19 paragraphs found
… to obtain sufficient appropriate audit evidence through substantive procedures alone. The auditor is required, in accordance with ASA 330, [42] to design and perform tests of controls that address such risks of material misstatement …
… The controls that the auditor is required to identify and evaluate the design, and determine the implementation … of in determining the nature, timing and extent of substantive procedures. The evaluation of such controls …
… The auditor may conclude that a control, which is effectively designed and implemented, may be appropriate to test in order to take its operating effectiveness into account in designing substantive procedures. However, when a control is not …
… arising from the use of IT involves taking into account controls identified by the auditor because such controls may … includes automated controls that management is relying on and that the auditor has identified, including controls that address risks for which substantive procedures alone do not provide sufficient …
… In obtaining an understanding of how information relating to significant classes of … entity’s information system, the auditor may also identify controls in the control activities component that are … of in designing the nature, timing and extent of substantive procedures. …
… plans to test the operating effectiveness of an automated control, the auditor may also plan to test the operating … control to address the risks arising from the use of IT, and to provide a basis for the auditor’s expectation that … the auditor’s further audit procedures may need to include substantive procedures to address the applicable risks …
… Paragraph 26(a)(iii) also requires the identification of controls that address risks for which substantive procedures alone cannot provide sufficient … is required, in accordance with ASA 330, [59] to design and perform tests of such controls. …
… manual intervention, it may not be possible to perform only substantive procedures in relation to the risk. This may be … Audit evidence may be available only in electronic form, and its sufficiency and appropriateness usually depend on the effectiveness of controls over its accuracy and completeness. The potential …
… of inherent risk may also influence the identification of controls in the control activities component. For example, the auditor’s … addressing risks for which the auditor has determined that substantive procedures alone do not provide sufficient …
… The auditor is required to identify specific controls in the control activities component, and evaluate the design and determine whether the controls … still affect the design of the nature, timing and extent of substantive audit procedures that are responsive to the …