SA 330 Auditor’s Responses To Assessed Risk

SA 330 deals with the auditor’s responsibility to design and implement responses to the assessed risk of material misstatement identified in accordance with SA 315.

Let’s understand in detail about SA 330 Auditor’s Responses To Assessed Risk.

Objective

To obtain sufficient appropriate audit evidence about the assessed risk and design & implement appropriate responses to those risk SA 330 is effective for the audit of financial statements for periods beginning on or after 1st April 2008

Overall Responses

Design and implement overall responses to address the assessed risks of material misstatement at the financial statement level.

Audit Procedures

Nature, timing and the extent of the audit procedures are to be based on and are responsive to the assessed risk of material misstatement at the assertion level. Consider the reason for the assessment given to each class of transaction, account balance and disclosure including:

• Likelihood of material misstatement due to the particular characteristics of relevant inherent risk
• Whether the risk assessment takes into account the relevant controls

Test of Controls

Controls have to be tested to confirm its operating effectiveness and sufficient appropriate audit evidence to be obtained when:

• There is an expectation that the controls are operating effectively
• Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level

More persuasive audit evidence, the greater the auditor relies on the control effectiveness  

Nature and Extent of Test of Controls

Timings of Controls Test

Test the controls for the particular time or throughout the period for which the auditor intends to rely on those controls related to risk assessment procedure

Interim Period

When auditor obtains audit evidence about control’s operating effectiveness during an interim period, then:

• Check for significant changes to those controls subsequent to the interim period
• Obtain additional audit evidence for the remaining period

If Audit Evidence obtained in previous audits can be used?

The auditor should consider the length of the time period that may elapse before retesting a control and take into account the following:

i. The effectiveness of other elements of internal control including risk assessment process
ii. The risk from the control characteristics –manual or automated
iii. General IT-controls effectiveness
iv. Control effectiveness and its application including nature and deviation in the application noted in previous audits
v. If there are any personnel changes which may affect control application
vi. If lack of change in a particular control poses a risk due to changing circumstances
vii. Risk of material misstatement and the extent of reliance on the control
viii. Continuance relevance of evidence by inquiring for any significant changes in those controls subsequent to previous audits
ix. If no changes, the auditor should test the control at-least once in every third audit and some controls each audit to test effectively

Controls over Significant Risks

Any significant risk in auditor’s opinion should be tested in the current period. During this process, evaluate whether there are any misstatements detected by substantive procedure indicates the control are not operated effectively. If there are deviations, the auditor should understand its potential consequences through specific inquiries and determine:

• Test of controls performed to provide an appropriate basis for reliance
• If an additional test is necessary
• If the potential risk of misstatement is to be addressed using substantive procedures

Substantive Procedures

Irrespective of assessed risk of material misstatement, substantive procedures for each material class of transaction, account balance and disclosure are to be performed:          

If misstatement that the auditor did not expect arises at an interim date, then the nature, timing, and extent of substantive procedures for the remaining period has to be modified

Adequacy of Presentation and Disclosure

“Evaluate whether the overall presentation of the financial statements, including related disclosures, is in accordance with the applicable financial reporting framework”

Sufficiency and Appropriateness of Audit Evidence

Before the conclusion of the audit, the auditor should determine whether the audit procedures performed and audit evidence obtained is appropriate for the assessment of the risk of material misstatement at the assertion level. An auditor should consider all relevant evidence regardless of whether it appears to corroborate or to contradict the assertions

Documentation

• Overall response to address the assessed risk of material misstatement and the nature, timing, and extent of further audit procedures
• Linkage of those procedures with the assessed risk at the assertion level
• The result of the audit procedure including conclusions for unclear ones

If the audit evidence about the operating effectiveness control obtained in previous audits is used by the auditor, such fact should be documented. Auditor’s documentation should demonstrate that the financial statements agree to the accounting records.