Page 33 - Internal Auditing Standards
P. 33

Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities Volume 1—Core Concepts





        •     Contains the nature, extent, and timing of specific audit procedures tailored to respond to the assessed
              risks of material misstatement at the assertion level.

        The overall responses address assessed risks of material misstatement at the financial statement level. Such

        responses would include the assignment and supervision of appropriate personnel, need for professional
        skepticism, the extent of corroboration required for management’s explanations/representations,
        consideration of the audit procedures to be performed, and what documentation would be examined in
        support of material transactions.

        Further audit procedures generally consist of substantive procedures such as tests of details, analytical
        procedures, and tests of controls (where there is an expectation that such controls have been operating

        effectively during the period).
        Some of the matters the auditor should consider when planning the appropriate mix of audit procedures to
        respond to identified risks include the following:

        •     Use of tests of controls
              –    Identify relevant internal controls that, if tested, would reduce the need/scope for other
                   substantive procedures. As a general rule, the sample size for testing controls is often signifi cantly
                   less than that of a substantive test of a transaction stream. Assuming that the relevant controls
                   operate consistently and control deviations are unlikely, the use of tests of controls can often result
                   in less work being performed. However, there is no requirement that the operating eff ectiveness
                   of internal controls (direct or indirect) be tested.
              –    Identify any assertions that cannot be addressed by substantive procedures alone. For example,
                   this can often apply to completeness of sales in a small entity, and situations where there is highly
                   automated processing of transactions (such as Internet sales) with little or no manual intervention.

        •     Substantive analytical procedures
              These are procedures for which the total amount of a transaction stream can be reliably predicted based
              on available evidence. This expectation is compared to the actual amount in the accounting records, and

              the extent of any misstatement readily identified (See Volume 1, Chapter 10). In some cases, if the assessed
              risk for a particular assertion is low (without considering related controls), the auditor may determine that
              substantive analytical procedures alone would provide sufficient appropriate audit evidence.


        •     Unpredictability
              The need to incorporate an element of unpredictability in procedures performed. A typical example
              would be procedures to address possible fraud.
        •     Management    override

              The need for specific audit procedures to address the potential for management override.
        •     Signifi cant risks
              The audit response to “significant risks” that have been identified. (See Volume 2, Chapter 10.)

















                                                                                                                   31
   28   29   30   31   32   33   34   35   36   37   38