Systems Walk-Through Procedure
Discussed in a previous blog, flowchart documentation of an entity’s accounting and internal control systems is becoming recognized as one of the most cost-beneficial forms of audit documentation. Flowcharts are easy to prepare electronically, facilitate identification of control deficiencies and can be replicated and updated in future years. Most importantly, flowcharts provide the documentation to effectively and efficiently guide a systems walk-through procedure.
The system’s walk-through procedure is a cost-efficient, annual risk assessment procedure auditors can use to evidence an understanding of an entity’s internal controls as specified in SAS No.109. It is performed by tracing documents and data through the accounting system from the inception of transaction cycles to their termination. Its primary purpose is to provide a good understanding of the accounting system and any control procedures or activities for control risk assessment purposes.
To utilize the results of a prior period’s control risk assessment in assessing the risk in a current period, current documentation of internal controls and a systems walk-through procedure for all significant transactions cycles is considered the minimum evidence necessary to satisfy the applicable requirements of SAS No. 109. Selecting two to five sample units for each type of transaction is normally considered sufficient for this purpose.
The systems walk-through procedure, on the other hand, offers an excellent opportunity to maximize substantive evidence from risk assessment procedures. Assuming an entity’s financial reporting process is enhanced by a formal or informal internal control system, an auditor may be able to assess control risk (and ultimately risk of material misstatement) at some level less than high by increasing the number of units selected for the systems walk-through procedure. Performing walk-through procedures for ten to fifteen transactions in each cycle without error, for example, may produce substantive evidence sufficient to reduce control risk to slightly less than high or even to a moderate level.
Coupled with documentation of the results from reading the general ledger, flowchart documentation of internal controls, a systems walk-through procedure and a prior year control risk assessment less than high will provide an understanding of a client’s entity and environment which, along with substantive evidence from other risk assessment procedures, can reduce the required evidence from more costly tests of balances procedures. For example, lower assessed risk in the sales and collections cycle may permit fewer positive confirmations of individually significant accounts receivable balances. Since each confirmation, on the average, requires 30 minutes of audit time charges, eliminating five or ten confirmations can save several hours.
To say it another way, as a result of maximizing substantive evidence from risk assessment procedures, an auditor may be able to use lesser reliable procedures (nature) for small details of an account balance, lesser audit coverage of an account balance (extent) and/or perform some procedures before yearend (timing). Substantial time savings are possible, even for some smaller audits!
Developing cost-beneficial audit strategies and maximizing substantive evidence from risk assessment procedures is discussed and illustrated in my live and on-demand webcasts. You can obtain syllabuses and register by clicking the applicable box on the left side of the home page on my website, www.cpafirmsupport.com.