## Audit Procedures for Obtaining Audit Evidence

All audit procedures fall into a two-level hierarchy.

```

All Audit Procedures

├── Risk Assessment Procedures ← Understand the entity & identify risks

└── Further Audit Procedures ← Respond to assessed risks

├── Tests of Controls ← Does the control operate effectively?

└── Substantive Procedures ← Are the financial statement amounts correct?

├── Tests of Details

│ ├── Test of Transactions (Vouching)

│ └── Test of Balances (Verification)

└── Substantive Analytical Procedures

```

### Risk Assessment Procedures

Performed to understand the entity and its environment and to identify and assess risks of material misstatement. They do not themselves provide sufficient audit evidence.

### Tests of Controls

Performed to evaluate the operating effectiveness of controls in preventing, detecting, and correcting material misstatements. Required when the auditor intends to rely on controls OR when substantive procedures alone cannot provide sufficient appropriate evidence.

### Substantive Procedures

Designed to detect material misstatements at the assertion level.

Sub-type	Focus
Test of Transactions (Vouching)	Trace recorded entries back to source documents
Test of Balances (Verification)	Verify closing balances on the balance sheet
Substantive Analytical Procedures	Use relationships and trends to identify unusual items

### Selecting items for testing

100% examination — test all items (rare; used for small populations or high-risk items)
Specific items — target high-value, key, or items above a threshold
Audit sampling (SA 530) — select a representative sample; conclusions drawn apply to the whole population

Worked example

### Example 1

Risk Assessment Procedure: The auditor reads the prior year audit file, reviews board minutes, and discusses business risks with the CFO — all to understand the entity before designing further procedures.

### Example 2

Test of Controls: The auditor selects 30 purchase invoices and checks that each has a matching approved purchase order and GRN — testing whether the purchase authorisation control is operating effectively.

### Example 3

Test of Transactions (Vouching): The auditor picks 50 entries in the sales ledger and traces each back to the corresponding sales invoice, delivery note, and customer order to verify occurrence.

### Example 4

Test of Balances (Verification): The auditor obtains the debtors' schedule at year-end and sends confirmation letters to a sample of debtors to verify the existence and accuracy of balances.

### Example 5

Substantive Analytical Procedure: The auditor calculates expected interest expense using the average loan balance × stated rate and compares it to the recorded figure; a large unexplained variance prompts further investigation.

⚠️ Common exam mistakes

Thinking Risk Assessment Procedures can substitute for Further Audit Procedures — they cannot; they only inform risk assessment.
Confusing Tests of Controls (does the control work?) with Substantive Tests of Transactions (are the recorded amounts correct?).
Confusing Vouching (transactions → source documents) with Verification (year-end balances).
Treating audit sampling as always necessary — 100% testing or specific item selection is sometimes more appropriate.

Reference:

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →

Framework for Obtaining Audit Evidence – Risk Assessment vs Further Audit Procedures

Worked example

⚠️ Common exam mistakes