ISA 330 standard is the property of IAASB and this summary is only for educational purposes. For some sections where summary may not give exact meaning, extracts of the standard are posted here.
ISA 330 Definitions
Definition on substantive procedure
This standard defines substantive procedure as audit procedure that is designed to detect material misstatement at assertion level. These substantive procedure comprise of test of details (of classes of transactions, account balances, and disclosures) and substantive analytical procedures.
Definition on test of controls
This standard defines test of controls as audit procedure designed to evaluate the operating effectiveness of controls in preventing or detecting and correcting material misstatements at assertion level.
ISA 330 Scope
This standard deals with the auditor’s responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor in accordance with ISA 315 in an audit of financial statements.
ISA 330 Objective
The objective of the auditor under ISA 330 is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks.
ISA 330 Requirements
- This standard requires that auditors designs and implement overall response to address the assessed risk of material misstatement at the financial statement level.
- This standard require that auditor design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.
- This standard require that in designing further audit procedures inherent risk and control risk should be considered. Also more persuasive audit evidence is obtained higher assessed risk.
Test of control
ISA 330 require that auditor shall design and perform test of controls if;
- Audit assessment at assertion level include an expectation that controls are function effectively and auditor intend to rely on the operative effectiveness to determine the nature, timing and extent of substantive procedures; or
- Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.
The more auditor intend to rely on the operating effectiveness, more perversive the audit evidence to the effectiveness should be.
Nature and Extent of Tests of Controls
ISA 330 require the auditor shall when design and performing test of control shall in addition to inquiry shall perform audit procedure to obtain evidence for:
- How controls are performed during the relevant time during the period
- The consistency with which they are applied
- By whom and by what means they are applied
If operating effective on control being tested depend upon the effectiveness of other indirect control, consider if it is necessary to obtain evidence to the effectiveness of those indirect controls
Timing of Tests of Controls
The timing of test can be particular or 12 months, this depends upon the period for which auditor intend to rely on the those controls.
Using audit evidence obtained during an interim period
If auditors intend to reply on the evidence from interim period, obtain evidence if there are any significant changes subsequent to interim period and determine if additional the additional audit evidence to be obtained for the remaining period.
Using audit evidence obtained in previous audits
Auditor should consider following when using the audit evidence from previous audit;
- Effectiveness of other elements of control;
- Risk arising from the nature of contract (Manual or automated)
- Effectiveness of general IT controls
- Control deviation changes noted in previous period and if any changes in personnel that may impact
- Whether the lack of a change in a particular control poses a risk due to changing circumstances
- The risks of material misstatement and the extent of reliance on the control
If auditor plans to use the audit evidence of control effectiveness from pervious period it should perform inquiry combined with observation or inspection evaluate continue relevance of the audit evidence.
If there are change that impact the relevance perform the test of control again.
Test the control once every three year. Test some control each year to avoid the possibility of checking all control in one year.
Controls over significant risks
These should be checked in the current audit period.
Evaluating the Operating Effectiveness of Controls
The auditor should consider the misstatement detected as part of substantive procedure to check effectiveness of the control.
If there is deviation in control detected, auditor should inquire to understand the deviation and assess;
- The tests of controls that have been performed provide an appropriate basis for reliance on the controls;
- Additional tests of controls are necessary; or
- The potential risks of misstatement need to be addressed using substantive procedures.
Substantive Procedures
Audit shall perform substantive procedure for all material class of transactions, account balance and disclosures.
The auditor shall consider whether external confirmation procedures are to be performed as substantive audit procedures
Substantive Procedures Related to the Financial Statement Closing Process
The auditor shall reconcile financial with underlying accounting record and also examine material journal entries and other adjustments made during the course of preparing the financial statements.
Substantive Procedures Responsive to Significant Risks
The auditor shall perform substantive procedures that are specifically responsive to identified significant risk.
When approach to the significant risk is only substantive procedure then it shall be test of details.
Timing of Substantive Procedures
If substantive procedures are performed at interim period the auditor shall cover the remaining period by performing substantive procedure with test of control or only substantive procedure if considered sufficient.
If an unassessed material misstatement is identified in interim period then auditor should consider if the risk assessment and associated response required to revisited.
Adequacy of Presentation and Disclosure
The auditor shall perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework
Evaluating the Sufficiency and Appropriateness of Audit Evidence
Before concluding audit, auditor shall assess the relevancy of risk assessment based on the audit procedure and evidence.
The auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, the auditor shall consider all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements.
If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements.
Documentation
Auditor shall include following in the documentation;
- responses to address the assessed risks of material misstatement at the financial statement level
- the nature, timing and extent of the further audit procedures performed
- The linkage of those procedures with the assessed risks at the assertion level
- The results of the audit procedures, including the conclusions where these are not otherwise clear
- Conclusion of reliance on the audit evidence obtained in previous period in the context of test of controls
- Agreement and reconciliation of underlying accounting record with financial statement.