April 28, 2023

Each Audit Client Is Unique in Some Regards

Are You Treating Your Audit Approach Accordingly?

There’s a common mistake we at Collemi Consulting see many auditors make time and time again: not appropriately tailoring their audit programs to address each client’s unique situation. Most auditors use purchased programs from independent third-party service providers, or take a cookie-cutter approach to audits. With each client, there are esoteric issues that need to be considered. In addition, each client has unique management and internal controls and financial reporting systems. Using canned audit approaches that are not a response to risk can lead to deficiencies in risk assessment and audit procedures.


In reality, the key to efficient and effective auditing is selecting procedures for each high-risk account and their relevant assertions that respond to its respective risks. Simply put, we should be spending more time auditing higher-risk accounts and less time in responding to the lower-risk accounts.

 

With that in mind, here are some best practices for tailoring your audit program:

 

The audit programs for general procedures cover the general steps performed in any audit. Tailoring generally involves removing or adding procedures to fit the specific circumstances of the engagement such as group audits using the work of a specialist, use of a service organization, environmental remediation liabilities, related party transactions.

 

When tailoring individual financial statement account areas, it’s important to note that the audit programs for individual financial statement account areas are designed to correspond with the engagement team's risk assessments and decisions about the audit approach at the assertion level, as documented on the risk assessment form. On that form, the team documents significant audit areas, the risk of material misstatement affecting relevant assertions for account balances, transaction classes, or disclosures included in each audit area (including fraud risks or other significant risks), the assessment of those risks at the assertion level, the planned audit approach that is appropriately tailored to respond to the assessed level of risk, and the linkage of the assessed risks to the audit procedures that respond to those risks.

 

When teams determine an account to have either a fraud risk or a significant risk, the engagement team must determine which extended procedures are needed and select procedures that are most appropriate to respond to the risk assessment. Other considerations include:

  • In selecting appropriate procedures and to show linkage between the assessed risk and the further audit procedures performed to respond to the risk, each procedure on the audit program indicates the assertions that are primarily and secondarily addressed by that procedure.
  • When selecting extended procedures, the goal is to find the appropriate mix of analytical procedures and tests of details to respond to the risk of material misstatement.

 

When tailoring your audit program, keep in mind that AU-C 330B.30 requires the engagement team to document the following related to preparing the detailed audit plan:

  • Overall responses to the assessed risks of material misstatement at the financial statement level.
  • Nature, timing, and extent of further audit procedures performed.
  • Linkage of the procedures performed with the assessed risks at the relevant assertion level.
  • Results of the audit procedures performed, including conclusions that are not otherwise clear.
  • A description of the nature and extent of planned risk assessment procedures sufficient to assess the risks of material misstatement.
  • A description of the nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material class of transactions, account balance, and disclosure.
  • A description of other audit procedures planned to be carried out for the engagement in order to comply with generally accepted auditing standards (for example, seeking direct communication with the client's attorneys).
  • Planning continues throughout the audit, and performance of risk assessment or other procedures may cause a change in planned further audit procedures.
  • AU-C 300B.10 notes that the auditor should document changes to the original audit plan.

 

The bottom line: Every business is unique. Putting together an effective audit program requires CPAs to narrow the audit-related aspects of the client's business down to a relatively fine level so that they can explain to the audit team precisely what they are expected to do. This requires that the planning process be something more than a formality, and that the auditor truly understands the uniqueness of the client's business, the management team and related accounting system and internal controls. As an auditor, you need to continually ask yourself early in the planning stage of an engagement if you have addressed your client’s unique issues. Doing so will ensure that you’ve properly tailored the engagement — and are using your time wisely.

 

Collemi Consulting leverages more than two decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We work with CPA firm leadership to tailor their audit programs and checklists to maximize efficiency and minimize risk. To schedule an appointment, contact us at (732) 792-6101.


Learn More
By Jennifer Ruf March 24, 2025
As audit season is in high gear, it’s important for auditors to step back and plan how they are going to audit a client’s books and records. What are the red flags you’re looking for when it comes time to throw open the books and look through a huge swath of journal entries to pluck out the ones that are questionable, and need to be questioned? First off, it’s important to understand how journal entries are created at the company being audited. For an auditor, that means looking at the internal control environment to understand how a journal entry is created: Who’s authorized to create one and who can create one. You have to understand the process. How does it start and how is the entry eventually recorded onto the financial reporting system? Once you know that, you can determine whether someone can come in and override the system, or if someone can pretend to be someone else and start recording journal entries onto the system. That will help you figure out what to look for to decide what entries to pull out and ask management to get back up information to support and validate those entries. Finding the needle The key here is not to just go through the mechanics, but to really go through the exercise so you can determine if management is playing games in the recording of those transactions. You have to be able to get comfortable with that, and that means you need to be able to document what you’re looking for. Because what the auditor is really doing is looking for a “needle in the haystack”, to identify the transactions that don’t look right, that don’t make sense in the ordinary course of business. For example, if the business is not open on weekends, are transactions being posted on a Saturday or Sunday, or even on holidays? If you see rounded numbers or accounts that are seldom used, those can be red flags as well. Sometimes it can be as simple as asking managers and others like accounting, data entry and IT personnel if they’ve observed any unusual accounting entries. Depending on the size of the company and scope of the work, you might need to use computerized audit software program — some of them with AI built in — that can scan the entries to identify anomalies. Red flags When an auditor is looking for evidence of management override of controls, they can look for some of these 12 red flags indicators: ● Top-side entries ● Entries made to unrelated, unusual or seldom-used accounts ● Entries made by individuals who typically don't make entries. ● Entries recorded at the end of the period ● Post-closing entries with no explanations ● Entries made before or during the preparation of financial statements with no account numbers ● Entries that contain rounded numbers or a consistent ending number ● Entries processed outside the normal course of business ● Accounts that contain transactions that are complex or unusual in nature ● Accounts that contain significant estimates and period-end adjustments ● Accounts that have been prone to errors in the past ● Accounts that contain intercompany transactions When testing non-standard journal entries and other adjustments, you should look for documentary evidence indicating that they were properly supported and approved by management. Finally, remember that while most fraudulent entries are made at the end of a reporting period, you shouldn't ignore the rest of the year  Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.
December 20, 2024
Are you prepared?
A woman's hands holding a microphone
December 9, 2024
Conquer your fear of public speaking and present like a pro
Man with hand by his ear straining to listen.
December 4, 2024
Boost your business by becoming adept at active listening.
More Posts
Share by: