Quick Answer
Substantive procedures are audit tests designed to detect material misstatements at the assertion level. They include tests of details—such as confirming receivables or inspecting invoices—and substantive analytical procedures, which evaluate plausible relationships and unexpected fluctuations. Auditors select procedures based on assessed risk, materiality, and the reliability of available evidence.
Purpose of Substantive Testing
Management's financial statements contain assertions about transactions, account balances, and disclosures. Substantive work provides direct evidence about whether those assertions are materially correct. Even when internal controls appear effective, the auditor performs substantive procedures because an audit opinion requires sufficient appropriate audit evidence, not merely confidence in a control environment.
The nature, timing, and extent of testing should respond to the risk assessment. Higher-risk areas generally require more persuasive evidence, testing closer to year-end, larger samples, or procedures performed by more experienced team members.
Tests of Details
Account balance tests
Balance testing examines the components of an ending balance. For accounts receivable, procedures may include sending positive confirmations, inspecting subsequent cash receipts, and vouching selected invoices and shipping documents. For inventory, the auditor may observe the count, test-count items, and trace count sheets to the final inventory listing.
For accounts payable, search for unrecorded liabilities by reviewing post-year-end disbursements, unmatched receiving reports, and vendor statements. This addresses completeness, a risk that is not fully addressed by vouching recorded liabilities.
Transaction tests
Transaction testing selects activity from the ledger and compares it with source documents. Vouching from the ledger to invoices primarily tests occurrence and existence. Tracing from source documents into the ledger primarily tests completeness. Inspect approvals, dates, quantities, prices, and account coding rather than merely confirming that a document exists.
Confirmation and inspection
External confirmations can provide persuasive evidence about cash, receivables, debt, investments, and legal terms. If a confirmation is not returned, perform alternative procedures such as examining subsequent settlement or original shipping documents. Inspection of contracts can identify side agreements, renewal clauses, covenants, and contingent obligations.
Substantive Analytical Procedures
Analytical procedures compare recorded amounts with expectations developed from financial and nonfinancial data. Useful expectations may use prior periods, budgets, industry ratios, headcount, square footage, units sold, or contractual rates. The auditor defines an acceptable difference before comparing the expectation with the recorded amount.
For payroll expense, compare wages to headcount and average compensation. For revenue, compare units shipped with price lists and recognized revenue. For interest expense, recompute the expected amount from principal, rates, and time outstanding. A large unexplained variance requires investigation and corroboration, not simply a management explanation.
Assertions and Example Procedures
| Assertion | Example procedure |
|---|---|
| Existence | Confirm receivables or inspect inventory. |
| Completeness | Trace receiving reports to recorded payables. |
| Rights and obligations | Inspect loan agreements and title documents. |
| Valuation | Recalculate depreciation or test allowance assumptions. |
| Cutoff | Examine transactions immediately before and after year-end. |
| Presentation | Read disclosures against applicable reporting requirements. |
Designing an Effective Work Program
Start with the assessed risks and relevant assertions, then specify the population, selection method, testing period, tolerable misstatement, and evidence criteria. A procedure should be precise enough that another auditor can understand what was tested and why. Document exceptions individually, evaluate whether they are isolated or systemic, and project sample misstatements when required.
Coordinate substantive tests with control testing. The results of controls work may change the planned extent of substantive procedures, but a control deficiency does not automatically prove a financial statement misstatement. Update the audit strategy when results contradict the initial risk assessment.
Common Mistakes
- Using analytics without defining an independent expectation.
- Accepting explanations without corroborating evidence.
- Testing only recorded items when completeness is the key risk.
- Ignoring cutoff around the reporting date.
- Failing to document the link between procedure, assertion, and conclusion.
- Using stale or unreliable data in an analytical procedure.
Final Review
Before concluding, confirm that each significant risk has a documented response, exceptions are resolved, and evidence supports the conclusion. Revisit audit risk assessment and audit planning when designing the work program. For an evidence overview, see types of audit evidence.
Additional Evidence Considerations
Evidence should be evaluated for both relevance and reliability. An internally generated schedule may be useful, but it becomes stronger when the auditor tests its preparation and agrees key fields to independent records. For revenue, compare invoices, shipping documents, and cash receipts; for debt, inspect lender confirmations and recalculate interest. The goal is not to collect documents mechanically but to obtain evidence that directly addresses the identified assertion and risk.
When an exception is found, determine whether it is a control deviation, a projected misstatement, or an indicator of a broader population problem. Expand testing when the original sample no longer supports the conclusion. Document who performed the work, the period tested, the population source, the selection method, exceptions, and the final conclusion so the file can stand on its own during review.
Key Takeaway
Strong substantive procedures begin with a clear assertion-level risk assessment. Combine tests of details with well-designed analytics, use evidence that is sufficiently reliable for the risk, and investigate unexpected results to resolution. A procedure is complete only when the documented evidence supports a conclusion—not merely when the checklist box is marked.