Chapter 6: Overview of Test of controls, substantive procedures, and

sampling
Introduction
Recall:
- An auditor will develop an audit strategy based on their inherent
and control risk assessment
- Strategy will help determine the extent of tests of controls and
substantive procedures to be undertaken by the audit team
- Once strategy is developed, audit program is written detailing
the nature, timing and extent of audit procedures to be
conducted by audit staff.
6.1 Tests of Controls and Substantive Procedures
Audit Strategy: sets the scope, timing and direction of the audit and
provides a basis for developing a detailed audit plan
- Audit plan includes the audit procedures to be used when testing
controls and when conducting detailed substantive audit
procedures.
- Gain a minimum knowledge of the clients system of
internal control, conduct limited or no tests of controls
(controls testing) and conduct extensive detailed
substantive procedures.
Substantive Audit Procedures
- Auditor plans to get a minimum knowledge of the clients control
and conducts extensive substantive procedures that involve
intensive testing of year end account balance and transactions
from throughout the year
- When control risk is assessed as high (there are no tests of
control within the organization)
If control risk is medium to low
- Combined audit strategy
- Audit strategy is to gain a detailed understanding of the clients
system of internal controls, conduct extensive tests of controls,
and if those controls prove effective, then conduct less detailed
substantive procedures.
6.1.1 Test of Controls
- Auditor is interested in assessing the effectiveness of internal
controls identified when gaining an understanding of the clients
system of internal controls during the planning stage of the audit
- Auditor has to test the controls to check their effectiveness
before concluding whether the control risk is high or low.

If controls are effective> reduce reliance on detailed substantive

procedures
Ineffective > auditor assesses control risk as higher and
increases reliance on detailed substantive procedures
Test of controls are conducted to make sure controls operative
effectively, meaning the rate of deviation from prescribed control
procedures are minimized and controls effectively prevent and
detect material misstatements.
o Also make sure they operate consistently throughout the
accounting period.
Control testing procedures include:
o Inspection of documents for evidence of authorization
o Inspection of documents for evidence that details included
have been checked by appropriate client personnel
o Observation of client personnel performing various tasks,
such as opening mail and conducting a inventory count
o Enquiry of client personnel about how they perform their
tasks
o Re-performing control procedures to test their
effectiveness

6.1.2 Substantive Procedures

1. Substantive tests of transactions
2. Substantive tests of balances
3. Analytical Procedures
Audit Risk
Low

Inherent Risk
Low

Control Risk
Low

Detection Risk
High

Reduce level of substantive procedures

Rely on clients internal control procedures to prevent and detect
material misstatements
Auditor can rely more on analytical procedures (more effective than
substantive testing of details) and place a greater reliance on clients
accounting records.
Audit Risk
Inherent Risk
Control Risk
Detection Risk
High
High
High
Low
Predominantly substantive approach to testing
Audit risk = risk that an auditor expresses an inappropriate audit
opinion when f/s are materially misstated.
Auditor will not rely too heavily on analytical procedures and will
instead conduct more time consuming and costly substantive testing of
transactions and balances.

Substantive Procedures/ Substantive Testing/ Test of Details

Make sure transactions have
1. Occurrence search for evidence that recorded transactions
occurred and relate to client
2. Completeness all transaction has been recorded
3. Accuracy All transactions have been recorded at appropriate
carrying amounts
4. Cut off All transactions have been recorded in the correct
accounting period
5. Classification All transactions have been recorded in the correct
accounts.
Also test for
1. Existence assets liabilities and equity actually exist
2. Valuation and allocation recorded at the right valuation amount
3. Completeness everything is recorded
4. Rights and obligations amounts recorded display what is owed
by the client to third parties
Example Analytical Procedures
Estimate depreciation expense by multiplying average
depreciation rate by asset balance (accuracy assertion)
Compare inventory balances for this year and last year
(existence, completeness and valuation and allocation
assertions)
6.2 Nature, Timing and Extent of Audit Testing
Vary depending on the audit strategy adopted and the type of testing
relied upon
Nature of audit testing Purpose of the test (whether it is to test
controls, transactions, or balances) and the procedure used
(inspection, observation, enquiry, confirmation, recalculation, reperformance or analytical procedures)
Test of control concerned with providing evidence that internal control
exists and is effective
Nature: re-perform certain procedures, inspect documents for evidence
of procedures carried out by client personnel, and observe client
personnel performing control procedures
Controls can be tested by trying to trip them up- transcations including
valid and invalid data. Transactions can be created by an auditor to
test controls embedded in a clients computer programs (application
controls) Valid data are traced to ensure that appropriate accounts are

updated when the transcations are processed. If clients internal

controls are effective, invalid data should be identified and rejected by
the program.
The lower the risk of material misstatement and the more effective the
controls, the more reliance is placed on more efficient, less costly,
analytical procedures.
Timing of Audit Testing- the stage of the audit when procedures are
performed and the date that the audit evidence relates to
Interim stage: initial visit to a client (before year end) where planning
takes place
- Begin tests of controls
- Substantive tests of controls (which also happen throughout the
year) can also begin the interim audit
Low risks accounts
- Conduct more risk during interim audit
- If auditor concludes that the risk of material misstatement
matches their initial low, then detection risk will be set as high to
medium and less reliance will be placed on detailed substantive
testing.
- If auditor concludes that control is higher than initial estimate,
then auditor will increase reliance on substantive testing at yearend.
High Risk accounts
- Timing of most audit procedures will be at or after year end
- Auditor will spend most time conducting detailed substantive
tests of those account balances
- Analytical procedures may be used to aid in the identification of
these accounts most at risk of material misstatement
Some assertions (such as cut off) can only be conducted on
transactions around year-end
Some audit procedures (test of controls and substantive tests of
transactions) are conducted throughout accounting period
But substantive test of account balances >done at the year end
Extent of Audit Testing - the amount of audit evidence gathered
when testing controls and conducting detailed substantive procedures.
Control risk> LOW>Increase reliance on test of controls>decrease
reliance on substantive testing of transactions and account
balances>increase extent of their testing of controls to gain evidence
that their clients system of internal controls is effect in preventing and
detecting material misstatements.

If extensive testing confirms auditors belief that clients system of

internal controls is effective, auditor will reduce the extent of
substantive testing of transactions/balances/ increase extent of their
reliance on more efficient analytical procedures.
Control Risk>High>little/no tests of controls> Increase reliance on
substantive testing of transactions and account balances.