SA 330 deals with the auditor’s responsibility to design and implement responses to the assessed risk of material misstatement identified in accordance with SA 315.

1. Objective

To obtain sufficient appropriate audit evidence about the assessed risk and design & implement appropriate responses to those risk SA 330 is effective for the audit of financial statements for periods beginning on or after 1st April 2008

2. Overall Responses

Design and implement overall responses to address the assessed risks of material misstatement at the financial statement level.

3. Audit Procedures

Nature, timing and the extent of the audit procedures are to be based on and are responsive to the assessed risk of material misstatement at the assertion level. Consider the reason for the assessment given to each class of transaction, account balance and disclosure including:

i. Likelihood of material misstatement due to the particular characteristics of relevant inherent risk

ii. Whether the risk assessment takes into account the relevant controls

4. Test of Controls

Controls have to be tested to confirm its operating effectiveness and sufficient appropriate audit evidence to be obtained when:

i. There is an expectation that the controls are operating effectively

ii. Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level

More persuasive audit evidence, the greater the auditor relies on the control effectiveness  

5. Nature and Extent of Test of Controls


6. Timings of Controls Test

Test the controls for the particular time or throughout the period for which the auditor intends to rely on those controls related to risk assessment procedure

7. Interim Period

When auditor obtains audit evidence about control’s operating effectiveness during an interim period, then:

i. Check for significant changes to those controls subsequent to the interim period

ii. Obtain additional audit evidence for the remaining period

8. If Audit Evidence obtained in previous audits can be used?

The auditor should consider the length of the time period that may elapse before retesting a control and take into account the following:

i. The effectiveness of other elements of internal control including risk assessment process

ii. The risk from the control characteristics –manual or automated

iii. General IT-controls effectiveness

iv. Control effectiveness and its application including nature and deviation in the application noted in previous audits

v. If there are any personnel changes which may affect control application

vi. If lack of change in a particular control poses a risk due to changing circumstances

vii. Risk of material misstatement and the extent of reliance on the control

viii. Continuance relevance of evidence by inquiring for any significant changes in those controls subsequent to previous audits

ix. If no changes, the auditor should test the control at-least once in every third audit and some controls each audit to test effectively

9. Controls over Significant Risks

Any significant risk in auditor’s opinion should be tested in the current period. During this process, evaluate whether there are any misstatements detected by substantive procedure indicates the control are not operated effectively. If there are deviations, the auditor should understand its potential consequences through specific inquiries and determine:

i. Test of controls performed to provide an appropriate basis for reliance

ii. If an additional test is necessary

iii. If the potential risk of misstatement is to be addressed using substantive procedures

10. Substantive Procedures

Irrespective of assessed risk of material misstatement, substantive procedures for each material class of transaction, account balance and disclosure are to be performed: substantive Procedures           If misstatement that the auditor did not expect arises at an interim date, then the nature, timing, and extent of substantive procedures for the remaining period has to be modified

11. Adequacy of Presentation and Disclosure

Evaluate whether the overall presentation of the financial statements, including related disclosures, is in accordance with the applicable financial reporting framework”

12. Sufficiency and Appropriateness of Audit Evidence

Before the conclusion of the audit, the auditor should determine whether the audit procedures performed and audit evidence obtained is appropriate for the assessment of the risk of material misstatement at the assertion level. SA330-2 An auditor should consider all relevant evidence regardless of whether it appears to corroborate or to contradict the assertions

14. Documentation

i. Overall response to address the assessed risk of material misstatement and the nature, timing, and extent of further audit procedures

ii. Linkage of those procedures with the assessed risk at the assertion level

iii. The result of the audit procedure including conclusions for unclear ones

If the audit evidence about the operating effectiveness control obtained in previous audits is used by the auditor, such fact should be documented. Auditor’s documentation should demonstrate that the financial statements agree to the accounting records.
Get an expert at affordable price
Get an Expert