How
to Start the Audit/Review
Today
audits cover large areas of management, production, legal, due diligence,
operations, environment, ISO, six sigma and many more.
Every
generation follows its own ways and techniques of doing things or getting their
things done. The same is with Audit. The erstwhile generation and the present
generation adopt various methodologies to conduct an audit. However, whatever
the methodology be, the objective of audit, in the past, or future, remains the
same.
The
audit process has to be well designed so as to give an overall direction to the
audit and also to avoid a haphazard execution of such audit. A proper audit
process is absolutely critical in every audit, since audit deals not only with
verification of records, but also entails a careful review of the operations
and the internal control of the enterprise. Thus, an absence of proper audit
process might increase the risk of subsequent verifications of records being
redundant or lacking focus even though they may be carried in accordance with a
well laid out audit program.
A typical audit process contains
the following:
A.
Ascertaining
audit objectives
B.
Gathering
information regarding industry, entity and its operations
C.
Risk
assessment
D.
Audit
planning and Carrying out compliance &substantive procedures
A. ASCERTAINING
AUDIT OBJECTIVES
In
order to conduct an effective audit, one must understand as to why an audit is
to be conducted. The audit objective in most of the cases would be complying
with the law, whether proper systems are in place and ensuring that the
available benefits are not lost. As far as the government is concerned, the
objective would be to ensure that leakages of revenue do not exist and there is
compliance of law.
B. GATHERING
INFORMATION REGARDING INDUSTRY, ENTITY AND ITS OPERATIONS
Once the audit
objective is defined, the auditor should proceed to gather knowledge regarding
the industry, the entity, its operations and its track record as this would
indicate the areas, which would involve higher risk. This would ideally be
obtained by having a study of the previous 3-4 years financial statements.
Ø
Obtaining the knowledge of the
business can be broadly undertaken in the following manner:
a.
Knowledge
regarding the industry/business:
The auditor
should first of all have an idea as to the industry to which the auditee
belongs as that itself would indicate the sort of issues that he would most likely come across. It is necessary to
understand the inherent industry specific risks that contribute towards inherent
audit risks. This knowledge can be obtained through:
ü
Interviews
with the client
ü
Internet
ü
Trade
journals
ü
Newspapers
ü
Compare
with other companies of the same industry
b.
Knowledge
regarding the entity:
For
an audit to be effective, knowledge of the entity becomes essential. Knowledge
of the entity includes, knowing its constitution, background of the promoters,
basic objective or motto of the entity, product/services range, etc. This can
be obtained by the documents/information relating to the assessee such as:
ü
MOA
& AOA
ü
Organization
chart
ü
Internal
audit reports
ü
Visits
to the entity premises
ü
Discussion
with suppliers, customers & third party agencies
ü
Discussion
with other auditors, legal & other advisors who have provided services to
the entity
ü
Internal
documentation i.e., minutes of meeting
ü
Prior
years’ annual & financial reports, budgets, internal management reports
ü
Standard
operating procedures, procedure manuals of accounting, internal control system,
purchase policy & credit policy
c.
Understanding
the activities performed/carried out by the auditee:
The most
important aspect in every audit is the understanding of the systems followed by
the company in each and every aspect of transaction.If the auditor fails to
realize the importance of this, then he is very likely to miss-out certain
critical details, which might seriously affect the quality of audit and may
result in failure to meet the objectives set out. The knowledge required can be
gathered by going through the various operations being performed at the factory
and by going through:
ü
Brief
write-up about the company
ü
Departmental
correspondences file during the initial stages of audit.
ü
Audited
financial statements
ü
Copies
of agreements
ü
Stock
statement
ü
Details
of export benefit opted in case of exports
ü
Marketing
& sales plans
The auditor
should also have a list of Internal
Control Questionnaires (ICQ) so that he can interview the executives
working for the auditee
.
d.
Studying
the track record of the assessee:
The study on the track
record of the company is mainly to be done by studying the financial statements
for the past 3-4 years. Other methods of studying the history of the company is
by:
ü
List
of disputes outstanding, if any
ü
Issues
of fraud based on the internal audit report
ü
Social
media such as internet, newspapers for any issues/updates
The auditor can ask the
auditee to furnish details as to pending litigations if any apart from going
through past audit reports. Apart from this the auditor should also note the
issues/questions which may arise during the review of activities and follow up
on the same by way of an initial review/overview of the records and see whether
the activities and the procedures for complying with the provisions of the law
have been indicated to the department clearly as non disclosure could also be
indicating the assessee’s attitude towards legal compliance
Ø
Data-gathering tools and techniques:
i. Discussion with the ground
level employees: This is one of the significant tools which can be used by auditors
in understanding controls that are put into place with respect to how it is
actually applied to the process. It also helps in gaining an understanding of
the dynamics among the individuals within this activity. This discussion should
include all the individuals who are involved in a process regardless of their
ranking in employment.
ii. Observations:This tool includes
auditor’s comments, examinations, and monitoring a process (flow of work,
verification of addresses, or existence of buildings or business)
iii. Questionnaires:These questionnaires
should be prepared in advance, and they usually should have a standard format
covering almost all areas of audit. The advantage of having a standardized
questionnaire is that they are efficient, complete and a time saver.
iv. Checklists: Checklist is another tool
used to ensure that specific audit steps are performed during the field work or
before the conclusion of an audit.
v. Sampling: There are two approaches
in Sampling i.e. Statistical Sampling and Non-statistical.The primary reason
for an auditor to use statistical sampling is to allow the auditor to quantify,
and therefore control, the risk of making an incorrect decision based on sample
evidence.
Statistical
sampling is merely a tool to help them make wise decisions. Auditors still decide
what type of review to make, how and when to use sampling, and how to interpret
the results.
Ø Ways to obtain information from client:
The key to effective audit or any
engagement for that matter is to get information from the client. Some of the
means to gather information from client are:
a.
Ask
direct questions –
This seems obvious and you may not get all the answers you want, but you will
likely get some. Prepare a list of questions you typically ask for all assignments
and make sure to ask them. Look for ways to rephrase questions or ask a
completely different question that might still reveal the answer you seek.
b.
Listen
between the lines –
Listening is a very important aspect of communication. Clients will often tell
you what you need to know, though sometimes the information comes in answers to
other questions or while you’re engaging in idle chit chat. Find a way to keep
them talking and pay attention.
c.
Get
to know your clients better as people –
Since answers may not come in direct questions, get to know your clients better
to understand them more. The better you know your clients the more you’ll
understand what they mean when they tell you something.
d.
Speak
your client’s language –
Do your homework about the client’s business and industry and talk to him in
his terms and not your technical jargons of Rules and Sections.
e.
Give
deadlines – Sometimes
you need information from a client to move forward with a project. Let them
know clearly when you need it and make them understand if they haven’t sent the
information by your deadline you won’t be able to finish the assignment by
their deadline. It can be easy to blame clients when they aren’t giving you the
information you need, but it takes two to communicate. The key is to keep
asking in different questions in different ways and trying different things. If
your client isn’t giving you the information you want, then take responsibility
and find a way to get that information.
C. RISK
ASSESSMENT
a.
A preliminary risk assessment should be done. This can be done by
having adiscussion with the company employees.
This initial risk assessment determines the depth and breadth of the audit
methodology because in this phase the company management generally will
disclose their business’s highest risk areas.
A preliminary risk assessment should be done. This can be done by
having adiscussion with the company employees.
This initial risk assessment determines the depth and breadth of the audit
methodology because in this phase the company management generally will
disclose their business’s highest risk areas.
b.
Walkthrough test is done to understand the
system followed by the company and to test whether what is said is what is
actually being followed.Additional weaknesses discovered by auditors may be
added to the original audit scope of agreement. Company management usually introduces
the auditors to department managers, allowing auditors to freely conduct
interviews without undue influence.
D. AUDIT
PLANNING
Once the preliminary risk assessment phase is
complete, the planning stage begins.
Audit plan consists of drawing an audit program consisting of the procedures
that are required to complete an audit effectively and efficiently. The audit
program is drawn up in such a way that the internal control in respect of all
the concerned areas is examined.The ICQ
can be a useful tool for the same. Where the auditor is carrying on the audit
in a particular area he may also refer to the audit checklist to ensure that no important aspects of verification
are missed out.
The audit program basically helps in the
following ways:
i.
Provides an outline of the
work to be performed- and the person responsible to finish the same.
ii.
Acts as a guide for assigning
work and thereby controlling the project from beginning to end
iii.
It creates documentation
and evidence that the work was completed. It assists management review to
ensure quality. It assures management that all risk areas were adequately
addressed.
iv.
Based on the assessment made, the audit plan can contain the test procedures,
sample size, sample selection, time period, reports for sample selections, and
reports and documents which will be required for review.
The audit program shall be
prepared well in advance before the actual audit has started.All members of the
audit team shall be aware of the methodology to be adopted inexecuting the
audit. The audit plan shall be prepared keeping in mind the experience of the
auditor in the past (if any), his professional judgment and experience of
similar kindof company, testing of the internal controls.
Conclusion:
In this article, the more focus is on initiating the audit rather
than procedures to be adopted during the course/closure of audit.
No comments:
Post a Comment