• Risk Identification
  • Annotations
  • Audit Documentation and Identified Misstatements
  • Detailed Audit Response Instructions
  • Linking Procedures to Risk
  • Mini Risk Report
  • Risk Identification - Overview
  • Risk Reports - Overview
  • Understanding the Entity
  • Risk Dialog
  • Document menu
  • Adding an Identified Risk
  • Attaching a document reference to a business cycle
  • Copying Risks from within the File
  • Copying Risks from Another Client File
  • Creating Additional Risk Reports
  • Deleting risk in a risk report
  • Modifying Risk in a Risk Report
  • Gathering Information About the Entity
  • Importing Risks

Detailed Audit Response Instructions

The nature and extent of further audit procedures should be:

• Based on professional judgment.

• Responsive (linked) to the assessed risks by assertion.

To complete the detailed audit response, there are three steps:

1. Answer the six questions in the Detailed audit response considerations section, and determine the impact (if any) on the audit plan:

   1. Is this account balance material or potentially material?

   2. Are there assertions that cannot be addressed by substantive tests alone? If yes, tests of controls may be required.

   3. Are internal controls over related transaction streams/processes expected to be reliable? If yes, consider tests of controls.

   4. Are substantive analytical procedures available (such as on related transaction streams)? If yes, this could reduce need for other procedures.

   5. Does fraud risk (such as management override) need to be addressed? If yes, explain how. (Refer to Form 605)

   6. Are there “significant risks” to be addressed?

2. Complete the audit response table.

   1. Record the assessed level of risks at both the financial statement level and assertion level.

   2. Determine whether the assessed risks have changed from the previous period.

3. Determine the appropriate nature and extent (mix) of audit procedures to address each assertion.

   • Substantive procedures - basic – These address all relevant assertions and will be completed in most audits. In smaller entities and for low risk assertions, these basic procedures may well be all that is needed. However, for higher risk assertions and significant risks, additional procedures such as those outlined below will be required.

   • Substantive procedures - extended – These procedures are designed to respond to specific risk factors, such as management override. These procedures can include any type of procedure that does not fit elsewhere, such as expanded basic procedures, tailored procedures, judgmental sampling and extensive (i.e., 90% +) verification of balances.

   • Substantive analytical procedures – These procedures can be used to verify account balances (such as revenue) that can be predicted from using other reliable information. For example, if the company rented out two of its buildings at $20,000 a year each (as determined from the lease agreement), the total revenue received could be predicted as being $40,000. These procedures are not the same as comparing this year’s balance to last year. That would be a basic procedure included in item 1 above.

   • Tests of controls — Discovery sampling is often used for tests of controls. A sample as little as 30 items (drawn at random from the population) with no deviations being found can provide assurance that the controls operated effectively during the period. A sample of 60 items would allow for one deviation.

Use of Evidence Points

The point system outlined below is provided as a guide. It is not a substitute for the use of professional judgment.

For audits of medium- and larger-sized entities, a combined approach (e.g. a mix of tests of controls and substantive procedures) can be developed by use of evidence points. The suggested target level of points are:

1. 9 - 10 evidence points for a high risk assertion

2. 7 - 8 points for a moderate risk assertion

3. 4 - 6 for a low risk assertion

In arriving at the targeted level of points, various types of procedures could be used and various extents of testing. For example, the higher the level of risk reduction required, the larger the sample of controls or transactions/balances would be examined. Evidence points for tailored procedures will be based on professional judgment. As a starting point, completion of the substantive basic procedures could be awarded between 4 to 6 points. Suggested points (based on sample sizes and effectiveness of substantive analytical procedures) are outlined below:

This online help system applies to all CaseWare Audit, Review and Compilation products. Not all features are available in all products.