Performing Audit Procedures in Response to Assessed Risks ...

1 Performing Audit Procedures in Response to Assessed Risks357AU-C Section 330 Performing Audit Procedures in Response toAssessed Risks and Evaluating the AuditEvidence ObtainedSource: SAS No. 122; SAS No. 134; SAS No. 135; SAS No. for audits of financial statements for periods ending on orafter December 15, 2012, unless otherwise of This section addresses the auditor's responsibility to design and imple-ment responses to the Risks of material misstatement identified and assessedby the auditor in accordance with section 315,Understanding the Entity and ItsEnvironment and Assessing the Risks of Material Misstatement, and to evalu-ate the Audit evidence obtained in an Audit of financial statements. Section700,Forming an Opinion and Reporting on Financial Statements,andsection703,Forming an Opinion and Reporting on Financial Statements of EmployeeBenefit Plans Subject to ERISA, address the auditor's responsibility to form anopinion on the financial statements based on the evaluation of the Audit ev-idence obtained.

2 [As amended, effective for audits of financial statements forperiods ending on or after December 15, 2021, by SAS No. 136.]Effective section is effective for audits of financial statements for periodsending on or after December 15, objective of the auditor is to obtain sufficient appropriate auditevidence regarding the Assessed Risks of material misstatement through de-signing and implementing appropriate responses to those purposes of generally accepted auditing standards, the followingterms have the meanings attributed as follows:Substantive Audit procedure designed to detect ma-terial misstatements at the assertion level. Substantive proce-dures of details (classes of transactions, account balances,and disclosures) analytical Procedures . 2020, AICPAAU-C Assessment and Response to Assessed RisksTest of Audit procedure designed to evaluate the op-erating effectiveness of controls in preventing, or detecting andcorrecting, material misstatements at the assertion auditor should design and implement overall responses to addressthe Assessed Risks of material misstatement at the financial statement level.

3 (Ref: par..A1 .A3) Audit Procedures Responsive to the Assessed Risks of MaterialMisstatement at the Relevant Assertion auditor should design and perform further Audit Procedures whosenature, timing, and extent are based on, and are responsive to, the assessedrisks of material misstatement at the relevant assertion level. (Ref: par..A4 .A9).07In designing the further Audit Procedures to be performed, the the reasons for the Assessed risk of material misstate-ment at the relevant assertion level for each class of transactions,account balance, and disclosure, includingi. the likelihood of material misstatement due to the partic-ular characteristics of the relevant class of transactions,account balance, or disclosure (the inherent risk) andii. whether the risk assessment takes account of relevant con-trols (the control risk), thereby requiring the auditor to ob-tain Audit evidence to determine whether the controls areoperating effectively (that is, the auditor intends to rely onthe operating effectiveness of controls in determining thenature, timing, and extent of substantive Procedures ), and(Ref: par.)

4 A10 .A19) more persuasive Audit evidence the higher the auditor'sassessment of risk. (Ref: par..A20)Tests of auditor should design and perform tests of controls to obtain suf-ficient appropriate Audit evidence about the operating effectiveness of relevantcontrols auditor's assessment of Risks of material misstatement at therelevant assertion level includes an expectation that the controlsare operating effectively (that is, the auditor intends to rely onthe operating effectiveness of controls in determining the nature,timing, and extent of substantive Procedures ) Procedures alone cannot provide sufficient appropri-ate Audit evidence at the relevant assertion level. (Ref: par..A21 .A26).09In designing and Performing tests of controls, the auditor should obtainmore persuasive Audit evidence the greater the reliance the auditor places onthe effectiveness of a control.

5 (Ref: par..A27)AU-C 2020, AICPAP erforming Audit Procedures in Response to Assessed Risks359 Nature and Extent of Tests of designing and Performing tests of controls, the auditor other Audit Procedures in combination with inquiry to ob-tain Audit evidence about the operating effectiveness of the con-trols, includingi. how the controls were applied at relevant times during theperiod under Audit ;ii. the consistency with which they were applied; andiii. by whom or by what means they were applied, including,when applicable, whether the person Performing the con-trol possesses the necessary authority and competence toperform the control effectively, and (Ref: par..A28 .A32) whether the controls to be tested depend upon othercontrols (indirect controls) and, if so, whether it is necessary toobtain Audit evidence supporting the operating effectiveness ofthose indirect controls.

6 (Ref: par..A33 .A34)Timing of Tests of auditor should test controls for the particular time or throughoutthe period for which the auditor intends to rely on those controls, subject toparagraphs .12 and .15 that follow, in order to provide an appropriate basis forthe auditor's intended reliance. (Ref: par..A35)Using Audit Evidence Obtained During an Interim the auditor obtains Audit evidence about the operating effectivenessof controls during an interim period, the auditor Audit evidence about significant changes to those controlssubsequent to the interim period the additional Audit evidence to be obtained for theremaining period. (Ref: par..A36 .A37)Using Audit Evidence Obtained in Previous determining whether it is appropriate to use Audit evidence aboutthe operating effectiveness of controls obtained in previous audits and, if so, thelength of the time period that may elapse before retesting a control, the auditorshould effectiveness of other elements of internal control, includingthe control environment, the entity's monitoring of controls, andthe entity's risk assessment process; Risks arising from the characteristics of the control, includingwhether the control is manual or automated; effectiveness of general IT controls.

7 Effectiveness of the control and its application by the entity,including the nature and extent of deviations in the application ofthe control noted in previous audits and whether there have beenpersonnel changes that significantly affect the application of thecontrol; the lack of a change in a particular control poses a riskdue to changing circumstances; Risks of material misstatement and the extent of reliance onthe control. (Ref: par..A38) 2020, AICPAAU-C Assessment and Response to Assessed the auditor plans to use Audit evidence from a previous Audit aboutthe operating effectiveness of specific controls, the auditor should perform au-dit Procedures to establish the continuing relevance of that information to thecurrent Audit . The auditor should obtain this evidence by Performing inquiry,combined with observation or inspection, to confirm the understanding of thosespecific controls, there have been changes that affect the continuing relevanceof the Audit evidence from the previous Audit , the auditor shouldtest the controls in the current Audit .

8 (Ref: par..A39) there have not been such changes, the auditor should test thecontrols at least once in every third Audit and should test somecontrols during each Audit to avoid the possibility of testing allthe controls on which the auditor intends to rely in a single au-dit period with no testing of controls in the subsequent two auditperiods. (Ref: par..A40 .A42)Controls Over Significant the auditor plans to rely on controls over a risk the auditor has de-termined to be a significant risk,1the auditor should test the operating effec-tiveness of those controls in the current the Operating Effectiveness of evaluating the operating effectiveness of relevant controls, theauditor should evaluate whether misstatements that have been detected bysubstantive Procedures indicate that controls are not operating effectively.

9 Theabsence of misstatements detected by substantive Procedures , however, doesnot provide Audit evidence that controls related to the relevant assertion beingtested are effective. (Ref: par..A43).17If deviations from controls upon which the auditor intends to rely aredetected, the auditor should make specific inquiries to understand these mat-ters and their potential consequences and should determine tests of controls that have been performed provide an appro-priate basis for reliance on the controls, tests of controls are necessary, potential Risks of misstatement need to be addressed usingsubstantive Procedures . (Ref: par..A44)Substantive of the Assessed Risks of material misstatement, the auditorshould design and perform substantive Procedures for all relevant assertionsrelated to each material class of transactions, account balance, and disclosure.

10 (Ref: par..A45 .A50).19 The auditor should consider whether external confirmation proceduresare to be performed as substantive Audit Procedures . (Ref: par..A51 .A56).20 The auditor should use external confirmation Procedures for accountsreceivable, except when one or more of the following is applicable: (Ref: ) overall account balance is .28 .30 of section 315,Understanding the Entity and Its Environment and Assessingthe Risks of Material 2020, AICPAP erforming Audit Procedures in Response to Assessed confirmation Procedures for accounts receivable wouldbe ineffective. (Ref: par..A54 and .A56) auditor's Assessed level of risk of material misstatement atthe relevant assertion level is low, and the other planned substan-tive Procedures address the Assessed risk. In many situations, theuse of external confirmation Procedures for accounts receivableand the performance of other substantive Procedures are neces-sary to reduce the Assessed risk of material misstatement to anacceptably low Procedures Related to the Financial Statement Closing auditor's substantive Procedures should include Audit proceduresrelated to the financial statement closing process, such or reconciling information in the financial statementswith the underlying accounting records, including agreeing or rec-onciling information in disclosures, whether such information isobtained from within or outside of the general and subsidiaryledgers, material journal entries and other adjustments madeduring the course of preparing the financial statements.