The system's walk-through procedure is often the most cost-efficient, annual risk assessment procedure auditors can use, and it is discussed in the auditing standards. It is performed by tracing documents and data through the financial reporting system from the inception of transaction cycles to their termination. Its primary purpose is to provide a good understanding of the accounting system and any control procedures or activities for risk assessment purposes. Ordinarily five to 10 transactions will be selected for this purpose; selecting more transactions will increase the substantive evidence from this procedure.
The walk-through procedure, coupled with good prior year experience with a client and evidence from reading general ledger account activity, may permit an assessment of control risk at slightly less than high-to-moderate. An auditor may be able to use lesser reliable procedures (nature) for small details of an account balance, lesser audit coverage of an account balance (extent), and/or perform some procedures before yearend (timing) at these lower risk levels. This procedure, considered along with other risk assessment procedures, can provide substantive evidence that enables the auditor to plan an audit strategy that reduces tests of balances procedures.
Performing an effective systems walk-through procedure requires the auditor to have a thorough understanding of the applicable reporting framework before creating or evaluating documentation of an entity's financial reporting and internal control systems. For example, the AICPA's FRF for SMEs incorporates the accrual basis of accounting but contains numerous differences from US GAAP. An auditor has responsibility for evaluating management's selection of an applicable reporting framework, as well as the appropriateness and reasonableness of the application of policies and principles within that framework.
Systems Walk-Through Procedures Checklist
An illustrative walk-through checklist is included below to guide the systems walk-through procedure for payroll.
This checklist is designed to facilitate understanding of an entity's accounting and internal control systems. The checklist contains basic procedures that can be commonly applied to small and medium-sized entities. Additional or modified procedures may be necessary to accommodate the unique policies and procedures of each entity for which the checklist is used. In circumstances where tests of an entity's IT system are required, the procedures below may be used to guide the design such tests.
This checklist may be used for reference only, or each procedure may be initialed and dated as it is completed, depending on firm policy. Documentation of the walk-through procedure is required and should include identification of documents examined, an explanation of procedures performed, descriptions of the results of the procedures, documentation of additional procedures performed for exceptions and unusual matters, and written conclusions based on the results of the procedures.
Procedure 1. Interview appropriate client personnel and prepare a flowchart of the payroll accounting system. Indicate the key controls performed at the entity and activity levels by tickmarks or other means on the flowchart or other accompanying documentation.
Procedure 2. Randomly select five, 10, or 15 time cards or other records of time worked for a cross-section of employees to begin the walk-through procedure. The greater the number of units selected, the greater the substantive evidence generated from the walk-through procedure. The auditor's planning objective should be to gather sufficient substantive evidence from risk assessment procedures to reduce risk of misstatement to a level that is less than high or, in other words, to reduce the more costly tests of balances procedures.
Procedure 3. Record identifying numbers or descriptions of the documents selected that initiate transactions in the payroll cycle. Make a similar record of identifying numbers or descriptions of all other data or documents inspected during the walk-through procedure.
Procedure 4. Following the accounting and internal control systems flowchart, trace each transaction selected from its initiation to its termination by performing the following procedures for each of the documents inspected:
- Determine that the authorization and initiation procedures are performed and evidenced as required by the entity's policies. Depending on the nature of formal or informal policies, such evidence may take the form of initials and dates of persons performing key controls or, for smaller entities, responses to inquiries made by management personnel.
- Determine the clerical and mathematical accuracy of data on all documents inspected.
- Trace all initiating documents to recordings in a source journal such as a payroll register or payroll journal and compare the information on the documents to the source journal recorded information.
- If separate tests of the IT system have not been performed for systems that permit user modification, test the mathematical accuracy of the source journal and test trace totals to recordings in the general ledger account activity. If the entity uses an out-of-the-box software system, tests of the IT system are not normally required, nor are tests of mathematical accuracy.
- Obtain evidence, either by inspecting documents or making inquiries of management, that formal or informal key controls have been performed.
- Select a payroll account bank statement and the related reconciliation for at least one month's activity. Make inquiries of management about the performance of key controls and review the reconciliation for reasonableness.
- Scan the general ledger payroll and related accounts for the reporting period and obtain information from management about the propriety of unusual general journal or other entries.
Procedure 5. Prepare a memorandum that contains, or document on the flowcharts, a conclusion about the design and operation of the entity's accounting and internal control systems.
- If a limited number of transactions were selected for walk-through procedures to verify that no significant changes were made from the prior year's acceptable design and operation of the internal control system, and no changes were found, the conclusion would be that the prior year's evaluation of control risk could be used for the current year.
- When the auditor determines during planning that it is likely internal control systems are designed and operating properly (given the nature, size and complexity of the entity), and a larger number of transactions are selected for the walk-through procedures, the objective should be to gather substantive evidence that the internal control systems are designed and operating properly. A conclusion that results are acceptable would result in an audit strategy that plans for reductions in more costly related tests of balances procedures. Unacceptable results, of course, will require either more detailed tests of payroll activity or more substantive tests of payroll and related account balances.
Free one-hour live and on-demand webcasts on the FRF for SMEs are available on AccountingWEB.com. You may wish to register to receive my future newsletters at www.cpafirmsupport.com and to receive notification of upcoming free CPE.