Beruflich Dokumente
Kultur Dokumente
1.1. Summary
We know, audit is an official inspection of an organization's accounts, typically by an
independent body. But audit is a very systematic process. Different types of audit require
different audit approaches based on various types of organizations and the risks involved
there. In this report titled ‘Audit Approach’ we will discuss about different approaches
auditors chose based on different levels of risks, types of organizations and extent of
internal control. Besides, every conduct of audit requires an engagement. The essentials of
an audit engagement are also included in this report. After reading this, the reader will get
to know about when to use what approach and the procedure of engagement.
1.2. Methodology
All the information included in this report are based on secondary data.
Page | 1
Audit Approach
The approach chosen should be both effective and efficient, based on the preceding factors.
The following general audit approaches are most commonly used, depending on the
circumstances:
When the internal control system is strong: The emphasis is on testing and
validating the client's system of internal controls. If the controls are proven to be
strong, then substantive testing can be significantly reduced. This is a more efficient
audit approach.
When the focus is on client risk: The auditor spends time reviewing where there is
risk in a client's systems, and then designs an audit approach that focuses primarily
on high-risk areas. Conversely, low-risk areas receive little auditor attention.
When the focus is on the balance sheet: The audit focus is on testing the balances
in the accounts comprising the balance sheet. By proving the balance sheet, the
assumption is that all other transactions will flush out through the income statement,
which will therefore require little testing.
Page | 2
Audit Approach
3. Risk Assessment
3.1. Business Risk: Business risk is the risk inherent to the company in its operations. It
includes risks at all levels of the business. There are three general categories of business
risk:
- Financial risks are the risks arising from the financial activities or financial
consequences of an operation, for example, cash flow issues or overtrading
- Operational risks are the risks arising with regard to operations, for example, the
risk that a major supplier will be lost and the company will be unable to operate
- Compliance risk is the risk that arises from non-compliance with laws and
regulations that surround the business, for example a restaurant failing to comply
with food hygiene regulations might face fines, enforced closure, legal action from
customers and so on
3.2. Audit Risk: The risk of giving an inappropriate opinion in relation to the financial
statements. It has three components.
- Inherent risk is the susceptibility of an assertion to misstatement that could be
material, individually or when aggregated with other misstatements, assuming that
there were no related internal controls.
- Control risk is the risk that a misstatement that could occur in an assertion and that
could be material, individually or when aggregated with other misstatements, will
not be prevented or detected and corrected on a timely basis by the entity's internal
control.
- Detection risk is the risk that an auditor’s procedures will not detect a misstatement
that exists in an assertion that could be material, individually or when aggregated
with other misstatements.
Page | 3
Audit Approach
5. Risk Analysis
Assurance firms will carry out a risk analysis before accepting clients. This is partly to
determine what fee they think is appropriate for the engagement (the higher risk the client,
the greater the benefit that the firm will want from undertaking the engagement) but also to
lay foundations for understanding the risks associated with the engagement if it is taken on
and the amount of work that will have to be undertaken to reduce assurance risk to an
acceptable level for that assignment. When carrying out risk analysis prior to accepting a
client, assurance providers will be seeking to determine:
In general terms, if the directors appear to have integrity, the financial record is strong and
prospects look good, there is a good attitude to internal control in the company and it has
few unusual transactions, then it is lower risk than a company for which those things are not
true. If a firm determines that a company is a high-risk client, this does not necessarily
mean that the firm will not accept the engagement, but this preliminary assessment of risk
will be incorporated into the audit procedures when risk assessment identification and
procedures are carried out on the engagement. Another area constituting risk to the auditor
is the risk that the client may be money laundering. Accountants are required to report
suspicions of money laundering and failure to report a suspicion is a criminal offence. The
auditors are also required to carry out client due diligence with respect to money laundering
at the start of an engagement.
Page | 4
Audit Approach
6. Audit Confidence
To reduce the level of risk that the financial statements might be wrong, the auditors have to
build up audit confidence based on sufficient appropriate audit evidence. There are three
sources of audit confidence.
Controls
Test of Analytical
Details Procedure
To derive audit confidence from the client’s controls, auditors have to ascertain them by
enquiry, document them and then test them to make sure that:
- They operate in the way they think they do (by walkthrough testing); and
- They are effective (by tests of controls).
During the planning process the audit team decides on the use of these sources to give
sufficient audit confidence and what the mix should be. The audit plan will record the
approach to be used as decided on by the audit team.
7. Reliance on Control
BSA 500 says auditors need to carry out tests of controls under two sets of circumstances:
When they are intending to rely on controls to reduce audit risk
When they are unable to derive sufficient evidence from substantive procedures.
The type of testing will depend on the nature of the control. Where procedures may be more
difficult to devise, the auditors could
Review the minutes of the relevant meetings.
Select a sample of projects and make actual/budget comparisons and then follow up
to see what the client did in response to any overruns.
Attend the relevant meetings and observe how they are conducted –but would need
to be careful about whether the auditors' presence at the meeting will affect the way
the meeting is conducted.
Page | 5
Audit Approach
Substantive Audit Approach is one of the audit approaches that is used by auditors to verify
the events and transactions in the financial statements by covering the largest volume of
them. The principle of substantive audit approach is that when auditors cover the largest
volumes with high value of financial transactions and event in financial statements, there is
less risks that material misstatements is uncovered. Substantive procedures fall into two
categories:
The auditor must always carry out substantive procedures on material items. BSA 330 says
“irrespective of the assessed risk of material misstatement, the auditor should design and
perform substantive procedures for each material class of transactions, account balance and
disclosure”. In addition, the auditor must carry out the following substantive procedures:
Agreeing the financial statements to the underlying accounting records
Examining material journal entries
Examining other adjustments made in preparing the financial statements
The auditor must determine when it is appropriate to use which type of substantive
procedure.
Tests of detail rather than analytical procedures are likely to be more appropriate with
regard to matters which have been identified as significant risks, but the auditor must
determine procedures that are specifically responsive to that risk, which may include
analytical procedures. Significant risks are likely to be the most difficult to obtain sufficient
appropriate evidence about. How much substantive testing is carried out will depend on:
- Whether the auditor wants to rely on controls in the first place (in which case
substantive testing might be reduced)
- Whether controls testing reveals that controls can be relied on (if they cannot, the
auditors will have to increase substantive testing)
Page | 6
Audit Approach
An effective internal audit function may reduce, modify or alter the timing of external audit
procedures, but it can never eliminate them entirely. Even where the internal audit function
is deemed ineffective, it may still be useful to be aware of the internal audit conclusions.
The effectiveness of internal audit will have a great impact on how the external auditors
assess the whole control system and the assessment of audit risk. The BSA says that 'the
external auditor should obtain a sufficient understanding of internal audit activities to
identify and assess the risks of material misstatement of the financial statements and to
design and perform further audit procedures. The external auditor should perform an
assessment of the internal audit function when internal auditing is relevant to the external
auditor's risk assessment'.
Scope of Consider extent and nature of assignments performed and the action
function taken by management as a result of internal audit reports
Page | 7
Audit Approach
There should normally be at least one other person involved on the audit to review the work
done. Beyond this the precise make-up of the team will depend on the scale of the
engagement and the different roles can be filled by people with different levels of
experience within the firm. Most engagements will have a 'senior' or 'in charge' responsible
for the day-to-day running of the audit and supervising assistants. The audit strategy should
make clear who is responsible for which aspects of the audit, and should strike the difficult
balance between:
- Ensuring each member of the team has sufficient experience for the job in hand
- Setting new challenges so that experience can be gained, and
- Cost
10.3. Location
As hinted at above, the location that the audit work takes place at will depend on the nature
of the client and the risk assessment. Some clients will only have one location, in which
case the audit will take place at that location. Other clients may have several locations, and
the auditors will have to make judgements about which locations are riskier than others and
Page | 8
Audit Approach
need the auditor to visit them. It may be necessary to attend all locations that a client has at
some stage during the audit.
10.4. Interim & Final Audits
Typically, much of the systems assessment work and tests of details on the profit and loss
account, will be carried out at the interim stage, with greater focus on the balance sheet at a
final audit. However, auditors think about a number of factors here:
What about the income statement for the last couple of months of the year?
If the auditors are relying on controls, were they effective in the period between the
interim audit and the year end?
If the auditors have tested inventory, or receivables at the interim stage, are they
happy with the 'roll forward' to the year end?
Page | 9
Audit Approach
Page | 10
Audit Approach
Page | 11
Audit Approach
opportunity to provide any relevant information needed for the proper conduct of
the work.
Page | 12
Audit Approach
14. BIBLIOGRAPHY
www.accaglobal.com
Page | 13