Designing audit procedures
Show/hide Sharepoint toolbar
Toggle navigation
Menu
Home
General
Currently selected
Compliance
Concepts
Planning
Examination
Reporting
Financial
Concepts
Planning
Examination
Reporting
Performance
Concepts
Planning
Examination
Reporting
More
Review
Opinion
Tools
How To ?
Page index
Resources
Terms
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
Designing audit procedures
Designing audit procedures
The objective of the auditor is to obtain sufficient appropriate audit evidence about assessed risks through designing and implementing appropriate responses to those risks.
Compliance audit
Financial audit
Planning
Ref: 14.210
Page Content
Principles
Audit procedures are designed by the auditor, in order to:
carry out an appropriate audit test, at the right time and covering the right period;
obtain sufficient, relevant and reliable
audit evidence
; and
reach the appropriate confidence level to support audit conclusions.
Instructions
Elements to consider
Audit procedures, which aim to obtain the required
assurance
in the most cost-effective way, are designed on the basis of the knowledge acquired by the auditor and should take into account important aspects, such as
materiality
and
risk
.
Contents of an audit procedure
An audit procedure should include the following elements:
the audit objective(s) of the procedure and/or audit test(s);
the output expected from the procedure;
the assertion, rule, regulation, or requirement to be addressed;
the assessed risk;
the related key control(s);
the audit step(s): evidence to obtain, work to perform, type of procedure to use (enquiry, re-performance, etc), documents to obtain, staff to interview, etc.;
the audit conclusion on the test’s objective(s) or, in the event of a negative conclusion, further possible testing or impact on the audit approach and related audit procedures.
How to design audit procedures
When designing audit procedures, the auditor should determine
1. Audit approach
The audit approach may consist of:
a reliance or systems-based approach
:
Tests of controls
are undertaken in those instances where the
preliminary assessment
has indicated that controls are excellent or good, supported by substantive procedures; or
a substantive approach.
Substantive procedures
are employed where the preliminary assessment shows controls to be poor, or where testing shows that the controls have not operated continuously and effectively during the period being audited, or where controls (even if deemed to be good or excellent) are not tested (whether due to lack of resources, expertise, etc.)
Materiality
, together with the auditor’s
assessment of inherent risk
and his/her preliminary
evaluation of internal control
, provide the basis for the appropriate audit approach. The
combined assessment
of inherent risk and evaluation of internal control helps to determine the nature and extent of the audit procedures to be designed and performed. In practice, ECA relies primarily on its direct testing of transactions.
Irrespective of the audit approach selected, the auditor should
always design and perform substantive procedures
. No matter how strong the controls are found to be, some substantive procedures need to be carried out due to the risk of management override of controls, collusion, etc.
Where the preliminary assessment of control risk is high, the auditor should not rely on systems but
may
test the controls to support findings to be reported to management or the
discharge authority
concerning system weaknesses.
ECA's deadlines for issuing
compliance audit opinions regarding the legality and regularity
of the underlying transactions, as set out in the
Financial Regulation
, make it difficult to follow the traditional audit process. In this context, the
same transactions may be used for both tests of controls and tests of details
("dual purpose tests"). In such cases, the auditor considers whether the audit results are consistent with the audit hypothesis and whether additional audit procedures need to be performed.
2. Level of assurance to be derived from audit procedures
The 95% assurance generally required from ECA's audit tests may be derived mostly from controls, or mostly or entirely from substantive procedures, depending on the auditor's assessment of both
inherent and control risk
.
3. Nature of audit procedures (how and where to obtain required evidence)
The nature of audit procedures refers to their:
purpose
: tests of controls or substantive procedures (including tests of details and analytical procedures) and
type
, i.e. analytical procedures, inspection, observation; enquiry (including confirmation), computation, and re-performance.
The auditor selects the audit procedure that is most appropriate in order to reduce the assessed
audit risk
to an acceptably low level. The auditor should exercise his
professional judgement
to select the procedures, by considering the objectives of the test (i.e. the assertions to cover), the nature of the population, the assessed risk and the level of reliance on
internal controls
.
4. Timing of audit procedures
Timing refers to time at which the audit procedures are performed or the period or date to which the
audit evidence
applies. When considering the timing of audit procedures, the auditor also considers the following elements:
the relevant internal controls in place;
the time at which relevant information is available;
the nature of the risk (e.g. cut-off);
specific times where the risk is increased, e.g. peaks of activity, absence of or changes in key personnel, system updates, etc.
The auditor may perform tests of control or substantive procedures at a certain date or period (interim date) or at period end. Certain audit procedures can be performed only
at or after
period end
, e.g. agreeing the financial statements to the accounting records for reliability audits. The higher the risk, the more effective it is to perform substantive procedures nearer to, or at, period end rather than at an earlier date.
Performing audit procedures
before period end
may help to identify significant matters at an early stage of the audit, and consequently resolve them with the assistance of management or develop an effective audit approach to address them. If the auditor performs
tests of controls
or
substantive procedures
prior to period end, (s)he should obtain additional evidence for the remaining period.
5. Extent of audit procedures
The auditor decides on the extent of an audit procedure, i.e. the quantity to test, based on:
the
materiality
level and
assessed risk
;
the degree of
assurance
the auditor plans to obtain;
the most appropriate
sampling
technique for the audit procedure;
the use of Computer-Assisted Audit Techniques (CAATs), which may enable more extensive testing of electronic transactions and account files.
The auditor usually increases the extent of an audit procedure as the risk of material misstatement or non-compliance increases. Minimum sample sizes for 2% materiality and 95% assurance are set out in the
assurance model
.
6. Design efficient audit procedures
The auditor ensures that there is a
clear link
between the risk assessment, the evaluation of internal control, and the nature, timing and extent of audit procedures. Audit procedures, which should be
derived from the audit approach
and thus be consistent with it, reflect the decision taken by the auditor as to whether or not to rely on internal controls and the extent of substantive procedures.
The auditor should design
mutually exclusive and collectively exhaustive
audit steps and audit procedures. The audit steps within an audit procedure must be mutually exclusive, meaning that the objectives are different from one another and do not overlap. At the same time, the full range of relevant objectives for the audited area must together be comprehensive in order to gather the evidence needed and cover the related assertion. In this sense, they are collectively exhaustive.
Lastly, audit procedures should be
specific
. In order to maximise efficiency, the auditor can coordinate similar audit procedures. For audit procedures that involve sampling, the auditor can perform numerous tests on the same sample (multipurpose testing), including testing controls, e.g. the auditor can test the amount and test the controls for that area/account.
All auditors performing audit procedures should understand how each individual section links to the overall audit approach and contributes to the overall audit
assurance
to be reached for the audit.
Related documents
Standards
ISA 330
Rules
Art 258 FR
Principles
Instructions
Elements to consider
Contents of an audit procedure
How to design audit procedures
Last Modified
: 06/04/2020 17:30
Tags
:
‹
›
×