Annual Audit Manual
COPYRIGHT NOTICE — This document is intended for internal use. It cannot be distributed to or reproduced by third parties without prior written permission from the Copyright Coordinator for the Office of the Auditor General of Canada. This includes email, fax, mail and hand delivery, or use of any other method of distribution or reproduction. CPA Canada Handbook sections and excerpts are reproduced herein for your non-commercial use with the permission of The Chartered Professional Accountants of Canada (“CPA Canada”). These may not be modified, copied or distributed in any form as this would infringe CPA Canada’s copyright. Reproduced, with permission, from the CPA Canada Handbook, The Chartered Professional Accountants of Canada, Toronto, Canada.
7041 Using tests of details
Apr-2018
Overview
This topic explains:
- When to use tests of details
- The three methods for performing tests of details
- The thought process to follow to determine which type of tests of details to use
CAS Requirement
If the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, the auditor shall perform substantive procedures that are specifically responsive to that risk. When the approach to a significant risk consists only of substantive procedures, those procedures shall include tests of details (CAS 330.21).
CAS Guidance
Paragraph 21 of this CAS requires the auditor to perform substantive procedures that are specifically responsive to risks the auditor has determined to be significant risks. Audit evidence in the form of external confirmations received directly by the auditor from appropriate confirming parties may assist the auditor in obtaining audit evidence with the high level of reliability that the auditor requires to respond to significant risks of material misstatement, whether due to fraud or error. For example, if the auditor identifies that management is under pressure to meet earnings expectations, there may be a risk that management is inflating sales by improperly recognizing revenue related to sales agreements with terms that preclude revenue recognition or by invoicing sales before shipment. In these circumstances, the auditor may, for example, design external confirmation procedures not only to confirm outstanding amounts, but also to confirm the details of the sales agreements, including date, any rights of return and delivery terms. In addition, the auditor may find it effective to supplement such external confirmation procedures with inquiries of non-financial personnel in the entity regarding any changes in sales agreements and delivery terms (CAS 330.A55).
OAG Guidance
Tests of details are used to obtain evidence when evidence is needed for a financial statement assertion beyond that provided by tests of controls and substantive analytical procedures. Substantive analytical procedures are generally more applicable to large volumes of transactions that tend to be predictable over time. Tests of details are ordinarily more appropriate to obtain audit evidence regarding certain assertions about account balances, such as existence and valuation. In some situations, we may determine that performing only substantive analytical procedures may be sufficient to reduce the risk of material misstatement to an acceptably low level at the assertion level. This might apply to the assessed risk of material misstatement for a class of transactions where our assessment of risk is supported by audit evidence from performance of tests of the operating effectiveness of controls.
In other situations, we may determine that only tests of details are appropriate, or that a combination of substantive analytical procedures and tests of details is most responsive to the assessed risks. Determining the appropriate mix of substantive procedures involves judgment and attention from engagement team members with the appropriate level of experience.
Testing Plan for Significant Risks
For significant risks CAS 330 The Auditor’s Responses to Assessed Risks also requires us to perform substantive procedures that are specifically responsive to the risk. CAS 330 also requires us to include tests of details in our audit plan, when our approach to a significant risk consists only of substantive procedures.
For guidance on determining nature, timing and extent of substantive procedures, see OAG Audit 7010.
It is unlikely that audit evidence obtained from testing controls and performing substantive analytical procedures alone will be enough, and some tests of details responding specifically to the significant risk are likely to be necessary.
Related Guidance
See testing strategy decision tree at OAG Audit 4024.
CAS Requirement
When designing tests of controls and tests of details, the auditor shall determine means of selecting items for testing that are effective in meeting the purpose of the audit procedure (CAS 500.10).
CAS Guidance
An effective test provides appropriate audit evidence to an extent that, taken with other audit evidence obtained or to be obtained, will be sufficient for the auditor’s purposes. In selecting items for testing, the auditor is required by paragraph 7 to determine the relevance and reliability of information to be used as audit evidence; the other aspect of effectiveness (sufficiency) is an important consideration in selecting items to test. The means available to the auditor for selecting items for testing are (CAS 500.A63):
(a) Selecting all items (100% examination)
(b) Selecting specific items
(c) Audit sampling
The application of any one or combination of these means may be appropriate depending on the particular circumstances, for example, the risks of material misstatement related to the assertion being tested, and the practicality and efficiency of the different means.
In addition, the auditor may design a test of controls to be performed concurrently with a test of details on the same transaction. Although the purpose of a test of controls is different from the purpose of a test of details, both may be accomplished concurrently by performing a test of controls and a test of details on the same transaction, also known as a dual-purpose test. For example, the auditor may design, and evaluate the results of, a test to examine an invoice to determine whether it has been approved and to provide substantive audit evidence of a transaction. A dual-purpose test is designed and evaluated by considering each purpose of the test separately (CAS 330.A23).
In designing tests of details, the extent of testing is ordinarily thought of in terms of the sample size. However, other matters are also relevant, including whether it is more effective to use other selective means of testing. See CAS 500 (CAS 330.A49).
OAG Guidance
The three main methods for performing tests of details are:
Targeted Testing
Targeted testing involves selecting items to be tested based on some characteristic. It is our preferred approach for tests of details as it provides the opportunity to exercise significant judgment over what items are to be tested. Targeted testing can be applied to either a specific part of an account or the whole of the account. The results from targeted testing are not projected to the untested items in a population. See OAG Audit 7042.
Accept-Reject Testing
It is a form of audit sampling applied to attributes. The objective of accept-reject testing is to gather sufficient evidence to either accept or reject a characteristic of interest. It does not involve the projection of a monetary misstatement in an account or population; therefore we only use accept-reject testing when we are interested in a particular attribute or characteristic and not a monetary balance. Care needs to be exercised by the engagement team before performing accept-reject testing to ascertain that it is the appropriate test in the circumstances. See OAG Audit 7043.
However, we may be able to use accept-reject testing to obtain evidence over accuracy of revenues in certain circumstances. Refer to OAG Audit 7011.1 for guidance.
Audit Sampling
Audit sampling is the application of auditing procedures to a representative group of less than 100 percent of the items within an account balance or class of transactions in order to form or assist in forming a conclusion concerning the population from which the sample is drawn. When planning a sample, perform targeted testing on each item for which acceptance of any sampling risk is not justified. These would include (at a minimum) all individual items for which potential misstatements could exceed the amount of misstatement that we can accept in the entire account or population. See OAG Audit 7044.
Related Guidance
For guidance on relevance and reliability of audit evidence, see OAG Audit 1051.
OAG Guidance
The following flowchart illustrates how we determine which of the three methods of testing, individually or in combination, to use.
*Audit sampling at High, Moderate and Low level may provide sufficient substantive evidence. Audit sampling at the Supplemental level can only be used in conjunction with other tests (substantive procedures or a combination of tests of controls and indirect substantive testing as detailed in OAG 7044.1) to obtain sufficient evidence at the assertion level.
For the decision on testing the remaining balance, see additional guidance in OAG Audit 7042.
Note: This flowchart is not applicable for physical inventory observations. See OAG Audit 7062.
OAG Guidance
Each year, we perform audit procedures designed to assess compliance with significant authorities, using various approaches. Where there is reliance on internal financial controls for purposes of the audit, components dealing with compliance with authorities should be included in the tests of relevant controls. For example, we may test the application of sections 32, 33, 34 of the FAA or the application of the approval process specified in the entity bylaws for amounts over a threshold or for important acquisitions of capital assets. See OAG Audit 6050 for further guidance on controls testing.
Typically, substantive tests of details are often the most appropriate way to test compliance with authorities. The reason for this is that some authority requirements do not lend themselves to a controls-reliant approach (for example, the approval of the corporation’s corporate plan by the Governor in Council or of the annual budgets by the Treasury Board).