The auditor's goal is to collect enough suitable audit evidence to support the evaluated risks of material misstatement, as well as to create and implement effective solutions to such risks. The auditor is responsible for developing and implementing overall remedies to the risks of substantial misstatement in the financial statements.
Test
of controls as defined
by ISA (UK) 330 – An audit procedure designed to evaluate the operating effectiveness
of controls in preventing, or detecting and correcting, material misstatements
at the assertion level.
Examining a sample of
purchase orders to confirm that they have been properly authorized would be a
control test. A 'yes' response indicates that the internal control requiring
purchase order permission is operational, whereas a 'no' response indicates
that the internal control does not appear to be operational, necessitating
further audit inquiry.
Substantive procedure as defined by ISA (UK) 330 – An audit
procedure designed to detect material misstatements at the assertion level.
Substantive procedures comprise:
(i) Tests of details (of classes of transactions,
account balances, and disclosures); and
(ii) Substantive analytical procedures.
According to ISA 330, the auditor must
always execute substantive procedures on material items, regardless of the risk
of substantial misstatement, and must design and perform substantive procedures
for each material class of transactions, account balance, and disclosure. Invariably,
substantive procedures will need more effort than control testing. Consider the
example of a manufacturing company's purchasing system and the assertion of
account balances' existence in the statement of financial position. Typical
detail checks would entail receiving and examining the closing purchase ledger
account balances for a sample of purchase ledger accounts with selected
suppliers, as well as some physical verification of year-end balances
outstanding. Typically, this entails agreeing on the closing balance figure
with the supplier's statement, or even asking third-party confirmation of the
amount owing from the supplier.
An
effective control environment may enable the auditor to have greater confidence
in internal control and the reliability of audit evidence generated internally
within the entity, allowing the auditor, for example, to conduct some audit
procedures at an interim date rather than at the end of the period.
Deficiencies in the control environment, on the other hand, have the opposite
impact; for example, an ineffective control environment may prompt the auditor
to:
§ Conduct more audit processes at the end
of the period rather than at an interim date;
§ Obtaining more extensive audit evidence
from fundamental procedures;
§ Expanding the audit scope to include
more locations.
Practice:
Control
tests are often brief, rapid audits, whereas substantive procedures will
necessitate more extensive auditing. The auditor must create and perform
substantial processes for each type of transactions, account balance, and
disclosure, regardless of the assessed risks of material misstatement,
according to ISA 330.
Reference:
https://bit.ly/34QrvaI