Add to collection(s) Add to saved
  1. Business
  2. Finance

Planning the external audit

Planning the
external audit
The audit committee guide series
“Effective audit
committees are critical
to the quality of financial
reporting and the proper
conduct of business. This
guide is one of a series
that is meant to help audit
committees meet their
oversight and fiduciary
responsibilities.”
– Trent Gazzaway, National Managing Partner
of Audit Services
Contents
2 Role of the external auditor
3 Audit planning
4 Financial statement assertions
6 Designing audits
7 Judging materiality
9 Assessing audit risk
10 Evaluating risk of
material misstatement
11 Overseeing plan and team
12 Performing audit tests
13 Using the work of others
The audit committee guide series
has been adapted from The Audit
Committee Handbook, Fifth Edition,
published by John Wiley & Sons
and available for purchase at www.
GrantThornton.com/ACHandbook
and through major online booksellers
and bookstores nationwide.
14 Evaluating the audit plan
15 More guidance
17 Grant Thornton’s audit services
20 Suggested reading
21 Offices of Grant Thornton LLP
When it comes to an external audit, the audit committee has responsibility to
ensure auditors’ work is done right and with integrity.
In the U.S., the audit committee is charged with overseeing the integrity of the
financial reporting process and the external auditor. To fulfill these responsibilities,
audit committee members must be prepared to evaluate and oversee both the
external audit plan and the external auditor. That responsibility extends to
appointing, compensating and overseeing the work of any registered public
accounting firm employed by the company. During the audit engagement,
external auditors report directly to the audit committee.
To fulfill their duty to oversee the external audit function, audit committee
members must be familiar with how auditors consider management assertions
contained in the financial statements, and the planning process auditors go through
prior to issuing an opinion. The remainder of this issue of the audit committee
guide series summarizes the audit planning process and provides some attributes
that audit committee members may look for in an effective audit plan.
How will financial reform impact your company?
The regulatory landscape is changing for companies and their audit committees. Visit
www.GrantThornton.com/FinancialReform to read about the Dodd-Frank Act and how it may affect
your company.
Planning the external audit 1
Role of the external auditor
External auditors are independent audit professionals who audit the financial
statements of a company, legal entity or organization. They are expected to
express an opinion on whether an entity’s financial statements are free of material
misstatements and are a true and fair representation of actual financial position.
The external auditor’s primary responsibilities are to:
1. identify items that have a reasonable possibility of causing the financial
statements to be materially misstated;
2. design and execute tests to determine whether such misstatements
have occurred; and
3. in certain public company audits, test the effectiveness of internal control
over financial reporting.1
1
Applicable to companies subject to Section 404(b) of the Sarbanes-Oxley Act of 2002.
2 Planning the external audit
Audit planning
Audit planning is a three-step iterative process undertaken by the external auditor,
and evaluated by the audit committee, each audit cycle. Audit planning, as defined
in International Standards on Auditing (ISA) No. 300, includes:
1. obtaining an understanding of the entity, its environment and its internal
control system;
2. assessing the risk of material misstatement in the financial statements; and
3. designing audit procedures commensurate with the assessed level of risk.
Audit Process Flow
Planning the external audit 3
Financial statement assertions
When management issues financial statements, it makes assertions regarding the
recognition, measurement, presentation and disclosure of information in those
financial statements. Assertions identify the most important elements of a given
financial reporting line item or disclosure.
In the planning phase, when the auditor is designing the tests that will be used
during the audit, assertions allow the auditor to focus on what is most important to
financial statement users. For example, an auditor will focus on the “existence” of
cash rather than the “valuation” of cash. Likewise, an auditor will focus on items
that potentially could be understated rather than those that may be overstated.
Although terminology may differ, auditors generally will consider the following
assertions, separated into three categories:
Transactions
1. Occurrence — Transactions took place.
2. Completeness — Transactions that should have been recorded have
been recorded.
3. Accuracy — Transaction amounts and other data have been recorded
appropriately.
4. Cutoff — Transactions have been recorded in correct accounting period.
5. Classification — Transactions have been recorded in proper accounts.
4 Planning the external audit
Account balances
1. Existence — Assets, liabilities and equity interests exist.
2. Rights and obligations — The entity has rights to assets and is obligated for
liabilities.
3. Completeness — All assets, liabilities and equity interests that should have been
recorded have been recorded.
4. Valuation and allocation — Assets, liabilities and equity interests are included
and adjustments are recorded appropriately in the financial statements.
Presentation and disclosure
1. Occurrence, rights and obligations — Disclosed transactions have occurred and
pertain to the entity.
2. Completeness — Disclosures that should have been included have been
included.
3. Classification and understandability — Financial information is presented and
described appropriately, and disclosures are expressed clearly.
4. Accuracy and valuation — Information is disclosed fairly and at appropriate
amounts.
Assertions
Financial statements represent a complex and interrelated set of assertions. Auditors generally
test assertions in three areas — transactions and events, account balances, and presentation
and disclosure.
Planning the external audit 5
Designing audits
It is not possible to design a practical audit that eliminates all risk of misstatement.
Auditors must design audits to focus on areas that have the highest likelihood of
containing material misstatements, and use methodologies that provide reasonable
assurance that misstatements do not exist.2 To do so, auditors consider two key
factors in planning and executing audits: materiality and audit risk.
2
Statement on Auditing Standard No. 1, par. 2 states, “The auditor has a responsibility to plan and perform the audit
to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether
caused by error or fraud.”
6 Planning the external audit
Judging materiality
Materiality is used to evaluate audit findings and determine whether any
uncorrected errors render financial statements materially inaccurate. Both
quantitative and qualitative measures are used to judge materiality. Quantitative
materiality is calculated as a percentage of a meaningful financial statement number,
such as pretax net income or total assets. Auditors then use a fraction of that overall
materiality number to design their tests. This fraction of overall materiality is called
the “tolerable error.” It represents the maximum undetected error that the auditor
is willing to accept or “tolerate” in the samples he or she selects for testing.
Materiality, or the degree to which a reasonable person might be influenced by an omission or
misstatement, affects the scope of an audit, such as the financial accounts and disclosures on which
to focus, as well as the locations, subsidiaries or divisions to include in the audit.
The presence of qualitative risk considerations may cause the auditor to adjust
testing scopes. They might also influence the auditor’s conclusions about the
significance of an identified error that might, in purely quantitative measures,
be considered immaterial.
Planning the external audit 7
Exhibit 1 lists some qualitative factors that auditors might consider.
Exhibit 1: Qualitative factors that may influence the determination of materiality
Qualitative considerations may include:
• The potential effect of the misstatements on trends, especially trends in profitability
• A misstatement that changes a loss into income or vice versa
• The potential effect of the misstatement on the entity’s compliance with loan covenants,
other contractual agreements, and regulatory provisions
• The existence of statutory or regulatory reporting requirements that affect materiality thresholds
• A change masked in earnings or other trends, especially in the context of general economic and
industry conditions
• A misstatement that has the effect of increasing management’s compensation, for example, by
satisfying the requirements for the award of bonuses or other forms of incentive compensation
• The sensitivity of the circumstances surrounding the misstatement, for example, the implications
of misstatement involving fraud and possible illegal acts, violations of contractual provisions such
as debt covenants, and conflicts of interest
• The significance of the financial statement element affected by the misstatement, for example,
a misstatement affecting recurring earnings as contrasted to one involving a nonrecurring
charge or credit, such as an extraordinary item
• The effects of misclassifications, for example, misclassification between operating and
nonoperating income or recurring and nonrecurring income items, or a misclassification between
fund-raising costs and program activity costs in a not-for-profit organization
• The significance of the misstatement relative to reasonable user needs, for example:
– Earnings to investors and the equity amounts to creditors
– The magnifying effects of a misstatement on the calculation of purchase price in a transfer
of interests (buy-sell agreement)
– The effect of misstatement of earnings when contrasted with expectations
Copyright 2010. American Institute of Certified Public Accountants. All rights reserved.
Used with permission.
8 Planning the external audit
Assessing audit risk
Audit risk is the risk that the auditor may unknowingly fail to modify his opinion
on financial statements that are materially misstated. It relates to (1) the risk that
the financial statements prepared by management are materially misstated (material
misstatement risk) and (2) the risk that the auditor will not detect such material
misstatement (detection risk). Misstatement risk and detection risk are inversely
related. The greater the material misstatement risk, the less the detection risk the
auditor can accept. Conversely, the lower the material misstatement risk, the
greater the detection risk acceptable by the auditor.3
When audit risk is high, external auditors design audits with more extensive
testing, less reliance on the work of others and less interim work. As that risk
diminishes, auditors rely less on extensive testing and more on the work of others,
and perform more interim work during the audit cycle.
3
SAS No. 107, par. 25 (New York: AICPA, 2006); and ISA 200, par. A42 (New York: IFAC 2009).
Planning the external audit 9
Evaluating risk of material
misstatement
The auditor evaluates a company’s risk of material misstatement by evaluating:4
• Inherent risk (natural risk irrespective of internal controls). Some examples
of inherent risk considerations include: volume, complexity, susceptibility
of an asset to theft, estimates, and industry circumstances. 5
• Control risk (risk that the internal control system will not prevent or detect
a material misstatement). Some factors that influence inherent risk can also
impact control risk (complexity, judgment required, susceptibility to fraud).
Other control risks include the nature of operations, changes in operations
and environmental factors.6
4
5
6
Ibid., SAS No. 107, par. 21; and ISA 200, par. 13(n).
See the AICPA Audit Guide: Assessing and Responding to Audit Risk in a Financial Statement Audit, par. 2.10.
See COSO, Guidance on Monitoring Internal Control Systems, vol. 2, par. 58.
10 Planning the external audit
Overseeing plan and team7
“The auditor must adequately plan the work and must properly supervise
any assistants.”8 Accordingly, the audit committee might ask the auditor-incharge about:9
• The experience, training and amount of resources assigned to specific
audit areas.
• When such resources are to be assigned, and how much time they are
expected to incur.
• How resources are to be managed, directed and supervised, such as:
– When and how often team briefing and debriefing meetings are
expected to be held.
– Whether the auditor will utilize a concurring reviewer or other form
of engagement quality review. Every audit of a company listed on a
U.S. exchange must include a concurring partner (or equivalent)
quality review.
7
8
9
Ibid., par. 15. See also ISA 220, par. 14–15.
Statement on Auditing Standards No. 108, par. 1. New York: AICPA, 2006.
Ibid., par. 15. See also ISA 220, par. 14-15.
Planning the external audit 11
Performing audit tests
Auditors perform two different types of audit tests: tests of controls and
substantive procedures.
Tests of controls are designed to evaluate the effectiveness of the internal control system in
preventing or in detecting and correcting errors before they result in a material misstatement in
the financial statements. Tests may include:
• a walkthrough, from beginning to end, of one or more transactions; and
• selecting samples of controls at a point in time, or over time, and observing or reperforming
them to obtain evidence that they operate effectively.
Audit committee considerations: The audit committee should know whether internal control areas exist
that the auditor does not believe are effective enough to warrant any level of audit reliance. Such areas
may lead to errors in internal reports used for decision-making purposes.
Substantive procedures are designed to detect material misstatements at the assertion level by
testing the output from the financial reporting process. Procedures consist of:10
• tests of details, which may include inspection, observation, external confirmation, recalculation,
and/or inquiry11 on a sample of transactions or accounts; and
• substantive analytical procedures,12 which may range from simple comparisons to complex
analyses using advanced statistical techniques. Examples may include analyzing financial trends
over time, comparing financial ratios (e.g., gross margin percentages) to established expectations,
and comparing financial and non-financial information (e.g., payroll costs and number of
employees).
Audit committee considerations: If an auditor’s substantive procedure discovers a material error,
it is because the internal control system did not. Substantive procedures are performed for each
material class of transactions, account balance and disclosure.
10
11
12
See ISA 500, par. A14-A22, and SAS No. 110, par 11.
See ISA 315, par. A67, and SAS No. 110, par. 29.
Audit committee members may hear auditors talk about “planning analytics.” While planning analytics employ the
same tools as substantive analytical procedures, auditors perform them for a different purpose. Auditors use planning
analytics early in the audit cycle to help identify inherent and control risks. They employ substantive analytical procedures
(which usually are more comprehensive than planning analytics) throughout the audit cycle to determine whether material
misstatements have occurred.
12 Planning the external audit
Using the work of others
External auditors often can enhance the efficiency and effectiveness of their
audits by using the work performed by others. Most standards that govern
this topic relate to using the work performed by the internal audit functions.13
In the U.S., however, the PCAOB has expanded that potential use to include
the work of company personnel (in addition to internal auditors), and third
parties working under the direction of management or the audit committee
when gathering evidence about the effectiveness of internal control over financial
reporting.14 Audit committee members should understand the extent to which
auditors plan to use the work of others,15 and question whether auditors have
considered the following:
• The nature, scope and adequacy of work performed by others
• The assessed risks of material misstatement
• The degree of subjectivity in evaluating audit evidence gathered
by others to support relevant assertions
• The objectivity and technical competence of others
• Whether the others’ work is carried out with due professional care
• Whether effective communication is likely to occur between others
and the external auditor
• The expected effect of the work of others on the nature, timing,
or extent of the external auditor’s procedures
13
14
15
See ISA 610 and SAS No. 65.
See PCAOB Auditing Standard No. 5, par. 17.
See ISA 240, par. A14.
Planning the external audit 13
Evaluating the audit plan
Audit committee members will want to be confident that the external audit plan:
1. covers all risks that have a reasonable possibility of materially affecting the
financial statements;
2. focuses on the effectiveness of the internal control system’s ability to mitigate
those risks, with minimal time spent on controls whose failure likely would be
immaterial, or detected and corrected by other controls;
3. takes appropriate advantage of the work performed by others, especially that
of internal audit, but does not place unwarranted reliance on such work; and
4. focuses appropriately on areas where the risk of fraud is meaningful.
14 Planning the external audit
More guidance
Auditors and audit committee members may find Exhibit 2 to be helpful in
planning the audit and in tracking progress. The Audit Committee Handbook,
Fifth Edition, contains more detailed guidance and is available for purchase at
www.GrantThornton.com/ACHandbook and through major online booksellers
and bookstores nationwide.
Exhibit 2: Example audit planning schedule
Q2
Month
4
5
Q3
6
7
8
Q4
9
10 11 12
Q1-Next
Year
1
2
Budgeted
Hours
Hours
to Date
ETC
3
Phase I — Planning, risk
assessment and control design
Integrated audit planning
Review and comment on client’s
entity-level risk assessment and
project plan (i.e., determine
locations for testing)
Identify significant accounts/
cycles and critical assertions
Update entity-level control
documentation
Update activity-level control
documentation
Evaluate control design
effectiveness and note key
controls
Execute walkthroughs of
identified (and potentially key)
controls
Follow up on previous
recommendations for
improvement
Planning the external audit 15
Q2
Month
4
5
Q3
6
7
8
Q4
9
10 11 12
Q1-Next
Year
1
2
Budgeted
Hours
Hours
to Date
ETC
Budgeted
Hours
Hours
to Date
ETC
3
Phase II — Tests of controls
and preliminary financial
statement testing
Identify key controls
Review management’s testing
methodology
Finalize testing strategy
for key controls
Evaluate competence
and objectivity of client’s
control testers
Determine possible
use of others’ work
Determine controls to test
and testing procedures
Execute and document tests
of controls (including review
of work of others)
Quarterly financial
statement reviews
Q2
Month
4
5
Q3
6
7
8
Q4
9
10 11 12
Q1-Next
Year
1
2
3
Phase III — Final testing,
evaluate results and wrap up
Evaluate and document
deficiencies
Make recommendations
for improvements
Annual audit procedures
Communicate and report results
Draft opinion
Complete review
and documentation
Issue opinion
Total
16 Planning the external audit
-
-
-
Grant Thornton’s audit services
Credible, timely and relevant financial information is fundamental to promoting
confidence in a company. Audit committees, as well as management, play a
unique role in establishing and maintaining that confidence. Because audit
committee members must rely heavily on both internal and external auditors
being independent and candid, finding the right auditors is paramount to the
audit committee’s oversight role.
Grant Thornton provides audit solutions that offer real value to today’s
dynamic global organizations. For over 80 years, we have served a wide range
of private and public clients across America’s heartland. With Grant Thornton,
you get:
• access to industry specialists and technical resources;
• local support from our 52 U.S. offices and access to the global resources
of Grant Thornton International Ltd member and correspondent firms
in more than 100 countries;
• a high level of partner involvement and personalized service;
• experienced professionals who have the leadership and communications
skills to deliver constructive feedback on complex issues; and
• quality services delivered consistently with state-of-the art tools.
Planning the external audit 17
Contact us for help with either your internal or external audit needs
Warren Stippich
Trent Gazzaway
Partner and National Governance,
Risk and Compliance Solution Leader
T 312.602.8499
E Warren.Stippich@us.gt.com
18 Planning the external audit
National Managing Partner
of Audit Services
T 312.602.8034
E Trent.Gazzaway@us.gt.com
Subscribe to Grant Thornton publications at www.GrantThornton.com/Subscribe
Receive relevant white papers and timely updates on industry issues and the regulatory environment.
CorporateGovernor white paper series
Ensure your public company is run well and in accordance with applicable laws and regulations. Explore
a range of topics from fraud prevention and detection to financial reporting control and SOX compliance:
Enterprise risk management: Creating value in a volatile economy
discusses why implementing an enterprise risk management (ERM) program
can benefit companies in a down economy and how ERM can help enhance
business strategy.
Hear that whistle blowing! Establishing an effective complaint-handling
process addresses an important mandate of the Sarbanes-Oxley Act: the
requirement that audit committees establish procedures for receiving,
documenting and handling complaints related to accounting and auditing matters.
Fraud in the economic recovery
As companies pick up the pieces following a bruising bout of the economic
blues, they need to be on the lookout for fraud. From heightened fraud risk to
due diligence strategies for companies purchasing distressed assets, this
CorporateGovernor white paper provides a sound overview of fraud prevention
in today’s economic environment.
Timely updates
Tailored to management, boards and audit committees of mid-cap public companies, these updates
help you stay abreast of issues that affect the marketplace and your business.
Boardroom awareness: Service organization reports in transition
to new U.S. and international standards
In this issue of CorporateGovernor newsletter, Grant Thornton advisory
professionals discuss the new service organization reporting standards that are
set to replace Statement on Auditing Standards No. 70 (SAS 70) by mid-2011.
Information overload: How to make data analytics work for the internal
audit function
Learn how your internal audit department can effectively use data analytics to
add value to your organization.
Planning the external audit 19
Suggested reading
The Audit Committee Handbook, Fifth Edition (Wiley, 2010,
ISBN: 978-0-470-56048-8, U.S. $95.00).
The Audit Committee Handbook is co-authored by Grant Thornton LLP
audit committee experts R. Trent Gazzaway, national managing partner of Audit
Services, and Robert H. Colson, retired partner in Public Policy and External
Affairs, along with Louis Braiotta Jr., professor of accounting at SUNY —
Binghamton’s School of Management, and Sridhar Ramamoorti, principal at
Infogix Advisory Services. The Audit Committee Handbook provides practical,
in-depth guidance on all audit committee functions, duties and responsibilities.
This latest edition features regulatory updates, new chapters on audit planning
and oversight, heightened focus on fraud risk, and broad international coverage.
The Audit Committee Handbook is available at www.GrantThornton.com/
ACHandbook and through major online booksellers and bookstores nationwide.
The Anti-Corruption Handbook: How to Protect Your Business in the Global
Marketplace (Wiley, 2010, ISBN: 978-0-470-61309-2, U.S. $75.00)
Today’s demanding marketplace expects CFOs, auditors, compliance officers
and forensic accountants to take responsibility for fraud detection. These
expectations are buoyed by such legislation as the Foreign Corrupt Practices
Act, which makes it a crime for any U.S. entity or individual to obtain or retain
business by paying bribes to foreign government officials. Written by William P.
Olsen, the practice leader of Anti-Corruption Services at Grant Thornton LLP,
The Anti-Corruption Handbook provides guidelines addressing the challenges of
maintaining business integrity in the global marketplace.
20 Planning the external audit
Grant Thornton LLP offices
National Office
175 W. Jackson Blvd., 20th Floor
Chicago, IL 60604-2687
312.856.0200
Washington National Tax
Office
1250 Connecticut Ave. NW,
Suite 400
Washington, DC 20036-3531
202.296.7800
Arizona
Phoenix
California
Irvine
Los Angeles
Sacramento
San Diego
San Francisco
San Jose
Woodland Hills
Colorado
Denver
602.474.3400
949.553.1600
213.627.1717
916.449.3991
858.704.8000
415.986.3900
408.275.9000
818.936.5100
303.813.4000
Florida
Fort Lauderdale
Miami
Orlando
Tampa
954.768.9900
305.341.8040
407.481.5100
813.229.7201
Georgia
Atlanta
404.330.2000
Illinois
Chicago
312.856.0200
Oakbrook Terrace 630.873.2500
Schaumburg
847.884.0123
Kansas
Wichita
316.265.3231
Maryland
Baltimore
410.685.4000
Massachusetts
Boston
617.723.7900
Michigan
Detroit
Minnesota
Minneapolis
503.222.3562
Pennsylvania
Harrisburg
Philadelphia
717.265.8600
215.561.4200
612.332.0001
Nevada
Reno
775.786.1520
732.516.5500
518.427.5197
631.249.6001
212.422.1000
212.599.0100
North Carolina
Charlotte
704.632.3500
Raleigh
919.881.2700
Ohio
Cincinnati
Cleveland
Oregon
Portland
South Carolina
Columbia
803.231.3100
816.412.2400
314.735.2200
New York
Albany
Long Island
Downtown
Midtown
405.218.2800
918.877.0800
248.262.1950
Missouri
Kansas City
St. Louis
New Jersey
Edison
Oklahoma
Oklahoma City
Tulsa
513.762.5000
216.771.1400
Texas
Austin
Dallas
Houston
San Antonio
512.391.6821
214.561.2300
832.476.3600
210.881.1800
Utah
Salt Lake City
801.415.1000
Virginia
Alexandria
McLean
703.837.4400
703.847.7500
Washington
Seattle
206.623.1121
Washington, D.C.
Washington, D.C. 202.296.7800
Wisconsin
Appleton
Madison
Milwaukee
920.968.6700
608.257.6761
414.289.8200
Planning the external audit 21
© Grant Thornton LLP
All rights reserved
U.S. member firm of Grant Thornton International Ltd
The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest
quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of
Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd
and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity.
In the U.S., visit Grant Thornton LLP at www.GrantThornton.com.
Related documents
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
Lutz Internal Audit Director 10 22 2015
Lutz Internal Audit Director 10 22 2015
LGFMA Presentation - Internal Audit Program Model
LGFMA Presentation - Internal Audit Program Model
Case
Case
Green Impact Auditor
Green Impact Auditor
Mystery Fraud Training Outline
Mystery Fraud Training Outline
Download