StudyDaddy Accounting Two type of audit a) External Audit b) Internal Audit External audit-It is the type of audit which is conducted by an external audit body i.e. external to the organisation. EA is generally a

Two type of audit a) External Audit b) Internal Audit External audit-It is the type of audit which is conducted by an external audit body i.e. external to the organisation. EA is generally a

Audit risk and audit strategies


Audit procedures may be classified into several categories, including:

1. Procedures designed to obtain an understanding

2. Tests of controls

3. Analytical procedures

4. Substantive testing of transactions

5. Substantive testing of balances.

Required

(a) Describe the relationship between the above five categories and how these need to be considered when designing audit strategies.

(b) How would consideration of the audit risk model affect the audit strategy and therefore the extent to which these types of procedures are performed?


(a) In obtaining an understanding of the entity and its environment, including its internal control the auditor is attempting to identify and assess the risk of material misstatements in order to design and perform further audit procedures (ASA 315). As part of this planning process analytical review procedures can be employed to help indicate aspects of the entity of which the auditor was unaware, and will assist in assessing risks to help determine the nature, timing and extent of further audit procedures (ASA 520).


In designing the further audit procedures to be performed, the auditor shall:

  • Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including:

(i) The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (that is, the inherent risk); and

(ii) Whether the risk assessment takes account of relevant controls (that is, the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); and


  • Obtain more persuasive audit evidence the higher the auditor’s assessment of risk. (ASA 330).


In identifying the key risks the auditor must address the financial statement assertions (ASA 500) which fall into the following categories: assertions relating to classes of transactions; assertions relating to account balances; and assertions relation to presentation and disclosure.


These considerations will determine the extent to which the audit procedures are mainly substantive procedures (substantive approach), or where tests of controls are combined with substantive procedures (combined approach). Whether internal controls can be relied upon will have a significant impact on audit strategy, the auditor will, subject to positive results from the tests of controls, be able to reduce the level of substantive testing performed (the combined approach). Where controls are not effective the auditor will rely on substantive procedures to obtain evidence.


It should be noted that the interrelation of the balance sheet and income statement means that evidence obtained in relating to assertions about transactions may support, or otherwise, the audit objectives relating to assertions about account balances (e.g. if the auditor is happy about the occurrence assertion for sales transactions this gives some comfort over the existence assertion for receivables.


  1. ASA 330 discuss the audit risk model which can be used to inform the extent to which a predominantly substantive approach is carried out or whether a combined approach (tests of controls followed by reduced substantive tests) is used.


If control risk is assessed as relatively high then the internal control system is not considered to be effective so the auditor will not rely on the internal controls as a source of evidence. In order to reduce overall audit risk the auditor will need to reduce detection risk by performing more extensive substantive procedures. This is therefore the predominantly substantive approach.


If control risk is considered low then the auditor believes that the internal control system is effective and can be relied upon for audit evidence, this allows the detection risk to be set relatively higher. The auditor will therefore take a combined approach, firstly testing the system to confirm the original control risk assessment and then secondly performing reduced substantive testing (some audit evidence already having been provided by the control system).


Where the auditor initially assessed control risk as low but this is not supported by the results of the tests of controls the auditor will alter the audit strategy to now be one of a predominantly substantive approach.





Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!