Manila * Cavite * Laguna * Cebu * Cagayan De Oro * Davao

Since 1977

AT.3211
Further Audit Procedures – SOLIMAN/UY/RICAFRENTE
Test of Controls and Substantive Test Procedures MAY 2022

Reference:
a. PSA 330, The Auditor’s Responses to Assessed Risks

LECTURE NOTES
Introduction 1. Only by performing tests of controls may the auditor
achieve an effective response to the assessed risk of
Once the risks of material misstatement have been material misstatement for a particular assertion.
identified, the auditor designs and implements appropriate
responses to those risks in order to obtain sufficient 2. Performing only substantive procedures is appropriate
appropriate audit evidence about the assessed risks of for particular assertions and, therefore, the auditor
material misstatement. excludes the effect of controls from the relevant risk
assessment. This may be because the auditor’s risk
The auditor’s responses are classified into two according to assessment procedures have not identified any effective
the level of risks of material misstatement, such as: controls relevant to the assertion, or because testing
controls would be inefficient and therefore the auditor
1. Overall responses to address the risks of material does not intend to rely on the operating effectiveness of
misstatement at the financial statements level; and controls in determining the nature, timing and extent of
2. Further audit procedures as responses to the assessed substantive procedures; or
risks of material misstatement at the assertion level.
3. A combined approach using both tests of controls and
For the areas that have no risks of material misstatement substantive procedures is an effective approach.
identified, generally no further audit procedures need to be
performed, except for material classes of transactions, The Nature, Timing, and Extent of Further Audit Procedures
account balances and disclosures that are still subject to
some substantive procedures. The nature of an audit procedure refers to its:

Overall responses • purpose – pertain to test of controls or substantive

procedure, i.e., whether to test a control’s operating
The auditor’s overall responses may include: effectiveness or to detect a material misstatement,
respectively; and
• Emphasizing to the audit team the need to maintain • type – such as inspection, observation, inquiry,
professional skepticism. confirmation, recalculation, reperformance, or
• Assigning more experienced staff or those with special analytical procedure.
skills or using experts.
• Providing more supervision. The nature of the audit procedures is of most importance in
• Incorporating additional elements of unpredictability in responding to the assessed risks.
the selection of further audit procedures to be
performed. Timing of an audit procedure refers to when it is performed,
• Making general changes to the nature, timing, or extent or the period or date to which the audit evidence applies,
of audit procedures. whether at an interim date or at the period end.

Responses to the assessed risks of material However, certain audit procedures can be performed only
misstatement at the assertion Level at or after the period end, for example:

The auditor shall design and perform further audit • Agreeing the financial statements to the accounting
procedures whose nature, timing, and extent are based on records.
and are responsive to the assessed risks of material • Examining adjustments made during the course of
misstatement at the assertion level. Further audit preparing the financial statements; and
procedures include: • Procedures to respond to a risk that, at the period end,
the entity may have entered into improper sales
1. Test of controls – an audit procedure designed to contracts, or transactions may not have been finalized.
evaluate the operating effectiveness of controls in
preventing, or detecting and correcting, material Extent of an audit procedure refers to the quantity to be
misstatements at the assertion level performed, for example, a sample size or the number of
2. Substantive procedure – an audit procedure designed observations of a control activity. The extent of an audit
to detect material misstatements at the assertion level. procedure judged necessary is determined after considering
the materiality, the assessed risk, and the degree of
The auditor’s assessment of the identified risks at the assurance the auditor plans to obtain.
assertion level provides a basis for considering the
appropriate audit approach for designing and performing
further audit procedures. For example, the auditor may
determine that:

Page 1 of 5 www.teamprtc.com.ph AT.3211

EXCEL PROFESSIONAL SERVICES, INC.

Test of Controls § How the controls were applied at relevant times

during the period under audit.
The auditor shall design and perform tests of controls to § The consistency with which they were applied.
obtain sufficient appropriate audit evidence as to the § By whom or by what means they were applied.
operating effectiveness of relevant controls when:
• Determine whether the controls to be tested depend
1. The auditor’s assessment of risks of material upon other controls (indirect controls), and if so,
misstatement at the assertion level includes an whether it is necessary to obtain audit evidence
expectation that the controls are operating effectively supporting the effective operation of those indirect
(i.e., the auditor intends to rely on the operating controls.
effectiveness of controls and therefore setting control
risk below maximum or low); or Evaluating the Operating Effectiveness of Controls
2. Substantive procedures alone cannot provide sufficient
appropriate audit evidence at the assertion level. The auditor shall evaluate whether, on the basis of the audit
work performed, the auditor has identified a material
Designing and Performing Tests of Controls weakness in the operating effectiveness of controls. A
material misstatement detected by the auditor’s procedures
Tests of controls are performed only on those controls that may indicate the existence of a material weakness in
the auditor has determined are suitably designed to internal control.
prevent, or detect and correct, a material misstatement in
an assertion. If substantially different controls were used The concept of effectiveness of the operation of controls
at different times during the period under audit, each is recognizes that some deviations in the way controls are
considered separately. applied by the entity may occur. Deviations from prescribed
controls may be caused by such factors as changes in key
Testing the operating effectiveness of controls is different personnel, significant seasonal fluctuations in volume of
from obtaining an understanding of and evaluating the transactions and human error. The detected rate of
design and implementation of controls. However, the same deviation, in particular in comparison with the expected
types of audit procedures are used. The auditor may, rate, may indicate that the control cannot be relied on to
therefore, decide it is efficient to test the operating reduce risk at the assertion level to that assessed by the
effectiveness of controls at the same time as evaluating auditor.
their design and determining that they have been
implemented (i.e., performing risk assessment procedures Test of controls vs. Walkthrough test procedure
and test of controls for the same relevant controls
simultaneously). Further, although some risk assessment The nature of procedures and evidence involved in test of
procedures may not have been specifically designed as tests controls are very similar with the auditor’s walkthrough test
of controls, they may nevertheless provide audit evidence during the understanding of client business phase of the
about the operating effectiveness of the controls and, audit. Both involves inquiring the relevant client personnel,
consequently, serve as tests of controls. For example, the inspection of records, and observing client’s processes.
auditor’s risk assessment procedures may have included: However, the distinctions lie in the objective of the
• Inquiring about management’s use of budgets. procedures and the extent of testing. In walkthrough test,
• Observing management’s comparison of monthly the objective is to confirm the auditor’s understanding of
budgeted and actual expenses. client’s process and to become familiar with client’s
• Inspecting reports pertaining to the investigation of documents, while in test of controls the objective of the
variances between budgeted and actual amounts. auditor is to test the operating effectiveness of the internal
control. In addition, in a walkthrough test, one completed
These audit procedures provide knowledge about the design transaction (or few transactions) is enough to carry out the
of the entity’s budgeting policies and whether they have procedure, while in test of controls sufficient quantity is
been implemented but may also provide audit evidence needed to provide evidence of operating effectiveness of the
about the effectiveness of the operation of budgeting internal control. Moreover, the document used in
policies in preventing or detecting material misstatements walkthrough test can also be one of the samples to be used
in the classification of expenses. in test of controls.

Nature of Tests of Controls Determining Acceptable Level of Detection Risk

The nature of tests of controls is that the tests generally The auditor expresses audit risk, at the assertion level,
consist of one (or a combination) of four types of evidence- through this model AR = IR x CR x DR. The auditor first sets
gathering techniques: the acceptable level of audit risk for a certain relevant
assertion, then assesses the level of IR and CR based upon
1. Inquiry of client personnel, the results of risk assessment procedures and tests of
2. Observation, control, if necessary. Finally, the auditor determines the
3. Inspection (e.g., examination of documents), acceptable level of DR to determine the nature, timing and
4. Reperformance extent of substantive procedures.

In designing and performing tests of controls, the auditor Substantive Detection risk is Detection risk is
shall: procedure’s low high
Nature More effective Less effective
• Perform other audit procedures in combination with Timing At year end At interim dates
inquiry to obtain audit evidence about the operating
effectiveness of the controls, including: Extent More extensive Less extensive

Page 2 of 5 www.teamprtc.com.ph AT.3211

EXCEL PROFESSIONAL SERVICES, INC.

Substantive Procedures increases the risk that the auditor will not detect
misstatements that may exist at the period end–referred to
Irrespective of the assessed risks of material misstatement, as incremental audit risk. This risk increases as the
the auditor shall design and perform substantive procedures remaining period is lengthened.
for each material class of transactions, account balance, and
disclosure. Substantive procedures consist of In most cases, audit evidence from a previous audit’s
substantive procedures provides little or no audit evidence
1. Substantive analytical procedures (warranted by for the current period. There are, however, exceptions, e.g.,
circumstances.) a legal opinion obtained in a previous audit related to the
2. Substantive test of details (always required) structure of a securitization to which no changes have
a. Substantive test of details of transactions, and occurred, may be relevant in the current period. In such
b. Substantive test of details of balances cases, it may be appropriate to use audit evidence from a
c. Substantive test of details of disclosures previous audit’s substantive procedures if that evidence and
the related subject matter have not fundamentally changed,
Nature of Substantive Procedures and audit procedures have been performed during the
current period to establish its continuing relevance.
Substantive procedures comprise test of details (of classes
of transactions, account balances, and disclosures), and Extent of Substantive Procedures
substantive analytical procedures. Analytical procedures
generally provide less reliable evidence than the tests of The greater the risk of material misstatement, the greater
detail. the extent of substantive procedures. In designing tests of
details, the extent of testing is ordinarily thought of in terms
Substantive analytical procedures are generally more of the sample size. However, other matters are also
applicable to large volumes of transactions that tend to be relevant, including whether it is more effective to use other
predictable over time. selective means of testing.

The nature of the risk and assertion is relevant to the design The use of Computer Assisted Audit Tools and Techniques
of tests of details. For example, tests of details related to (CAATTs) may enable more extensive testing of electronic
the existence or occurrence assertion may involve selecting transactions and files. Because the risk of material
from items contained in a financial statement amount and misstatement takes account of internal control, the extent
obtaining the relevant audit evidence. On the other hand, of substantive procedures may be reduced if tests of control
tests of details related to the completeness assertion may show that controls are adequate.
involve selecting from items that are expected to be
included in the relevant financial statement amount and Test of controls vs. Test of transactions
investigating whether they are included.
Both procedures are directed to the classes of transactions
Timing of Substantive Procedures of the client, however, their purposes are different. An
auditor performs test of controls to test the operating
Substantive procedures may be performed at interim dates effectiveness of controls while an auditor performs test of
or at period end depending on the auditor’s judgment. transactions to detect material misstatements in the
When substantive procedures are performed at an interim financial statements. In addition, in test of controls,
date, the auditor shall cover the remaining period by monetary amount is not relevant (the auditor determines
performing: whether a control operation is being carried out or not
regardless of the monetary amount of the transaction),
1. Substantive procedures, combined with tests of while in test of transactions, the monetary amount is of
controls for the intervening period; or particular importance to determine whether the
2. If the auditor determines that it is sufficient, further misstatements are material or not. Finally, performance of
substantive procedures only, that provide a test of controls is not always required every audit but
reasonable basis for extending the audit conclusions warranted by circumstances (i.e., an auditor will perform
from the interim date to the period end. test of controls if the auditor intends to rely on the control)
while test of transactions is always part of required audit
Performing substantive procedures at an interim date procedures every audit.
without undertaking additional procedures at a later date

DISCUSSION QUESTIONS
Designing Further Audit Procedures—Developing Relevant Assertions
Detailed Audit Programs
2. Which of the following is the most valid reason why an
1. In designing further audit procedures, an auditor must auditor must consider financial statements assertions
consider when designing further audit procedures?
a. Relevant assertion(s). a. To be able to obtain reliable audit evidence.
b. Nature, timing, and extent. b. To be able to obtain relevant audit evidence.
c. Significant risks. c. To be able to obtain sufficient audit evidence.
d. All of the above. d. To minimize the cost of obtaining audit evidence.

Page 3 of 5 www.teamprtc.com.ph AT.3211

EXCEL PROFESSIONAL SERVICES, INC.

Nature of Further Audit Procedures Significant Risks

3. Which statement is incorrect regarding the nature of 8. Which of the following statements relating to auditor’s
further audit procedures? responses to assessed risk of material misstatement
a. The nature of further audit procedures refers to considered significant risk is incorrect?
their purpose and their type a. The auditor shall obtain understanding of the
b. Certain audit procedures may be more appropriate relevant control activities intended to address the
for some assertions than others. risk.
c. The higher the auditor’s assessment of risk, the less b. The auditor shall test the operating effectiveness of
reliable and relevant is the audit evidence sought by the internal control in place to address the risk.
the auditor from substantive procedures. c. The auditor shall perform substantive procedures
d. All of the above that are specifically responsive to significant risk.
d. When the approach to a significant risk consists only
Timing of Further Audit Procedures of substantive procedures, those procedures shall
include tests of details.
4. Which statement is incorrect regarding the timing of
further audit procedures? 9. Which of the following steps or modifications to an audit
a. The timing refers to when audit procedures are program is likely to be the most appropriate if an auditor
performed or the period or date to which the audit assesses the level of the risk of material misstatement
evidence applies. for a financial statement assertion to be relatively high?
b. The auditor may perform tests of controls or a. Perform more intensive tests of the relevant internal
substantive procedures at an interim date or at control
period end. b. Perform more intensive substantive tests of the
c. If the auditor performs tests of controls or assertion
substantive procedures prior to period end, the c. Increase the planning materiality level
auditor considers the additional evidence required d. Reduce the desired level of audit risk
for the remaining period.
d. All audit procedures can be performed prior to
period end. Test of Controls

5. Which of the following procedures can only be 10. Tests of controls are used to test whether controls are
performed at or after period end? a. operating effectively.
a. Agreeing the financial statements to the accounting b. placed in operation (implemented).
records. c. properly accumulated into balance sheet totals.
b. Examining adjustments made during the d. properly documented by the client.
preparation of financial statements.
c. Procedures to respond to a risk of transactions not 11. After documenting internal control in an audit
yet finalized at period end. engagement, the auditor may perform tests on
d. All of the above. a. those controls that the auditor plans to rely on.
b. those controls in which deficiencies were identified.
Extent of Further Audit Procedures c. those controls that have a material effect on the
financial statement balances.
6. Which statement is incorrect regarding the extent of d. a random sample of the controls that were reviewed.
further audit procedures?
a. Extent includes the quantity of a specific audit 12. Which of the following audit techniques would most
procedure to be performed. likely provide an auditor with the most assurance about
b. The extent of an audit procedure is determined by the effectiveness of the operation of an internal control
the judgment of the auditor after considering the procedure?
materiality, the assessed risk, and the degree of a. Inquiry of client personnel
assurance the auditor plans to obtain. b. Recomputation of an account balance
c. The auditor ordinarily decreases the extent of audit c. Observation of client personnel
procedures as the risk of material misstatement d. Confirmation of balances or transactions with outside
increases. parties
d. All of the above
13. After the study and evaluation of a client's internal
7. Holding other planning considerations equal, a decrease control policies and procedures has been completed, an
in the amount of misstatements in a class of auditor might decide to
transactions that an auditor could tolerate most likely a. increase the extent of substantive testing in areas
would cause the auditor to: where the internal control policies and procedures
a. Perform less effective procedures. are strong.
b. Perform the planned auditing procedures closer to b. reduce the extent of control testing in areas where
the balance sheet date. the internal control policies and procedures are
c. Increase the assessed level of control risk for strong.
relevant financial statement assertions. c. reduce the extent of both substantive and control
d. Decrease the extent of auditing procedures to be testing in areas where the internal control policies
applied to the class of transactions. and procedures are strong.
d. increase the extent of substantive testing in areas
where the internal controls are weak.

Page 4 of 5 www.teamprtc.com.ph AT.3211

EXCEL PROFESSIONAL SERVICES, INC.

14. Control testing is performed in order to determine 21. Shown below (1 through 5) are the five types of tests
whether or not which auditors use to determine whether financial
a. the assessed level of control risk can be reduced. statement are fairly stated. Which three are substantive
b. necessary controls are absent. tests?
c. incompatible functions exist. 1. procedures to obtain an understanding of internal
d. material peso errors exist. control
2. tests of controls
15. The auditor is studying internal control policies and 3. tests of transactions
procedures within the sales, shipping, and billing subset 4. analytical procedures
of the revenue cycle. Which of the following conditions 5. tests of details of balances
suggests a need for additional testing of controls? a. 1, 2, and 3.
a. Internal control is found to be weak with regard to b. 3, 4, and 5.
shipping and billing. c. 2, 3, and 5.
b. Internal control over sales, billing, and shipping d. 2, 3, and 4.
appears strong, but 80% of sales revenue is
attributable to three major customers. Dual-purpose Test (TOC and TOD)
c. Internal control over billing and shipping is thought
to be strong and the auditor considers additional 22. Although the purpose of a test of controls is different
testing of selected controls will result in a major from the purpose of a test of details, both may be
reduction in substantive testing. accomplished concurrently by performing a test of
d. Internal control over the recording of sales is found controls and a test of details on the same transaction.
to be weak and the sales are evenly divided among This is known as
a large number of customers. a. Single-purpose test
b. Dual-purpose test
16. To obtain an understanding of the relevant policies and c. Triple-purpose test
procedures of internal control, the auditor performs all d. All-purpose test
of the following except:
a. Make inquiries. 23. Which of the following would be considered a “dual-
b. Make observations. purpose test” in an audit?
c. Inspect documents and records. a. Sending negative confirmations of receivables to
d. Design substantive tests. customers with small recorded balances and
positive confirmations to accounts with large
17. It is most appropriate that tests of controls be applied balances
to transactions and controls b. Vouching sales invoices for authorization and
a. at the balance sheet date. tracing the amount of each invoice to the sales
b. at each quarterly interim period. journal
c. for the entire period under audit. c. Comparing the amount determined according to the
d. at the beginning of the fiscal period. amortization method used by the client to the
amount reported in the financial statements
18. To obtain evidence about control risk, an auditor d. Reviewing the client’s inventory-taking instructions
ordinarily selects tests from a variety of techniques, and observing whether the instructions are followed
including:
a. Analysis 24. A dual-purpose test is designed and evaluated by
b. Confirmation considering each purpose of the test _________.
c. Reperformance a. Separately
d. Comparison b. As one
c. Oppositely
19. An auditor wishes to perform tests of controls on a d. Any of the above
client’s cash disbursements procedures. If the controls
leave no audit trail of documentary evidence, the 25. The objective of tests of details of transactions
auditor most likely will test the procedures by performed as tests of controls is to
a. confirmation and observation. a. Monitor the design and use of entity documents
b. analytical procedures and confirmation. such as prenumbered shipping forms.
c. observation and inquiry. b. Determine whether controls have been
d. inquiry and analytical procedures. implemented.
c. Detect material misstatements in the account
Substantive Test Procedures balances of the financial statements.
d. Evaluate whether controls operated effectively.
20. The main purpose of substantive procedures is to
a. Obtain an understanding of the entity and its End of AT.3211
environment, including its internal control, to
assess the risks of material misstatement at the
financial statement and assertion levels.
b. Test the operating effectiveness of controls in
preventing, or detecting and correcting, material
misstatement at the assertion level.
c. Detect material misstatements at the assertion
level.
d. All of the above

Page 5 of 5 www.teamprtc.com.ph AT.3211