EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

Ernst & Young Global Audit Methodology Overview

Introduction
The Ernst & Young Global Audit Methodology (EY GAM) provides a global framework for the
application of a consistent thought process to all audits. EY GAM is based on International
Standards on Auditing (ISAs)1 and is supplemented with local content developed by
individual member firms to comply with local auditing standards and regulatory or statutory
requirements of the countries in which they practice. EY GAM contemplates timely executive
involvement in the audit and allows the use of alternative strategies based on professional
judgment and engagement team input. EY GAM is a means to an end and not a set of rigid
instructions that should be followed without the use of professional judgment.

Objective of an audit
In conducting an audit of financial statements, our overall objectives are:
a) To obtain reasonable assurance about whether the financial statements as a whole are
free from material misstatement, whether due to fraud or error, thereby enabling us to
express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework; and
b) To report on the financial statements and communicate in accordance with our findings.

Premise underlying the conduct of an audit

Our audit is conducted on the premise that management, and where appropriate those
charged with governance, have acknowledged the following responsibilities that are
fundamental to the conduct of an audit:
(a) For the preparation of the financial statements in accordance with the applicable
financial reporting framework, including where relevant their fair presentation
(b) For such internal control as management and, where appropriate those charged with
governance, determine is necessary to enable the preparation of the financial
statements that are free from material misstatement, whether due to fraud or error
(c) To provide us with:
(i) Access to all information of which management and, where appropriate those
charged with governance, are aware that is relevant to the preparation of
financial statements such as records, documentation and other matters
(ii) Additional information that we may request from management and, where
appropriate those charged with governance, for the purpose of the audit
(iii) Unrestricted access to persons within the entity from whom we determine it
necessary to obtain audit evidence
Our audit of the financial statements does not relieve management and those charged with
governance of their responsibilities.
We achieve our audit objective by:
Complying with our policies and procedures
Obtaining sufficient appropriate audit evidence
Exercising professional skepticism
Applying professional judgment
Applying our risk based methodology
Preparing documentation

Printed 01 Dec 2014 Page 1 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

To assist us in achieving our overall objective we:

Understand the structure of EY GAM

Comply with our policies and procedures

The Ernst & Young Global policies on client acceptance and continuance, quality control,
communication and coordination among member firms, international reporting and
engagement agreements are included in the Ernst & Young Global Assurance Policy Manual
(GAPM). The Ernst & Young Global Independence Policy is designed to comply with the
elements of the IFAC Code of Ethics for Professional Accountants that deals with
independence, objectivity and integrity.
Compliance with EY GAM, the relevant policies in GAPM and the Ernst & Young Global
Independence Policy will result in compliance with the ISAs.
The Ernst & Young Global policies may also be supplemented with local content developed by
individual member firms to comply with the local auditing standards and regulatory or
statutory requirements of the countries in which they practice.

Obtain sufficient appropriate audit evidence

As the basis of our audit opinion, we obtain reasonable assurance about whether the financial
statements taken as a whole are free from material misstatement, whether due to fraud or
error. To do so we obtain sufficient appropriate audit evidence to reduce audit risk (the risk
that we may unknowingly fail to appropriately modify our opinion when the financial
statements are materially misstated) to an acceptably low level.2 Reasonable assurance is a
high level of assurance but not an absolute level of assurance because there are inherent
limitations of an audit. These limitations result from factors such as:
The use of sampling
The inherent limitations of internal control (for example, the possibility of
management override or collusion)
The fact that audit evidence is typically persuasive rather than conclusive.
The need for the audit to be conducted within a reasonable period of time and at a
reasonable cost
Audit evidence is information we use in arriving at the conclusions on which we base our
audit opinion. Audit evidence is cumulative in nature and is primarily obtained from audit
procedures performed throughout the audit. Audit evidence may include information obtained
from sources such as:
The entitys accounting records
Previous audits (assuming we have determined it is still relevant to the current
audit)
The firms quality control procedures for client acceptance and continuance
An expert employed or engaged by the entity
Industry and market data
Audit evidence comprises information that supports and corroborates managements
assertions and any information that contradicts such assertions. The absence of information
(for example, managements refusal to provide a requested representation) also constitutes
audit evidence.
The sufficiency and appropriateness of audit evidence are interrelated.
Sufficiency is the measure of the quantity of audit evidence. The quantity of audit
evidence required is affected by our combined risk assessment (CRA), (the higher
the CRA, the more audit evidence is likely to be required) and also by the quality of
audit evidence (the higher the quality, the less audit evidence may be required).

Printed 01 Dec 2014 Page 2 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

Obtaining more audit evidence, however, may not necessarily compensate for its
poor quality.
Appropriateness is the measure of the quality of audit evidence, that is, its
relevance and its reliability in providing support for the conclusions on which we
base our audit opinion. The reliability of evidence is influenced by its source and by
its nature, and is dependent on the individual circumstances under which the
evidence is obtained.
We obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low
level, and allow us to draw reasonable conclusions on which to base our audit opinion.
Determining whether we have obtained sufficient appropriate audit evidence is a matter of
professional judgment. Requirements and guidance are provided throughout EY GAM to assist
us in determining the sufficiency and appropriateness of audit evidence as we perform our
procedures.

Exercise professional skepticism

Professional skepticism is an attitude that includes a questioning mind, being alert to
conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of audit evidence. We plan and perform our audit with professional skepticism
recognizing that circumstances may exist that cause the financial statements to be materially
misstated.3 Maintaining professional skepticism throughout the audit is important to reduce
the risks of overlooking unusual circumstances, over generalizing when drawing conclusions
from audit observations and using inappropriate assumptions in determining the nature,
timing and extent of our audit procedures and evaluating the results thereof.

Apply professional judgment

We exercise professional judgment in planning and performing the audit.4 Professional
judgment is the application of relevant training, knowledge and experience, within the
context provided by auditing, accounting and ethical standards, in making informed decisions
about the course of action that is appropriate in the circumstance of the audit engagement.
The exercise of professional judgment is based on the facts and circumstances that are
known to us at the point in time up to the date of our opinion.
We do not use professional judgment as the justification for decisions that are not otherwise
supported by the facts and circumstances of the engagement or sufficient appropriate audit
evidence.
We document the significant professional judgments made in reaching conclusions on
significant accounting and auditing issues arising during the audit.

Apply our risk based methodology

EY GAM helps us to identify and assess risks of material misstatement, due to fraud or error,
based on our understanding of the entity and its environment, including the entitys internal
control, and respond to those risks.

Definition: Risk of material misstatement: The risk that the financial statements are
materially misstated prior to the performance of our audit procedures.

EY GAM uses the audit risk model as the basis for assessing risks of material misstatement
and responding to those risks.

Audit risk model

The audit risk model demonstrates the relationship between inherent risk and control risk and
the level of detection risk we are willing to accept when performing our audit procedures. The

Printed 01 Dec 2014 Page 3 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

objective of an audit is to limit audit risk to an acceptably low level (i.e., 5%). This level of
audit risk is generally accepted in the profession as an acceptable level of audit risk and
recognizes that we perform an audit to obtain reasonable, not absolute, assurance that the
financial statements as a whole are not materially misstated.
Inherent risk and control risk are the entitys risks and exist independently of our audit.
Inherent risk and control risk arise from many factors including, but not limited to, the nature
of the entitys business and the strategies that the entity undertakes, and can be increased or
reduced by managements attitude to risk. Some businesses and strategies are inherently
more (or less) risky than others and result in higher (or lower) risks that material
misstatements of the financial statements may occur.
Management can mitigate inherent risk by implementing effective internal control; however,
inherent risk cannot be totally eliminated due to the limitations of controls arising from the
realities that human judgment in decision-making can be faulty and that breakdowns in
internal control can occur because of human error.
Detection risk is directly influenced by the procedures we perform and judgments we make
throughout the audit process. EY GAM provides us with the framework by which we may
reduce detection risk to an acceptable level and our CRA is a crucial element of that
framework.
Risks of material misstatement at the financial statement level
Risks of material misstatement at the financial statement level refer to risks that relate
pervasively to the financial statements as a whole and potentially affect many assertions.
Risks of this nature are typically not associated with specific assertions. Rather, they
represent circumstances that may increase the risks of material misstatement across many
assertions, for example, through management override of internal control. When we identify
risks of material misstatement at the financial statement level we determine our overall
response to those risks, such as including professionals in the engagement team with
relevant knowledge and experience.
Risk of material misstatement at the assertion level
We assess risks of material misstatement at the assertion level to assist us in determining
the nature, timing and extent of any additional audit procedures at the assertion level that
are necessary to obtain sufficient appropriate audit evidence. We determine relevant
assertions at the significant account and disclosure level.
Risks of material misstatement at the assertion level consist of inherent risk and control risk.
Therefore, our combined risk assessments (CRA) represent our assessed risks of material
misstatement at the assertion level. The nature, timing and extent of our audit procedures
are a direct result of the combined risk assessments we make. Making the appropriate
combined risk assessments and then reflecting them in our audit strategy contributes
significantly to executing an effective and efficient audit. Refer to S08 Make combined risk
assessments for further requirements and guidance.

Risk assessment procedures

Risk assessment procedures are those procedures performed to obtain an understanding of
the entity and its environment, including the entitys internal control, to identify and assess
the risks of material misstatement, whether due to fraud or error, at the financial statement
and assertion levels and include:
Inquiries of management, of appropriate individuals within the internal audit
function (if the function exists), and of others within the entity
Analytical procedures
Observation and inspection5

Printed 01 Dec 2014 Page 4 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

Our risk assessment procedures provide a basis for designing and executing audit procedures
to respond to the assessed risks of material misstatement.
Risk assessment procedures by themselves, however, do not provide sufficient appropriate
audit evidence on which to base our audit opinion.6 In other words, we perform tests of
controls and substantive procedures in addition to risk assessment procedures to obtain
sufficient appropriate audit evidence to conclude whether the financial statements are
presented fairly, in all material respects.

Understanding the audit risk model

Professional standards and EY GAM require us to use our judgment in assessing risks of
material misstatement and in determining what tests of controls, if any, and substantive
procedures to perform to obtain sufficient appropriate audit evidence. This concept is referred
to in the standards as the audit risk model and forms the foundation of EY GAM.
The audit risk model allows us to take a variety of circumstances into account in selecting the
most effective and efficient audit approach to reduce audit risk to an acceptably low level. We
make judgments about the level of inherent risk related to an account balance or disclosure
and decide whether to rely or not to rely on internal controls. These judgments have a direct
effect on the nature, timing and extent of the substantive procedures we perform.

For example, if controls over sales and accounts receivable are effective and we intend to
rely on them, we are able to reduce the number of accounts receivable confirmation requests
that we send at an interim date. Conversely, if controls are not effective, we may send a
larger number of accounts receivable confirmations at period end as we perceive there is
greater risk of material misstatement because we have not obtained evidence about the
operating effectiveness of the controls.

The audit risk model is described as:

Where:
Definition: Audit risk: The risk that we express an inappropriate audit opinion, for example,
expressing an unmodified opinion when the financial statements are materially misstated.
Definition: Inherent risk: The susceptibility of an assertion about a class of transactions,
account balance or disclosure to a misstatement that could be material, either individually or
when aggregated with other misstatements, before consideration of any related controls.
Definition: Control risk: The risk that a misstatement, which could occur in an assertion
about a class of transactions, account balance or disclosure and that could be material, either
individually or when aggregated with other misstatements, will not be prevented, or detected
and corrected, on a timely basis by the entitys internal control.
Definition: Detection risk: The risk that the procedures we perform to reduce audit risk to
an acceptably low level will not detect a misstatement that exists and that could be material,
either individually or when aggregated with other misstatements.

Detection risk is the risk that a material misstatement would not be detected by our
substantive procedures. Our substantive procedures include Primary Substantive Procedures
(PSPs) and Other Substantive Procedures (OSPs) as appropriate. PSPs and OSPs comprise:
Substantive analytical procedures
Printed 01 Dec 2014 Page 5 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

Test of details, which may include testing of key items and/or representative
samples
For further discussion on substantive procedures refer to S11_Design substantive procedures.
In EY GAM, our CRA represents our judgment about the risk of material misstatement at the
assertion level for each significant account and disclosure as follows:

Thus, in EY GAM the audit risk model can also be stated as:

Although the audit risk model is expressed in mathematical terms (i.e., a multiplicative
model), the application of the audit risk model is highly judgmental.
Our objective in performing our tests of controls and substantive procedures is to limit audit
risk to an appropriately low level, thus enabling us to achieve reasonable assurance that the
financial statements are free from material misstatement.

Understanding detection risk

The audit risk model shows the connection between inherent risk, control risk and detection
risk. The importance of making a proper assessment of inherent risk and control risk is
highlighted by their effects on detection risk. The lower the confidence we have that a
material misstatement may not exist based on our combined risk assessment (i.e., from our
inherent risk assessment and control risk assessment), the greater the confidence we require

Printed 01 Dec 2014 Page 6 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

from our detection procedures, resulting in more substantive procedures we need to

perform to maintain audit risk at 5% (more includes the nature and timing of procedures as
well as their extent).

Prepare documentation
Our workpapers provide the principal support for our conclusions reached and evidences that
the planning and performance of our audit is consistent with professional standards, legal and
regulatory requirements and firm policies.
Audit documentation serves a number of additional purposes, including:
Assisting the engagement team to plan and perform the audit
Assisting members of the engagement team responsible for supervision of the audit
to direct and supervise the audit work and to fulfill their review responsibilities
Enabling the engagement team to be accountable for its work
Retaining a record of matters of significance to future audits
Enabling the conduct of quality control reviews and inspections by regulators

Our audit documentation is prepared on a timely basis.7 We use professional judgment to

determine the nature and extent of the documentation needed for each relevant assertion.
Our documentation contains sufficient information to enable an experienced auditor having
no previous connection with the engagement to understand:
The nature, timing, extent and results of the procedures performed
Evidence obtained and conclusions reached
Significant accounting and auditing issues identified during the audit and the
conclusions reached, including significant professional judgments made in reaching
those conclusions8
An experienced auditor is an individual who has practical audit experience and a reasonable
understanding of the audit processes, our policies and procedures, applicable local
professional standards and/or local legal and regulatory requirements, the business
environment in which the entity operates and auditing and reporting issues relevant to the
entitys industry.
In documenting our work and completing our procedures, we:
Document the specific items or matters tested in our audit procedures9
Document who performed the audit work and the date the work was completed10
Document who reviewed the audit work and the date and extent of such review11
Determine that all audit procedures have been completed and signed off.
Each objective within EY GAM contains the specific documentation requirements that are
required to be completed in order to demonstrate that we have complied with the
requirements of each EY GAM objective. Refer to C07 Complete documentation and archive
engagement for further requirements and guidance.

Understand the structure of EY GAM

The sections of EY GAM, including this overview, represent our comprehensive methodology
and consist of the following:
EY GAM Objectives
EY GAM Supplements
Enablers
Frequently asked questions (FAQs)

Printed 01 Dec 2014 Page 7 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

EY GAM, including the supplements, is relevant for us to obtain reasonable assurance from
the performance of the audit as a whole. The procedures included in the supplements are
mandatory if applicable in the circumstances of the engagement.

EY GAM objectives
EY GAM reflects the typical flow of the execution of an audit in four broad phases:
Planning and risk identification
We preliminarily establish the scope of the audit and meet with those charged with
governance and/or management to determine expectations and service
requirements. We obtain a broad understanding of the entity, including the nature
of the business and its environment and the risks that the entity faces. We
determine materiality and what accounts and disclosures are significant. We identify
risks of material misstatement due to fraud or error and relate these risks to the
financial statements as a whole and to relevant assertions for significant accounts
and disclosures.
Strategy and risk assessment
We determine our audit strategy and audit plan. From our understanding of the
significant classes of transactions, the financial statement close process (FSCP) and
IT General Controls (ITGCs) we make our combined risk assessments and
determine the nature, timing and extent of our tests of controls and substantive
procedures that we plan to perform to respond to the assessed risks. In addition,
we plan the general audit procedures.
Execution
We perform the tests of controls and substantive procedures we planned in the
strategy and risk assessment phase. We reassess our combined risk assessments
throughout the audit and determine whether changes are necessary to our audit
strategy in response to a change in our combined risk assessments.
Conclusion and reporting
We perform the procedures to complete our audit and communicate with those
charged with governance and/or management our significant findings and issues.
We assess whether we have obtained sufficient appropriate audit evidence to
provide us with reasonable assurance about whether the financial statements as a
whole are free from material misstatement, whether due to fraud or error.
The four phases of EY GAM and the objectives within each phase are illustrated in the GAM
Navigator below.

Printed 01 Dec 2014 Page 8 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

The objectives and procedures in EY GAM reflect the typical flow of an audits execution.
However, they are not necessarily performed in a linear manner. Certain objectives occur
concurrently with other objectives. In addition, throughout the audit we continually revisit
and revise our procedures within an objective as appropriate when we obtain new or updated
information.
Each objective of EY GAM includes an introduction, requirements which are outlined by a solid
line shaded box, explanatory guidance providing considerations on how to execute the
requirements and documentation requirements summarizing the minimum documentation
that is required for each objective. Some GAM objectives also contain, when applicable,
requirements for the partner in charge of the engagement and consultation requirements and
recurring engagement considerations. These sections are described below:
The introduction provides an explanation of the purpose and scope of the objective
and the procedures we perform in that objective.
The EY GAM requirements are the minimum we perform for each EY GAM objective.
Each EY GAM requirement is cross referenced to the appropriate ISA requirement.
When no cross reference is present, the EY GAM requirement represents a firms
policy or procedure that operationalizes the relevant ISA requirement, and/or
provides risk management or audit quality considerations as described above under
Comply with our policies and procedures.

Printed 01 Dec 2014 Page 9 of 10

EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview

The explanatory guidance provides considerations on how to execute a

requirement. Unless otherwise stated, these considerations are not intended to be
applied in all circumstances. Instead, they are reminders for potential facts or
circumstances that may assist us in determining the risks of material misstatement,
designing our tests of control or substantive procedures to respond to the assessed
risks of material misstatement and reaching our conclusions.
The examples included in the explanatory guidance provide context of how the
requirements may be applied. The examples are not requirements themselves
therefore it is expected that an engagement team, facing the same fact pattern as
an example, may determine a different approach or strategy.
Some EY GAM objectives include appendices which provide further guidance and examples
and/or describe detailed procedures that are applied when the circumstances in the appendix
exist.

EY GAM supplements
The EY GAM supplements deal with specific situations or circumstances. When a specific
situation or circumstance is present on an audit, the requirements and guidance included in
the supplement apply.

EY GAM enablers
The EY GAM enablers consist of templates, examples, checklists and leading practice
illustrations to assist in performing and documenting our procedures. Certain EY GAM
enablers are required to be completed on each audit. Refer to the master list of forms and
templates in GAAIT for requirement for use of the EY GAM enablers.

Go To Document ID: 100296566

System ID: 201001276~443989
Date: 20 Aug 2013

Printed 01 Dec 2014 Page 10 of 10