Audit planning is one of the most interesting steps in the audit process. It requires to apply audit specific knowledge, business skills, understanding of the own resources and velocity of their usage.
In this post I am going to make the brief overview of some audit approaches and their applicability in real life.
Audit Process
The audit process could be depicted very simply, but work done and time spent on each stage of audit process have crucial effect on audit efficiency and effectiveness (audit risk). The illustration demonstrates that basically we have two types of approach: business risk approach with controls testing and substantive approach.
Audit Process |
The approach in strategy should not be confused with approach in tactics regarding the concrete account connected with business process. In any case, we have to detect most risky and material areas of clients’ financial statements, i.e. substantive testing of all accounts is not reasonable.
The second step is to identify our tactic regarding concrete type of account and assertion. For example, account is “fixed assets” (FA) and assertion is “valuation”. The process which is reflected by these two elements is “FA purchases” process. So at this point we might decide to test value of FA items substantively or do some preliminary purchases tests of controls to reduce substantive work in later stages.
The second step is to identify our tactic regarding concrete type of account and assertion. For example, account is “fixed assets” (FA) and assertion is “valuation”. The process which is reflected by these two elements is “FA purchases” process. So at this point we might decide to test value of FA items substantively or do some preliminary purchases tests of controls to reduce substantive work in later stages.
To test or not to test?
The outcome of control testing should be combined risk assessment of financial statement risk and audit risk, i.e. the result per well-known models:
Audit Risk = Inherent Risk x Control Risk x Detection Risk (1);
The audit firms try to formalize risk assessments (low, moderate, high) and spot the point at which it would be reasonable to reduce substantive procedures. However, there is still a problem: test of controls is time and money spent on procedures. And how do we know whether we should even start testing controls? What if after extensive control testing they proved to be ineffective? The mistakes might lead to inefficient audit, harming auditors’ profit margin. Unfortunately, I might say in majority cases the decision is made based on common sense and subjective opinion, i.e. there is no 100% proven scientific way to figure this out. Admittedly, to facilitate a right decision auditors should understand client’s business process, document suggested controls, and do process walk-through. There are also some rules of thumb, e.g. if there are lots of small routine transaction, then tests of controls are likely to be the right option.
Audit Risk = Inherent Risk x Control Risk x Detection Risk (1);
Audit Risk = Financial Statement Risk x Detection Risk (2).
The audit firms try to formalize risk assessments (low, moderate, high) and spot the point at which it would be reasonable to reduce substantive procedures. However, there is still a problem: test of controls is time and money spent on procedures. And how do we know whether we should even start testing controls? What if after extensive control testing they proved to be ineffective? The mistakes might lead to inefficient audit, harming auditors’ profit margin. Unfortunately, I might say in majority cases the decision is made based on common sense and subjective opinion, i.e. there is no 100% proven scientific way to figure this out. Admittedly, to facilitate a right decision auditors should understand client’s business process, document suggested controls, and do process walk-through. There are also some rules of thumb, e.g. if there are lots of small routine transaction, then tests of controls are likely to be the right option.
Additional factors
The audit with accurate planning stage, through understanding of business processes and risk detection would require highly proficient audit team. However, we live in a real world and we do not always have access to the best dream audit teams J . The point is that the audit approach should be understandable by team members and fit their abilities: for someone it would be easier (time/budget factor) to vouch 1000 transaction than make decision based analytical job of connecting facts from process narrative, walk-through, initial strategy, and audit methodology. I mean, that process need not be overcomplicated. I would suggest following basic principles for establishing strategy:
- Efficiency (budget);
- Effectiveness (prudence, audit risk);
- Complexity/easiness to bring about;
- Understandability (and acceptability) for all members of team: from partner to audit staff.
Conclusions
This is only outline of audit approaches. The topic is enormous and I will try to cover most arguable areas. Your comments are welcome as usual.
PS Please, do not forget to vote for your top 3 favorite subjects. The polls are going on the right-hand side of the blog.
When the internal control can be over-ridden (by controlling shareholder or dominant director) it is essential to carry out substantive tests. My view is that there is no point in even spending time on walk-through tests in this situation. That is the approach in our InPractice Audit Manual: The Cost-Effective Method
ReplyDeleteJaffer Manek www. InPractice Software .com
I think it was the same method applied for auditing Enron group !
ReplyDeleteIt was also the same méthod used by military headquarter in France in 1938: Nazi panzers would neber be able to cross the Ardennes mountains !!!!
"a priori" thinking is still alive
It is why I like my external reporting more, audit must be done properly. In the enron case, it was a good auditing but serious problem with policy and other compliances.
ReplyDeleteA woman did complaint about this type of accounting, SPE
It was no structure (policy,..) in place to check the Top management transactions. No questionnaire to find Andrew fastow ownership of the SPE,....
Arthur Mboue
Very cool audit blog. Flowcharts like the above will help readers to visualize more the points emphasized in this article.
ReplyDeleteNice post i really like your post, you have created some very important and informative points here. Give me so much knowledge. Thanks for sharing with us.
ReplyDeletekuno-cpa | Payroll Japan | http://www.kuno-cpa.co.jp/tcf/japan/
This comment has been removed by a blog administrator.
ReplyDeleteI really love and appreciate this post, kudos...
ReplyDelete