For decades, auditors have faced the competing pressures of enhancing audit effectiveness while performing audits more efficiently. By investing more time—and the right procedures—in the planning phase of an audit, both can be achieved, according to Patricia Bottomly, CPA, national assurance partner at BDO USA LLP in Los Angeles.
Bottomly presented a session on improving audit planning effectiveness and efficiency at the AICPA ENGAGE Conference on Monday in Las Vegas. During an interview before the conference, she said that the key is using the required risk assessment procedures and internal control considerations to develop audit procedures that provide the biggest bang for the buck.
Begin with the end in mind
As Stephen R. Covey writes in The 7 Habits of Highly Effective People, beginning with the end in mind means “to start with a clear understanding of your destination.”
For audits, the destination is AU-C Section 200.06: “GAAS require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error.” Reasonable assurance is achieved when the auditor has obtained sufficient evidence to reduce the risk of an inappropriate opinion to an acceptably low level.
Bottomly said she has seen too many auditors rush through the planning stage and dive straight into the execution phase in an effort to increase efficiency. These auditors may be assuming they already know where the risks are.
However, she finds that by keeping the end firmly in mind, the planning stage provides an opportunity to maximize both efficiency and effectiveness for the entire audit.
Understanding the entity
Auditors are required to obtain an understanding of the entity, but the auditor doesn’t need to understand everything about the entity. Rather, Bottomly explained, the auditor should focus on obtaining the information that will help in designing audit procedures and in identifying areas of risk.
Extra time and effort applied upfront translates to efficiency and effectiveness for the audit as a whole. For example, when planning the audit of a manufacturer, it’s essential to develop an understanding of the company’s manufacturing process, the flow of transactions, and any related controls before determining the sampling or testing procedures. Without that understanding, the planned sampling and testing methodology may be impractical or may not provide the desired results.
Auditors also need to be aware of the potential for hidden or undetected risks. An example of a hidden risk is a complex derivative attached to a loan agreement that the auditor is unaware of until the loan agreement is read for the first time during fieldwork. Knowing about the derivative during the planning stage allows for appropriate staffing on the engagement team and including the appropriate procedures in the audit plan.
Assessment of control activities
“We really want to make sure that during the planning phase we identify and focus on those control activities that are relevant to our audit,” Bottomly said. Identifying the relevant controls requires a deep understanding of the company and its operations.
When determining which control activities are relevant, the auditor also needs to remain focused on the end goal of the audit—namely, obtaining reasonable assurance that the financial statements are free from material misstatement.
Returning to the example of a manufacturer, Bottomly explained that auditing the inventory requires understanding the company’s process for allocating and tracking labor and overhead. “Even if that area were not a significant risk or there were no fraud risks, and we don’t plan on relying on controls, we may still determine that those controls are relevant to our audit because we need to fully understand the process and the controls over that process in order to design our audit procedures.”
Avoid easy traps
Bottomly also cautioned against the checklist approach—that is, performing procedures just because they are on a checklist. Every step in the entire audit—including the planning phase—needs to have the end in mind. “I would definitely not recommend people spend more time in planning just to spend more time, but to make sure they spend the right amount of time performing the right procedures,” she said.
Likewise, repeating the procedures used in the previous year can also be a trap. Before repeating those procedures, the auditor should consider whether there were any changes at the company that could affect their effectiveness. Another important consideration is whether the procedure provided useful information in an efficient and effective manner in the previous year.
“I think sometimes work is just carried over from year to year until at some point someone says, ‘Why are we doing this procedure?’ If you don’t have a good answer for that, you probably either don’t need to do that procedure, or you’re doing the wrong procedure,” Bottomly said.
The importance of planning
“No one thinks that planning is unimportant, but they may think they already know where the risks are or which procedures they need to perform,” Bottomly said.
By focusing on risk assessment procedures and the internal control considerations during the planning phase, auditors can tailor their audit approach and save time on the overall audit without impacting audit quality.
—Liz Farr, CPA, is a freelance writer based in Los Lunas, N.M. To comment on this article or to suggest an idea for another article, contact Ken Tysiac, editorial director, at Kenneth.Tysiac@aicpa-cima.com or 919-402-2112.