SSA 330 – The Auditor’s Responses to Assessed Risks

SSA 330 Summary

The SSA concerns the auditor’s responsibility to design and implement responses to ROMM at the financial statement (FS) level.

There are two types of testing: substantive procedures (test of details and substantive analytical procedures) and test of controls.

In deciding whether to perform further audit procedures, the auditor should look at likelihood of MM and whether the risk assessment takes account of relevant controls.

Auditor should test controls if auditor’s assessment of ROMM at the assertion level includes expectation that controls are operating effectively. They should also look at consistency of the controls and who applied the controls.

Test of controls are performed only on those controls that the auditor determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion. Inquiry alone is not sufficient to test operating effectiveness of controls and must be combined with inspection/re-performance of control.

Audit evidence obtained during an interim period can be used, but there needs to understand what are significant changes to these controls during the finals. If auditor wishes to rely on audit evidence from previous audits, same issue. Retesting controls must be done at least in every third year.

Controls over significant risks like revenue must be tested yearly. If there are deviation in controls, they may be a need to test additional controls or potential ROMM need to be addressed using substantive procedures (including test of details). There may be a need to perform more test of details if test of controls are unsatisfactory as the auditor cannot rely on such controls.

Substantive procedures need to be designed for every material class of transactions, and consider the need for external confirmation procedures. Substantive procedures should be extended to year end period if they were only performed during interim period.

Material FS assertions must be obtained, or if not, a qualified opinion might be issued.

In order to respond to ROMM, the auditor may provide more supervision, assign more staff, change the nature, extent and timing of audit procedures etc.

If the control environment is strong, more controls can be tested during interims as compared to finals.

For IT processing, it may not be necessary to increase the extent of testing of an automated control, due to inherent consistency of IT processing. However, there is a need to ensure that there are no unauthorised changes to program change controls etc. SSA530 concerns audit sampling.

pic_internal_audit_big

SSA 320 – Materiality

Materiality in Planning and Performing an Audit Conforming Amendments to Other SSAs

This SSA concerns the auditor’s responsibility to apply the concept of materiality in planning and performing an audit on FS. Materiality (M) can help evaluate the effect of misstatements and uncorrected misstatements.

Misstatements are material if they can be expected to influence the economic decisions of users (as a group) taken on the basis of FS. Both the size and nature of misstatements matter.

Materiality is a matter of auditor’s judgment. It is assumed that users will know how to understand and interpret the financial statements and are able to make economic decisions based on information contained.

Materiality is usually determined at planning stage and it does not automatically mean that the aggregation of misstatements below the materiality are uncorrected misstatements. It depends on the nature as well.

Performance materiality (PM) is set at lower than materiality, so that the probability that aggregate of uncorrected misstatements and undetected misstatements exceeding materiality is sufficiently low.

Materiality is usually set at the FS level, although it can set at class of transactions etc. It can be adjusted during progress of the audit as well, for instance when the actual financial results are very different from interim financial results (when used to plan for the PM or M).

Both M and PM must be documented in the audit planning documents.

Usually, the M is based on a percentage of a benchmark (example: revenue, profit before tax, gross profit, total equity etc). The benchmark should not be too volatile. Determining a % depends on auditor’s professional judgment.

In an audit of public sector entity, total cost or net cost (expenses less revenues or expenditures less receipts) may be used. Alternatively, if entity has custody of public assets, assets may be appropriate.

pic_internal_audit_big