Beruflich Dokumente
Kultur Dokumente
Auditors must consider audit risk and must determine a materiality level for the financial statements taken as a whole." Auditors
also "must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of
material misstatement the risk of material misstatement has been assessed for major accounts, transaction streams and
disclosures, the auditor must develop an audit plan in which he or she documents the audit procedures that, when performed, are
In additional: The auditor is required to assess the risk of material misstatement (RMM) according to Audit Risk and Materiality in
Conducting an Audit. RMM is the auditor's combined assessment of inherent risk and control risk. Auditors are also required to
perform audit procedures to respond to assessed RMM. The auditor should obtain an understanding of the entity and its
environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial
statements whether due to fraud or error, and sufficient to design and perform further audit procedures
In my article have tried to clearly discuss how the auditor responds to the risk of material misstatement (RMM) in designing and
Overall Responses:
The auditor's overall responses to address the assessed risks of material misstatement at the financial statement level may include
emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence, assigning
more experienced staff or those with specialized skills or using specialists, providing more supervision, or incorporating additional
elements of unpredictability in the selection of further audit procedures to be performed. Additionally, the auditor may make general
changes to the nature, timing, or extent of further audit procedures as an overall response, for example, performing substantive
3. Using specialists.
The effectiveness of the control environment has a significant bearing on whether the auditor will employ a primarily substantive
approach or a combined approach that uses tests of controls as well as substantive procedures.
are free of material misstatement. Those further auditing procedures consist of either tests of controls or substantive procedures. In
designing further audit procedures, the auditor should consider such matters as:
• The nature of the specific controls used by the entity, in particular, whether they are manual or automated
• Whether the auditor expects to obtain audit evidence to determine if the entity's controls are effective in preventing or detecting
material misstatements.
The nature of the audit procedures is of most importance in responding to the assessed risks.
There should be a clear linkage between audit procedures and the risk of material misstatement at the relevant assertion level for
each class of transactions, account balance, and disclosure. The higher the auditor's assessment of risk, the more reliable and
relevant the
Evidence must be to satisfy the auditor's objectives. The higher the RMM, the more likely it is that the auditor will perform the
procedures at the end of period or at unpredictable or unannounced times. Certain procedures may only be performed at or after
The extent or quantity of audit procedures is determined by the auditor's judgment. The auditor should consider the assessed risk
And the degree of assurance desired. Generally, sampling is used to achieve audit objectives. Tests of controls should be
performed if controls are expected to be effective in preventing or detecting a material misstatement in a relevant assertion the
auditor should obtain evidence about how controls were applied at relevant times during the period under audit. If substantially
different controls were used at various times, the auditor should consider each time period separately.
Tests of controls may be designed to be performed concurrently with test of details. When performing these dual-purpose tests, the
auditor should consider how the outcome of the test of controls may affect the extent of substantive procedures to be performed.
A material misstatement that is detected by the auditors, but not identified by the entity, should be considered as at least a
significant deficiency. It may also be a strong indicator of a material weakness in internal controls that should be communicated to
management. When evidence about the operating effectiveness of controls is obtained during an interim period, consideration
should be given to what further evidence is needed for the remaining period. If the auditor plans to use audit evidence about the
The auditor should also increase the extent of testing of controls as the rate of expected deviation increases. In some instances the
expected rate of deviation may be too high to obtain evidence that will sufficiently reduce the control risk. Tests of controls would
then be inappropriate.
Once the auditor determines that automated controls are working effectively, the auditor should perform tests to determine that the
controls continue to work as intended, especially if changes are made to the program.
Nature:
The nature of further audit procedures refers to their purpose (tests of controls or substantive procedures) and their type, that is,
inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedures. The auditor should obtain
audit evidence about the accuracy and completeness of information produced by the entity's information system when that
Information is used in performing audit procedures. For example, if the auditor uses non-financial information or budget data
produced by the entity's information system in performing audit procedures, such as substantive analytical procedures or tests of
controls, the auditor should obtain audit evidence about the accuracy and completeness of such information
Timing:
Timing refers to when audit procedures are performed or the period or date to which the audit evidence applies. The higher the risk
of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures
nearer to, or to perform audit procedures unannounced or at unpredictable times. Certain audit procedures can be performed only
at or after period end, for example, agreeing the financial statements to the accounting records, or examining adjustments made
during the course of preparing the financial Statements. If there is a risk that the entity may have entered into improper sales
contracts or that transactions may not have been finalized at period end, the auditor should perform procedures to respond to that
specific risk.
ExtenT:
Extent refers to the quantity of a specific audit procedure to be performed, for example, the extent of an audit procedure is
determined by the judgment of the auditor after considering the tolerable misstatement, the assessed risk of material misstatement,
and the degree of assurance the auditor plans to obtain. An auditor may use techniques such as computer-assisted audit
techniques to enable him or her to extensively test electronic transactions and account files. Such techniques can be used to select
sample transactions from key electronic files, to identify transactions with specific characteristics, or to test an entire population
instead of a sample. This Statement regards the use of different audit procedures in combination as an aspect of the nature of
testing as discussed above. However, the auditor should consider whether the extent of testing is appropriate when performing
Controls:
The timing of tests of controls depends on the auditor's objective and the period of reliance on those controls. When the auditor
tests controls at a particular time, the auditor may obtain audit evidence that the controls operated effectively only at that time. The
auditor should test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls.
Audit evidence pertaining only to a point in time may be sufficient for the auditor's purpose,
Conclusion: The auditor's assessment of the identified risks at the relevant assertion level provides a basis for considering the
appropriate audit approach for designing and performing further audit procedures. In some cases, the auditor may determine that
performing only substantive procedures is appropriate for specific relevant assertions and risks. In those circumstances, the auditor
may exclude the effect of controls from the relevant risk assessment