What are audit assertions?
ISA 315.A190 categorises assertions into three groups: assertions about account balances at period end (existence, rights and obligations, completeness, valuation and allocation), assertions about classes of transactions during the period (occurrence, completeness, accuracy, cutoff, classification), and assertions about presentation and disclosure (occurrence, completeness, classification and understandability, accuracy and valuation).
Assertions give the auditor precision. A generic risk statement like "trade receivables may be misstated" does not tell the team what to test. Specifying the assertion — existence, valuation, completeness — determines the direction of testing, the type of evidence needed, and the procedures to perform. ISA 315.12(a) requires risks to be identified at the assertion level for exactly this reason.
The most common file breakdown is not a missing assertion — it is a mismatch between the risk identified and the assertion tested. A team identifies a valuation risk on inventory but then tests existence through a stock count. The count confirms the inventory is there, but says nothing about whether the carrying amount is correct.
Key Points
- Assertions are categories of what could go wrong in the financial statements — they frame the auditor's entire testing approach.
- They split into three groups: account balances at period end, classes of transactions during the period, and presentation and disclosure.
- Every audit procedure must link to at least one assertion. A procedure that does not address a specific assertion produces evidence of uncertain value.
- The most common finding is a mismatch between the risk identified and the assertion the procedures actually test — not a missing assertion.
Why it matters in practice
The AFM has repeatedly flagged audit files where risk descriptions are too generic to drive meaningful procedures. "Revenue is a significant account" is not an assertion-level risk. "Revenue occurrence is at risk because the entity has pressure to meet analyst targets and can backdate sales orders" is. The specificity forces a response — test occurrence by selecting recorded sales and tracing to delivery evidence, not by performing a completeness test on the sales listing.
The payables example illustrates the confusion most clearly. Teams routinely test the existence of payables by confirming balances with suppliers. But existence is rarely the risk for liabilities — management's incentive is to understate liabilities, making completeness the dominant assertion. Testing completeness requires starting from sources outside the ledger (subsequent payments, goods received notes, supplier statements) and tracing back to the recorded balance.
Key standard references
- ISA 315.12(a): Requirement to identify and assess risks of material misstatement at the assertion level.
- ISA 315.A190-A202: Categories of assertions for account balances, transaction classes, and presentation and disclosure.
- ISA 300.9: The audit plan shall include a description of the nature, timing, and extent of planned risk assessment procedures and further audit procedures at the assertion level.
Related terms
Related reading
Frequently asked questions
What are the main categories of audit assertions?
ISA 315.A190 splits assertions into three categories: assertions about account balances at period end (existence, rights and obligations, completeness, valuation and allocation), assertions about classes of transactions (occurrence, completeness, accuracy, cutoff, classification), and assertions about presentation and disclosure (occurrence, completeness, classification and understandability, accuracy and valuation).
Why must risks be identified at the assertion level?
ISA 315.12(a) requires assertion-level risk identification because a generic risk ('revenue may be misstated') does not tell you which assertion is at risk. Without specifying whether the risk is occurrence, completeness, accuracy, or cutoff, the procedures designed in response may test the wrong thing entirely.
What is the difference between assertions and audit objectives?
Assertions are management's representations embedded in the financial statements. Audit objectives are what the auditor sets out to achieve when testing those assertions. The assertion is 'this receivable exists.' The audit objective is 'obtain sufficient appropriate evidence that the receivable exists.' One belongs to management, the other to the auditor.