Guide to substantive audit procedures
Explanations of substantive procedures and opportunities with SAS 145.
Auditors today are tasked with many important responsibilities, but their core function is to provide reasonable assurance on whether or not a company’s financial statements present fairly, in all material respects, the company’s financial position. In today’s increasingly complex business environment, having a clear understanding of substantive audit procedures and their role in the audit, including how they are affected by SAS 145, is essential.
Material misstatements can have significant ramifications for a company, and the importance of an auditor’s reasonable assurance is not to be taken lightly. That said, failure to understand, document, and appropriately address the risk of material misstatement does exist. In fact, it has been tied to 25% of recent peer review comments.
To help auditors better address gaps in risk assessments and enhance overall audit quality, this article takes a deeper dive into what substantive audit procedures are and the effects of SAS 145.
Jump to:
What are substantive audit procedures?
To explain in simplified terms, substantive audit procedures are the tests that auditors employ to gather evidence about whether a company’s financial statements are free of material misstatements.
Examples of substantive audit procedures can include, but are not limited to:
- Observing the existence of fixed assets.
- Confirming cash balances with banks.
- Matching invoices that have been billed with collected funds.
- Observing a physical inventory count.
As noted earlier, material misstatements can have a serious impact on a company. Auditors need to be able to support their conclusions about management’s assertions reflected in the company’s financial statements and underlying accounting records. This is why substantive audit procedures are so important.
It is also important to be aware that there are two main types of substantive audit procedures that can be used individually or in tandem. The two types are: 1) substantive tests of details and 2) substantive analytical procedures.
A common example of a test of details is sampling a population and sending confirmations. There are also substantive analytical procedures, which require auditors to develop an expectation and then analyze balances or ratios to determine whether they are as expected, or if not, why not.
Substantive testing versus control testing
Substantive testing and control testing are a power couple. While there are differences between the two, examining the results of both approaches is crucial as auditors work to form an opinion on a company’s financial statements. To start, let’s take a closer look at some key differences and the focus of each.
What is substantive testing?
Substantive testing zeroes in on the amounts and assertions within the financial statements. It aims to answer questions like: Is this liability complete? Does this asset exist? When auditors are conducting substantive testing, they may verify transactions against source data like contracts, invoices, and receipts; send confirmations to third parties, such as banks and customers; or trace financials from source documents to financial statements.
What is control testing?
Control testing differs from substantive testing in that it focuses on the processes and procedures that management has in place to prevent or detect and correct material misstatements. In other words, control testing examines the internal controls that a company has in place.
Conducting control testing may include inquiries to understand how personnel perform their roles within the control environment, an observation of processes being performed, and inspection of documents and records to make sure controls are being applied as intended. Auditors may do walkthroughs, where they follow a transaction from its initiation to being recorded in the financial statements, making inquiries and observations of controls along the way; or they may re-perform certain control procedures to determine whether they are working effectively.
As previously mentioned, the real power in these approaches — substantive testing and control testing — emerges when they are combined to provide auditors with a holistic picture.
Understanding the results of both control testing and substantive testing is crucial for auditors to form an opinion on the company’s financial statements. The results of control testing can influence the nature, timing, and extent of substantive testing. If controls are tested for operating effectiveness, the auditor may reduce the control risk assessment and, as a result, the extent of substantive testing. Conversely, if controls are understood to be weak or ineffective, more substantive testing may be required.
This balance is crucial because it allows the auditor to plan an efficient and effective audit by directing audit efforts where they are most needed and relying on controls only when they are tested and deemed reliable.
What are substantive analytical procedures?
Substantive analytical procedures are a critical component of the audit process. As explained by the Public Company Accounting Oversight Board (PCAOB), analytical procedures “involve comparisons of recorded amounts, or ratios developed from recorded amounts, to expectations developed by the auditor.”
In other words, substantive analytical procedures enable auditors to analyze a transaction class, balance, etc., based on expectations that are as precise as possible. The key word here is precise.
It is imperative that auditors have a solid understanding of the client’s business, industry, accounting rules, regulatory environment, etc., so they can develop a sufficiently precise expectation. A precise expectation is crucial to the effectiveness of substantive analytical procedures, and the information gathered during the planning and risk assessment can play a major role.
Examples of substantive analytical procedures
- Payroll expense testing: an auditor may learn from reading board minutes that a pay raise of 3% was approved. Based on that, they could develop an expectation based on prior year expense and the approved pay increase, and then compare that to the actual expense to see if it appears reasonable.
- Trend analysis: where an auditor analyzes the trends of certain financial statement items over several periods. For instance, they could examine the sales revenue growth year-over-year. If the company historically has a growth rate of 5%, that would likely be the auditor’s expectation for the year under audit. If they then suddenly report a growth rate of 20%, without a clear explanation, the auditor would need to investigate further.
- Ratio analysis: this substantive analytical procedure involves comparing ratios derived from financial statement amounts with expectations developed by the auditor. Ratios like gross margin, return on assets, or inventory turnover could be compared against expectations based on industry averages or prior period figures.
Interpreting analytical procedures
Auditors still need to heed caution when interpreting the results of analytical procedures. Why? There could be legitimate reasons for variances or fluctuations in financial data. Furthermore, substantive analytical procedures can be less effective at detecting certain types of misstatements like those due to fraud; therefore, substantive analytical procedures are often used in conjunction with tests of details.
If results of substantive analytical procedures contradict the auditor’s expectations, then the auditor needs to find out why. Is there a misstatement causing the unexpected result? Or is there a factor the auditor didn’t know about, like an acquisition or loss of a major customer? That may explain the variance, but it also raises other questions. How does that new information affect the risk assessment for this or any other audit areas? Does it indicate that management was less than forthcoming in their responses to previous inquiries (i.e., possible fraud risk)? Auditing is not a linear process. There may be significant back and forth between substantive testing and risk assessment throughout the audit.
How does SAS 145 affect substantive procedures?
Looking to enhance the requirements and guidance on identifying and assessing risks of material misstatement, the AICPA Auditing Standards Board (ASB) issued SAS 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement.
SAS 145 is now in effect for audits of financial statements for periods ended on or after Dec. 15, 2023.
While SAS 145 “does not fundamentally change the key concepts underpinning audit risk,” according to the AICPA’s SAS 145 Executive Summary, it does aim to drive better risk assessments and enhance audit quality. Among the provisions found within SAS 145 is a conforming amendment on the performance of substantive procedures.
Specifically, a conforming amendment is “to perform substantive procedures for each relevant assertion of each significant class of transactions, account balance, and disclosure, regardless of the assessed level of control risk (rather than for all relevant assertions related to each material class of transactions, account balance, and disclosure, irrespective of the assessed risks of material misstatement, as previously required).”
New opportunity for auditors
This new standard is an opportunity to revisit risk assessment and refocus engagements. As noted above, one of the most significant changes is the amendment to AU-C 330.18, which now requires auditors to perform substantive procedures for all significant audit areas, versus in the past it was required for all material items. This is a deviation from the IAASB version of the standard that the AICPA made to better align with the PCAOB auditing standards. It’s subtle but important because it: 1) requires the auditor to substantively test areas of risk, regardless of materiality, and 2) frees the auditor to pass substantive testing on material areas that really don’t have any assessed risk.
Take, for instance, the example of property and equipment. It’s often material to the financial statements; however, property and equipment is typically stable year-to-year (barring any major acquisitions, disposals, natural disasters, etc.). As a result, it can usually be sufficiently analyzed during the risk assessment process to say, “There is a remote likelihood of a material misstatement here.”
Auditors should take a fresh look at how they are designing their substantive procedures and take advantage of opportunities to refocus their testing. It’s a win/win — with higher quality audits that focus on the areas that really need it and more efficiency/profitability by cutting out unnecessary substantive testing.
Additional SAS 145 considerations
The impact of SAS 145 extends well beyond substantive procedures, and there are additional considerations that auditors need to be aware of. The new guidance includes, but is not limited to, the following:
- It acknowledges the use of IT by both auditors and clients and expressly defines the risks arising from the use of IT.
- It revises the definition of significant risk so auditors will be focused on where the risks lie on a spectrum of inherent risk.
- It also includes a new “stand-back” requirement for auditors to stop and reflect on the completeness of their identification of significant classes of transactions, account balances, and disclosures and evaluate whether the determination that a material class of transactions, account balance, or disclosure is NOT significant remains appropriate.
Understanding the impact of SAS 145 and learning the ins and outs of substantive audit procedures is essential for today’s auditors. The good news is that audit firms are not alone.
Through Thomson Reuters AuditWatch, firms can leverage the comprehensive educational roadmap that auditors need to keep pace in today’s business environment. Audit Watch provides the specialized training and consulting needed on everything audit-related — from standards to methodology and processes. Learn more about SAS 145 guidance with AuditWatch and Checkpoint Editorial in our on-demand webinar.