Audit Method: Audit Approach

Audit planning is one of the most interesting steps in the audit process. It requires to apply audit specific knowledge, business skills, understanding of the own resources and velocity of their usage.

In this post I am going to make the brief overview of some audit approaches and their applicability in real life.

Audit Process

The audit process could be depicted very simply, but work done and time spent on each stage of audit process have crucial effect on audit efficiency and effectiveness (audit risk). The illustration demonstrates that basically we have two types of approach: business risk approach with controls testing and substantive approach.

Audit Process

The approach in strategy should not be confused with approach in tactics regarding the concrete account connected with business process. In any case, we have to detect most risky and material areas of clients’ financial statements, i.e. substantive testing of all accounts is not reasonable.
         The second step is to identify our tactic regarding concrete type of account and assertion. For example, account is “fixed assets” (FA) and assertion is “valuation”. The process which is reflected by these two elements is “FA purchases” process. So at this point we might decide to test value of FA items substantively or do some preliminary purchases tests of controls to reduce substantive work in later stages. 

To test or not to test?

The outcome of control testing should be combined risk assessment of financial statement risk and audit risk, i.e. the result per well-known models:

         Audit Risk = Inherent Risk x Control Risk x Detection Risk (1);

Audit Risk = Financial Statement Risk x Detection Risk (2).

The audit firms try to formalize risk assessments (low, moderate, high) and spot the point at which it would be reasonable to reduce substantive procedures. However, there is still a problem: test of controls is time and money spent on procedures. And how do we know whether we should even start testing controls? What if after extensive control testing they proved to be ineffective? The mistakes might lead to inefficient audit, harming auditors’ profit margin. Unfortunately, I might say in majority cases the decision is made based on common sense and subjective opinion, i.e. there is no 100% proven scientific way to figure this out. Admittedly, to facilitate a right decision auditors should understand client’s business process, document suggested controls, and do process walk-through. There are also some rules of thumb, e.g. if there are lots of small routine transaction, then tests of controls are likely to be the right option.

Additional factors

The audit with accurate planning stage, through understanding of business processes and risk detection would require highly proficient audit team. However, we live in a real world and we do not always have access to the best dream audit teams J . The point is that the audit approach should be understandable by team members and fit their abilities: for someone it would be easier (time/budget factor) to vouch 1000 transaction than make decision based analytical job of connecting facts from process narrative, walk-through, initial strategy, and audit methodology. I mean, that process need not be overcomplicated. I would suggest following basic principles for establishing strategy:

1. Efficiency (budget);
2. Effectiveness (prudence, audit risk);
3. Complexity/easiness to bring about;
4. Understandability (and acceptability) for all members of team: from partner to audit staff.

In the future blog posts, it would be interesting to elaborate each of the above principles.

Conclusions

This is only outline of audit approaches. The topic is enormous and I will try to cover most arguable areas. Your comments are welcome as usual.

PS Please, do not forget to vote for your top 3 favorite subjects. The polls are going on the right-hand side of the blog.