Each Audit Client Is Unique in Some Regards
Are You Treating Your Audit Approach Accordingly?
There’s a common mistake we at Collemi Consulting see many auditors make time and time again: not appropriately tailoring their audit programs to address each client’s unique situation. Most auditors use purchased programs from independent third-party service providers, or take a cookie-cutter approach to audits. With each client, there are esoteric issues that need to be considered. In addition, each client has unique management and internal controls and financial reporting systems. Using canned audit approaches that are not a response to risk can lead to deficiencies in risk assessment and audit procedures.
In reality, the key to efficient and effective auditing is selecting procedures for each high-risk account and their relevant assertions that respond to its respective risks. Simply put, we should be spending more time auditing higher-risk accounts and less time in responding to the lower-risk accounts.
With that in mind, here are some best practices for tailoring your audit program:
The audit programs for general procedures cover the general steps performed in any audit. Tailoring generally involves removing or adding procedures to fit the specific circumstances of the engagement such as group audits using the work of a specialist, use of a service organization, environmental remediation liabilities, related party transactions.
When tailoring individual financial statement account areas, it’s important to note that the audit programs for individual financial statement account areas are designed to correspond with the engagement team's risk assessments and decisions about the audit approach at the assertion level, as documented on the risk assessment form. On that form, the team documents significant audit areas, the risk of material misstatement affecting relevant assertions for account balances, transaction classes, or disclosures included in each audit area (including fraud risks or other significant risks), the assessment of those risks at the assertion level, the planned audit approach that is appropriately tailored to respond to the assessed level of risk, and the linkage of the assessed risks to the audit procedures that respond to those risks.
When teams determine an account to have either a fraud risk or a significant risk, the engagement team must determine which extended procedures are needed and select procedures that are most appropriate to respond to the risk assessment. Other considerations include:
- In selecting appropriate procedures and to show linkage between the assessed risk and the further audit procedures performed to respond to the risk, each procedure on the audit program indicates the assertions that are primarily and secondarily addressed by that procedure.
- When selecting extended procedures, the goal is to find the appropriate mix of analytical procedures and tests of details to respond to the risk of material misstatement.
When tailoring your audit program, keep in mind that AU-C 330B.30 requires the engagement team to document the following related to preparing the detailed audit plan:
- Overall responses to the assessed risks of material misstatement at the financial statement level.
- Nature, timing, and extent of further audit procedures performed.
- Linkage of the procedures performed with the assessed risks at the relevant assertion level.
- Results of the audit procedures performed, including conclusions that are not otherwise clear.
- A description of the nature and extent of planned risk assessment procedures sufficient to assess the risks of material misstatement.
- A description of the nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material class of transactions, account balance, and disclosure.
- A description of other audit procedures planned to be carried out for the engagement in order to comply with generally accepted auditing standards (for example, seeking direct communication with the client's attorneys).
- Planning continues throughout the audit, and performance of risk assessment or other procedures may cause a change in planned further audit procedures.
- AU-C 300B.10 notes that the auditor should document changes to the original audit plan.
The bottom line: Every business is unique. Putting together an effective audit program requires CPAs to narrow the audit-related aspects of the client's business down to a relatively fine level so that they can explain to the audit team precisely what they are expected to do. This requires that the planning process be something more than a formality, and that the auditor truly understands the uniqueness of the client's business, the management team and related accounting system and internal controls. As an auditor, you need to continually ask yourself early in the planning stage of an engagement if you have addressed your client’s unique issues. Doing so will ensure that you’ve properly tailored the engagement — and are using your time wisely.
Collemi Consulting leverages more than two decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We work with CPA firm leadership to tailor their audit programs and checklists to maximize efficiency and minimize risk. To schedule an appointment, contact us at (732) 792-6101.
