ACCA F8 考试：ISA 330 AND RESPONSES TO ASSESSED RISKS (Part 1)
This article considers the requirements of ISA 330, The Auditor’s Responses to Assessed Risks. The main objective of ISA 330 is to give guidance on how auditors should obtain sufficient appropriate evidence regarding the assessed risks of material misstatement by designing and implementing appropriate responses to those risks. UK and Irish students should note that there are no significant differences between ISA 330 and the UK and Ireland version of this standard.
Of central importance to both ISA 315 and ISA 330 is the recognition that assessing risk is at the core of the audit process, and these two ISAs specify that the auditor is required to obtain an understanding of the key risks (sometimes described as ‘significant’ risks) relevant to the financial statements. Paragraph 6 of ISA 330 requires that:
‘The auditor shall design and perform further audit procedures whose nature, timing, and extent are based upon and are responsive to the assessed risks of material misstatement at the assertion level.’
ISA 330 requires that auditors should carry out tests of control and substantive procedures, and paragraph 4 of the ISA gives the definitions shown in Table 1.
Students often find it quite difficult to comprehend what tests of control and substantive procedures are, to explain the difference between them, and also to give examples of both. One important difference between them is that tests of control are usually short, quick tests which generate either a ‘yes’ or a ‘no’ answer, where ‘yes’ is favourable (confirming the operation of an internal control), and ‘no’ is unfavourable (indicating that an internal control is not operating satisfactorily). Substantive procedures, however, as the name suggests, are more substantive and time consuming, requiring more detailed audit work to be carried out. The following examples, in the context of a purchases system, should help.
TESTS OF CONTROL – EXAMPLES FOR A PURCHASES SYSTEM
Consider when the auditor reviews a company’s purchases system and internal controls, and the assertion of occurrence (that recorded purchases represent goods and services received and which pertain to the entity). An appropriate internal control would be that purchase orders are raised for each purchase and are authorised by appropriate senior personnel.
Table 1: ISA 330 tests of control and substantive procedures definitions
Test of controlSubstantive procedure
An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise tests of details and substantive analytical procedures.
A test of control would be to examine a sample of purchase orders to ensure that they have been appropriately authorised, and a ‘yes’ answer is good, confirming that the internal control requiring authorisation of purchase orders is working, or alternatively a ‘no’ answer indicates that the internal control does not appear to be working, hence requiring further audit investigation.
Another example of a test of control for a purchases system would be to inspect a sample of goods received notes to confirm that stores inwards staff sign for goods received. Once again, a ‘yes’ answer is positive, confirming that staff have signed the goods received note, and a ‘no’ answer would be negative, requiring further audit work to be carried out to determine why the goods received note had not been signed. This test of control would also help to confirm the occurrence assertion.