The purpose of the audit is to form an opinion on the financial information by examination of books of account and physical checking. It is done to verify accuracy of financial statements of a company.

There are different Audit methods or techniques that auditors use. Indeed, the different audit approaches are based on the nature of engagement, the scope, the nature of the client’s business, and the risks.

The correct choice of the method helps auditors to improve efficiency and we will focus on the main audit approaches.

1 – Substantive Procedures Audit Approach

The substantive procedures are traditional approaches and tests based on the large volume and high value of transactions to minimize the risk of misstatement.

This approach is generally used where the financial reporting system or internal controls over financial reporting are not reliable. 

Therefore, the auditors select large numbers, significant amounts of transactions, and then check whether the transactions selected have enough and reliable supporting documents. At the same time, they will check whether accounting recognition and classifications are complying with the accounting standard.

Determination of the transaction volume tested by substantive procedures:
  • If the internal control process is not reliable, then auditors will decide to test by a substantive approach to minimize the risks of material misstatements (large sample size and could reach 100%).
  • If the internal control process is reliable, that means the risks of misstatements are low, then the auditor can reduce the substantive tests, but not ignoring them, as he can never be 100% sure of reliability of internal control. 

2 – Balance Sheet Audit Approach

In the balance sheet approach, auditors believe that if the account balance in the Balance Sheet is correctly recorded and documented, the Profit and Loss statement will also be correctly recorded.

Assertions are the declarations made by the management of the company when they prepare financial statements regarding each line.

The work of the auditor is to ensure that for each line in the financial statements there are no material misstatements. 

The main assertions are:

  • Occurrence

All the transactions are real, can be verified and related to the organization.
(Example: purchases are in stock or have been sold and the purchase invoices are under the name of the company) 

  • Completeness

This is how the transactions are completely recorded with relevant disclosures. 
(Example: wages cost has to be registered by nature of cost and include the additional costs)

  • Cut-off

Only transactions and events of the current financial year should be registered in financial statements). 
(Example: Commissions on sales should be registered in the same year of the sales or interests of the loan have to be registered in prorate rate of the period and not on the payment date).  

  • Classification & presentation

All transactions and events have to be registered in the relevant account according to their proper classification (classification is important as well to analyze the data). 
(Example: costs should be split by nature (manufacturing, marketing, administrative…) 

  • Rights and Obligations

Validation that the organization has the property or the right of usage of the given assets and the entity accepts that it is supposed to abide obligations and accept them as liabilities. 
(Example: Inventory or furniture can be physically verified with no doubts or concerns)

  • Valuation

Valuation is made to ensure that all assets, liabilities and equity has been valuated with no overstatement or understatement and in any line item. 
(Example: in case of damage on inventory items, they should be depreciated to reflect the realizable value) 

3 – System Based Audit Approach

In the organization with a strong internal control used, the auditors can test and validate the internal control after full understanding of the client’s process. 

If auditors validate the internal control, this will ensure that the organization produces correct financial reporting. However, they still will have to produce substantive testing.

3 steps:

  • Auditors review the internal control system that is involved with the financial reporting system (example: need of goods, check in stock, purchase request, choice of supplier, purchase order, receipt of goods, registration of invoice, payment). 
  • The auditors need to validate the controls to ensure that all areas are working properly (No overrides from management, no theft, all deliveries are registered, inventory is correct…). 
  • At the end of validating control, the audit will conclude if the procedure is reliable or not. 
  • If not reliable, then auditors will decide to test by substantive approach to minimize the risks of material misstatements (sample size and could reach 100%).
  • If reliable, that means the risks of misstatements are low, then auditors can reduce the substantive tests but not ignoring them, as he can never be 100% sure of reliability of internal control. 

4 – Risk based Audit Approach

Risk based is the most used approach. The objective is to reduce audit risks and do fewer works. Auditor requires to perform risk assessments to make sure that all possible risks of misstatements are identified. 

Risks based approach performs by understanding the client’s business, environments and internal control. Auditors need to assess the possible risks and material misstatement in the financial statements.

For each risk identified, auditors will prepare a program depending on the level of the risk and spend less time on the area with fewer risks and focus only on the high level of risks. 

The Audit risk can be defined as an incorrect opinion to the audited financial statements and it is composed of 3 different risks: Inherent risk, Control risk and detection risk.

All the auditor work is to assess the risks of material misstatements in the financial statements through understanding organization and its environment by using inquiry, inspection, observation, and analytical procedures. 

4.1 – Inherent Risks

It is the risk that could not be detected by internal control of the company. Most of the time it happens with complex business nature or transactions. 

For example: a transaction is supposedly complex with financial instruments and derivatives, but it can be linked as well with an external environment, like climate changes or political problems.

For an audit with high inherent risk, the auditor has to be aware and have a deep team member able to understand this business environment, and transactions or decline the mission.

4.2 – Control Risks

Control risk is the risk that current internal control may not be able to detect material error or misstatement in the financial statements. 

If the management of the company is required to set up and assess the effectiveness of internal control to avoid material misstatements, the lack of control can cause an audit risk with material misstatements. 

That’s why auditors need to understand and assess the internal control of the entity. However, even if internal control is validated the auditors still need to confirm it by tests. 

If the internal control is not strong enough or if the test result fails, the auditor should adapt the audit program to minimize the risk.

4.3 – Detection Risk

Detection risk is the risk to fail detection of the material misstatement in the financial statements.

Detection risk is the result of low understanding of the business or competency, poor audit planning or program and wrong methodology. 

As mentioned, detection risk could be the result of poor audit planning. For example, if audit planning is poor, not all kinds of risks are defined, and the audit program that is used to detect those risks, is to deploy incorrectly. Then, the result is the material misstates are not detected.

For example: understanding the objectives and scope of the audit will help define audit approaches and choose the right audit program, or the choice of team members with relevant experience and knowledge of the business, will certainly reduce the risk.

4.4 – Fraud Risk

Fraud risk is the risk that financial statements have material misstatement without detection by auditor and management.

  • Management has responsibility to set up the control to prevent and detect fraud. 
  • Auditor is responsible to provide reasonable assurance in financial statements. 

Then the auditor needs to assess fraud risk that might happen.

Log on https://goriouxsiam.com to know more about us, or contact us info-siam@gorioux.com.

Share this post on: