THE AUDITOR’S PROCEDURES IN RESPONSE TO ASSESSED RISKS

GENERAL PROVISIONS

01. The purpose of this Vietnamese Standard on Auditing (VSA) is to establish standards and provide guidance on determining overall responses and designing and performing further audit procedures to respond to the assessed risks of material misstatement at the financial statement and assertion levels in a financial statement audit.

02. The auditor and the audit firm should obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures.

03. This VAS applies to audits of financial statements and also applies to audits of other financial information, and related services rendered by the audit firm.

The auditor and the audit firm should comply with this VSA in conducting an audit of financial statements.

It is expected that the audited (client) entity and users of the audit report should possess essential knowledge as to the objective and general principles set out in this VSA in working with the auditor and the audit firm and dealing with relations relevant to audited information.

04. The following is an overview of the requirements of this standard:

Overall responses: This section requires the auditor and the audit firm to determine overall responses to address risks of material misstatement at the financial statement level and provides guidance on the nature of those responses.

Audit procedures responsive to risks of material misstatement at the assertion level: This section requires the auditor to design and perform further audit procedures, including tests of the operating effectiveness of controls, when relevant or required, and substantive procedures, whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the assertion level. In addition, this section includes matters the auditor and the audit firm consider in determining the nature, timing, and extent of such audit procedures.

Evaluating the sufficiency and appropriateness of audit evidence obtained: This section requires the auditor to evaluate whether the risk assessment remains appropriate and to conclude whether sufficient appropriate audit evidence has been obtained.

Documentation: This section requires that the contents and documents in the audit documentation contain information relevant to assessed risk.

05. In order to reduce audit risk to an acceptably low level, the auditor and the audit firm should determine overall responses to assessed risks at the financial statement level, and should design and perform further audit procedures to respond to assessed risks at the assertion level. The overall responses and the nature, timing, and extent of the further audit procedures are matters for the professional judgment of the auditor. In addition to the requirements of this VSA, the auditor and the audit firm also comply with the requirements and guidance in VSA 240 Fraud and Error in responding to assessed risks of material misstatement due to fraud.

Overall Responses

06. The auditor should determine overall responses to address the risks of material misstatement at the financial statement level. Such responses may include emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence, assigning more experienced staff or those with special skills or using experts, providing more supervision, or incorporating additional elements of unpredictability in the selection of further audit procedures to be performed. Additionally, the auditor and the audit firm may make general changes to the nature, timing, or extent of audit procedures as an overall response, for example, performing substantive procedures at period end instead of at an interim date.

07. The assessment of the risks of material misstatement at the financial statement level is affected by the auditor’s understanding of the control environment. An effective control environment may allow the auditor to have more confidence in internal control and the reliability of audit evidence generated internally within the entity and thus, for example, allow the auditor to conduct some audit procedures at an interim date rather than at period end. If there are weaknesses in the control environment, the auditor ordinarily conducts more audit procedures as of the period end rather than at an interim date, seeks more extensive audit evidence from substantive procedures, modifies the nature of audit procedures to obtain more persuasive audit evidence, or increases the number of locations to be included in the audit scope.

08. Such considerations, therefore, have a significant bearing on the auditor’s general approach, for example, an emphasis on substantive procedures (substantive approach), or an approach that uses tests of controls as well as substantive procedures (combined approach).

Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level

09. The auditor and the audit firm should design and perform further audit procedures whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the assertion level. The purpose is to provide a clear linkage between the nature, timing, and extent of the auditor’s further audit procedures and the risk assessment. In designing further audit procedures, the auditor and the audit firm consider such matters as the following:

a)The significance of the risk;

b) The likelihood that a material misstatement will occur;

c)The characteristics of the class of transactions, account balance, or disclosure involved;

d) The nature of the specific controls used by the entity and in particular whether they are manual or automated; and

e)Whether the auditor expects to obtain audit evidence to determine if the entity’s controls are effective in preventing, or detecting and correcting, material misstatements.

10. The auditor’s assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. In some cases, the auditor may determine that only by performing tests of controls may the auditor achieve an effective response to the assessed risk of material misstatement for a particular assertion. In other cases, the auditor may determine that performing only substantive procedures is appropriate for specific assertions and, therefore, the auditor excludes the effect of controls from the relevant risk assessment. This may be because the auditor’s risk assessment procedures have not identified any effective controls relevant to the assertion, or because testing the operating effectiveness of controls would be inefficient. However, the auditor needs to be satisfied that performing only substantive procedures for the relevant assertion would be effective in reducing the risk of material misstatement to an acceptably low level. Often the auditor may determine that a combined approach using both tests of the operating effectiveness of controls and substantive procedures is an effective approach. Irrespective of the approach selected, the auditor designs and performs substantive procedures for each material class of transactions, account balance, and disclosure as required by paragraph 51.

11. In the case of very small entities, there may not be many control activities that could be identified by the auditor. For this reason, the auditor’s further audit procedures are likely to be primarily substantive procedures. In such cases, in addition to the matters referred to in paragraph 10 above, the auditor and the audit firm consider whether in the absence of controls it is possible to obtain sufficient appropriate audit evidence.