Audit – explained in 5 steps

Audit – explained in 5 steps

For a financial statement audit the overall objective is to gather enough audit evidence to be able to issue an opinion, on management assertions.


Phases of the work


Management Assertions

One way to describe these are through the below six items,

PCAOB/ASB Key Question Procedures
Completeness All transactions recorded? In the right period? Inspection, tracing/vouching
Existence Assets really exist? Transactions really occurred? Inspection
Accuracy Transactions recorded accurately? Inspection
Valuation Accounts valued correctly? Re-performance
Rights & obligations Really owner the assets? Confirmation
Presentation & disclosure All transactions recorded in the proper accounts? Understandable? Last year? Analytical procedures. Inquiry.



Audit Risk

  • Audit risk refers to the risk that an auditor may issue an unqualified report (no issues) due to the auditor’s failure to detect material misstatement either due to error or fraud (RoMM).
  • Related components are Inherent risk (IR), Control risk (CR) and Detection risk (DR).
  • IR refers to the risk involved in the nature of business or transaction. Example, transactions involving exchange of cash may have higher IR than transactions involving settlement by cheques.
  • CR refers to the risk that a misstatement could occur but may not be detected or prevented by the entity’s internal control mechanism.
  • DR is the probability that the audit procedures may fail to detect existence of a material error or fraud.

High reliance means low control risk, which would allow a higher detection risk, leading to less substantive testing. And… vice versa.


Test of Controls or Substantive Testing?

Test of controls
This means testing the clients procedures. For instance, a fundamental element of internal control is the segregation of certain key duties. No employee should be in a position both to perpetrate and conceal errors or fraud in the normal course of their duties. In general, the duties to be segregated are:
– Custody of assets.
– Authorisation or approval of related transactions affecting those assets.
– Recording or reporting of related transactions.

Traditional systems of internal control rely on assigning certain responsibilities to different individuals or segregating incompatible functions.

Substantive testing
This includes:
Test of details (inquiry, inspection, confirmation, observation, recalculation, re-performance)
Analytical procedures (ratio analysis, analysis of change)


The Final Results – The Audit Evidence

The audit evidence needs to be sufficient and appropriate for the opinion issued… relating both the quality and quantity of evidence.

Quality is evaluated at four levels (with highest first)

  • Auditor prepared
  • Prepared outside the entity
  • Outside/Inside
  • Prepared by the entity

Two take away points:
– More quality means less quantity, all things equal!
– If it’s not documented it is not done!

Please find below an illustration of the audit process:Audit Process Map


Further Reading


Leave a Reply

Close Menu