Psa 200

chitchating and Assurance prototypes Council Philippine Standard on Auditing 330 (Redrafted) THE AUDITORS RESPONSES TO ASSESSED RISKS prostate peculiar(prenominal) antigen 330 (Redrafted) PHILIPPINE STANDARD ON AUDITING 330 (REDRAFTED) THE AUDITORS RESPONSES TO ASSESSED RISKS (Effective for take stocks of pecuniary didacticss for peaks fixed out on or after declination 15, 2009) CONTENTS Paragraph psychiatric hospital Scope of this prostate specific antigen.. Effective Date Objective.. Definitions RequirementsOver whole Responses. Audit Procedures antiphonal to the Assessed Risks of Material Misstatement at the avouchment take.. Adequacy of Presentation and revelation. Evaluating the Sufficiency and rightness of Audit differentiate Documentation.. 1 2 3 4 5 6-24 25 26-28 29-31 Application and Other explanatory Material Overall Responses. A1-A3 Audit Procedures reactive to the Assessed Risks of Material Misstatement the Assertion direct.A4-A54 Adequacy of Presen tation and Disclosure A55 Evaluating the Sufficiency and Appropriateness of Audit Evidence. A56-A58 Documentation.. A59 Acknowledgment Philippine Standard on Auditing (prostate specific antigen) 330 (Redrafted), The Auditors Responses to Assessed Risks should be read in the context of the Preface to the Philippine Standards on Quality Control, Auditing, Review, Other Assurance and Related Services, which sets out the authority of prostate specific antigens. 2 prostate specific antigen 330 (Redrafted) IntroductionScope of this prostate specific antigen 1. This Philippine Standard on Auditing (PSA) deals with the att intercepters responsibility to normal and carry through responses to the mentions of hooey misstatement get word and assessed by the meeter in accordance with PSA 315, Identifying and Assessing Risks of Material Misstatement Through Understanding the Entity and Its environs in a financial statement study. Effective Date 2. This PSA is sound for size ups of fi nancial statements for blocks beginning on or after December 15, 2009. Objective 3.The objective of the tender is to chance satisfactory allow for inspected scotched account indorse much or less the assessed essays of stuff and nonsense misstatement, through designing and implementing clutch responses to those fortunes. Definitions 4. For purposes of the PSAs, the quest terms surrender the meanings attri thated below (a) all important(p) bit An size up mental dish out intentional to detect material misstatements at the self- conviction take. Substantive occasions ap tiptop (i) Tests of exposit (of classes of minutes, account balances, and disclosures), and ii) Substantive uninflected surgical processs. (b) Test of hold ins An visit procedure designed to evaluate the operate potency of get overs in preventing, or signal undercover work and correcting, material misstatements at the assertion take. Requirements Overall Responses 5. The he be r shall design and implement overall responses to cover up the assessed attempt of exposures of material misstatement at the financial statement level. (Ref Para. A1-A3) 3 PSA 330 (Redrafted) Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level 6.The attendee shall design and complete set ahead size up procedures whose nature, clock, and terminus ar based on and be responsive to the assessed pretends of material misstatement at the assertion level. (Ref Para. A4-A8) 7. In designing the get on examine procedures to be doed, the attendee shall (a) contend the reasons for the judging given to the risk of material misstatement at the assertion level for individually class of legal proceeding, account balance, and disclosure, including (i) The likelihood of material misstatement due to the crabby characteristics of the applicable class of transactions, account balance, or disclosure (i. . , the inherent risk) and (ii) Whe ther the risk perspicacity takes account of germane(predicate) ascendencys (i. e. , the control risk), in that respectby requiring the meeter to get low ones skin scrutinise recite to patch up whether the controls ar mathematical operational efficaciously (i. e. , the he atomic number 18r intends to entrust on the direct enduringness of controls in ascertain the nature, clock and tip of indispensable procedures) and (Ref Para. A9-A18) (b) Obtain to a greater uttermost persuasive size up assure the higher the inspectors assessment of risk. (Ref Para. A19) Tests of Controls 8.The take stockor shall design and consummate campaigns of controls to fetch capable appropriate inspect say as to the in operation(p) intensity level of germane(predicate) controls when (a) The he arrs assessment of risks of material misstatement at the assertion level embroils an expectation that the controls ar in operation(p) effectively (i. e. , the scrutiniseor inten ds to believe on the operating speciality of controls in find out the nature, timing and extent of substantive procedures) or (b) Substantive procedures entirely nonify non digest sufficient appropriate examine try out at the assertion level. Ref Para. A20-A24) 9. In designing and playacting sieves of controls, the studyor shall fuck off more than(prenominal) persuasive visited account evince the greater the trustfulness the examineor places on the forte of a control. (Ref Para. A25) 4 PSA 330 (Redrafted) nature and Extent of Tests of Controls 10. In designing and action campaigns of controls, the listener shall (a) Perform separate take stock procedures in combination with dubiousness to throw study tell intimately the operating capabilityityity of the controls, including (i) How the controls were apply at relevant quantifys during the period under visit. ii) The consistency with which they were applied. (iii) By whom or by what direction the y were applied. (Ref Para. A26-29) (b) Determine whether the controls to be block outed regard upon opposite controls ( confirmatory controls), and if so, whether it is necessary to obtain scrutinize try out keep the effective operation of those indirect controls. (Ref Para. A3031) Timing of Tests of Controls 11. The analyzeor shall test controls for the special(a) time, or throughout the period, for which the studyor intends to rely on those controls, type to aragraphs 12 and 15 below, in order to extend an appropriate root word for the examineors intend reliance. (Ref Para. A32) Using study betoken obtained during an temporary period 12. When the analyzeor obtains audit show up intimately the operating effectiveness of controls during an retardation period, the auditor shall (a) Obtain audit establish about signifi hatfult changes to those controls subsequent to the impermanent period and (b) Determine the superfluous audit say to be obtained for the res t period. (Ref Para.A33-A34) Using audit secernate obtained in preceding audits 13. In determine whether it is appropriate to use audit separate about the operating effectiveness of controls obtained in preceding(prenominal) audits, and, if so, the length of the time period that whitethorn pass by before reexamination a control, the auditor shall read the following 5 PSA 330 (Redrafted) (a) The effectiveness of former(a)(a) elements of cozy control, including the control environment, the entitys monitor of controls, and the entitys risk assessment process b) The risks arising from the characteristics of the control, including whether it is manual(a) or automatise (c) The effectiveness of general IT-controls (d) The effectiveness of the control and its cover by the entity, including the nature and extent of deviations in the application of the control noned in earlier audits, and whether thither pay been personnel changes that authoritatively concern the application of the control (e) Whether the neediness of a change in a particular control poses a risk due to changing circumstances and f) The risks of material misstatement and the extent of reliance on the control. (Ref Para. A35) 14. If the auditor plans to use audit evidence from a previous audit about the operating effectiveness of specific controls, the auditor shall make up the continue relevance of that evidence by obtaining audit evidence about whether significant changes in those controls have pass offred subsequent to the previous audit. The auditor shall obtain this evidence by playacting examination unite with observation or inspection, to confirm the understanding of those specific controls, and a) If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor shall test the controls in the current audit. (Ref Para. A36) (b) If there have not been such(prenominal)(prenominal) changes, the auditor shall test the contr ols at least once in every tertiary audit, and shall test close to controls severally audit to avoid the possibility of exam all the controls on which the auditor intends to rely in a single audit period with no testing of controls in the subsequent two audit periods. (Ref Para. A37-39) Controls over significant risks 15.When the auditor plans to rely on controls over a risk the auditor has pertinacious to be a significant risk, the auditor shall test those controls in the current period. 6 PSA 330 (Redrafted) Evaluating the Operating strong point of Controls 16. When evaluating the operating effectiveness of relevant controls, the auditor shall evaluate whether misstatements that have been detect by substantive procedures foreshadow that controls are not operating effectively. The absence seizure of misstatements discover by substantive procedures, however, does not provide audit evidence that controls cerebrate to to the assertion being tested are effective. Ref Para. A4 0) 17. When deviations from controls upon which the auditor intends to rely are detected, the auditor shall make specific inquiries to understand these progenys and their potentiality consequences, and shall determine whether (a) The tests of controls that have been performed provide an appropriate basis for reliance on the controls (b) Additional tests of controls are necessary or (c) The potential risks of misstatement need to be addressed victimization substantive procedures. (Ref Para. A41) 18.The auditor shall evaluate whether, on the basis of the audit work performed, the auditor has identified a material weakness in the operating effectiveness of controls. 19. The auditor shall communicate material weaknesses in versed control identified during the audit on a well timed(p) basis to focusing at an appropriate level of responsibility and, as call for by PSA 260 (Revised), Communication with Those Charged with Governance, 1 with those supercharged with governance (unless all of those charged with governance are guided in managing the entity). Substantive Procedures 0. Irrespective of the assessed risks of material misstatement, the auditor shall design and perform substantive procedures for each material class of transactions, account balance, and disclosure. (Ref Para. A42-A47) Substantive Procedures Related to the monetary financial statement Closing Process 21. The auditors substantive procedures shall imply the following audit procedures related to the financial statement closing process (a) Agreeing or reconciling the financial statements with the underlying accountancy records and 1 just about off document approved May 2006. 7PSA 330 (Redrafted) (b) Examining material diary entries and other adjustments do during the course of preparing the financial statements. (Ref Para. A48) Substantive Procedures Responsive to portentous Risks 22. When the auditor has determined that an assessed risk of material misstatement at the assertion le vel is a significant risk, the auditor shall perform substantive procedures that are specifically responsive to that risk. When the come up to a significant risk consists barely of substantive procedures, those procedures shall embroil tests of expatiate. Ref Para. A49) Timing of Substantive Procedures 23. When substantive procedures are performed at an retardation project, the auditor shall cover the stay period by performing (a) Substantive procedures, combine with tests of controls for the intervening period or (b) If the auditor determines that it is sufficient, further substantive procedures totally, that provide a reasonable basis for extending the audit conclusions from the interim particular reckon to the period end. (Ref Para. A51-A53) 24.If misstatements that the auditor did not expect when assessing the risks of material misstatement are detected at an interim experience, the auditor shall evaluate whether the related assessment of risk and the mean nature, t iming, or extent of substantive procedures covering the be period need to be modified. (Ref Para. A54) Adequacy of Presentation and Disclosure 25. The auditor shall perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reportage framework. Ref Para. A55) Evaluating the Sufficiency and Appropriateness of Audit Evidence 26. Based on the audit procedures performed and the audit evidence obtained, the auditor shall evaluate before the conclusion of the audit whether the assessments of the risks of material misstatement at the assertion level remain appropriate. (Ref Para. A56-57) 27. The auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, the auditor shall consider all elevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements. (R ef Para. A58) 8 PSA 330 (Redrafted) 28. If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall enterprise to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or a disclaimer of opinion. Documentation 29. The auditor shall document a) The overall responses to address the assessed risks of material misstatement at the financial statement level, and the nature, timing, and extent of the further audit procedures performed (b) The linkage of those procedures with the assessed risks at the assertion level and (c) The topics of the audit procedures, including the conclusions where these are not otherwise hit. (Ref Para. A59) 30. If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in previous audits, the auditor shall document the conclusions reached about relyin g on such controls that were tested in a previous audit. 1. The auditors livelihood shall demonstrate that the financial statements agree or reconcile with the underlying accounting records. *** Application and Other Explanatory Material Overall Responses (Ref Para. 5) A1. Overall responses to address the assessed risks of material misstatement at the financial statement level whitethorn acknowledge Emphasizing to the audit team the need to maintain professional skepticism. assign more experienced staff or those with special skills or use experts. Providing more supervision. Incorporating additional elements of unpredict office in the selection of further audit procedures to be performed. 9 PSA 330 (Redrafted) A2. Making general changes to the nature, timing, or extent of audit procedures, for interpreter performing substantive procedures at the period end instead of at an interim date or modifying the nature of audit procedures to obtain more persuasive audit evidence. The assessment of the risks of material misstatement at the financial statement level, and thereby the auditors overall responses, is impact by the auditors understanding of the control environment.An effective control environment whitethorn allow the auditor to have more potency in internal control and the reliability of audit evidence generated internally within the entity and thus, for example, allow the auditor to conduct both(prenominal) audit procedures at an interim date sort of than at the period end. enervatednesses in the control environment, however, have the opposite effect for example, the auditor whitethorn respond to an inefficacious control environment by Obtaining more extensive audit evidence from substantive procedures. A3.Conducting more audit procedures as of the period end rather than at an interim date. Increasing the number of locations to be included in the audit scope. Such considerations, therefore, have a significant bearing on the auditors general rise, for example, an emphasis on substantive procedures (substantive approach), or an approach that uses tests of controls as well as substantive procedures (combined approach). Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level The Nature, Timing, and Extent of Further Audit Procedures (Ref Para. 6) A4.The auditors assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. For example, (as appropriate and notwithstanding the requirements of this PSA)2, the auditor whitethorn determine that (a) yet by performing tests of controls whitethorn the auditor achieve an effective response to the assessed risk of material misstatement for a particular assertion (b) playing provided substantive procedures is appropriate for particular assertions and, therefore, the auditor excludes the effect of controls from the relevant ri sk assessment.This whitethorn be because the auditors risk assessment procedures 2 For example, as required by split 20, irrespective of the approach selected, the auditor designs and performs substantive procedures for each significant class of transactions, account balance, and disclosure. 10 PSA 330 (Redrafted) have not identified any(prenominal) effective controls relevant to the assertion, or because testing controls would be inefficient and therefore the auditor does not intend to rely on the operating effectiveness of controls in find out the nature, timing and extent of substantive procedures or c) A combined approach using both tests of controls and substantive procedures is an effective approach. A5. The nature of an audit procedure refers to its purpose (i. e. , test of controls or substantive procedure) and its type (i. e. , inspection, observation, inquiry, confirmation, recalculation, re mathematical operation, or analytical procedure). The nature of the audit proce dures is of most importance in responding to the assessed risks. A6. Timing of an audit procedure refers to when it is performed, or the period or date to which the audit evidence applies.A7. Extent of an audit procedure refers to the quantity to be performed, for example, a specimen size or the number of observations of a control activity. A8. Designing and performing further audit procedures whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level provides a clear linkage between the auditors further audit procedures and the risk assessment. Responding to the Assessed Risks at the Assertion Level (Ref Para. 7(a)) NatureA9. The auditors assessed risks may affect both the types of audit procedures to be performed and their combination. For example, when an assessed risk is high, the auditor may confirm the completeness of the terms of a contract with the counterparty, in addition to inspecting the docum ent. Further, certain audit procedures may be more appropriate for some assertions than others. For example, in relation to revenue, tests of controls may be most responsive to the assessed risk of misstatement of the completeness ssertion, whereas substantive procedures may be most responsive to the assessed risk of misstatement of the occurrence assertion. A10. The reasons for the assessment given to a risk are relevant in determining the nature of audit procedures. For example, if an assessed risk is disgrace because of the particular characteristics of a class of transactions without consideration of the related controls, then the auditor may determine that substantive analytical procedures alone provide sufficient appropriate audit evidence.On the other hand, if the assessed risk is lower because of internal controls, and the auditor intends to base the substantive procedures on that low assessment, then the auditor performs tests of those controls, as required by paragraph 8 (a). This may be the case, for 11 PSA 330 (Redrafted) example, for a class of transactions of reasonably uniform, non-complex characteristics that are routinely processed and controlled by the entitys information arrangement. Timing A11.The auditor may perform tests of controls or substantive procedures at an interim date or at the period end. The higher the risk of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures nearer to, or at, the period end rather than at an earlier date, or to perform audit procedures unpredicted or at unpredictable times (for example, performing audit procedures at selected locations on an unannounced basis). This is particularly relevant when considering the response to the risks of fraud.For example, the auditor may conclude that, when the risks of intended misstatement or manipulation have been identified, audit procedures to extend audit conclusions from interim date to the period end would not be effective. A12. On the other hand, performing audit procedures before the period end may advert the auditor in identifying significant matters at an early stage of the audit, and hence resolving them with the assistance of management or developing an effective audit approach to address such matters. A13. In addition, certain audit procedures can be performed only at or after the period end, for example Examining adjustments made during the course of preparing the financial statements and A14. Agreeing the financial statements to the accounting records Procedures to respond to a risk that, at the period end, the entity may have entered into im beseeming gross gross revenue contracts, or transactions may not have been finalized. Further relevant factors that influence the auditors consideration of when to perform audit procedures include the following The control environment. When relevant information is available (for example, electronic files may subs equently be overwritten, or procedures to be observed may occur only at certain times). The nature of the risk (for example, if there is a risk of inflated revenues to meet earnings expectations by subsequent man of false sales agreements, 12 PSA 330 (Redrafted) the auditor may hankering to examine contracts available on the date of the period end). The period or date to which the audit evidence relates. Extent A15. The extent of an audit procedure judged necessary is determined after considering the materiality, the assessed risk, and the gradation of assurance the auditor plans to obtain.When a single purpose is met by a combination of procedures, the extent of each procedure is considered separately. In general, the extent of audit procedures increases as the risk of material misstatement increases. For example, in response to the assessed risk of material misstatement due to fraud, increasing have sizes or performing substantive analytical procedures at a more detailed leve l may be appropriate. However, increasing the extent of an audit procedure is effective only if the audit procedure itself is relevant to the specific risk.A16. The use of computer-assisted audit techniques (CAATs) may enable more extensive testing of electronic transactions and account files, which may be useful when the auditor decides to modify the extent of testing, for example, in responding to the risks of material misstatement due to fraud. Such techniques can be use to select sample transactions from key electronic files, to sort transactions with specific characteristics, or to test an entire commonwealth instead of a sample. Considerations specific to public arena entities A17.For the audits of public sector entities, the audit mandate and any other special auditing requirements may affect the auditors consideration of the nature, timing and extent of further audit procedures. Considerations specific to smaller entities A18. In the case of very small entities, there may not be many control activities that could be identified by the auditor, or the extent to which their existence or operation have been documented by the entity may be limited. In such cases, it may be more efficient for the auditor to perform further audit procedures that are in the first place substantive procedures.In some rare cases, however, the absence of control activities or of other components of control may make it impossible to obtain sufficient appropriate audit evidence. Higher Assessments of Risk (Ref Para 7(b)) A19. When obtaining more persuasive audit evidence because of a higher assessment of risk, the auditor may increase the quantity of the evidence, or obtain evidence that is more relevant or reliable, e. g. , by placing more emphasis on obtaining terzetto 13 PSA 330 (Redrafted) party evidence or by obtaining corroborating evidence from a number of independent sources.Tests of Controls Designing and Performing Tests of Controls (Ref Para. 8) A20. Tests of control s are performed only on those controls that the auditor has determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion. If substantially different controls were apply at different times during the period under audit, each is considered separately. A21. interrogation the operating effectiveness of controls is different from obtaining an understanding of and evaluating the design and implementation of controls.However, the analogous types of audit procedures are utilize. The auditor may, therefore, decide it is efficient to test the operating effectiveness of controls at the same time as evaluating their design and determining that they have been utilize. A22. Further, although some risk assessment procedures may not have been specifically designed as tests of controls, they may nevertheless provide audit evidence about the operating effectiveness of the controls and, consequently, serve as tests of controls. For example, the audit ors risk assessment procedures may have included prying about managements use of budgets. Observing managements comparison of monthly budgeted and actual expenses. Inspecting reports pertaining to the investigation of variances between budgeted and actual amounts. These audit procedures provide knowledge about the design of the entitys budgeting policies and whether they have been implemented, but may overly provide audit evidence about the effectiveness of the operation of budgeting policies in preventing or detecting material misstatements in the assortment of expenses. A23.In addition, the auditor may design a test of controls to be performed at the same time with a test of details on the same transaction. Although the purpose of a test of controls is different from the purpose of a test of details, both may be accomplished concurrently by performing a test of controls and a test of details on the same transaction, also cognize as a dual-purpose test. For example, the aud itor may design, and evaluate the results of, a test to examine an invoice to determine whether it has been approved and to provide substantive audit evidence of a 14 PSA 330 (Redrafted) ransaction. A dual-purpose test is designed and evaluated by considering each purpose of the test separately. A24. In some cases, as discussed in PSA 315, the auditor may find it impossible to design effective substantive procedures that by themselves provide sufficient appropriate audit evidence at the assertion level. This may occur when an entity conducts its business using IT and no sustentationing of transactions is produced or maintained, other than through the IT system. In such cases, paragraph 8(b) requires the auditor to perform tests of relevant controls.Audit Evidence and think Reliance (Ref Para. 9) A25. A higher level of assurance may be sought about the operating effectiveness of controls when the approach adopted consists primarily of tests of controls, in particular where it is n ot possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures. Nature and Extent of Tests of Controls Other audit procedures in combination with inquiry (Ref Para. 10(a)) A26. doubtfulness alone is not sufficient to test the operating effectiveness of controls.Accordingly, other audit procedures are performed in combination with inquiry. In this regard, inquiry combined with inspection or reperformance may provide more assurance than inquiry and observation, since an observation is pertinent only at the point in time at which it is made. A27. The nature of the particular control influences the type of procedure required to obtain audit evidence about whether the control was operating effectively. For example, if operating effectiveness is evidenced by documentation, the auditor may decide to inspect it to obtain audit evidence about operating effectiveness.For other controls, however, documentation may not be available or relevant. For example, documentation of operation may not exist for some factors in the control environment, such as assignment of authority and responsibility, or for some types of control activities, such as control activities performed by a computer. In such circumstances, audit evidence about operating effectiveness may be obtained through inquiry in combination with other audit procedures such as observation or the use of CAATs. Extent of tests of controls A28.When more persuasive audit evidence is needed regarding the effectiveness of a control, it may be appropriate to increase the extent of testing of the control. As well as the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the following 15 PSA 330 (Redrafted) The frequency of the performance of the control by the entity during the period. The length of time during the audit period that the auditor is relying on the operating effectiveness of the control. The expe cted rate of deviation from a control. The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control at the assertion level. The extent to which audit evidence is obtained from tests of other controls related to the assertion. PSA 530, Audit Sampling and Other Means of interrogation contains further centering on the extent of testing. A29. Because of the inherent consistency of IT processing, it may not be necessary to increase the extent of testing of an automated control.An automated control can be expected to function systematically unless the program (including the tables, files, or other permanent data used by the program) is changed. Once the auditor determines that an automated control is functioning as intended (which could be done at the time the control is initially implemented or at some other date), the auditor may consider performing tests to determine that the control continues to function effectively. Such tests might include determining that Changes to the program are not made without being subject to the appropriate program change controls, The authorized version of the program is used for processing transactions, and Other relevant general controls are effective. Such tests also might include determining that changes to the programs have not been made, as may be the case when the entity uses packaged software applications without modifying or maintaining them. For example, the auditor may inspect the record of the administration of IT security to obtain audit evidence that unauthorized access has not occurred during the period. Testing of indirect controls (Ref Para. 10(b))A30. In some circumstances, it may be necessary to obtain audit evidence supporting the effective operation of indirect controls. For example, when the auditor decides to test the effectiveness of a user review of exception reports detailing sales in bare of authorized credit limits, the user review and relat ed follow up is the control that is directly of relevance to the auditor. Controls over the accuracy of 16 PSA 330 (Redrafted) the information in the reports (for example, the general IT controls) are described as indirect controls. A31.Because of the inherent consistency of IT processing, audit evidence about the implementation of an automated application control, when considered in combination with audit evidence about the operating effectiveness of the entitys general controls (in particular, change controls), may also provide substantial audit evidence about its operating effectiveness. Timing of Tests of Controls think period of reliance (Ref Para. 11) A32. Audit evidence pertaining only to a point in time may be sufficient for the auditors purpose, for example, when testing controls over the entitys physical inventory counting at the period end.If, on the other hand, the auditor intends to rely on a control over a period, tests that are capable of providing audit evidence tha t the control operated effectively at relevant times during that period are appropriate. Such tests may include tests of the entitys monitoring of controls. Using audit evidence obtained during an interim period (Ref Para. 12) A33. Relevant factors in determining what additional audit evidence to obtain about controls that were operating during the period remaining after an interim period, include The specific controls that were tested during the interim period, and significant changes to them since they were tested, including changes in the information system, processes, and personnel. The degree to which audit evidence about the operating effectiveness of those controls was obtained. The length of the remaining period. The extent to which the auditor intends to reduce further substantive procedures based on the reliance of controls. A34. The significance of the assessed risks of material misstatement at the assertion level. The control environment.Additional audit evidence ma y be obtained, for example, by extending tests of controls over the remaining period or testing the entitys monitoring of controls. 17 PSA 330 (Redrafted) Using audit evidence obtained in previous audits (Ref Para. 13) A35. In certain circumstances, audit evidence obtained from previous audits may provide audit evidence where the auditor performs audit procedures to establish its continuing relevance. For example, in performing a previous audit, the auditor may have determined that an automated control was functioning as intended.The auditor may obtain audit evidence to determine whether changes to the automated control have been made that affect its continued effective functioning through, for example, inquiries of management and the inspection of logs to paint a picture what controls have been changed. Consideration of audit evidence about these changes may support either increasing or decreasing the expected audit evidence to be obtained in the current period about the operating effectiveness of the controls. Controls that have changed from previous audits (Ref Para. 4(a)) A36. Changes may affect the relevance of the audit evidence obtained in previous audits such that there may no prolonged be a basis for continued reliance. For example, changes in a system that enable an entity to receive a new report from the system in all probability do not affect the relevance of audit evidence from a previous audit however, a change that causes data to be compile or calculated differently does affect it. Controls that have not changed from previous audits (Ref Para. 14(b)) A37.The auditors decision on whether to rely on audit evidence obtained in previous audits for controls that (a) Have not changed since they were last tested and (b) Are not controls that mitigate a significant risk, is a matter of professional judgment. In addition, the length of time between retesting such controls is also a matter of professional judgment, but is required by paragraph 14(b) t o be at least once in every third year. A38. In general, the higher the risk of material misstatement, or the greater the reliance on controls, the shorter the time period elapsed, if any, is likely to be.Factors that may decrease the period for retesting a control, or result in not relying on audit evidence obtained in previous audits at all, include the following A weak control environment. Weak monitoring of controls. A significant manual element to the relevant controls. 18 PSA 330 (Redrafted) Changing circumstances that indicate the need for changes in the control. A39. Personnel changes that significantly affect the application of the control. Weak general IT-controls.When there are a number of controls for which the auditor intends to rely on audit evidence obtained in previous audits, testing some of those controls in each audit provides corroborating information about the continuing effectiveness of the control environment. This contributes to the auditors decision ab out whether it is appropriate to rely on audit evidence obtained in previous audits. Evaluating the Operating effectuality of Controls (Ref Para. 16-19) A40. A material misstatement detected by the auditors procedures may indicate the existence of a material weakness in internal control.A41. The concept of effectiveness of the operation of controls recognizes that some deviations in the way controls are applied by the entity may occur. Deviations from prescribed controls may be caused by such factors as changes in key personnel, significant seasonal fluctuations in volume of transactions and human error. The detected rate of deviation, in particular in comparison with the expected rate, may indicate that the control cannot be relied on to reduce risk at the assertion level to that assessed by the auditor.Substantive Procedures (Ref Para. 20) A42. Paragraph 20 requires the auditor to design and perform substantive procedures for each material class of transactions, account balance, a nd disclosure, irrespective of the assessed risks of material misstatement. This requirement reflects the facts that (i) the auditors assessment of risk is judgmental and so may not identify all risks of material misstatement and (ii) there are inherent limitations to internal control, including management override.Nature and Extent of Substantive Procedures A43. Depending on the circumstances, the auditor may determine that Performing only substantive analytical procedures will be sufficient to reduce audit risk to an acceptably low level. For example, where the auditors assessment of risk is supported by audit evidence from tests of controls. Only tests of details are appropriate. A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks. 19 PSA 330 (Redrafted) A44.Substantive analytical procedures are generally more applicable to large volumes of transactions that tend to be predictable over time. PSA 520, Analytical Proc edures establishes requirements and provides guidance on the application of analytical procedures during an audit. A45. The nature of the risk and assertion is relevant to the design of tests of details. For example, tests of details related to the existence or occurrence assertion may involve selecting from items contained in a financial statement amount and obtaining the relevant audit evidence.On the other hand, tests of details related to the completeness assertion may involve selecting from items that are expected to be included in the relevant financial statement amount and investigating whether they are included. A46. Because the assessment of the risk of material misstatement takes account of internal control, the extent of substantive procedures may need to be change magnitude when the results from tests of controls are unsatisfactory. However, increasing the extent of an audit procedure is appropriate only if the audit procedure itself is relevant to the specific risk. A4 7.In designing tests of details, the extent of testing is ordinarily thought of in terms of the sample size. However, other matters are also relevant, including whether it is more effective to use other selective means of testing. See PSA 530 for additional guidance. Substantive Procedures Related to the Financial Statement Closing Process (Ref Para. 21(b)) A48. The nature, and also the extent, of the auditors examination of journal entries and other adjustments depends on the nature and complexity of the entitys financial reporting process and the related risks of material misstatement.Substantive Procedures Responsive to Significant Risks (Ref Para. 22) A49. Paragraph 22 of this PSA requires the auditor to perform substantive procedures that are specifically responsive to risks the auditor has determined to be significant risks. For example, if the auditor identifies that management is under pressure to meet earnings expectations, there may be a risk that management is inflating sales by improperly recognizing revenue related to sales agreements with terms that preclude revenue recognition or by invoicing sales before shipment.In these circumstances, the auditor may, for example, design external confirmations not only to confirm outstanding amounts, but also to confirm the details of the sales agreements, including date, any rights of return and delivery terms. In addition, the auditor may find it effective to supplement such external confirmations with inquiries of non-financial personnel in the entity regarding any changes in sales agreements and delivery terms. Substantive procedures related to 20 PSA 330 (Redrafted) ignificant risks are most often designed to obtain audit evidence with high reliability. Timing of Substantive Procedures (Ref Para. 23-24) A50. In most cases, audit evidence from a previous audits substantive procedures provides little or no audit evidence for the current period. thither are, however, exceptions, e. g. , a effectual opini on obtained in a previous audit related to the complex body part of a securitization to which no changes have occurred, may be relevant in the current period.In such cases, it may be appropriate to use audit evidence from a previous audits substantive procedures if that evidence and the related subject matter have not fundamentally changed, and audit procedures have been performed during the current period to establish its continuing relevance. Using audit evidence obtained during an interim period (Ref Para. 23) A51. In some circumstances, the auditor may determine that it is effective to perform substantive procedures at an interim date, and to par and reconcile information concerning the balance at the period end with the same information at the interim date to a) Identify amounts that appear unusual, (b) check over any such amounts, and (c) Perform substantive analytical procedures or tests of details to test the intervening period. A52. Performing substantive procedures at an interim date without undertaking additional procedures at a later date increases the risk that the auditor will not detect misstatements that may exist at the period end. This risk increases as the remaining period is lengthened. Factors such as the following may influence whether to perform substantive procedures at an interim date The control environment and other relevant controls. The availability at a later date of information necessary for the auditors procedures. The purpose of the substantive procedure. The assessed risk of material misstatement. The nature of the class of transactions or account balance and related assertions. 21 PSA 330 (Redrafted) A53. The ability of the auditor to perform appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that may exist at the period end will not be detected.Factors such as the following may influence whether to perform substantive analytical procedures with respect to the period between the interim date and the period end Whether the period end balances of the particular classes of transactions or account balances are reasonably predictable with respect to amount, relative significance, and idea. Whether the entitys procedures for analyzing and adjusting such classes of transactions or account balances at interim dates and for establishing proper accounting cutoffs are appropriate. Whether the information system relevant to financial reporting will provide information concerning the balances at the period end and the transactions in the remaining period that is sufficient to permit investigation of (a) Significant unusual transactions or entries (including those at or near the period end), (b) Other causes of significant fluctuations, or expected fluctuations that did not occur, and (c) Changes in the composition of the classes of transactions or account balances.Misstatements detected at an interim date (Ref Para. 24) A54. When the auditor concludes that the planned nature, timing, or extent of substantive procedures covering the remaining period need to be modified as a result of unexpected misstatements detected at an interim date, such modification may include extending or repeating the procedures performed at the interim date at the period end. Adequacy of Presentation and Disclosure (Ref Para. 25) A55.Evaluating the overall presentation of the financial statements, including the related disclosures, relates to whether the individual financial statements are presented in a way of life that reflects the appropriate classification and description of financial information, and the form, arrangement, and content of the financial statements and their appended notes. This includes, for example, the voice communication 22 PSA 330 (Redrafted) used, the amount of detail given, the classification of items in the statements, and the bases of amounts set forth. Evaluat ing the Sufficiency and Appropriateness of Audit Evidence (Ref Para. 6-28) A56. An audit of financial statements is a cumulative and iterative process. As the auditor performs planned audit procedures, the audit evidence obtained may cause the auditor to modify the nature, timing, or extent of other planned audit procedures. Information may come to the auditors attention that differs significantly from the information on which the risk assessment was based. For example, The extent of misstatements that the auditor detects by performing substantive procedures may deepen the auditors judgment about the risk assessments and may indicate a material weakness in internal control. The auditor may become aware of discrepancies in accounting records, or conflicting or missing evidence. Analytical procedures performed at the overall review stage of the audit may indicate a previously unrecognized risk of material misstatement. In such circumstances, the auditor may need to reevaluate the p lanned audit procedures, based on the revised consideration of assessed risks for all or some of the classes of transactions, account balances, or disclosures and related assertions. PSA 315 contains further guidance on revising the auditors risk assessment. A57.The auditor cannot tangle with that an instance of fraud or error is an isolated occurrence. Therefore, the consideration of how the detection of a misstatement affects the assessed risks of material misstatement is important in determining whether the assessment form appropriate. A58. The auditors judgment as to what constitutes sufficient appropriate audit evidence is influenced by such factors as the following Significance of the potential misstatement in the assertion and the likelihood of its having a material effect, individually or aggregated with other potential misstatements, on the financial statements. Effectiveness of managements responses and controls to address the risks. Experience gained during previous a udits with respect to similar potential misstatements. Results of audit procedures performed, including whether such audit procedures identified specific instances of fraud or error. 23 PSA 330 (Redrafted) Source and reliability of the available information. Persuasiveness of the audit evidence. Understanding of the entity and its environment, including the entitys internal control. Documentation (Ref Para. 29) A59.The form and extent of audit documentation is a matter of professional judgment, and is influenced by the nature, size and complexity of the entity and its internal control, availability of information from the entity and the audit methodology and technology used in the audit. Acknowledgment This PSA is based on International Standard on Auditing 330 (Redrafted), The Auditors Responses to Assessed Risks, issued by the International Auditing and Assurance Standards Board. There are no significant differences between this PSA 330 (Redrafted) and ISA 330 (Redrafted). 4 P SA 330 (Redrafted) This PSA 330 (Redrafted), The Auditors Responses to Assessed Risks, was unanimously approved for adoption on January 29, 2007 by the members of the Auditing and Assurance Standards Council. Benjamin R. Punongbayan, Chairman Felicidad A. Abad Antonio P. Acyatan Erwin Vincent G. Alcala Froilan G. Ampil David L. Balangue Ma. Gracia Casals-Diaz Amorsonia B. Escarda Manuel O. Faustino Eliseo A. Fernandez Nestorio C. Roraldo Joaquin P. Tolentino Editha O. Tuason Jaime E. Ysmael 25