The approach adopted by an audit firm to a specified audit assignment will be a key factor in determining the outcome of the audit. If auditors fail to adopt the correct audit approach then the likelihood of audit failure increases, failure which could lead to a damaged reputation and potentially costly litigation against the firm. This article is the first of a series on risk‑based auditing and audit evidence. AUDIT APPROACHES Essentially there are four different audit approaches: the substantive procedures approach the balance sheet approach the systems-based approach the risk-based approach. The substantive procedures approach This is also referred to as the vouching approach or the direct verification approach. In this approach, audit resources are targeted on testing large volumes of transactions and account balances without any particular focus on specified areas of the financial statements. The balance sheet approach In this approach, substantive procedures are focused on balance sheet (statement of financial position) accounts, with only very limited procedures being carried out on income statement/profit and loss account items. The justification for this approach is the notion that 42 student accountant February 2008
a risk-based approach to auditing financial statements
relevant to CAT Paper 8 (UK) and (INT) and ACCA Qualification Papers F8 and P7 (UK) and (INT)
if the relevant management assertions for all balance sheet (statement of financial position) accounts are tested and verified, then the profit/loss figure reported for the accounting period will not be materially misstated. The systems‑based approach This approach requires auditors to assess the effectiveness of the internal controls of an entity, and then to direct substantive procedures primarily to those areas where it is considered that systems objectives will not be met. Reduced testing is carried out in those areas where it is considered systems objectives will be met. The risk‑based approach In this approach, audit resources are directed towards those areas of the financial statements that may contain misstatements (either by error or omission) as a consequence of the risks faced by the business. ADOPTING A RISK‑BASED APPROACH Given the nature of the audit process, every audit assignment presents a different challenge to an audit firm, with no two audit assignments being the same. For example, no two entities are the same in terms of business sector, location, size, employees, governance issues, ethos, and complexity of operations. There is no one single approach to auditing which ensures the performance of a perfect audit. However, it is generally
accepted that for most entities of size, the risk-based audit approach will minimise the possibility of audit objectives not being met. Consequently ISA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment (Redrafted)1, compels auditors to adopt a risk-based approach to audits. In so doing, it requires auditors to make risk assessments of material misstatements at the financial statement and assertion levels, based on an appropriate understanding of the entity and its environment, including internal controls. Students should be familiar with assertions made by management, as described in ISA 500, Audit Evidence2, and these will be covered in a separate article. As the auditor is required to focus on the entity and its environment when making risk assessments, this is known as the ‘top down’ approach to identifying risks, and students should become familiar with this term. The word ‘top’ refers to the day-to-day operations of the entity and the environment in which it operates; ‘down’ refers to the financial statements of the entity. In summary, this approach requires auditors to identify the key day-to-day risks faced by a business, to consider the impact these risks could have on the financial statements, and...
Please join StudyMode to read the full document