16 Steps for Conducting an Audit By Leita Hart-Fanta, CPA



Similar documents
Risk Assessment Standards

Questions from GAQC Conference Call The Impact of SAS 112 on Governmental Financial Statement Audits January 4, 2007

Audit Evidence and Documentation AN AUDIT: SUMMARY CHAPTER PCAOB ONE-UP S THE AICPA MANAGEMENT S ASSERTIONS

New Audit Standards: How Will They Impact the Audit

Chapter 8--Materiality, Risk and Preliminary Audit Strategies

Writing Thesis Defense Papers

Risk Management Advisory Services, LLC Capital markets audit and control

WRITING EFFECTIVE REPORTS AND ESSAYS

Audit Readiness Lessons Learned

Ian Shuman, CPA Trevor Williams, CPA. Center for Nonprofit Advancement

HOW TO GET THE MOST OUT OF YOUR ACCOUNTANT

Session 7 Fractions and Decimals

Chapter 5. Planning the Audit Engagement

Where are all the candidates at?

BBC Learning English Talk about English Business Language To Go Part 1 - Interviews

Making the business case for C4RISK databasebased Operational Risk Management software

The 5 P s in Problem Solving *prob lem: a source of perplexity, distress, or vexation. *solve: to find a solution, explanation, or answer for

Taking Payments Online Do You Care About Your Customers?


TOGAF 9 Level Exam Study Guide

Risks (Audit Risk Formula)

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S

McKinsey Problem Solving Test Top Tips

How to answer the most common interview questions

SSARS 19. Objectives and Limitations of Compilation and Review Engagements. Hierarchy of Compilation and Review Standards and Guidance

Internal Controls over Financial Reporting. Integrating in Business Processes & Key Lessons learned

How to Survive an FDA Computer Validation Audit

Guide to Public Company Auditing

Lauren Sundararajan, CFE, Internal Audit Manager

Accounting 408 Test 3a Section Row

Finding Rates and the Geometric Mean

OBSERVATIONS FROM 2010 INSPECTIONS OF DOMESTIC ANNUALLY INSPECTED FIRMS REGARDING DEFICIENCIES IN AUDITS OF INTERNAL CONTROL OVER FINANCIAL REPORTING

Accommodated Lesson Plan on Solving Systems of Equations by Elimination for Diego

INTERVIEW QUESTIONS AND ASSIGNMENT EXAMPLES

Management s Discussion and Analysis

MOST FREQUENTLY ASKED INTERVIEW QUESTIONS. 1. Why don t you tell me about yourself? 2. Why should I hire you?

INTERNATIONAL STANDARD ON AUDITING 320 MATERIALITY IN PLANNING AND PERFORMINGAN AUDIT CONTENTS

0.8 Rational Expressions and Equations

Persuasive. How to Write Persuasive. Social Media Proposals

The Concept of Present Value

Preparing and Revising for your GCSE Exams

Cleaning Up Your Outlook Mailbox and Keeping It That Way ;-) Mailbox Cleanup. Quicklinks >>

COSO s 2013 Internal Control Framework in Depth: Implementing the Enhanced Guidance for Internal Control over External Financial Reporting

SPIN Selling SITUATION PROBLEM IMPLICATION NEED-PAYOFF By Neil Rackham

Bullying 101: Guide for Middle and High School Students

Audit Risk and Materiality in Conducting an Audit

Risikobaseret tilgang til revision

What qualities are employers looking for in teen workers? How can you prove your own skills?

Managing your MrSite account

Fundamental Principles of Financial Auditing

III. Best Practices/Resources

Tom wants to find two real numbers, a and b, that have a sum of 10 and have a product of 10. He makes this table.

Math 4310 Handout - Quotient Vector Spaces

Stock-picking strategies

Multiple Auditing Standards and Standard Setting: Implications for Practice and Education

1.7 Graphs of Functions

Mindset: The New Psychology of Success Carol S. Dweck, Ph.D.

CPCAF Comfort Letter Procedures. Copyright 2005 by the American Institute of Certified Public Accountants, Inc., New York, New York.

Practical Jealousy Management

Planning an Audit 255

Keyword Research: Exactly what cash buyers, motivated sellers, and private lenders are looking for online. (and how to get in front of them)

Materiality and Risk. Chapter Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 9-1

Seven Things You Must Know Before Hiring a Tax Preparer

Goal Setting. Your role as the coach is to develop and maintain an effective coaching plan with the client. You are there to

Qualitative Interview Design: A Practical Guide for Novice Investigators

[300] Accounting and internal control systems and audit risk assessments

Agreed-Upon Procedures Engagements

Math: Study Skills, Note Taking Skills, And Test Taking Strategies

How to Negotiate During a Sales and Use Tax Audit. Tim Howe, CPA, Senior Manager Smith & Howard

2012 AICPA Newly Released Questions Auditing

Five Business Uses for Snake Oil The #1 Selling Game

LEGAL SERVICES CORPORATION OFFICE OF INSPECTOR GENERAL FINAL REPORT ON SELECTED INTERNAL CONTROLS RHODE ISLAND LEGAL SERVICES, INC.

Simple Regression Theory II 2010 Samuel L. Baker

An Analysis of The Road Not Taken. The Road Not Taken is one of Robert Frost s most famous poems. The

Persuasive. How to Write Persuasive. Marketing Proposals

Quality Meets the CEO

The small increase in x is. and the corresponding increase in y is. Therefore

INTERNATIONAL STANDARD ON AUDITING 540 AUDITING ACCOUNTING ESTIMATES, INCLUDING FAIR VALUE ACCOUNTING ESTIMATES, AND RELATED DISCLOSURES CONTENTS

Objective. Materials. TI-73 Calculator

How to Write a Term Paper Proposal

An Examination of an Entity s Internal Control Over Financial Reporting That Is Integrated With an Audit of Its Financial Statements

Seven business travel tips for PAs

What you should know about: Windows 7. What s changed? Why does it matter to me? Do I have to upgrade? Tim Wakeling

Difficult Tutoring Situations

Imperial County. Office of the Auditor-Controller. Internal Audit Standard Practice Manual

WEB ANALYTICS Where to Begin

Transcription:

16 Steps for Conducting an Audit By Leita Hart-Fanta, CPA This month let s start looking at the steps of conducting an audit. I have discussed some of these steps in more detail in previous newsletters. I ll refer you back to those old newsletters as they are applicable. Most traditional auditors think of an audit in three phases planning, fieldwork, and reporting. I have broken those steps down a little bit more. Steps 1-8 below are the planning steps. Loosely steps 9-12 are fieldwork and steps 13-16 are reporting. You can successfully argue that planning, fieldwork, and reporting all blend together and each is an iterative process. But play along with me here! Here are the steps to conducting an audit: 1. receive vague audit assignment 2. gather information about audit subject 3. determine audit criteria 4. perform a risk assessment 5. refine audit objective and sub-objectives 6. choose methodologies 7. budget each methodology 8. formalize the audit plan 9. formalize the audit program 10.perform audit steps 11.document results in the working papers 12. review working papers 13. write findings 14. confer on findings with client 15. conclude 16. finalize report Let s talk about each step in turn: 1. Receive vague audit assignment Some auditors have it easier than others. Financial auditors have it easier than many auditors because at least the whole universe isn t under examination only the financial statements of the entire universe! An initial vague audit assignment for a financial audit might sound like Express an opinion on the financial statements of the entity.

And you could argue that compliance auditors have it pretty easy. But sometimes the compliance requirements are lengthy, vague, and require a lot of interpretation. This makes a compliance auditor s job tough. An initial vague audit assignment for a compliance audit may sound something like, Determine if the entity is in compliance with state regulations and laws. But the hardest audit type of all is a performance audit. The initial vague assignment may not have any criteria built in. The auditor will have to work very hard to hone the objective before they can begin fieldwork. An initial vague audit assignment for a performance audit may sound like, Audit the effectiveness of the foster care program. EW. Scary. There is a lot of room for judgment and play in each audit objective. Which financial balances are going to earn your attention? Not every item of expense or revenue deserves your precious audit hours. Which compliance requirement? Which aspect of the foster care program? But before you can decide which areas deserve attention, you have to learn a bit more about their operations and systems and that is the bailiwick of step #2. 2. Gather information about the audit subject The new risk assessment SASs SAS 104-SAS 111 and the Yellow Book are quite specific about this phase. They include a laundry list of all the questions you should seek to answer about audit subjects before you can conduct a meaningful risk assessment. SAS 109 requires that auditors gain an understanding of the following 5 areas: 1. Industry, regulatory, and other external factors 2. Nature of the entity 3. Objectives and strategies 4. Measurement and review of financial performance 5. Internal controls The Yellow Book (Generally Accepted Government Auditing Standards) for performance audits require that you gain an understanding of and I quote:

7.11 Auditors should assess audit risk and significance within the context of the audit objectives by gaining an understanding of the following: a. the nature and profile of the programs and the needs of potential users of the audit report (see paragraphs 7.13 through 7.15); b. internal control as it relates to the specific objectives and scope of the audit (see paragraphs 7.16 through 7.22); c. information systems controls for purposes of assessing audit risk and planning the audit within the context of the audit objectives (see paragraphs 7.23 through 7.27); d. legal and regulatory requirements, contract provisions or grant agreements, potential fraud, or abuse that are significant within the context of the audit objectives (see paragraphs 7.28 through 7.35); and e. the results of previous audits and attestation engagements that directly relate to the current audit objectives (see paragraph 7.36). This is actually a very risky part of the audit for an auditor because you can spend a heck of a lot of time here. This is sort of like the research phase for a PhD dissertation. We have all met someone who is close to getting their PhD, but can t because they are still researching the topic! Many marriages have fallen apart during the research phase and many audits drag on and on. I think this is one of the historic motivations behind auditors using SALY (Same as Last Year) procedures. With SALY there is no research phase and no danger of sucking up precious audit hours in planning. (SALY, however, wastes precious time in the fieldwork phase because you end up doing unnecessary procedures.) I recommend that you allow only 5% of your total budget be spent in this phase. And if after the 5% is expended the auditor still doesn t feel ready to do a risk assessment give them another 1% - and then another 1% - and keep going in increments - until they are comfortable up to a max of 10% of the audit budget. But the danger is still there that you can get lost in this phase. So be careful. And after this phase is over many auditors have the tendency to feel a bit overwhelmed. They have so much info to work with now what? But have no fear step #4 (risk assessment) takes the chaos that you feel the disorder and disorientation you feel when you have too much information and concretizes it. The risk assessment phase is a

structure that you can use to discard irrelevant information and highlight significant risks and areas of concern. 3. Determine audit criteria During your information-gathering phase, you usually run across audit criteria. It may very well have been defined at when you took on the assignment. What is an audit criteria? It is the benchmark against which you evaluate the audit subject. A criteria for a financial audit is very straightforward it is GAAP (generally accepted accounting principles). We are to express an opinion on whether the financial statements comply with the criteria the benchmark or GAAP. Now, if we were going to assess whether the foster care program is effective that is another matter. What defines effective? Is it that 90% of the foster children are safe? Is that the criteria you are going to measure the subject against? What defines safe? How are we sure that foster care children are safe? This opens up a whole can of worms. And it is VERY important that you come to agreement with the client of the definition of effective before you proceed with your audit. Otherwise you will get to the end of your engagement and report, You have failed because only 72% of your children are safe. And they say something like, No, we define safety differently than you do and from our calculations, 97% of our children are safe. Your whole audit was a bust. (Extreme example, I know.) An audit without firm criteria is also known as a witch-hunt! So, financial auditors don t know how good they have it. Financial auditors agree with the client right up front about what they are intending to evaluate them against GAAP. (The client may not understand GAAP but that is an issue for another newsletter.) 4. Perform a risk assessment There are two steps to conducting a risk assessment: 1. break the universe into bite-sized chunks 2. assess the risk of each chunk

Now what is G.R.E.A.T. about the risk assessment SASs is that they divide financial statement universe up into bite sized chunks for you the chunks are the elements of the financial statements and the related management assertions. Other standard setting bodies such as the GAO (Yellow Book) and the Institute of Internal Auditors - don t give us much help. We are left to our own devices. And believe me some auditors are more than qualified to create some wacky devices! Every internal audit manager I talk to seems to have created or adopted a unique model for assessing risk. If you d like to see what others are doing see the RESOURCES page at AuditSkills.com. If you d like to share yours BRING IT ON! I ll put it up on the website. So on a performance audit or a compliance audit you must come up with your own way to divide the universe into bite-sized pieces. This can be one of the more challenging phases of the audit. Simple example: on a compliance engagement, the chunks of the audit universe might be the 30 compliance requirements for the grant. (In the next step of the risk assessment, we ll decide which 3 of the 30 chunks deserve our attention because we can t audit all 30!) After the Enron debacle, all of the standard setting bodies have been pushing auditors to document their thought process regarding risk assessment. You must justify why you chose to spend time in certain areas. And step #1 of a risk assessment is to define the areas! Once you divide the universe up into chunks now you assess risk on each chunk. If you want to get technical about risk assessment recall the risk assessment formula AR = DR x IR x CR What are all these acronyms? AR = Audit Risk DR = Detection Risk IR = Inherent Risk CR = Control Risk Audit risk is the risk that you will miss the boat as an auditor. It is the risk that a material misstatement will go undetected and that the

financial statements will be inaccurate and unfairly stated. It is the risk that your opinion on the financial statements is no good! The formula is a bit of funny algebra. Obviously it is not real algebra because it has no numbers in it. But just like in algebra to get one side of the equation lower something on the opposite side has to be low. So, in order to get one side lower - in order to reduce audit risk to a tolerable level you must either have a low detection risk, low inherent risk, or low control risk. By using risk assessment techniques, you ask whether the item is inherently risky. And if so you then ask if this risk is mitigated by controls. Now if inherent or control risk are high in order to get AR to an acceptably low level you must reduce DR. Detection risk is the only element of the formula that you as an auditor can control. The way you reduce detection risk the risk that you won t detect an error or misstatement is to audit the heck out of it! In the past, it was much easier to go on gut feel. The new AICPA risk assessment requirements still allow your gut or in some circles it is called your auditor judgment to play but you must, in essence, justify your gut and document your gut. This allows reviewers to see how you got from step 1 to step 8 (step 1. receive your vague audit assignment; step 8. create an audit program). This whole risk topic deserves more time and in future e-zines I ll make sure to dig into it deeper. You can also read all about it in my book Basic Audit Skills. But right now, on to step #5 5. Refine the objective Now, it is time to refine that vague audit assignment so that you can work with it. The audit universe has, up until this point, been too broad, too universal. Express an opinion on the financial statements? Verify compliance with grant requirements Those include an awful lot of information and detail that you are not going to be able to verify. But now that you know where the risks are, you can narrow your focus. For instance, for our financial statement audit you may decide that cash receipts deserve some attention. You might even state the objective in terms of the management assertions. For instance Are cash receipts complete?

What you will end up with is several sub-objectives under the general header of Are the financial statements presented in accordance with GAAP? Each of these sub-objectives becomes the subject of an audit program and dictates which methodologies you will use. For more on what makes a good objective, see the November 2003 newsletter at AuditSkills.com 6. Choose the methodologies Now that you know your objectives - what are you going to do to answer the questions that the objectives pose? What techniques are you going to pull out of your audit hat to verify that the cash receipts are complete? The methodologies must clearly be linked to each risk identified. And they must yield strong evidence. Another topic that deserves a lot more attention in future e-zines. Examples of methodologies include: Sampling Confirmations Interviews Fluctuation analysis Observations Walk-throughs For more on methodologies, see December 2004 and January 2005 newsletters at AuditSkills.com 7. Budget each methodology I highly recommend, before you set yourself or your audit team to work on any given methodology that you consider how long the methodology is going to take. Some methodologies sound really cool on paper but end up costing hours and hours of audit time. This is the time (pre-fieldwork) to figure out how much time you are going to invest in this area not when you are in the middle of an annoying confirmation procedure that has already taken you a week to get going.

Leita Hart-Fanta is a CPA and teaches audit skills courses. To find out more, see her website at www.auditskills.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information