Improving Your Audit Process, Part 5: Developing Cost-Beneficial Audit Strategiesby
This article discusses a few of the ways audit strategies can be “fine-tuned” to improve the quality and efficiency of the audit process. This 10-part series of articles will focus on ways to improve the audit process, reduce audit costs, and enable CPA firms to make some money on audit engagements.
To begin with, you should be aware that developing a cost-beneficial audit strategy normally includes these processes:
- Assessing risk at the financial statement and assertion levels
- Linking risks to financial statement assertions
- Knowing financial statement assertions
- Using the most efficient procedures
- Tests of controls—compliance
- Tests of controls—substantive
- System’s walk-through procedure
- Reading the general ledger
- Analytical procedures
- Quantity reconciliations
- Reasonableness tests
- Corroborating procedures
- Detailed tests of balances procedures
What’s in Your Wallet?
Hopefully, putting more money in our wallet is a common objective for us all! We know that sufficient, competent evidence must be gathered based on each engagement’s facts and circumstances.
The reality is that we don’t always gather the minimum amount of evidence in each circumstance. Why? Usually because of our conservative traditions! Many of us grew up as “balance sheet” auditors.
You know the approach: Audit the balance sheet at the beginning and end of the year, and whatever is in between will fall out on the income statement. Collect evidence until our cheeks turn pink and we get that “warm glow” all over, and we can sign the audit report! This phenomenon is not as obvious as in days past, but if we are honest, it still exists in subtle ways in some of our audit strategies. This rarely puts much money in our wallet!
Components of a Cost-Beneficial Audit Strategy
The Clarified Auditing Standards require application of audit strategies to all material financial statement classifications. Because risk of material misstatement will usually differ for the various classifications, so will the audit strategy.
The most efficient combination of risk assessment procedures, analytical procedures, and tests of balances procedures will result in both high quality and maximum profitability on each audit engagement.
To select the proper strategy to achieve high quality and maximum profitability, the auditor must consider:
- The opportunity to assess risk of material misstatement at less than high in material financial statement classifications.
- The relative efficiency with which substantive tests of balances procedures can be performed.
When a client has good internal controls and/or a good accounting system, using tests of controls may be the most cost-efficient strategy. However, when the auditor can efficiently perform other risk assessment procedures (e.g., reading the general ledger and performing a system’s walk-through procedure), detailed tests of controls would not ordinarily be necessary.
Because the evaluation of the risk of material misstatement is made at both the financial statement and the assertion levels, and because tolerable misstatement/performance materiality must be determined for each material financial statement classification, the auditor will usually achieve efficiencies by planning unique audit strategies based on the assessed levels of risk of material misstatement for each financial statement classification.
Looking at the other side of the coin, audit strategies for some account classifications with high risk of material misstatement may require maximizing evidence from test of balances procedures. If this is the case for a number of your clients, please read the first article in this series, Selecting the Right Clients!
Following is a brief summary of the impact of certain risk factors on the design of audit strategies. These represent a few of the ways an auditor can “fine-tune” audit strategies to improve the audit process.
Effects of Inherent Risks
Inherent risk is the risk inherent in a transaction or account balance without considering internal controls. As auditors consider the design of an audit strategy, it is important to remember the higher the inherent risk in a transaction or balance not offset by internal controls, the higher the reliance normally required for tests of balances procedures.
Effects of Control Environment on Control Risk
When a reporting entity’s control environment is effective, the assessed levels of control risk are usually lower. The lower the control risk, the lower the necessary reliance on tests of balances. A more effective control environment normally results in a stronger accounting system and the effectiveness of entity-level key controls. A less effective control environment normally results in deficiencies in the design and operation of internal controls.
Effects of Limited Tests of Controls or System’â€‹s Walk-Through Procedures
Deciding to perform limited tests of controls, other risk assessment procedures, and/or a system’s walk-through procedure may permit an evaluation of risk of material misstatement at slightly less than high to moderate when a client has a good accounting system and control environment. When risk of material misstatement is slightly less than high or moderate, some sampling and nonsampling procedures may be reduced.
When risk of material misstatement is less than high, limited reductions of tests of balances will generally occur by:
- Raising the lower limit for individually significant items from approximately 10 percent of the financial statement tolerable misstatement (high risk) up to a level that may include the tolerable misstatement amount for each financial statement classification (very low risk).
- Using less reliable procedures for the lower stratum in a sampling population, such as sending negative confirmations for small accounts receivable balances.
- Risk factors on a sampling planning and evaluation form can be reduced somewhat. Without good prior experience with the client, and without significant substantive evidence from analytical procedures, the risk factor would be close to 3.0. These factors remaining the same and control risk at slightly less than maximum or moderate could allow a risk factor of from 2.3 to 3.0.
- Certain tests of balances procedures may be performed before the engagement date. Accounts receivable, for example, could be confirmed prior to the reporting date with appropriate roll-forward procedures.
The End of it All
Taking risks requires courage! Auditors have a choice between following our audit traditions of yesterday or picking up our weapons and designing audit strategies that satisfy requirements of professional standards in ways that also maximize engagement profitability. Take courage and improve your audit process!