For a financial statement audit the overall objective is to gather enough audit evidence to be able to issue an opinion, on management assertions.
Phases of the work
One way to describe these are through the below six items,
|Completeness||All transactions recorded? In the right period?||Inspection, tracing/vouching|
|Existence||Assets really exist? Transactions really occurred?||Inspection|
|Accuracy||Transactions recorded accurately?||Inspection|
|Valuation||Accounts valued correctly?||Re-performance|
|Rights & obligations||Really owner the assets?||Confirmation|
|Presentation & disclosure||All transactions recorded in the proper accounts? Understandable? Last year?||Analytical procedures. Inquiry.|
- Audit risk refers to the risk that an auditor may issue an unqualified report (no issues) due to the auditor’s failure to detect material misstatement either due to error or fraud (RoMM).
- Related components are Inherent risk (IR), Control risk (CR) and Detection risk (DR).
- IR refers to the risk involved in the nature of business or transaction. Example, transactions involving exchange of cash may have higher IR than transactions involving settlement by cheques.
- CR refers to the risk that a misstatement could occur but may not be detected or prevented by the entity’s internal control mechanism.
- DR is the probability that the audit procedures may fail to detect existence of a material error or fraud.
High reliance means low control risk, which would allow a higher detection risk, leading to less substantive testing. And… vice versa.
Test of Controls or Substantive Testing?
Test of controls
This means testing the clients procedures. For instance, a fundamental element of internal control is the segregation of certain key duties. No employee should be in a position both to perpetrate and conceal errors or fraud in the normal course of their duties. In general, the duties to be segregated are:
– Custody of assets.
– Authorisation or approval of related transactions affecting those assets.
– Recording or reporting of related transactions.
Traditional systems of internal control rely on assigning certain responsibilities to different individuals or segregating incompatible functions.
Test of details (inquiry, inspection, confirmation, observation, recalculation, re-performance)
Analytical procedures (ratio analysis, analysis of change)
The Final Results – The Audit Evidence
The audit evidence needs to be sufficient and appropriate for the opinion issued… relating both the quality and quantity of evidence.
Quality is evaluated at four levels (with highest first)
- Auditor prepared
- Prepared outside the entity
- Prepared by the entity
Two take away points:
– More quality means less quantity, all things equal!
– If it’s not documented it is not done!
Please find below an illustration of the audit process: