UL Refresher Course in Accountancy

Auditing – Module 2.3.1

PSA 330
THE AUDITOR’S RESPONSES TO ASSESSED RISKS

FOCUS NOTES
 In order to reduce audit risk to an acceptably low level, the auditor should:
a. determine overall responses to assessed risks at the financial statement level
b. should design and perform further audit procedures to respond to assessed risks at the assertion level.
 These matters are for the professional judgment of the auditor.
 Overall Responses
Examples:
 emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating
audit evidence
 assigning more experienced staff or those with special skills or using experts
 providing more supervision
 incorporating additional elements of unpredictability in the selection of further audit procedures to be
performed.
 conducting some audit procedures at an interim date rather than at period end if control environment is
effective
 if there are weaknesses in the control environment, the auditor ordinarily
a. conducts more audit procedures as of the period end rather than at an interim date
b. seeks more extensive audit evidence from substantive procedures
c. modifies the nature of audit procedures to obtain more persuasive audit evidence
 Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level
 The auditor should design and perform further audit procedures whose nature, timing, and extent are
responsive to the assessed risks of material misstatement at the assertion level.
 The purpose is to provide a clear linkage between the nature, timing, and extent of the auditor’s further
audit procedures and the risk assessment.
 In designing further audit procedures, the auditor considers such matters as the following:
a. The significance of the risk.
b. The likelihood that a material misstatement will occur.
c. The characteristics of the class of transactions, account balance, or disclosure involved.
d. The nature of the specific controls used by the entity and in particular whether they are manual or
automated.
e. Whether the auditor expects to obtain audit evidence to determine if the entity’s controls are
effective in preventing, or detecting and correcting, material misstatements.
 The nature of the audit procedures is of most importance in responding to the assessed risks.
 The auditor’s assessment of the identified risks at the assertion level provides a basis for considering
the appropriate audit approach for designing and performing further audit procedures.
 Considering the Nature, Timing, and Extent of Further Audit Procedures
a. Nature
 The nature of further audit procedures refers to their purpose (tests of controls or substantive
procedures) and their type, that is, inspection, observation, inquiry, confirmation, recalculation,
reperformance, or analytical procedures.
 The auditor’s selection of audit procedures is based on the assessment of risk.
 The higher the auditor’s assessment of risk, the more reliable and relevant is the audit evidence
sought by the auditor from substantive procedures. This
b. Timing
 Timing refers to when audit procedures are performed or the period or date to which the audit
evidence applies.
 The auditor may perform tests of controls or substantive procedures at an interim date or at period
end.
 The higher the risk of material misstatement, the more likely it is that the auditor may decide it is
more effective to perform
 substantive procedures nearer to, or at, the period end rather than at an earlier date, or to perform
audit procedures unannounced or at unpredictable times
 In considering when to perform audit procedures, the auditor also considers such matters as the
following:
1. The control environment.
2. When relevant information is available (for example, electronic files may subsequently be
overwritten, or procedures to be observed may occur only at certain times).

1
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

3. The nature of the risk (for example, if there is a risk of inflated revenues to meet earnings
expectations by subsequent creation of false sales agreements, the auditor may wish to examine
contracts available on the date of the period end).
4. The period or date to which the audit evidence relates.
 Certain audit procedures can be performed only at or after period end, for example, agreeing the
financial statements to the accounting records and examining adjustments made during the course
of preparing the financial statements.
c. Extent
 Extent includes the quantity of a specific audit procedure to be performed, for example, a sample
size or the number of observations of a control activity.
 The extent of an audit procedure is determined by the judgment of the auditor after considering the
materiality, the assessed risk, and the degree of assurance the auditor plans to obtain.
 In particular, the auditor ordinarily increases the extent of audit procedures as the risk of material
misstatement increases.
 However, increasing the extent of an audit procedure is effective only if the audit procedure itself is
relevant to the specific risk; therefore, the nature of the audit procedure is the most important
consideration.
 Tests of Controls
 The auditor is required to perform tests of controls
a. when the auditor’s risk assessment includes an expectation of the operating effectiveness of controls
or
b. when substantive procedures alone do not provide sufficient appropriate audit evidence at the
assertion level.
 Nature of Tests of Controls
a. Inquiry
b. Inspection
c. Observation
d. Re-performance
 Timing of Tests of Controls
a. When the auditor obtains audit evidence about the operating effectiveness of controls during an
interim period, the auditor should determine what additional audit evidence should be obtained for
the remaining period.
b. If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in
prior audits, the auditor should obtain audit evidence about whether changes in those specific
controls have occurred subsequent to the prior audit. The auditor should obtain audit evidence
about whether such changes have occurred by performing inquiry in combination with observation
or inspection to confirm the understanding of those specific controls.
c. If the auditor plans to rely on controls that have changed since they were last tested, the auditor
should test the operating effectiveness of such controls in the current audit.
d. If the auditor plans to rely on controls that have not changed since they were last tested, the auditor
should test the operating effectiveness of such controls at least once in every third audit.
e. When there are a number of controls for which the auditor determines that it is appropriate to use
audit evidence obtained in prior audits, the auditor should test the operating effectiveness of some
controls each audit.
f. When the auditor has determined that an assessed risk of material misstatement at the assertion
level is a significant risk and the auditor plans to rely on the operating effectiveness of controls
intended to mitigate that significant risk, the auditor should obtain the audit evidence about the
operating effectiveness of those controls from tests of controls performed in the current period.
 Extent of Tests of Controls
a. Matters the auditor may consider in determining the extent of the auditor’s tests of controls include
the following:
1. The frequency of the performance of the control by the entity during the period.
2. The length of time during the audit period that the auditor is relying on the operating
effectiveness of the control.
3. The relevance and reliability of the audit evidence to be obtained in supporting that the control
prevents, or detects and corrects, material misstatements at the assertion level.
4. The extent to which audit evidence is obtained from tests of other controls related to the
assertion.
5. The extent to which the auditor plans to rely on the operating effectiveness of the control in the
assessment of risk (and thereby reduce substantive procedures based on the reliance of such
control).
2
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

6. The expected deviation from the control.

b. The more the auditor relies on the operating effectiveness of controls in the assessment of risk, the
greater is the extent of the auditor’s tests of controls.
 Substantive Procedures
 Substantive procedures are performed in order to detect material misstatements at the assertion level,
and include:
a. tests of details of classes of transactions, account balances, and disclosures
b. analytical procedures.
 Irrespective of the assessed risk of material misstatement, the auditor should design and perform
substantive procedures for each material class of transactions, account balance, and disclosure.
 The auditor’s substantive procedures should include the following audit procedures related to the
financial statement closing process:
a. Agreeing or reconciling the financial statements with the underlying accounting records; and
b. Examining material journal entries and other adjustments made during the course of preparing the
financial statements.
 When the auditor has determined that an assessed risk of material misstatement at the assertion level is
a significant risk, the auditor should perform substantive procedures that are specifically responsive to
that risk.
 Nature of Substantive Procedures
a. Substantive analytical procedures are generally more applicable to large volumes of transactions
that tend to be predictable over time.
b. Tests of details are ordinarily more appropriate to obtain audit evidence regarding certain
assertions about account balances, including existence and valuation.
 Timing of Substantive Procedures
a. When substantive procedures are performed at an interim date, the auditor should perform further
substantive procedures or substantive procedures combined with tests of controls to cover the
remaining period that provide a reasonable basis for extending the audit conclusions from the
interim date to the period end.
 Extent of the Performance of Substantive Procedures
a. The greater the risk of material misstatement, the greater the extent of substantive procedures.
b. Because the risk of material misstatement takes account of internal control, the extent of substantive
procedures may be increased as a result of unsatisfactory results from tests of the operating
effectiveness of controls.
 Adequacy of Presentation and Disclosure
 The auditor should perform audit procedures to evaluate whether the overall presentation of the
financial statements, including the related disclosures, are in accordance with the applicable financial
reporting framework.
 Evaluating the Sufficiency and Appropriateness of Audit Evidence Obtained
 Based on the audit procedures performed and the audit evidence obtained, the auditor should evaluate
whether the assessments of the risks of material misstatement at the assertion level remain
appropriate.
 The auditor should conclude whether sufficient appropriate audit evidence has been obtained to reduce
to an acceptably low level the risk of material misstatement in the financial statements.
 The sufficiency and appropriateness of audit evidence to support the auditor’s conclusions throughout
the audit are a matter of professional judgment. The auditor’s judgment as to what constitutes sufficient
appropriate audit evidence is influenced by such factors as the following:
a. Significance of the potential misstatement in the assertion and the likelihood of its having a material
effect, individually or aggregated with other potential misstatements, on the financial statements.
b. Effectiveness of management’s responses and controls to address the risks.
c. Experience gained during previous audits with respect to similar potential misstatements.
d. Results of audit procedures performed, including whether such audit procedures identified specific
instances of fraud or error.
e. Source and reliability of the available information.
f. Persuasiveness of the audit evidence.
g. Understanding of the entity and its environment, including its internal control.
 If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement
assertion, the auditor should attempt to obtain further audit evidence. If the auditor is unable to obtain
sufficient appropriate audit evidence, the auditor should express a qualified opinion or a disclaimer of
opinion.
 Documentation
 The auditor should document
3
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

a. the overall responses to address the assessed risks of material misstatement at the financial
statement level
b. the nature, timing, and extent of the further audit procedures
c. the linkage of those procedures with the assessed risks at the assertion level
d. the results of the audit procedures
e. if the auditor plans to use audit evidence about the operating effectiveness of controls obtained in
f. prior audits, the auditor should document the conclusions reached with regard to relying on such
controls that were tested in a prior audit.
 The auditor’s documentation should demonstrate that the financial statements agree or reconcile with
the underlying accounting records.

Multiple Choice: (This will serve as assessment. Refer to the google answer sheet.)

1. Which of the following auditor’s response to weaknesses in internal control is incorrect?

a. conduct more audit procedures as of period end rather than at interim date
b. seek more extensive audit evidence from substantive procedures
c. obtain more persuasive audit evidence
d. decrease sample size

2. The objective of tests of controls is:

a. to assess inherent risk.
b. to detect material misstatement at the assertion level.
c. to evaluate whether a control operated effectively.
d. to determine whether relevant controls exist and are implemented.

3. Which of the following is achieved by performing risk assessment procedures?

a. that a material misstatement exists.
b. that a control operated effectively.
c. that a relevant control exists and is used.
d. that a financial statement is free of material errors or fraud.

4. To obtain evidence about the operating effectiveness of internal control, an auditor may perform the
following, EXCEPT:
a. inquiry
b. observation
c. inspection
d. reperformance
e. analytical procedures

5. Procedures to obtain understanding of the entity and its environment, including its internal control.
a. Risk assessment procedures
b. Tests of controls
c. Substantive procedures
d. Analytical procedures

6. Procedures performed to detect material misstatement at the assertion level.

a. Risk assessment procedures
b. Tests of controls
c. Substantive procedures
d. Analytical procedures

7. Generally, substantive analytical procedures are more applicable to:

a. large volumes of transactions that tend to be predictable over time.
b. Obtain evidence regarding assertions about account balances including existence and valuation.
c. Test transactions that leave no audit trail.
d. All of the above.

8. In performing substantive procedures related to existence or occurrence assertion, the auditor’s direction of
testing is:
a. From items contained in the financial statement and obtains the relevant audit evidence.
b. From audit evidence to financial statement.
4
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

c. None of the above.

d. All of the above.

9. Significant deficiencies in the design or operation of the internal control structure that come to the attention
of the auditor are known as:
a. Control risks c. Reportable conditions
b. Tests of controls d. None of the above

10. An auditor’s test of transaction processing whereby the auditor is evaluating both the operation and
effectiveness of controls and the correctness and completeness of processing and posting to an account
balance is
a. A test of controls
b. A substantive test d. An analytical review procedure
c. A dual purpose test e. None of the above

11. Which of the following audit tests would be a test of controls?

a. Tests of the specific items making up the balance in a financial statement account.
b. Comparing inventory prices to vendors' invoices.
c. Comparing signatures on canceled checks to board of directors' authorizations.
d. Tests of the additions to property, plant, and equipment by physical inspections.

12. Evidence about segregation of duties is best obtained by

a. Inspecting documents that contain the initials of who performed control activities.
b. Direct personal observation of employees who perform control activities.
c. Preparing a flowchart of who performs the duties.
d. Making inquiries of coworkers about the employee who performs the duties.

13. An auditor's flowchart of a client's internal controls is a diagram depicting the auditor's
a. Understanding of the internal controls.
b. Program for tests of controls.
c. Documentation of having considered the internal controls.
d. Understanding of the types of irregularities that are probable.

14. Proper segregation of functional responsibilities calls for separation of the functions of
a. Authorization, execution, and recording.
b. Authorization, execution, and payment.
c. Custody, execution, and reporting.
d. Authorization, payment, and recording.

15. In an auditor's consideration of internal control, the completion of a questionnaire is most closely associated
with which of the following?
a. Separation of duties.
b. Flowchart accuracy.
c. Understanding the system.
d. Tests of controls.

16. Which of the following procedures is essential to determining whether necessary control activities were
prescribed and are being followed?
a. Developing questionnaires and checklists.
b. Evaluating the entity's procedures for risk assessment.
c. Documenting and testing controls.
d. Observing employees and making inquiries.

17. The ultimate purpose of assessing control risk is to contribute to the auditor’s evaluation of the
a. Factors that raise doubts about the auditability of the financial statements
b. Operating effectiveness of internal control policies and procedures
c. Risk that material misstatements exist in the financial statements
d. Possibility that the nature and extent of substantive tests may be reduced

18. Assessing control risk at below the maximum most likely would involve:

5
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

a. Changing the timing of substantive test by omitting interim – date testing and performing the tests at year
end
b. Identifying specific internal control structure policies and procedures relevant to specific assertions
c. Performing more extensive substantive tests with larger sample sizes than originally planned
d. Reducing inherent risk for most of the assertions relevant to significant account balances

19. The risk that an auditor will conclude, based on substantive tests, that a material errors does not exist in an
account balance when, in fact, such error does exist is referred to as
a. Sampling risk
b. Detection risk
c. Nonsampling risk
d. Inherent risk

20. Inherent risk and control risk differ from detection risk in that they
a. Arise from the misapplication of auditing procedures
b. May be assessed in either quantitative or nonquantitative terms
c. Exist independently of the financial statement audit
d. Can be changed at the auditor’s discretion

21. Management’s attitude toward aggressive financial reporting and its emphasis on meeting projected profit
goals most likely would significantly influence and entity’s control environment when
a. The audit committee is active in overseeing the entity’s finical reporting policies
b. External policies established by parties outside the entity affect its accounting practices
c. Management is dominated by one individual, who is also shareholder
d. Internal auditors have direct access to the board of directors and entity management

22. Which of the following circumstances most likely would cause an auditor to consider whether material
misstatement exists in an entity’s financial statements?
a. Management places little emphasis on meeting earning projections
b. The board of directors makes all major financing decisions
c. Reportable conditions previously communicated to management are not corrected
d. Transactions selected for testing are not supported by proper documentation

23. Which of the following characteristics most likely would heighten an auditor’s concern about the risk of
intentional manipulation of financial statements?
a. Turnover of senior accounting personnel is low
b. Insider’s recently purchased additional shares of the entity’s stock
c. Management places substantial emphasis on meeting earnings projections
d. The rate of change in the entity’s industry is low

24. Management philosophy and operating style most likely would have a significant influence on an entity’s
control environment when
a. The internal auditor reports directly to management
b. Management is dominated by one individual
c. Accurate management job descriptions delineate specific duties
d. The audit committee actively oversees the financial reporting process

25. When an auditor increases the assessed level of control risk because certain control procedures were
determined to be ineffective, the auditor would most likely increase the
a. Extents of tests control
b. Level of detection risk
c. Extent of tests of details
d. Level of inherent risk

26. An auditor uses the assessed level of control risk to

a. Evaluate the effectiveness of the entity’s internal control policies and procedures
b. Identify transactions and account balance where inherent risk is at the maximum
c. Indicate whether materiality thresholds for planning and evaluation purposes are sufficiently high
d. Determine the acceptable level of detection risk for financial statements assertions

6
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

27. On the basis of audit evidence gathered and evaluated, an auditor decides to increase the level of control risk
from that originally planned. To achieve an overall audit risk level that is substantially the same as the
planned audit risk level, the auditor would
a. Decrease substantive testing
b. Decrease detection risk
c. Increase inherent risk
d. Increase materiality level

28. The acceptable of level of detection risk is inversely related to the

a. Assurance provided by substantive tests
b. Risk of misapplying auditing procedures
c. Preliminary judgment about materiality levels
d. Risk of failing to discover material misstatement

29. As the acceptable level of detection risk decreases, an auditor may

a. Reduce substantive testing by relying on the assessments of inherent risk and control risk
b. Postponed the planned timing and substantive tests from interim dates to the year end
c. Eliminate the assessed level of inherent risk from consideration as a planning factor
d. Lower the assessed level of control risk from the maximum level to below the maximum

30. Assessing control risk at below the maximum most likely would involve:
a. Changing the timing of substantive test by omitting interim – date testing and performing the tests at year
end
b. Identifying specific internal control structure policies and procedures relevant to specific assertions
c. Performing more extensive substantive tests with larger sample sizes than originally planned
d. Reducing inherent risk for most of the assertions relevant to significant account balances

31. The acceptable level of detection risk is inversely related to the:

a. Assurance provided by substantive tests.
b. Risk of misapplying auditing procedures.
c. Preliminary judgment about materiality levels.
d. Risk of failing to discover material misstatements.

32. Inherent risk and control risk differ from detection risk in that inherent risk and control risk are:
a. Elements of audit risk while detection risk is not.
b. Changes at the auditor’s discretion while detection risk is not.
c. Considered at the individual account balance level while detection risk is not.
d. Functions of the client and its environment while detection risk is not.

33. Analytical procedures used in planning an audit should focus on identifying:

a. Material weaknesses in the internal control system.
b. The predictability of financial data from individual transactions.
c. The various assertions that are embodied in the financial statements.
d. Areas that may represent specific risks relevant to the audit.

34. As the acceptable level of detection risk decreases, an auditor may change the:
a. Timing of the substantive tests by performing them at interim date rather than at year – end.
b. Nature of substantive tests from a less effective to a more effective procedure.
c. Timing of test of controls by performing them at several dates rather than at one time.
d. Assessed level of inherent risk to a higher amount.

35. On the basis of the audit evidence gathered and evaluated, an auditor decides to increase the assessed level
of control risk from that originally planned. To achieve an overall audit risk level that is substantially the
same as the planned audit risk level, the auditor would:
a. Increase inherent risk. c. Decease substantive testing.
b. Increase materiality levels. d. Decrease detection risk.

7
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

PSA 402
AUDIT CONSIDERATIONS RELATING TO AN ENTITY
USING A SERVICE ORGANIZATION

FOCUS NOTES:

 Objectives
 The objectives of the user auditor, when the user entity uses the services of a service organization, are:
a. To obtain an understanding of the nature and significance of the services provided by the service
organization and their effect on the user entity’s internal control relevant to the audit, sufficient to identify
and assess the risks of material misstatement; and
b. To design and perform audit procedures responsive to those risks.

 Definitions
 Complementary user entity controls – Controls that the service organization assumes, in the design of its
service, will be implemented by user entities, and which, if necessary to achieve control objectives, are
identified in the description of its system.
 Report on the description and design of controls at a service organization (referred to in this PSA as a type 1
report) – A report that comprises:
a. A description, prepared by management of the service organization, of the service organization’s system,
control objectives and related controls that have been designed and implemented as at a specified date; and
b. A report by the service auditor with the objective of conveying reasonable assurance that includes the
service auditor’s opinion on the description of the service organization’s system, control objectives and
related controls and the suitability of the design of the controls to achieve the specified control objectives.
 Report on the description, design, and operating effectiveness of controls at a service organization (referred to
in this PSA as a type 2 report) – A report that comprises:
a. A description, prepared by management of the service organization, of the service organization’s system,
control objectives and related controls, their design and implementation as at a specified date or
throughout a specified period and, in some cases, their operating effectiveness throughout a specified
period; and
b. A report by the service auditor with the objective of conveying reasonable assurance that includes:
i. The service auditor’s opinion on the description of the service organization’s system, control
objectives and related controls, the suitability of the design of the controls to achieve the specified
control objectives, and the operating effectiveness of the controls; and
ii. A description of the service auditor’s tests of the controls and the results thereof.
 Service auditor – An auditor who, at the request of the service organization, provides an assurance report on
the controls of a service organization.
 Service organization – A third-party organization (or segment of a third-party organization) that provides
services to user entities that are part of those entities’ information systems relevant to financial reporting.
 Service organization’s system – The policies and procedures designed, implemented and maintained by the
service organization to provide user entities with the services covered by the service auditor’s report.
 Subservice organization – A service organization used by another service organization to perform some of the
services provided to user entities that are part of those user entities’ information systems relevant to financial
reporting.
 User auditor – An auditor who audits and reports on the financial statements of a user entity.
 An entity that uses a service organization and whose financial statements are being audited.

 Requirements
 Obtaining an Understanding of the Services Provided by a Service Organization, Including Internal
Control
 the user auditor shall obtain an understanding of how a user entity uses the services of a service
organization in the user entity’s operations, including:
a. The nature of the services provided by the service organization and the significance of those services
to the user entity, including the effect thereof on the user entity’s internal control;
b. The nature and materiality of the transactions processed or accounts or financial reporting processes
affected by the service organization;
c. The degree of interaction between the activities of the service organization and those of the user entity;
and
d. The nature of the relationship between the user entity and the service organization, including the
relevant contractual terms for the activities undertaken by the service organization.
 when obtaining an understanding of internal control relevant to the audit, the user auditor shall evaluate
the design and implementation of relevant controls at the user entity that relate to the services provided by
8
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

the service organization, including those that are applied to the transactions processed by the service
organization.
 the user auditor shall determine whether a sufficient understanding of the nature and significance of the
services provided by the service organization and their effect on the user entity’s internal control relevant
to the audit has been obtained to provide a basis for the identification and assessment of risks of material
misstatement.
 if the user auditor is unable to obtain a sufficient understanding from the user entity, the user auditor shall
obtain that understanding from one or more of the following procedures:
a. Obtaining a type 1 or type 2 report, if available;
b. Contacting the service organization, through the user entity, to obtain specific information;
c. Visiting the service organization and performing procedures that will provide the necessary
information about the relevant controls at the service organization; or
d. Using another auditor to perform procedures that will provide the necessary information about the
relevant controls at the service organization.

Using a Type 1 or Type 2 Report to Support the User Auditor’s Understanding of the Service Organization
 In determining the sufficiency and appropriateness of the audit evidence provided by a type 1 or type 2
report, the user auditor shall be satisfied as to:
a. The service auditor’s professional competence and independence from the service organization; and
b. The adequacy of the standards under which the type 1 or type 2 report was issued.
 If the user auditor plans to use a type 1 or type 2 report as audit evidence to support the user auditor’s
understanding about the design and implementation of controls at the service organization, the user auditor
shall:
a. Evaluate whether the description and design of controls at the service organization is at a date or for a
period that is appropriate for the user auditor’s purposes;
b. Evaluate the sufficiency and appropriateness of the evidence provided by the report for the
understanding of the user entity’s internal control relevant to the audit; and
c. Determine whether complementary user entity controls identified by the service organization are
relevant to the user entity and, if so, obtain an understanding of whether the user entity has designed
and implemented such controls.

 Responding to the Assessed Risks of Material Misstatement

 In responding to assessed risks in accordance with PSA 330, the user auditor shall:
a. Determine whether sufficient appropriate audit evidence concerning the relevant financial statement
assertions is available from records held at the user entity; and, if not,
b. Perform further audit procedures to obtain sufficient appropriate audit evidence or use another auditor
to perform those procedures at the service organization on the user auditor’s behalf.

Tests of Controls
 When the user auditor’s risk assessment includes an expectation that controls at the service organization
are operating effectively, the user auditor shall obtain audit evidence about the operating effectiveness of
those controls from one or more of the following procedures:
a. Obtaining a type 2 report, if available;
b. Performing appropriate tests of controls at the service organization;
or
c. Using another auditor to perform tests of controls at the service organization on behalf of the user
auditor.

Using a Type 2 Report as Audit Evidence that Controls at the Service Organization Are Operating Effectively
 If, the user auditor plans to use a type2 report as audit evidence that controls at the service organization are
operating effectively, the user auditor shall determine whether the service auditor’s report provides
sufficient appropriate audit evidence about the effectiveness of the controls to support the user auditor’s
risk assessment by:
a. Evaluating whether the description, design and operating effectiveness of controls at the service
organization is at a date or for a period that is appropriate for the user auditor’s purposes;
b. Determining whether complementary user entity controls identified by the service organization are
relevant to the user entity and, if so, obtaining an understanding of whether the user entity has
designed and implemented such controls and, if so, testing their operating effectiveness;
c. Evaluating the adequacy of the time period covered by the tests of controls and the time elapsed since
the performance of the tests of controls; and
d. Evaluating whether the tests of controls performed by the service auditor and the results thereof, as
described in the service auditor’s report, are relevant to the assertions in the user entity’s financial

9
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

statements and provide sufficient appropriate audit evidence to support the user auditor’s risk
assessment.
 Type 1 and Type 2 Reports that Exclude the Services of a Subservice Organization
 If the user auditor plans to use a type 1 or a type 2 report that excludes the services provided by a
subservice organization and those services are relevant to the audit of the user entity’s financial
statements, the user auditor shall apply the requirements of this PSA with respect to the services provided
by the subservice organization.

 Fraud, Non-Compliance with Laws and Regulations and Uncorrected Misstatements in Relation to
Activities at the Service Organization
 The user auditor shall inquire of management of the user entity whether the service organization has
reported to the user entity, or whether the user entity is otherwise aware of, any fraud, non-compliance
with laws and regulations or uncorrected misstatements affecting the financial statements of the user
entity. The user auditor shall evaluate how such matters affect the nature, timing and extent of the user
auditor’s further audit procedures, including the effect on the user auditor’s conclusions and user auditor’s
report.

 Reporting by the User Auditor

 The user auditor shall modify the opinion in the user auditor’s report in accordance with PSA 705 if the
user auditor is unable to obtain sufficient appropriate audit evidence regarding the services provided by the
service organization relevant to the audit of the user entity’s financial statements.
 The user auditor shall not refer to the work of a service auditor in the user auditor’s report containing an
unmodified opinion unless required by law or regulation to do so. If such reference is required by law or
regulation, the user auditor’s report shall indicate that the reference does not diminish the user auditor’s
responsibility for the audit opinion.
 If reference to the work of a service auditor is relevant to an understanding of a modification to the user
auditor’s opinion, the user auditor’s report shall indicate that such reference does not diminish the user
auditor’s responsibility for that opinion.

QUESTIONS:
1. Information on the nature of the services provided by a service organization may be available from a wide
variety of sources, such as the following, EXCEPT:
a. User manuals, Technical manuals & System overviews.
b. The contract or service level agreement between the user entity and the service organization.
c. Reports by service organizations, internal auditors or regulatory authorities on controls at the
service organization.
d. Reports by the service auditor, including management letters, if available.
e. User auditor’s Type 1 or Type 2 report.

2. An entity (organization) separate from the client that executes transactions and maintains related
accountability or records transactions and processes related data on behalf of the client.
a. Service organization
b. Component
c. Division
d. Branch

3. If an entity uses a service organization, how does the auditor obtain evidence about the operating
effectiveness of controls?
a. Performing tests of the entity’s controls over activities of the service organization.
b. Obtaining a service organization auditor’s report that expresses an opinion as to the operating
effectiveness of the service organization’s internal control for the service organization activities
relevant to the audit.
c. Visiting the service organization and performing tests of controls.
d. All of the above

4. Service organization auditor’s Type 1 Report does not contain:

a. Opinion as to the operating effectiveness of the internal control.
b. Opinion that the internal control is suitably designed.
c. Opinion that the internal controls have been implemented.
d. Opinion that the description of the service organization’s internal control prepared by the service
organization’s management is accurate.
e. All of the above.
10
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

5. Service organization auditor’s Type 2 Report contains:

a. Opinion as to the operating effectiveness of the internal control.
b. Opinion that the internal control is suitably designed.
c. Opinion that the internal controls have been implemented.
d. Opinion that the description of the service organization’s internal control prepared by the service
organization’s management is accurate.
e. All of the above.

6. Which of the following service organization auditor’s report may be used as evidence of the operating
effectiveness of internal control?
a. Type 1 Report
b. Type 2 Report
c. Both

7. What is the nature of the Type 1 Report?

a. Report on the design and implementation of internal control.
b. Report on the design, implementation and operating effectiveness of internal controls.

8. What is the nature of the Type 2 Report?

a. Report on the design and implementation of internal control.
b. Report on the design, implementation and operating effectiveness of internal controls.

PSA 320
MATERIALITY IN PLANNING AND PERFORMING AN AUDIT

FOCUS NOTES:
 Materiality in the Context of an Audit
- Financial reporting frameworks often discuss the concept of materiality in the context of the preparation and
presentation of financial statements. Although financial reporting frameworks may discuss materiality in different
terms, they generally explain that:
 Misstatements, including omissions, are considered to be material if they, individually or in the
aggregate, could reasonably be expected to influence the economic decisions of users taken on the
basis of the financial statements;
 Judgments about materiality are made in light of surrounding circumstances, and are affected by the
size or nature of a misstatement, or a combination of both; and
 Judgments about matters that are material to users of the financial statements are based on a
consideration of the common financial information needs of users as a group. The possible effect of
misstatements on specific individual users, whose needs may vary widely, is not considered.
- The auditor’s determination of materiality is a matter of professional judgment, and is affected by the auditor’s
perception of the financial information needs of users of the financial statements.
- The concept of materiality is applied by the auditor:
 in planning,
 performing the audit,
 and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if
any, on the financial statements and in forming the opinion in the auditor’s report.

 Performance Materiality
- performance materiality means the amount or amounts set by the auditor at less than materiality for the financial
statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected
and undetected misstatements exceeds materiality for the financial statements as a whole.
- performance materiality also refers to the amount or amounts set by the auditor at less than the materiality level
or levels for particular classes of transactions, account balances or disclosures.

 Requirements
- In establishing overall audit strategy, auditor is required to:
 Determine materiality for the financial statements as a whole.

11
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

 Determine the materiality level or levels to be applied to those particular classes of transactions,
account balances or disclosures
- For purposes of assessing the risks of material misstatement and determining the nature, timing and extent of
further audit procedures:
 The auditor shall determine performance materiality.
- Revise materiality and performance materiality and the nature, timing and extent of further audit procedures in
the event of becoming aware of information during the audit that would have caused the auditor to have
determined a different amount (or amounts) initially.

 Documentation
- The auditor shall include in the audit documentation the following amounts and the factors considered in their
determination:
a. Materiality for the financial statements as a whole;
b. If applicable, the materiality level or levels for particular classes of transactions, account balances or
disclosures;
c. Performance materiality ; and
d. Any revision of (a)-(c) as the audit progressed.

MULTIPLE CHOICE

1. The magnitude of omission or misstatements that could influence the economic decisions of users taken on the
basis of the financial statements. It is matter of professional judgment.

a. Materiality.
b. Consistency
c. Audit risk
d. Control risk

2. The relationship between materiality and audit risk is:

a. Inverse
b. Direct
c. Inverse and direct
d. None of the above

3. The assessment of what is material is ultimately determined through:

a. Professional judgment.
b. The amount of the accounts involved.
c. Relative percentages.
d. All of the above.

4. When establishing overall audit strategy, the auditor shall determine materiality:

a. At the overall financial statement level and, when applicable, in relation to classes of transactions,
account balances, and disclosures (assertion level).
b. Only for overall financial statement level.
c. Only for assertion level.
d. Only for balance sheet.

5. Performance materiality:

a. is required to be determined.
b. is not required for audit.
c. is not a consideration in audit .
d. none of the above.
12
UL Refresher Course in Accountancy
Auditing – Module 2.3.1

6. In planning the audit, the auditor makes judgments about misstatements that will be considered material. These
judgments provide a basis for the following, Except:
a. Determining the nature, timing and extent of risk assessment procedures.
b. Identifying and assessing the risks of material misstatement.
c. Determining the nature, timing and extent of further audit procedures.
d. Determining the type of opinion to be issued,

7. Which of the following is often used as a benchmark materiality for profit – oriented entities?
a. Profit before tax from continuing operations.
b. Gross profit
c. Total revenues.
d. Total assets.

13