in responding to the assessed risks

Timing of an Audit Procedure

• Refers to when the audit procedure is performed and the period or date to which audit evidence applies

Extent of an Audit Procedure

• Refers to the quantity performed: sample size or the number of observations of a control activity

Designing and Performing Audit Procedures

• Designing and performing further audit procedures should be based on and responsive to the assessed risks of material misstatement at the assertion level
• This ensures a direct connection between the auditor’s procedures and the risk assessment

Determining Effectiveness of Controls

• Tests might include determining that changes to the program are not made without proper program change controls
• The authorized version of the program is used for processing transactions and other relevant general controls are in place and effective
• The auditor may inspect the record of the administration of IT security to obtain audit evidence that unauthorized access has not occurred during the period

Testing Indirect Controls

• In some cases, it may be necessary to obtain audit evidence supporting the effective operation of indirect controls
• For example, when the auditor decides to test the effectiveness of a user review of exception reports detailing sales in excess of authorized credit limits, the user review and related follow up are the controls that are directly of relevance
• Controls over the accuracy of the information in the reports (for example, general IT controls) are described as “indirect” controls

Audit Evidence for Automated Application Controls

• Due to the inherent consistency of IT processing, audit evidence about the implementation of an automated application control, considered together with audit evidence about the operating effectiveness of the entity’s general controls (in particular, change controls), may also provide substantial audit evidence about its operating effectiveness

Timing of Tests of Controls - Intended Period of Reliance

• Audit evidence pertaining only to a point in time may be sufficient for the auditor’s purpose
• For example, when testing controls over the entity’s physical inventory counting at the period end
• If the auditor intends to rely on a control over a period, tests that are capable of providing audit evidence that the control operated effectively at relevant times during that period are appropriate

Using Audit Evidence from a Previous Audit

• In most cases, audit evidence from a previous audit’s substantive procedures provides little or no audit evidence for the current period
• There are exceptions, for example, a legal opinion obtained in a previous audit related to the structure of a securitization to which no changes have occurred may be relevant in the current period
• In such cases, it may be appropriate to use audit evidence from a previous audit’s substantive procedures provided that evidence and the related subject matter have not fundamentally changed, and audit procedures have been performed during the current period to establish its continuing relevance

Using Audit Evidence Obtained During an Interim Period

• In some circumstances, the auditor may determine that it is effective to perform substantive procedures at an interim date and to compare and reconcile information concerning the balance at the period end with the comparable information at the interim date
• This is done to identify unusual amounts, investigate unusual amounts, and perform substantive analytical procedures or tests of details to test the intervening period
• Performing substantive procedures at an interim date without undertaking additional procedures at a later date increases the risk that the auditor will not detect misstatements that may exist at the period end
• This risk increases as the remaining period is lengthened

Factors Influencing the Decision to Perform Substantive Procedures at an Interim Date

• Control environment and other relevant controls
• Availability at a later date of information necessary for the auditor’s procedures
• Purpose of the substantive procedure
• Assessed risk of material misstatement
• Nature of the class of transactions or account balance and related assertions
• Ability of the auditor to perform appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that may exist at the period end will not be detected

Factors Influencing the Decision to Perform Substantive Analytical Procedures with Respect to the Period Between the Interim Date and the Period End

• Whether the period end balances of the particular classes of transactions or account balances are reasonably predictable with respect to amount, relative significance, and composition
• Whether the entity’s procedures for analyzing and adjusting such classes of transactions or account balances at interim dates and for establishing proper accounting cutoffs are appropriate
• Whether the information system relevant to financial reporting will provide information concerning the balances at the period end and the transactions in the remaining period that is sufficient to permit investigation of significant unusual transactions or entries (including those at or near the period end)
• Other causes of significant fluctuations, or expected fluctuations that did not occur, and changes in the composition of the classes of transactions or account balances

Misstatements Detected at an Interim Date

• When the auditor concludes that the planned nature, timing, or extent of substantive procedures covering the remaining period need to be modified as a result of unexpected misstatements detected at an interim date, such modification may include extending or repeating the procedures performed at the interim date at the period end

Adequacy of Presentation and Disclosure

• Evaluating the overall presentation of the financial statements, including the related disclosures, relates to whether the individual financial statements are presented in a manner that reflects the appropriate classification and description of financial information, and the form, arrangement, and content of the financial statements and their appended notes
• This includes the terminology used, the amount of detail given, the classification of items in the statements and the bases of amounts set forth
• Evaluates whether information relating to significant accounting policies, the accounting and reporting choices made by the entity, and other disclosures required by relevant financial reporting frameworks, are appropriate

Overall Presentation of Financial Statements

• The auditor should consider the persuasiveness of the audit evidence, the source and reliability of the available information, as well as their understanding of the entity and its environment, including the entity’s internal control
• This relates to the overall presentation of the financial statements

Documentation

• The form and extent of audit documentation is a matter of professional judgment, and is influenced by the nature, size and complexity of the entity and its internal control, availability of information from the entity and the audit methodology and technology used in the audit
• It should be sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the nature, timing, extent and results of the audit procedures, and the significant judgments and conclusions reached.
• Should include sufficient detail to enable an auditor to
  • Evaluate the significant judgments made by the auditor
  • Assess the sufficiency and appropriateness of the audit evidence obtained
  • Understand the nature, timing and extent of the audit procedures performed.
  • Reach an independent conclusion about the audit conclusion
• The audit documentation should clearly show how the auditor has responded to any assessed risks

PSA 330 (Redrafted)

• The PSA 330 (Redrafted) is based on International Standard on Auditing 330 (Redrafted), “The Auditor’s Responses to Assessed Risks,” issued by the International Auditing and Assurance Standards Board.
• There are no significant differences between this PSA 330 (Redrafted) and ISA 330 (Redrafted)

Auditing and Assurance Standards Council

• This PSA 330 (Redrafted), “The Auditor’s Responses to Assessed Risks,” was unanimously approved for adoption on January 29, 2007 by the members of the Auditing and Assurance Standards Council

Description

This quiz covers various audit procedures, including the nature, timing, and types of procedures such as tests of controls and substantive procedures. Understanding these concepts is crucial for effectively responding to assessed risks in auditing. It also highlights the combined approach that auditors can take.