## SA 330: The Auditor's Responses to Assessed Risks

### Relationship Between SA 315 and SA 330

These two Standards on Auditing work together in a two-stage process:

Standard	Role
SA 315	Identify and Assess Risk of Material Misstatement (ROMM)
SA 330	Respond to the Assessed Risks (Further Audit Procedures)

SA 315 is the input (identify and assess risks); SA 330 is the output (respond to those risks).

---

### Two Levels of Risk Assessment (SA 315)

The auditor identifies and assesses ROMM at two levels:

1. Overall Financial Statement Level — Risks that affect the financial statements broadly (e.g., management integrity, going concern).

2. Assertion Level — Risks specific to particular classes of transactions, account balances, or disclosures.

---

### Two Levels of Response (SA 330)

The auditor responds at the same two levels:

1. Overall Financial Statement Level Response — Overall responses to address risks pervasive to the financial statements (e.g., assigning more experienced staff, increasing unpredictability).

2. Assertion Level Response — Further audit procedures designed to address specific risks at the assertion level.

---

### Two Stages of Audit Procedures

```

Stage 1 (SA 315) Stage 2 (SA 330)

──────────────────── ─────────────────────────

Risk Assessment Procedures → Further Audit Procedures

(Identify & Assess ROMM) (Respond to ROMM)

```

Risk Assessment Procedures (Stage 1) include:

Inquiries of management and others
Analytical procedures
Observation and inspection

Further Audit Procedures (Stage 2) include:

Tests of Controls — when the auditor intends to rely on controls
Substantive Procedures — tests of details and substantive analytical procedures

---

### Key Principle

The nature, timing, and extent of Further Audit Procedures must be responsive to the assessed risks. Higher risk → more extensive/rigorous procedures.

Worked example

### Example 1

Example — Two-Stage Approach:

During risk assessment (SA 315), the auditor identifies a high risk of ROMM in revenue recognition due to management pressure to meet targets. The auditor responds (SA 330) at:

Overall FS level: Assigns a senior manager to the engagement and increases unpredictability of procedures.
Assertion level (occurrence): Performs detailed tests on a sample of revenue transactions to verify they actually occurred before year-end (cut-off testing).

### Example 2

Example — Assertion-Level Risk:

For trade receivables, the auditor assesses a risk that some balances may be overstated (valuation assertion). SA 330 response: the auditor designs a substantive procedure — sending external confirmation letters (circularisation) to a sample of debtors and reviewing the aged debtors list for doubtful balances.

### Example 3

Exam Theory:

Distinguish between Risk Assessment Procedures and Further Audit Procedures.

Risk Assessment Procedures (SA 315): Performed to identify and assess ROMM. Do not themselves provide sufficient audit evidence. Include inquiry, analytical procedures, observation, inspection.
Further Audit Procedures (SA 330): Performed in response to assessed risks. Provide audit evidence. Comprise tests of controls AND substantive procedures.

⚠️ Common exam mistakes

Treating SA 315 and SA 330 as independent — they are sequential: SA 315 identifies risk, SA 330 responds to it; the response must be shaped by the assessed risk.
Confusing 'Risk Assessment Procedures' with 'Further Audit Procedures' — risk assessment procedures identify risks (Stage 1); further audit procedures respond to those risks (Stage 2).
Forgetting the two levels: ROMM is assessed and responded to at both the overall financial statement level and the assertion level — answers mentioning only one level are incomplete.
Stating that Risk Assessment Procedures alone provide sufficient audit evidence — they do not; they only identify risks. Audit evidence comes from Further Audit Procedures.
Not linking the extent of further audit procedures to the level of assessed risk — higher assessed risk requires more extensive audit procedures (nature, timing, extent must all be addressed).

Bare-Act text SA 330, Paragraphs 5 and 6 · SA 330 — The Auditor's Responses to Assessed Risks (ICAI) · click to expand

The auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level. The auditor shall design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →

SA 330 — Auditor's Responses to Assessed Risks

Worked example

⚠️ Common exam mistakes