CHAPTER 8

Substantive Testing

In this chapter we focus on and address the following issues:

• Guidelines given to auditors on how to evaluate audit evidence (in the United States and internationally)
• Substantive procedures that should be used to find audit evidence
• Use of substantive audit procedures for obtaining audit evidence in the United States (as required by the Public Company Accounting Oversight Board [PCAOB]) and internationally (as required by the International Standards on Auditing [ISA])
• Implications for researchers, practitioners, and students with respect to the differences in these procedures

Introduction

The work of an auditor entails using audit tests to find appropriate audit evidence regarding the assessed risks of material misstatements. This is done by designing and implementing appropriate audit tests for those risks. The appropriate audit tests are referred to as substantive procedures. Substantive procedures are important audit tests. ISA 330 entitled The Auditor’s Procedures in Response to Assessed Risks defines substantive procedures as “audit procedures designed to detect material misstatements at the assertion level” (paragraph 3, ISA 330). ISA 330 categorizes substantive procedures into two broad groups. These are:

• Tests of details (classes of transactions, account balances, and disclosures)
• Analytical procedures.

The purpose of substantive procedures is to obtain audit evidence to detect material misstatements in the financial statements.

As mentioned, audit evidence is the information used by the auditor in arriving at the conclusions on which the audit opinion is based. Audit evidence can be obtained from source documents and accounting records underlying financial statements. The steps to be taken by the auditor are broken down into four steps based on ISA 330 (paragraph 2). The steps are as follows:

• Step 1—Overall Responses. The auditor is required to take a global approach and determine overall responses to address potential risks of material misstatement at the financial statement level. How should the auditor formulate an overall response? This section provides guidance on the nature of the auditor’s responses.
• Step 2—Audit Procedures to Identify Risks of Material Misstatement. This section guides the auditor on how to design and perform additional audit procedures. These additional tests could include tests of whether controls are working. This section also gives guidance on the nature, timing, and extent of substantive procedures. The nature of a substantive procedure refers to the type of procedure used. The timing of a procedure refers, for example, to how close to the balance sheet date the procedure should be conducted. The extent of a procedure refers to the extent to which a procedure is used, for example, how much evidence should be collected. These will be elaborated on later in the chapter.
• Step 3—Evaluating the Sufficiency and Appropriateness of Audit Evidence Obtained. This section helps the auditor to evaluate whether previously determined risk assessments remain appropriate. This section also guides auditors by helping them to determine whether sufficient appropriate audit evidence has been obtained.
• Step 4—Documentation of Working Papers. This section guides the auditor on what gets documented in the working papers.

Next, we further elaborate on these four steps. We begin our discussion with the relevant international standards (internationally predominantly ISA 330) and bring in the PCAOB equivalent for comparison purposes noting relevant differences where applicable. As noted earlier, the PCAOB standards, unless revised by the PCAOB, are based on the AICPA ASB standards, which came under the aegis of the PCAOB on the latter’s formation. The four issues noted earlier will now be elaborated on.

Overall Responses

ISA 330 paragraph 4 requires that the auditor determine overall responses needed to address the risks of material misstatement at the financial statement level. What is meant by overall responses? Overall responses could include the following:

• Emphasizing to the audit team the need to maintain professional skepticism in gathering and evaluating audit evidence
• Assigning more experienced staff or those with special skills or using experts to conduct specific tests and help determine whether further audit tests should be performed

Paragraph 4 advises that the auditor’s understanding of the control environment should be contingent on the assessment of the risks of material misstatement at the financial statement level. If the control environment is sound then it will allow the auditor to have more confidence in the effectiveness of internal controls. This will also increase confidence in the reliability of audit evidence generated inside the client firm. Overall responses could include assessing weaknesses (if any) in the control environment; conducting more audit procedures as of the period end; seeking more extensive audit evidence from substantive procedures; modifying audit procedures to obtain more persuasive audit evidence; and increasing the number of areas to be included in the audit scope.

Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level

Audit procedures could include:

• tests of material misstatements at the assertion level (an example of an assertion, for example, is that assets shown on the balance sheet exist);
• type and extent of substantive tests;
• factors to consider in designing substantive procedures;
• tests of operating effectiveness of controls;
• guidance on responses to risk assessment; and
• issues related to timing with focus on interim dates.
• The audit procedures will now be elaborated on individually.

Tests of Material Misstatements at the Assertion Level

Paragraph 49 of ISA 330 requires that the auditor should design and perform substantive procedures for each material class of transactions, account balances, and disclosure. This requirement, it is noted, takes into account that the auditor’s assessment of risk is judgmental and may not be sufficiently precise to identify all risks of material misstatement. ISA 330 also notes that the auditor should design and implement responses to address the assessed risks of material misstatement at the financial statement level. Further, the auditor should design and perform further audit procedures whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.

We reviewed the PCAOB standards and noted that the equivalent discussions are found in the PCAOB’s AS 8, AS 13, and AU 329. AS 13 notes that whenever the auditor has concluded that there are significant risks of material misstatement of the financial statements, the auditor should consider this in determining the nature, timing, and extent of procedures as well as in assigning staff or requiring appropriate levels of supervision. AS 8 and AS 13 and AU 329 (hereafter referred to as PCAOB equivalent standards since parts of these standards relate to material covered by ISA 330, which is the basis of our discussion) note that the knowledge, skill, and ability of personnel assigned significant engagement responsibilities should be commensurate with the auditor’s assessment of the level of risk for the engagement. Ordinarily, higher risk requires the auditor to use more experienced personnel or alternatively, should necessitate more extensive supervision by the senior auditor with final responsibility for the engagement during both the planning and the conduct of the engagement. Higher risk may cause the auditor to expand the extent of procedures applied, apply procedures closer to or as of the year end, particularly in critical audit areas, or modify the nature of procedures to obtain more persuasive evidence.

Further, under PCAOB standards the auditor is required to consider audit risk at the individual account balance or class of transactions level because such consideration directly assists in determining the scope of auditing procedures for the balance or class and related assertions. The auditor is also required to restrict audit risk at the individual balance or class level in such a way that at the completion of the audit, the auditor will be able to express an opinion on the financial statements as a whole at an appropriately low level of audit risk. In general, PCAOB standards appear to be more comprehensive in addressing how the auditor responds to identified risks than ISA 330. ISA 330 requires the auditor to determine the overall response at the financial statement level as well as responses to assessed risk at the assertion level. For example, ISA 330 notes that the auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level (paragraph 49) whereas PCAOB standards do not require (at least explicitly) an overall response but focuses on providing direction on responses at the assertion level.

Type and Extent of Substantive Tests

ISA 330 notes that there are inherent limitations to internal controls. Such limitations include management’s ability to override controls. Hence, it is recommended that even if the auditor determines the risk of material misstatement to be reduced to an acceptably low level (by performing only tests of controls for a particular assertion, account balance, or disclosure),the auditor should not be satisfied. The auditor should perform substantive tests for each material class of transactions, account balances, and disclosures. Paragraph 49 provides examples of substantive audit procedures to be used. This includes, but is not limited to, the following:

• Agreeing or reconciling the financial statements with the underlying accounting records
• Examining material journal entries and other adjustments made during the course of preparing the financial statements

The nature and extent of the auditor’s examination of journal entries and other adjustments will depend on the nature and complexity of the entity’s financial reporting process and the associated risks of material misstatement.

ISA 330 refers the auditor to paragraph 108 of ISA 315 entitled Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement. This paragraph provides guidance on assessing risk of material misstatement at the assertion level. Paragraph 51 of ISA 330 states that, if the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, then the auditor should perform substantive procedures that are specifically responsive to that risk. For example, if the auditor identifies that management is under pressure to meet earnings expectations, there may be a risk that management is inflating sales by improperly recognizing revenue related to sales agreements with terms that are inconsistent with current revenue recognition principles, whether these principles were set forth by the U.S. generally accepted accounting principles (GAAP) or International Accounting Standards (now called International Financial Reporting Standards or IFRS). Invoicing sales before shipment would be an example of improper revenue recognition. In these circumstances, the auditor may, for example, design external confirmations not only to confirm outstanding amounts owed to the client firm but also to confirm the details of the sales agreements, including date, any rights of return and delivery terms. Confirmations could also include inquiries made of nonfinancial personnel of the entity being audited regarding any changes in sales agreements and delivery terms.

Factors to Consider in Designing Substantive Procedures

The auditor is asked in ISA 330 to specifically consider the guidance in paragraphs 53 and 64 in designing the (a) nature, (b) timing, and (c) extent of substantive procedures for significant risks. In order to obtain sufficient appropriate audit evidence, the substantive procedures related to significant risks should be designed to obtain audit evidence with high reliability.

Paragraph 53 of ISA 330 advises when substantive procedures should be used relative to tests of details. In designing substantive analytical procedures, the auditor should consider such matters as the following (paragraph 55):

• The suitability of using substantive analytical procedures given the assertions
• The reliability of the data, whether internal or external, from which the expectation of recorded amounts or ratios is developed
• Whether the expectation is sufficiently precise to identify a material misstatement at the desired level of assurance
• The amount that is acceptable in respect of any difference in recorded amounts from expected values

Paragraph 55 notes that substantive analytical procedures are generally more applicable to large volumes of transzactions that tend to be predictable over time. Tests of details, it is noted, are ordinarily more appropriate to obtain audit evidence regarding certain assertions about account balances, including existence and valuation. In some situations, the auditor may determine that performing only substantive analytical procedures may be sufficient to reduce the risk of material misstatement to an acceptably low level. For example, the auditor may determine that performing only substantive analytical procedures is appropriate based on the assessed risk of material misstatement for a class of transactions. This could be a class of transactions where the auditor’s assessment of risk is supported by audit evidence from performance of tests of the operating effectiveness of controls.

Substantive Tests as Tools to Reduce the Risks of Material Misstatements

ISA 330 refers the reader to paragraph 115 of ISA 315. This paragraph notes that sometimes it may not be possible (or even practical) to reduce the risks of material misstatement to an acceptably low level using substantive procedures alone. In this case, the auditor should perform tests of relevant controls to test their operating effectiveness. Paragraph 26 of ISA 330 notes that when performing tests of operating effectiveness of controls, the objective of the auditor should be to obtain evidence that the controls operate effectively. This includes answering such questions as:

• How were the controls applied at relevant times during the period under audit?
• Were controls applied consistently?
• By whom were the controls applied and by what means?

ISA 330 (paragraph 26) states that if findings reveal that substantially different controls were applied during the period under audit, the auditor should consider each separately. When considering each, the auditor could use tests that are not specifically designed as tests of controls. However, these can also provide audit evidence about the operating effectiveness of controls and consequently serve as tests of controls. For example, the auditor may have made inquiries about management’s use of budgets, observed management’s comparison of monthly budgeted and actual expenses, and inspected reports pertaining to the investigation of variances between budgeted and actual sales volumes. These are not tests of controls. However, these audit procedures provide knowledge about the design of the entity’s budgeting policies and whether they have been implemented. They may also provide audit evidence about the effectiveness of the operation of budgeting policies in preventing or detecting material misstatements in the classification of expenses. In such circumstances, the auditor should also consider whether the audit evidence provided by those audit procedures is sufficient.

Paragraph 29, ISA 330 notes that the auditor should use inquiry techniques together with performing other audit procedures to test the operating effectiveness of controls. Although different from obtaining an understanding of the design and implementation of controls, tests of operating effectiveness of controls ordinarily include the same types of audit procedures used to evaluate the design and implementation of controls. Tests could also include reperformance. This means retest the performance of a control. The standard emphasizes that inquiry and observation alone is not sufficient. Hence, it is recommended that the auditor use inquiry combined with audit procedures to obtain sufficient audit evidence regarding the effectiveness of controls. The combination of inquiry and observation combined with reperformance control tests could provide more assurance than not using a combination of controls. For example, an auditor may inquire about and observe the entity’s procedures for opening the mail and processing cash receipts to test the operating effectiveness of controls over cash receipts. Because an observation is pertinent only at the point in time at which it is made, the auditor should supplement the observation with inquiries of entity personnel. The auditor could also inspect documentation about the operation of such controls in order to obtain evidence.

The nature of the particular control influences the type of audit procedure required to obtain audit evidence. We are talking about audit evidence to support whether the control was operating effectively at relevant times during the period of the audit. For some controls, operating effectiveness can be evidenced by documentation. In such circumstances the auditor may decide to inspect the documentation to obtain audit evidence about operating effectiveness. For other controls, however, such documentation may not be available or relevant. For example, documentation of operations may not exist for some factors in the control environment. Examples where there is lack of documentation could include assignment of authority and responsibility and related control activities. This could also include control activities performed by a computer. In such circumstances, audit evidence about operating effectiveness may be obtained through inquiry in combination with other audit procedures such as observation or the use of Computer Assisted Audit Techniques (CAATs).

Paragraph 31 of ISA 330 notes that in designing tests of controls, the auditor should consider the need to obtain audit evidence supporting the effective operation of controls directly related to the assertions as well as other indirect controls on which these controls depend. For example, the auditor may identify a user review of an exception (problem) report of credit sales over a customer’s authorized credit limit as a direct control related to an assertion. In such cases, the auditor considers the effectiveness of the user review as a direct control related to an assertion. In such cases, the auditor should also consider in addition to the effectiveness of the user review as a direct control the controls related to the accuracy of the information in the report.

Guidance on Responses to Risk Assessment

Paragraph 33 of ISA 330 notes that when responding to a risk assessment, the auditor may design a test of controls to be performed concurrently with a test of details on the same transaction. The objective of tests of controls is to evaluate whether a control operated effectively. The objective of tests of details is to detect material misstatements at the assertion level. Although these objectives are different, both may be accomplished concurrently through performance of a test of controls and test of details on the same transaction also known as a dual purpose test. For example, the auditor may examine an invoice to determine whether it has been approved and to provide substantive audit evidence of a transaction. The auditor has to carefully consider the design and evaluation of such tests to accomplish both objectives.

The auditor is cautioned that absence of misstatements detected by a substantive procedure does not provide evidence that controls related to the assertion being tested are effective. However, misstatements that the auditor detects by performing substantive procedures are considered by the auditor when assessing the operating effectiveness of related controls. A material misstatement detected by the auditor’s procedures and that was not identified by the entity ordinarily is indicative of the existence of a material weakness in internal control and is communicated to management and those charged with governance.

Issues Related to Timing With Focus on Interim Dates

When the auditor obtains audit evidence about the operating effectiveness of controls during an interim period, the auditor should determine what additional audit evidence should be obtained for the remaining period.

ISA 330 notes that performing substantive procedures at an interim date without undertaking additional procedures at a later date increases the risk that the auditor will not detect misstatements that may exist at the period end. This risk increases as the remaining period is lengthened since additional problems may occur during the intervening period. Factors such as the following may influence whether or not to perform substantive procedures at an interim date (paragraphs 16 and 17):

• The control environment and other relevant controls
• The availability at a later date of information necessary for the auditor’s procedures
• The purpose of the substantive procedures
• The assessed risk of material misstatement
• The nature of the class of transactions or account balance and related assertions
• The ability of the auditor to perform appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements will remain undetected at period end.

ISA 330 paragraph 29 states that factors such as those mentioned in the following sections may determine whether to perform substantive analytical procedures with respect to the period between the interim date and the period end:

• Whether the period end balances of the particular classes of transactions or account balances are reasonably predictable with respect to amount, relative significance, and composition
• Whether the entity’s procedures for analyzing and adjusting such classes of transactions or account balances at interim dates and for establishing proper accounting cutoffs are appropriate
• Whether the information system relevant to financial reporting will provide sufficient information concerning the balances at the period end and the transactions in the remaining period to permit investigation of the following
  • Significant unusual transactions or entries (including those at or near the period end)
  • Other causes of significant fluctuations or expected fluctuations that did not occur ° Changes in the composition of the classes of transactions or account balances

Paragraph 31 to 34 and 37 of ISA 330 note that in making that determination, the auditor should consider the significance of the assessed risks of material misstatement at the assertion level, the specific controls that were tested during the interim period, the degree to which audit evidence about the operating effectiveness of those controls was obtained, the length of the remaining period, and the extent to which the auditor intends to reduce further substantive procedures based on the reliance of the control and the control environment. The auditor should obtain audit evidence about the nature and extent of any significant changes in internal control, including changes in the information system, processes, and personnel that occur subsequent to the interim period.

If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits, the auditor should obtain audit evidence about whether changes in those specific controls have occurred subsequent to the prior audit. The auditor should obtain audit evidence about whether such changes have occurred by performing inquiry in combination with observation or inspection to confirm the understanding of those specific controls.

Paragraph 23 of ISA 500 entitled Audit Evidence states that the auditor should perform audit procedures to establish the continuing relevance of audit evidence obtained in prior periods when the auditor plans to use the audit evidence in the current period. For example, in performing the prior audit, the auditor may have determined that an automated control was functioning as intended. The auditor obtains audit evidence to determine whether changes to the automated control that affect its continued effective functioning have been made, for example, through inquiries of management and the inspection of logs to indicate what controls have been changed. Logs keep a record of activities on the system and, therefore, serve a useful purpose in allowing inspection of the record of such activities. Consideration of audit evidence about these changes may support either increasing or decreasing the expected audit evidence to be obtained in the current period about the operating effectiveness of the controls.

When we compare the ISA with the PCAOB equivalent standards, we find they cover the issues as follows: PCAOB equivalent standards note that before applying principal substantive tests to the details of asset or liability accounts at an interim date, the auditor should assess the difficulty in controlling the incremental audit risk. In addition, the auditor should consider the cost of the substantive tests that are necessary to cover the remaining period in a way that will provide the appropriate audit assurance at the balance sheet date. Applying principal substantive tests to the details of asset and liability accounts at an interim date may not be cost effective if substantive tests to cover the remaining period cannot be restricted due to the assessed level of control risk.

PCAOB equivalent standards also note that assessing control risk at below the maximum is not required in order to have a reasonable basis for extending audit conclusions from an interim date to the balance sheet date; however, if the auditor assesses control risk at the maximum during the remaining period, the auditor should consider whether the effectiveness of certain of the substantive tests to cover that period will be impaired. The auditor should consider whether there are rapidly changing business conditions or circumstances that might predispose management to misstate financial statements in the remaining period.

PCAOB equivalent standards further note that the auditor should consider whether the year-end balances of the particular asset or liability accounts that might be selected for interim examination are reasonably predictable. They should also consider whether the entity’s proposed procedures for analyzing and adjusting such accounts at interim dates and for establishing proper accounting cutoffs are appropriate. In addition, the auditor should consider whether the accounting system will provide information concerning the balances at the balance sheet and the transactions in the remaining period that is sufficient to permit investigation of (a) significant unusual transactions or entries (including those at or near year end, (b) other causes of significant fluctuations or expected fluctuations that did not occur, and (c) changes in the composition of the account balances. If the auditor concludes that evidential matter related to the above would not be sufficient for purpose of controlling audit risk, the account should be examined as of the balance sheet date.

The application and other explanatory material of ISA 330 (paragraph 52 and 53) lists factors that may influence the decision to perform substantive procedures at an interim date similar to the PCAOB’s equivalent standards. The factors listed in the application and other explanatory material of ISA 330 differ to some extent from the factors listed in the PCAOB equivalent standards. For example, the PCAOB equivalent standards explicitly mention that the auditor should consider rapidly changing business conditions or circumstances that might predispose management to misstate financial statements in the remaining period. This appears not to be mentioned in ISA 330.

Evaluating the Sufficiency and Appropriateness of Audit Evidence

Paragraph 6 of ISA 330 notes that, based on the audit procedures performed and the audit evidence obtained, the auditor should evaluate whether the assessments of the risks of material misstatement at the assertion level remains appropriate. It is noted that information that differs significantly from the information on which the risk assessment was based may come to the auditor’s attention. For example, the extent of misstatements that the auditor detects by performing substantive procedures may alter the auditor’s judgment about the risk assessments and may indicate a material weakness in internal control. In addition, analytical procedures performed at the overall review stage of the audit may indicate a previously unrecognized risk of material misstatement. In such circumstances the auditor may need to reevaluate the planned audit procedures based on the revised consideration of assessed risks for all or some of the classes of transactions, account balances, or disclosures and related assertions. Detailed explanations are given in paragraph 119 of ISA 315.

In evaluating the effectiveness of operating controls, paragraph 68 of ISA 330 notes that the auditor should expect some deviations in the way controls are applied by the entity. Deviations from prescribed controls may be caused by such factors as changes in key personnel, significant seasonal fluctuations in volume of transactions, and human error. When such deviations are detected during the performance of tests of controls, the auditor should make specific inquiries to understand these matters and their potential consequences. For example, a specific inquiry would be to inquire about the timing of personnel changes in key internal control functions. The auditor determines whether additional tests of controls are necessary or whether the potential risks of misstatement need to be addressed using substantive procedures.

The sufficiency and appropriateness of audit evidence to support the auditor’s conclusions throughout the audit are a matter of professional judgment. The auditor’s judgment as to what constitutes sufficient appropriate audit evidence is influenced by such factors as the following (refer paragraph 71):

• Significance of the potential misstatement in the assertion and the likelihood of its having a material effect, individually or aggregated with other potential misstatements, on the financial statements
• Effectiveness of management’s responses and controls to address the risks
• Experience gained during previous audits with respect to similar potential misstatements
• Results of audit procedures performed, including whether such audit procedures identified specific instances of fraud or error
• Source and reliability of the available information
• Persuasiveness of the audit evidence
• Understanding of the entity and its environment including its internal control

In conclusion ISA 330 refers the reader to ISA 701 entitled Modifications to the Independent Auditor’s Report for further guidance. This states that if the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor should attempt to obtain further evidence. If the auditor is unable to obtain sufficient appropriate evidence, the auditor should express a qualified opinion or a disclaimer of opinion (paragraphs 12 and 13 of ISA 701).

Finally, by way of comparison, in considering the sufficiency of evidence, the PCAOB equivalent standards state that the auditor should consider the cost of the substantive tests that are necessary to cover the remaining period in a way that will provide the appropriate audit assurance at the balance sheet date. A report by the Maastricht Accounting Auditing and Information Management Research Center notes that applying principal substantive tests to the details of asset and liability accounts at an interim date may not be cost effective if substantive tests to cover the remaining period cannot be restricted due to the assessed level of control risk. Careful review of ISA 330 shows that the issue of cost/benefit analysis with respect to using substantive tests has not been addressed. The ISA do not have a requirement comparable to the PCAOB equivalent standards. Unlike the requirements under ISA 330, the PCAOB equivalent standards require the auditor to consider the cost of performing substantive tests to cover the remaining period (i.e., the period between the interim date and the balance sheet date). The relevant explanatory material of ISA 330 does not address the principle of cost versus benefit in the application of substantive tests, and this is a significant difference.

Documentation

The PCAOB’s AS 3 (paragraph 12), which focuses on audit documentation, notes that the auditor should document the overall conclusions to address the assessed risks of material misstatement at the financial statement level and the nature, timing and extent of the further audit procedures, the linkages of those procedures with the assessed risks at the assertion level, and the results of the audit procedures. In addition, if the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior audits, the auditor should document the conclusions reached with regard to relying on such controls that were tested in a prior audit. The auditors’ documentation should demonstrate that the financial statements agree or reconcile with the underlying accounting records.

Paragraph 10 of ISA 230 entitled Audit Documentation, which also covers this area to a certain extent, requires the auditor to include abstracts or agreements in order to document the auditing procedures undertaken related to inspection of those significant contracts or agreements. ISA 230 paragraph 3 of ISA 230 states the auditor may include abstracts or copies of the entity’s records (for example, significant and specific contracts and agreements) as part of audit documentation. This is substantially different from PCAOB’s AS 3 that includes a requirement that documentation of auditing procedures related to the inspection of significant contracts or agreements should (note not may) include abstracts or copies of the documents. The documentation allows the reviewer to reperform the audit procedures.

Finally, we note that ISA 230 requires the auditor to assemble the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report, and the related application and other explanatory material indicates that an appropriate time limit within which to complete the assembly of the final audit file is not more than 60 days following the report release date. The auditor is required by paragraph 15 of ISA 230 to document the report release date in the audit documentation. PCAOB’s AS 3, paragraph 15, requires a 45 day period, and hence there is a difference here as well (www.aicpa.org/FRC). Other related important issues, such as subsequent events, are discussed in Chapter 11 and will not be elaborated on here.

Conclusions

In this chapter, we discussed the ISA and PCAOB standards as they apply to substantive testing. Substantive testing enables an auditor to discover errors at a detailed level, whereas tests of controls (discussed in a previous chapter) reveal flaws in the controls, which, in turn, provide clues to what may be wrong but provide no details. Understanding the differences between ISA and PCAOB standards, therefore, would be of great assistance to readers in understanding the testing undertaken that led to the opinions rendered in the audit reports. We will detail the differences between the ISA and PCAOB audit reports in a subsequent chapter.