Audit Approach

1. Introduction to the Report

1.1. Summary
We know, audit is an official inspection of an organization's accounts, typically by an
independent body. But audit is a very systematic process. Different types of audit require
different audit approaches based on various types of organizations and the risks involved
there. In this report titled ‘Audit Approach’ we will discuss about different approaches
auditors chose based on different levels of risks, types of organizations and extent of
internal control. Besides, every conduct of audit requires an engagement. The essentials of
an audit engagement are also included in this report. After reading this, the reader will get
to know about when to use what approach and the procedure of engagement.

1.2. Methodology
All the information included in this report are based on secondary data.

1.3. Limitation of the Report

The report includes only theoretical aspects of audit approach. No practical context is
included here due to time, knowledge and scope limitation.

Page | 1
 Audit Approach

2. Audit Approach - Synopsis

An audit approach is the strategy used by an auditor to conduct an audit. The approach
taken varies by client, and depends on a number of factors, including the following:
- The nature of the client and the industry in which it operates.
- The scope of the engagement.
- The adequacy of the client's system of controls.
- The level of cooperation received from the client.

The approach chosen should be both effective and efficient, based on the preceding factors.
The following general audit approaches are most commonly used, depending on the
circumstances:

 When the financial reporting system is weak: The emphasis is

on vouching significant transactions. There is little or no attempt to verify the
robustness of the client's system of controls. This approach requires significant labor
to test a sufficient number of transactions.

 When the internal control system is strong: The emphasis is on testing and
validating the client's system of internal controls. If the controls are proven to be
strong, then substantive testing can be significantly reduced. This is a more efficient
audit approach.

 When the focus is on client risk: The auditor spends time reviewing where there is
risk in a client's systems, and then designs an audit approach that focuses primarily
on high-risk areas. Conversely, low-risk areas receive little auditor attention.

 When the focus is on the balance sheet: The audit focus is on testing the balances
in the accounts comprising the balance sheet. By proving the balance sheet, the
assumption is that all other transactions will flush out through the income statement,
which will therefore require little testing.

Page | 2
 Audit Approach

3. Risk Assessment

3.1. Business Risk: Business risk is the risk inherent to the company in its operations. It
includes risks at all levels of the business. There are three general categories of business
risk:
- Financial risks are the risks arising from the financial activities or financial
consequences of an operation, for example, cash flow issues or overtrading
- Operational risks are the risks arising with regard to operations, for example, the
risk that a major supplier will be lost and the company will be unable to operate
- Compliance risk is the risk that arises from non-compliance with laws and
regulations that surround the business, for example a restaurant failing to comply
with food hygiene regulations might face fines, enforced closure, legal action from
customers and so on

3.2. Audit Risk: The risk of giving an inappropriate opinion in relation to the financial
statements. It has three components.
- Inherent risk is the susceptibility of an assertion to misstatement that could be
material, individually or when aggregated with other misstatements, assuming that
there were no related internal controls.
- Control risk is the risk that a misstatement that could occur in an assertion and that
could be material, individually or when aggregated with other misstatements, will
not be prevented or detected and corrected on a timely basis by the entity's internal
control.
- Detection risk is the risk that an auditor’s procedures will not detect a misstatement
that exists in an assertion that could be material, individually or when aggregated
with other misstatements.

4. Responding to the Risk Assessment

Overall responses to risks of material misstatement will be changes to the general audit
strategy or reaffirmations to staff of the general audit strategy. For example:
 Emphasizing to audit staff the need to maintain professional skepticism.
 Assigning additional or more experienced staff to the audit team.
 Using experts, the work of internal auditors or other auditors.
 Providing more supervision on the audit.
 Incorporating more unpredictability into the audit procedures.
The evaluation of the control environment that will have taken place as part of the
assessment of the client's internal control systems will help the auditor determine whether
they are going to take a substantive approach (focusing mainly on substantive procedures)
or a combined approach (tests of controls and substantive procedures).

Page | 3
 Audit Approach

5. Risk Analysis
Assurance firms will carry out a risk analysis before accepting clients. This is partly to
determine what fee they think is appropriate for the engagement (the higher risk the client,
the greater the benefit that the firm will want from undertaking the engagement) but also to
lay foundations for understanding the risks associated with the engagement if it is taken on
and the amount of work that will have to be undertaken to reduce assurance risk to an
acceptable level for that assignment. When carrying out risk analysis prior to accepting a
client, assurance providers will be seeking to determine:

- Whether the directors/management of the company appear to have integrity: This

can be assessed by looking at the accounting policies of the company (are they
prudent and conservative or imprudent?) and the qualifications of the finance
director it employs, or by obtaining references for key personnel from parties known
to the assurance firm, such as bankers or solicitors, or the previous auditors.
- Whether the company has a good financial record, resources and outlook: This can
be assessed by looking at recent financial performance and reports and by making
enquiries (with permission) from its bankers.
- Whether the company appears to have good internal control, or, at minimum, a good
control environment: This might be indicated by the existence of an internal audit
department, or assessed through inquiries of management.
- Whether the company has unusual transactions: this can be assessed by reviewing
published financial statements.

In general terms, if the directors appear to have integrity, the financial record is strong and
prospects look good, there is a good attitude to internal control in the company and it has
few unusual transactions, then it is lower risk than a company for which those things are not
true. If a firm determines that a company is a high-risk client, this does not necessarily
mean that the firm will not accept the engagement, but this preliminary assessment of risk
will be incorporated into the audit procedures when risk assessment identification and
procedures are carried out on the engagement. Another area constituting risk to the auditor
is the risk that the client may be money laundering. Accountants are required to report
suspicions of money laundering and failure to report a suspicion is a criminal offence. The
auditors are also required to carry out client due diligence with respect to money laundering
at the start of an engagement.

Page | 4
 Audit Approach

6. Audit Confidence
To reduce the level of risk that the financial statements might be wrong, the auditors have to
build up audit confidence based on sufficient appropriate audit evidence. There are three
sources of audit confidence.

Controls

Test of Analytical
Details Procedure

To derive audit confidence from the client’s controls, auditors have to ascertain them by
enquiry, document them and then test them to make sure that:
- They operate in the way they think they do (by walkthrough testing); and
- They are effective (by tests of controls).
During the planning process the audit team decides on the use of these sources to give
sufficient audit confidence and what the mix should be. The audit plan will record the
approach to be used as decided on by the audit team.

7. Reliance on Control
BSA 500 says auditors need to carry out tests of controls under two sets of circumstances:
 When they are intending to rely on controls to reduce audit risk
 When they are unable to derive sufficient evidence from substantive procedures.

The type of testing will depend on the nature of the control. Where procedures may be more
difficult to devise, the auditors could
 Review the minutes of the relevant meetings.
 Select a sample of projects and make actual/budget comparisons and then follow up
to see what the client did in response to any overruns.
 Attend the relevant meetings and observe how they are conducted –but would need
to be careful about whether the auditors' presence at the meeting will affect the way
the meeting is conducted.

In respect of IT controls, the following questions are relevant:

 How do these operate?
 Is the auditor justified in assuming that they function properly?
 If a client uses a recognized accounting package such as QuickBooks or Sage Line
50, is the auditor justified in assuming that, for example VAT will be calculated
correctly and that control accounts will be updated properly?
8. Substantive Approach

Page | 5
 Audit Approach

Substantive Audit Approach is one of the audit approaches that is used by auditors to verify
the events and transactions in the financial statements by covering the largest volume of
them. The principle of substantive audit approach is that when auditors cover the largest
volumes with high value of financial transactions and event in financial statements, there is
less risks that material misstatements is uncovered. Substantive procedures fall into two
categories:

 Analytical procedures and

 Tests of details.

The auditor must always carry out substantive procedures on material items. BSA 330 says
“irrespective of the assessed risk of material misstatement, the auditor should design and
perform substantive procedures for each material class of transactions, account balance and
disclosure”. In addition, the auditor must carry out the following substantive procedures:
 Agreeing the financial statements to the underlying accounting records
 Examining material journal entries
 Examining other adjustments made in preparing the financial statements
The auditor must determine when it is appropriate to use which type of substantive
procedure.

(a) Analytical procedures tend to be appropriate for large volumes of predictable

transactions (for example, wages and salaries).
(b) Other procedures (tests of detail) may be appropriate to gain information about
account balances (for example, inventories or trade receivables), particularly verifying
the assertions of existence and valuation.

Tests of detail rather than analytical procedures are likely to be more appropriate with
regard to matters which have been identified as significant risks, but the auditor must
determine procedures that are specifically responsive to that risk, which may include
analytical procedures. Significant risks are likely to be the most difficult to obtain sufficient
appropriate evidence about. How much substantive testing is carried out will depend on:
- Whether the auditor wants to rely on controls in the first place (in which case
substantive testing might be reduced)
- Whether controls testing reveals that controls can be relied on (if they cannot, the
auditors will have to increase substantive testing)

Page | 6
 Audit Approach

9. Reliance on Internal Audit

BSA 610 “Considering the Work of Internal Audit” states that as part of their planning
procedures, auditors must consider the activities of internal auditing and their effect, if any,
on the external audit procedures. While the external auditor has sole responsibility for the
opinion expressed, some internal audit work may be helpful to him in forming a decision.
Normally however, internal audit operates in one or more of the following broad areas.

 Review of the accounting and internal control systems

 Examination of financial and operating information
 Review of economy, efficiency and effectiveness
 Review of compliance with laws and regulations
 Special investigations

An effective internal audit function may reduce, modify or alter the timing of external audit
procedures, but it can never eliminate them entirely. Even where the internal audit function
is deemed ineffective, it may still be useful to be aware of the internal audit conclusions.
The effectiveness of internal audit will have a great impact on how the external auditors
assess the whole control system and the assessment of audit risk. The BSA says that 'the
external auditor should obtain a sufficient understanding of internal audit activities to
identify and assess the risks of material misstatement of the financial statements and to
design and perform further audit procedures. The external auditor should perform an
assessment of the internal audit function when internal auditing is relevant to the external
auditor's risk assessment'.

The following important criteria will be considered by the external auditors.

Consider to whom internal audit reports (should be the board or the

audit committee, a subcommittee of the board, which, when it exists,
Organizational
monitors the work of internal audit), whether internal audit has any
Status
operating responsibilities and constraints or restrictions on it (e.g. that
it is not adequately resourced)

Scope of Consider extent and nature of assignments performed and the action
function taken by management as a result of internal audit reports

Technical Consider whether internal auditors have adequate technical training

Competence and Proficiency

Due professional Consider whether internal audit is properly planned, supervised,

Care reviewed and documented

Page | 7
 Audit Approach

10. Practical Issues

10.1. The Audit Team
As part of the audit planning process, the right team will need to be selected. This will
depend on matching the need for experience, specialist knowledge and ensuring that work
is done at the right level with the risks associated with the audit. For every engagement
there will be an engagement partner who takes overall responsibility for the engagement
and who has specific responsibility for ensuring the firm and the team’s competence and
objectivity, and for:
 Approving the audit strategy
 Communicating his or her knowledge of the client to the audit team
 Ensuring that staff are briefed and supervised appropriately
 Ensuring appropriate reviews are carried out of staff’s work
 Reviewing the financial statements, the key areas and any working papers not
otherwise reviewed.

There should normally be at least one other person involved on the audit to review the work
done. Beyond this the precise make-up of the team will depend on the scale of the
engagement and the different roles can be filled by people with different levels of
experience within the firm. Most engagements will have a 'senior' or 'in charge' responsible
for the day-to-day running of the audit and supervising assistants. The audit strategy should
make clear who is responsible for which aspects of the audit, and should strike the difficult
balance between:
- Ensuring each member of the team has sufficient experience for the job in hand
- Setting new challenges so that experience can be gained, and
- Cost

10.2. Budgets and Deadlines

Audit firms are in business to make a profit. Whilst the pursuit of profit must not take
precedence over professional and quality considerations, nevertheless the audit plan should
make it perfectly clear:
 When the deadline is.
 How much the budget is.

10.3. Location
As hinted at above, the location that the audit work takes place at will depend on the nature
of the client and the risk assessment. Some clients will only have one location, in which
case the audit will take place at that location. Other clients may have several locations, and
the auditors will have to make judgements about which locations are riskier than others and

Page | 8
 Audit Approach

need the auditor to visit them. It may be necessary to attend all locations that a client has at
some stage during the audit.
10.4. Interim & Final Audits
Typically, much of the systems assessment work and tests of details on the profit and loss
account, will be carried out at the interim stage, with greater focus on the balance sheet at a
final audit. However, auditors think about a number of factors here:
 What about the income statement for the last couple of months of the year?
 If the auditors are relying on controls, were they effective in the period between the
interim audit and the year end?
 If the auditors have tested inventory, or receivables at the interim stage, are they
happy with the 'roll forward' to the year end?

10.5. Nature of Evidence

It will be important to address the practical issue of what sources of evidence the audit firm
expects to obtain during the audit. Information generated by the client is never as good
quality as information generated by the auditor or from third parties. The audit strategy
should set out where information should be sought from third parties (such as in respect of
receivables or confirmation of a loan).

Page | 9
 Audit Approach

11. Audit Engagement

An audit engagement is an arrangement that an auditor has with a client to perform
an audit of the client's accounting records and financial statements. The term usually
applies to the contractual arrangement between the two parties, rather than the full set of
auditing tasks that the auditor will perform. To create an engagement, the two parties meet
to discuss the services needed by the client. The parties then agree on the services to be
provided, along with a price and the period during which the audit will be conducted. This
information is stated in an engagement letter, which is prepared by the auditor and sent to
the client. If the client agrees with the terms of the letter, a person authorized to do so signs
the letter and returns a copy to the auditor. By doing so, the parties indicate that an audit
engagement has been initiated.

Considerations at the Commencement of New Audit

- An audit is generally conducted with some definite objects in view. The objects
should be constantly kept in mind in the initial stages of audit.
- He should see that his appointment in case of a joint-stock company is in
accordance with the provisions of the Companies Act 1994. If he does not do so, he
will be held liable. If he has been appointed in place of another auditor, he should
enquire from the retiring auditor, the reasons for the changes.
- He should obtain definite instructions from the clients about the nature and scope of
his work and duties, whether he is to do the accountancy work or audit work or
both, by which date the work is to be completed, time by which the report is
required etc.
- He should examine the system of accounting employed by his client. If he finds any
weak point he must study it thoroughly and make recommendations to his client to
remove these weak spots.
- If internal check system is in operation, he should get a written statement to that
effect and examine that system.
- He should get a list of the officers of the company containing particulars about their
duties, powers and their specimen signatures.
- He should obtain the previous year’s audited balance sheet, if any, and see that the
accounts during the current year have been opened with those balances which
appeared in the previous balance sheets.
- He should get the report of the auditor, if any, relating to the accounts of the
previous year for information regarding the state of the affairs of the company
during the year.
- He must read the clauses of the Memorandum of Association and the Articles of
Association of the company which have a bearing on the accounts or the Articles of
the Partnership of the firm whose accounts he is auditing.

Page | 10
 Audit Approach

12. Ethical Clearance

When deciding whether to accept an assurance engagement, the auditors need to consider
whether there are any ethical issues which prevent acceptance. The IFAC Code of Ethics
sets out the following points in relation to changes in professional appointment.

- Prospective Auditors: Before accepting a specific client engagement, a

professional accountant in public practice should consider whether acceptance
would create any threats to compliance with the fundamental principles. For
example, a self-interest threat to professional competence and due care is created if
the engagement team does not possess, or cannot acquire, the competencies
necessary to properly carry out the engagement. A professional accountant in public
practice who is asked to replace another professional accountant in public practice,
or who is considering tendering for an engagement currently held by another
professional accountant in public practice, should determine whether there are any
reasons, professional or other, for not accepting the engagement, such as
circumstances that threaten compliance with the fundamental principles. For
example, there may be a threat to professional competence and due care if a
professional accountant in public practice accepts the engagement before knowing
all the pertinent facts.

- Existing Auditors: An existing accountant is bound by confidentiality. The extent

to which the professional accountant in public practice can and should discuss the
affairs of a client with a proposed accountant will depend on the nature of the
engagement and on:
 Whether the client's permission to do so has been obtained; or
 The legal or ethical requirements relating to such communications and
disclosure, which may vary by jurisdiction.
In the absence of specific instructions by the client, an existing accountant should
not ordinarily volunteer information about the client's affairs. Circumstances where
it may be appropriate to disclose confidential information are set out in Section 140
of Part A of the ICAB Code of Conduct.

- Additional Work: A professional accountant in public practice may be asked to

undertake work that is complementary or additional to the work of the existing
accountant. Such circumstances may give rise to potential threats to professional
competence and due care resulting from, for example, a lack of or incomplete
information. Safeguards against such threats include notifying the existing
accountant of the proposed work, which would give the existing accountant the

Page | 11
 Audit Approach

opportunity to provide any relevant information needed for the proper conduct of
the work.

13. AUDIT ENGAGEMENT LETTER

In the interest of both client and auditor, the auditor should send an engagement letter
before the commencement of the engagement. The engagement documents and confirms
the auditor’s acceptance of the appointment, the objectives and scope of the audit and the
extent of auditor’s responsibilities to the client. The principle contents of the audit
engagement letter are:
 The objective of the audit of financial statements.
 Management responsibility for the financial statements.
 Management responsibility for selection of appropriate accounting policies,
implementation of applicable accounting standards, explanation for material
departure from those accounting standards.
 Management responsibility for preparing the accounts on a going concern basis.
 Management responsibility for making judgements and estimates for true and fair
compilation of financial statements.
 Management responsibility for maintenance of adequate accounting records and
internal control.
 The scope of audit including reference to applicable legislation, regulations, and the
pronouncement of the institute.
 The fact that certain material misstatement resulting from fraud and sometimes from
error may remain undetected even after the audit in view of inherent limitations of
the audit.
 The right of unrestricted access to records and information needed by auditor for
conducting audit.
 The fact that the audit process may be subject to peer review under the Chartered
Accountants Act.
 Expectation from the management of receiving written confirmation concerning
representation made in connection with the audit.
 Basis on which the fees for audit is to be computed and billing arrangements.
 Arrangement for involvement of other experts, auditors, internal auditors etc. where
deemed necessary for the audit.

Page | 12
 Audit Approach

14. BIBLIOGRAPHY

 Audit & Assurance

- Professional Stage Application Level Study Manual, ICAB

 Auditing: An Integrated Approach

- Alvin Arens
- Loebbecke James

 A Handbook of Practical Auditing

- B. N. Tandon

 www.accaglobal.com

Page | 13