Performing Procedures in Response to Audit Risks Flashcards
In the situation that the auditor that substantive procedures do not provide appropriate evidence, the auditor may have to rely on what?
Internal control- If you rely on internal control there needs to be tests of controls
Is it okay to revise risk assessment?
YES!! You should be revising risk assessments.
We should design the audit to the risk assessment.
Define “overall responses”
The risks of material misstatement at the financial statement level
- May assign more experienced staff, closer supervision, use specialists, and/or use more unpredictable audit procedures
- May affect the auditors strategy- whether to use substantive approach or combined approach (if controls aren’t working, you may go to a wholly substantive approach)
- Adjust the nature, timing, and extent of further audit procedures
What are the THREE types of audit procedures?
1) Risk assessment procedures
FURTHER AUDIT PROCEDURES:
2) Tests of controls- Sometimes perform
3) Substantive procedures- Always perform
What is a test of controls? When should these be performed?
Determine operating effectiveness of controls
These should be performed when:
- RELY on specific controls
- Obligated to test them. The substantive procedures don’t provide the EVIDENCE that you need
You always want to gather EVIDENCE!! That’s the whole point. You cannot just say you’re going to rely on the test of controls without actually TESTING them!!
How do you adjust your audit plan based off the assessed risk level as you go through the audit?
Adjust the Nature, Timing, extent of audit procedures
Nature: Further audit procedures (test of controls OR substantive procedures) and their type (inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedures).
Timing: This refers to WHEN the further audit procedures are performed (at year-end or before year-end) performing substantive procedures at year-end is usually more effective with higher risks of material misstatement
Extent: This refers to the QUANTITY of an audit procedure (such as sample size) based on the auditor’s judgement, computer-assisted audit techniques
What documentation is required to responses to risk?
1) The overall responses to address RMM at the F/S level
2) Nature, timing, and extent of further audit procedures performed
3) What is the relationship between risk and audit procedures performed on the other hand.
4) Results of the audit procedures
5) Do the F/S agree with the underlying records?
There are only two reasons would NOT perform test of controls (two important words:
Ineffective: If they ineffective, don’t rely
Efficiency: If a reliance strategy would be inefficient, there is no cost/benefit, then you don’t go down this route.