As discussed in the previous blog, SAS No. 106, Audit Evidence, (and its redrafted clarity project standard) identifies financial statement assertions, management’s representations in financial statements. These statements also describe the types of audit evidence and auditing procedures an auditor may use to evaluate financial statement assertions. Some of this information is discussed below.
Nature, Extent and Timing of Tests
The nature, timing and extent of audit procedures designed by the auditor are in direct response to the assessment of the risk of material misstatement in the financial statement classification. The auditor must perform risk assessment procedures to provide a satisfactory basis for the assessment of risks at the financial statement and relevant assertion (account classification) levels. Risk assessment procedures by themselves do not provide sufficient competent audit evidence on which to base the audit opinion, but complement other audit procedures (tests of controls and substantive procedures) and are substantive evidence that enables an auditor to reach an opinion on financial statements.
Tests of Controls
Tests of controls are necessary in two circumstances: 1) When the auditor’s risk assessment includes an expectation of the operating effectiveness of controls, the auditor should test those controls to support the risk assessment. In addition, 2) when the substantive procedures alone do not provide sufficient appropriate audit evidence, the auditor should perform tests of controls to obtain audit evidence about their operating effectiveness, e.g., evaluating the completeness assertion for revenues discussed further below.
The risk assessment standards describe inquiries and observations as acceptable procedures for performing certain tests of controls. For smaller audits, these procedures may be used for testing and evaluating key controls performed by owners or managers of smaller entities. Acceptable results from such tests of controls may enable an auditor to evaluate control risk at a level less than high, maybe even moderate!.
Systems Walk-through Procedures
As part of an auditor’s risk assessment procedures, internal control documentation may include a system’s walk-through procedure for certain transactions cycles. Following the flow of a transaction from its inception to its termination (cradle to grave), an auditor will normally inspect supporting documents and records. The auditor may even re-perform some or all of the accounting system and internal control procedures evidenced by the documentation. Performing such procedures generates substantive evidence that contributes to the evaluation of financial statement assertions, even if no tests of controls are performed. A larger number of transactions selected for the walk-through procedure results in more substantive evidence from the risk assessment procedures. A systems walk-through procedure for the sales and collection cycle will enable an auditor to understand a client’s accounting and internal control systems and to identify potential risks of material misstatement affecting revenues.
Some auditors use a “hand full” approach to help determine the number of transactions to examine in a system’s walk-through procedure. When the overall risk assessment at the financial statement level is low, 5 transactions may be selected to follow through each transaction cycle. With a risk assessment at the moderate level an auditor may select 10 transactions; with high risk, 15 may be selected. The selection method, in this case, will usually be biased to include all the types of transactions in a cycle. Even so, this risk assessment procedure is producing substantive evidence to support an auditor’s conclusion on financial statements. The end result is that necessary amounts of other substantive procedures at the reporting date (analytical procedures and detailed tests of balances) should be reduced.
I'll discussed substantive procedures for revenues at the reporting date in my next blog.
For more information regarding auditing revenues and other financial statement classifications, live and on-demand webcasts, and self-study courses, are available by clicking the applicable box on the left side of my home page, www.cpafirmsupport.com.