SA 330 — Framework and Overview of Auditor's Responses to Assessed Risks
## SA 330: The Auditor's Responses to Assessed Risks — Framework
### Purpose
SA 330 deals with the auditor's responsibility to design and implement responses to risks of material misstatement identified and assessed under SA 315 in a financial statement audit.
### Two Core Obligations
Level
Obligation
Financial Statement Level
Design and implement overall responses to address assessed risks
Assertion Level
Design and perform further audit procedures whose nature, timing, and extent respond to assessed risks
### Framework of Audit Procedures Under SA 330
```
Auditor's Responses to Assessed Risks (SA 330)
├── Tests of Controls (ToC)
└── Substantive Procedures
├── Substantive Analytical Procedures ← governed by SA 520
└── Tests of Details
├── Tests of Transactions → Vouching
└── Tests of Balances → Verification
```
### Designing Further Audit Procedures — Key Considerations
When designing further audit procedures the auditor must consider:
a) Reasons for the risk assessment at the assertion level, including:
Inherent risk — likelihood of misstatement due to the nature of the class of transactions, balance, or disclosure
Control risk — whether the risk assessment takes internal controls into account, which then requires the auditor to test whether those controls are operating effectively
b) Persuasiveness of evidence:
> The higher the assessed risk, the more persuasive audit evidence the auditor must obtain.
### Link to SA 315
SA 330 is the response standard; SA 315 is the identification and assessment standard. The two work in sequence:
1. SA 315 → identify and assess risks of material misstatement
2. SA 330 → design and implement responses to those risks
Worked example
### Example 1
High-Risk Inventory Scenario: A company operates in a volatile commodity market. The auditor assesses a high risk of material misstatement for inventory valuation. Under SA 330, the auditor must (a) design overall responses at the financial statement level — e.g., assign more experienced staff, increase unpredictability of procedures, modify the nature of work performed — and (b) design further audit procedures at the assertion level for inventory. Because the risk is high, the audit evidence obtained must be more persuasive (e.g., external confirmations, detailed physical counts rather than analytical procedures alone).
### Example 2
Inherent Risk vs Control Risk in Procedure Design: A company has strong automated controls over revenue recognition (low control risk). However, the nature of its multiple-element arrangements creates high inherent risk. The auditor designs ToC to confirm controls work, then still performs substantive procedures (tests of details on a larger sample) because the inherent risk remains high regardless of controls.
⚠️ Common exam mistakes
Confusing SA 315 (identifying/assessing risks) with SA 330 (responding to risks) — SA 315 comes first; SA 330 is the subsequent response
Designing further audit procedures only at the assertion level and ignoring the obligation to also design overall responses at the financial statement level
Assuming that if internal controls are strong, substantive procedures can be completely omitted — SA 330 mandates substantive procedures for every material class of transactions, account balance, and disclosure irrespective of assessed risk
Thinking that 'more persuasive evidence' always means a larger sample — persuasiveness also relates to the nature and source of evidence
Bare-Act text Core requirements — financial statement level and assertion level responses · SA 330 — The Auditor's Responses to Assessed Risks (ICAI) · click to expand
SA 330 states that:
(a) The auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level.
(b) The auditor shall design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.
In designing the further audit procedures to be performed, the auditor shall:
(a) Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including: (i) the likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (i.e., the inherent risk); and (ii) whether the risk assessment takes into account the relevant controls (i.e., the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively.
(b) Obtain more persuasive audit evidence the higher the auditor's assessment of risk.