After reading another article on improving the audit process through artificial intelligence, I feel like I just watched another television commercial on why I am lacking if I don’t spend $40,000 on a new car.
I have a good car that does what I need it to do, although it was built in 2004! I’m not planning on driving across our country, I don’t need to tow 10,000 pounds or have a computer back my car into a parking place. I have good transportation that operates economically; I have what I need!
I believe the same is true for performing audit engagements, particularly smaller ones. We don’t need IPA, RPA, AI or CC, whatever these automation abbreviations or terms mean. We need quality audits using the most efficient types of tests and evidence. We simply need a good audit!
The starting place for preparing our smaller CPA smaller firms to maintain competition with larger firms during this technological revolution is to abandon some of our time-tested audit traditions and refine our approaches to planning, performing and completing engagements. For most smaller audits, we may need only to evaluate new technology in light of our practice needs! In this article we will discuss:
- Capitalizing on professional judgment and professional skepticism to perform a good audit.
- Using assessed levels of risk of material misstatement to guide the most efficient evidence collection methods for obtaining the minimum amount of substantive evidence.
Audit Quality Depends on Professional Judgment and Professional Skepticism
A cost-beneficial audit strategy has a least three parts, which are the means to our end, i.e., a good audit:
Content seriesView full content series
- to collect sufficient evidence at assessed levels of risk to minimize detection risk and express an unqualified opinion on financial statements,
- to create the most cost-efficient evidence mix
- to minimize audit documentation. (Minimizing audit documentation will be discussed in a future article.) Accomplishing this end only occurs when auditors carefully consider and evaluate the facts and circumstances of each audit engagement. The filter is our professional judgment and professional skepticism.
AU-C Section 500, Audit Evidence, describes the sufficiency and appropriateness of audit evidence in the following paragraphs:
.A4 Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor's assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required). However, obtaining more audit evidence may not compensate for its poor quality.
.A5 Appropriateness is the measure of the quality of audit evidence (that is, its relevance and reliability in providing support for the conclusions on which the auditor's opinion is based). The reliability of evidence is influenced by its source and nature and is dependent on the individual circumstances under which it is obtained.
Obviously, these considerations require the application of an auditor’s professional skepticism and professional judgment.
AU-C Section 200, Principles and Objectives of Audits, discusses the concepts of professional skepticism and professional judgment in the application material.
Professional skepticism includes being alert for contradictory audit evidence, information that brings doubt as to the reliability of documents and managements’ responses to inquiries, and errors or fraud that indicate the need for additional substantive procedures.
Professional judgment is necessary on every engagement when considering audit risk and materiality, the nature, extent and timing of audit procedures, evaluating the appropriateness and reasonableness of financial statement assertions and the applicable financial reporting framework. Professional judgment is defined as the application of training, knowledge and experience, and knowledge of professional standards, in decision-making about actions necessary in any accounting or auditing engagement.
Some of us with gray hair like mine may remember the times when we could collect as much evidence as necessary to reach the “warm-glow” level, i.e., when our cheeks were flush and pink. Balance-sheet auditors some of us were called. Amazingly, we often got paid for all our time! \
Then, competitive bidding ended our “gravy train.” Unfortunately, some of us never broke out of this tradition of collecting the maximum evidence possible on every audit. We just accepted not eating one night a week due to budget overruns and uncollectible fees!
Then along came “risk-based auditing.” We stuck our heads in the sand as long as we could but in the 1980s the concepts began to creep into auditing standards. From there we saw risk-based auditing firmly implanted in the risk assessment standards of 2006, then redrafted in the Clarified Auditing Standards of 2012.
So, we did what we had to do; we applied the requirements of the standards. Despite the increase in planning time charges, the profitability of some audits actually increased. Most of these, however, were not smaller audits. Smaller entities typically have fewer accounting personnel and only informal internal controls.
Risk of material misstatement, as tradition taught us, is always high. Therefore, yesteryear’s evidence collection methods seemed our only solution. So, we comply with all the standards’ requirements but revert to eating budget overruns and uncollectible fees one night a week!
The first step in applying professional judgment and professional skepticism is to leave the past behind, sort of. The auditor’s thinking about quality cannot be trapped in yesterday’s ways.
We don’t want to throw out the baby with the bathwater either. While thinking about high-quality and efficiency may lead to using some technological methods, achieving a good audit is based on our professional judgment and professional skepticism, first and foremost.
Considering a Hypothetical Small Audit
In my 80-plus webinars each year on www.cpecredit.com, I often present parts or all of an audit case study for a hypothetical small reporting entity, the Always Best Corporation. After I share a few facts about the entity, I’ll describe some typical ways auditors can use their professional judgment and professional skepticism on small audits to overcome tradition and achieve high-quality and maximize efficiency without the high costs of new technology.
Some facts about the entity, their reporting and internal control system:
- Always Best Corporation (ABC) is a small manufacturer of pre-cast concrete products that has been a client of another CPA firm for many years. Considering the “risk assessment” standards issued in 2012 by the Auditing Standards Board of the AICPA, the predecessor CPA firm decided to terminate its audit practice. The predecessor now performs monthly and year end accounting and internal control services for ABC.
- Office employees consist of a plan manager, a bookkeeper (his wife) and a clerk (his daughter).
- An offsite owner and the predecessor CPA diligently perform monthly key controls affecting all transaction cycles.
Obviously, the small office staff, and the fact they are all related triggers a high level of potential risk of material misstatement, as well as the need for increased professional skepticism from the auditor.
Professional Judgment that Breaks the Back of Tradition
Key controls at the entity or management level, we find in AU-C Section 315, Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement, can offset significant deficiencies and material weaknesses, even for smaller reporting entities. Here are some considerations about this hypothetical case requiring professional judgment that may be applied to many small audits. It may even enable is to abandon some of our traditional auditing approaches:
If the offsite owner and/or the consulting CPA are diligently performing their designed key internal control activities, control risk will likely be less than high or maybe even moderate in some of the transaction cycles and resulting financial statement classifications. Any assessed level of control risk less than high can result in reductions in tests of balances procedures and significant time savings.
Reading or scanning the general ledger account activity for this entity will either indicate the internal control activities are being performed or that they are not. For example, when requesting supporting documents for unusual transactions the auditor would expect to receive all the required documentation and be able to determine the transactions are recorded properly. If documents cannot be located, or if they are recorded improperly, this could indicate the key controls by the offsite owner and consulting CPA are not operating effectively.
Once the auditor has completed these and other risk assessment procedures, a cost-beneficial auditing strategy can be formulated, and the tests of balances audit programs can be tailored for the engagement’s risk circumstances.
The risk assessment procedures for smaller audits usually take a minimal amount of time and often result in reductions in more costly tests of balances procedures. Discovering that control risk is less than high, even for only a few financial statement classifications, can enable the auditor to achieve high quality while, at the same time, substantially increasing profitability on smaller audits. The best part: all this is possible without the high costs of new technology!