The Tradition of Over-Auditing
Growing up in the CPA profession I was taught that auditors performed tests of controls so they could reduce detailed tests of balances. Unfortunately, very few of my supervisors were ever brave enough to make those reductions! Until the risk assessment standards of 2006, we mostly declared the benefits of internal control non-existent and defaulted to maximum control risk and maximum tests of balances. Clinging tightly to yesterday’s audit traditions, we have simply added procedures to comply with the requirements of the new standards. Increased time charges and lower engagement profitability have been the results!
Presenting a live auditing seminar this week, some truth bubbled to the surface. Two participants indicated their firms performed tests of controls only when required to do so. Even when a CFO had spent considerable time designing and operating a good internal control system, these firms paid little attention to internal control in designing their auditing strategies (or in preparing their invoices!). No matter what, they always perform maximum tests of balances! This tradition is still alive! Another participant said his firm often performs tests of controls but unless control risk can be reduced to low, they don’t utilize their results to reduce tests of balances. As it has been for years, this tradition is often spelled “over-auditing!”
For about 20 years after quality control standards were introduced in our profession, most of us struggled just to comply. We often did more audit work than was necessary in hopes we would meet all the requirements of professional standards. The “cover your assets” principle of conservatism found its way into all our attest services. We probably achieved some level of quality with these traditions, but they didn’t make us much money!
It may be a surprise to many auditors when I state that the risk assessment standards of 2006 were intended to help us make more money! These standards made it clear we can rely on tests of controls, even on other risk assessment procedures like reading the general ledger and a systems walk-trough procedure, to reduce control risk to some level less than high. Further, the prior year’s control risk assessment sometimes can be used to reduce control risk in the current year.
When control risk can be reduced to any level less than high, we can save time (and make more money!) by performing fewer, less reliable tests of balances procedures! Our goal should be to perform enough risk assessment procedures to reduce control risk to some level less than high. Our audit planning on every engagement should focus on reducing tests of balances. We must let go of the tradition of over-auditing to maximize engagement profitability!
Our traditions often fade when we begin exercising professional judgment. Exercising professional judgment is the foundation of our risk assessment standards. Conservatism is actually compliance with professional standards, not accumulating audit evidence beyond that which we need! Quality is doing only what is required to accomplish our assurance objectives, nothing more!
It’s time to re-evaluate our audit traditions.
Guest blogger, Larry Perry, CPA  has over 40 years experience as a CPA practitioner. He is an author of accounting and auditing manuals, and an author/presenter of live staff training seminars, webcasts and self-study CPE programs.