Professional Documents
Culture Documents
external audit
The audit committee guide series
Effective audit
committees are critical
to the quality of financial
reporting and the proper
conduct of business. This
guide is one of a series
that is meant to help audit
committees meet their
oversight and fiduciary
responsibilities.
Trent Gazzaway, National Managing Partner
of Audit Services
Contents
2 Role of the external auditor
3 Audit planning
4 Financial statement assertions
6 Designing audits
7 Judging materiality
9 Assessing audit risk
10 Evaluating risk of
material misstatement
11 Overseeing plan and team
12 Performing audit tests
13 Using the work of others
External auditors are independent audit professionals who audit the financial
statements of a company, legal entity or organization. They are expected to
express an opinion on whether an entitys financial statements are free of material
misstatements and are a true and fair representation of actual financial position.
The external auditors primary responsibilities are to:
1. identify items that have a reasonable possibility of causing the financial
statements to be materially misstated;
2. design and execute tests to determine whether such misstatements
have occurred; and
3. in certain public company audits, test the effectiveness of internal control
over financial reporting.1
Audit planning
Account balances
Assertions
Financial statements represent a complex and interrelated set of assertions. Auditors generally
test assertions in three areas transactions and events, account balances, and presentation
and disclosure.
Designing audits
It is not possible to design a practical audit that eliminates all risk of misstatement.
Auditors must design audits to focus on areas that have the highest likelihood of
containing material misstatements, and use methodologies that provide reasonable
assurance that misstatements do not exist.2 To do so, auditors consider two key
factors in planning and executing audits: materiality and audit risk.
Statement on Auditing Standard No. 1, par. 2 states, The auditor has a responsibility to plan and perform the audit
to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether
caused by error or fraud.
Judging materiality
The presence of qualitative risk considerations may cause the auditor to adjust
testing scopes. They might also influence the auditors conclusions about the
significance of an identified error that might, in purely quantitative measures,
be considered immaterial.
Audit risk is the risk that the auditor may unknowingly fail to modify his opinion
on financial statements that are materially misstated. It relates to (1) the risk that
the financial statements prepared by management are materially misstated (material
misstatement risk) and (2) the risk that the auditor will not detect such material
misstatement (detection risk). Misstatement risk and detection risk are inversely
related. The greater the material misstatement risk, the less the detection risk the
auditor can accept. Conversely, the lower the material misstatement risk, the
greater the detection risk acceptable by the auditor.3
When audit risk is high, external auditors design audits with more extensive
testing, less reliance on the work of others and less interim work. As that risk
diminishes, auditors rely less on extensive testing and more on the work of others,
and perform more interim work during the audit cycle.
SAS No. 107, par. 25 (New York: AICPA, 2006); and ISA 200, par. A42 (New York: IFAC 2009).
4
5
6
Ibid., SAS No. 107, par. 21; and ISA 200, par. 13(n).
See the AICPA Audit Guide: Assessing and Responding to Audit Risk in a Financial Statement Audit, par. 2.10.
See COSO, Guidance on Monitoring Internal Control Systems, vol. 2, par. 58.
The auditor must adequately plan the work and must properly supervise
any assistants.8 Accordingly, the audit committee might ask the auditor-incharge about:9
The experience, training and amount of resources assigned to specific
audit areas.
When such resources are to be assigned, and how much time they are
expected to incur.
How resources are to be managed, directed and supervised, such as:
When and how often team briefing and debriefing meetings are
expected to be held.
Whether the auditor will utilize a concurring reviewer or other form
of engagement quality review. Every audit of a company listed on a
U.S. exchange must include a concurring partner (or equivalent)
quality review.
7
8
9
Auditors perform two different types of audit tests: tests of controls and
substantive procedures.
Tests of controls are designed to evaluate the effectiveness of the internal control system in
preventing or in detecting and correcting errors before they result in a material misstatement in
the financial statements. Tests may include:
a walkthrough, from beginning to end, of one or more transactions; and
selecting samples of controls at a point in time, or over time, and observing or reperforming
them to obtain evidence that they operate effectively.
Audit committee considerations: The audit committee should know whether internal control areas exist
that the auditor does not believe are effective enough to warrant any level of audit reliance. Such areas
may lead to errors in internal reports used for decision-making purposes.
Substantive procedures are designed to detect material misstatements at the assertion level by
testing the output from the financial reporting process. Procedures consist of:10
tests of details, which may include inspection, observation, external confirmation, recalculation,
and/or inquiry11 on a sample of transactions or accounts; and
substantive analytical procedures,12 which may range from simple comparisons to complex
analyses using advanced statistical techniques. Examples may include analyzing financial trends
over time, comparing financial ratios (e.g., gross margin percentages) to established expectations,
and comparing financial and non-financial information (e.g., payroll costs and number of
employees).
Audit committee considerations: If an auditors substantive procedure discovers a material error,
it is because the internal control system did not. Substantive procedures are performed for each
material class of transactions, account balance and disclosure.
10
11
12
See ISA 500, par. A14-A22, and SAS No. 110, par 11.
See ISA 315, par. A67, and SAS No. 110, par. 29.
Audit committee members may hear auditors talk about planning analytics. While planning analytics employ the
same tools as substantive analytical procedures, auditors perform them for a different purpose. Auditors use planning
analytics early in the audit cycle to help identify inherent and control risks. They employ substantive analytical procedures
(which usually are more comprehensive than planning analytics) throughout the audit cycle to determine whether material
misstatements have occurred.
External auditors often can enhance the efficiency and effectiveness of their
audits by using the work performed by others. Most standards that govern
this topic relate to using the work performed by the internal audit functions.13
In the U.S., however, the PCAOB has expanded that potential use to include
the work of company personnel (in addition to internal auditors), and third
parties working under the direction of management or the audit committee
when gathering evidence about the effectiveness of internal control over financial
reporting.14 Audit committee members should understand the extent to which
auditors plan to use the work of others,15 and question whether auditors have
considered the following:
The nature, scope and adequacy of work performed by others
The assessed risks of material misstatement
The degree of subjectivity in evaluating audit evidence gathered
by others to support relevant assertions
The objectivity and technical competence of others
Whether the others work is carried out with due professional care
Whether effective communication is likely to occur between others
and the external auditor
The expected effect of the work of others on the nature, timing,
or extent of the external auditors procedures
13
14
15
Audit committee members will want to be confident that the external audit plan:
1. covers all risks that have a reasonable possibility of materially affecting the
financial statements;
2. focuses on the effectiveness of the internal control systems ability to mitigate
those risks, with minimal time spent on controls whose failure likely would be
immaterial, or detected and corrected by other controls;
3. takes appropriate advantage of the work performed by others, especially that
of internal audit, but does not place unwarranted reliance on such work; and
4. focuses appropriately on areas where the risk of fraud is meaningful.
More guidance
Q3
6
Q4
9
10 11 12
Q1-Next
Year
1
Budgeted
Hours
Hours
to Date
ETC
Q2
Month
Q3
6
Q4
9
10 11 12
Q1-Next
Year
1
Budgeted
Hours
Hours
to Date
ETC
Budgeted
Hours
Hours
to Date
ETC
Q2
Month
Q3
6
Q4
9
10 11 12
Q1-Next
Year
1
Contact us for help with either your internal or external audit needs
Warren Stippich
Trent Gazzaway
Timely updates
Tailored to management, boards and audit committees of mid-cap public companies, these updates
help you stay abreast of issues that affect the marketplace and your business.
Boardroom awareness: Service organization reports in transition
to new U.S. and international standards
In this issue of CorporateGovernor newsletter, Grant Thornton advisory
professionals discuss the new service organization reporting standards that are
set to replace Statement on Auditing Standards No. 70 (SAS 70) by mid-2011.
Information overload: How to make data analytics work for the internal
audit function
Learn how your internal audit department can effectively use data analytics to
add value to your organization.
Suggested reading
National Office
175 W. Jackson Blvd., 20th Floor
Chicago, IL 60604-2687
312.856.0200
Washington National Tax
Office
1250 Connecticut Ave. NW,
Suite 400
Washington, DC 20036-3531
202.296.7800
Arizona
Phoenix
California
Irvine
Los Angeles
Sacramento
San Diego
San Francisco
San Jose
Woodland Hills
Colorado
Denver
602.474.3400
949.553.1600
213.627.1717
916.449.3991
858.704.8000
415.986.3900
408.275.9000
818.936.5100
303.813.4000
Florida
Fort Lauderdale
Miami
Orlando
Tampa
954.768.9900
305.341.8040
407.481.5100
813.229.7201
Georgia
Atlanta
404.330.2000
Illinois
Chicago
312.856.0200
Oakbrook Terrace 630.873.2500
Schaumburg
847.884.0123
Kansas
Wichita
316.265.3231
Maryland
Baltimore
410.685.4000
Massachusetts
Boston
617.723.7900
Michigan
Detroit
Minnesota
Minneapolis
503.222.3562
Pennsylvania
Harrisburg
Philadelphia
717.265.8600
215.561.4200
612.332.0001
Nevada
Reno
775.786.1520
732.516.5500
518.427.5197
631.249.6001
212.422.1000
212.599.0100
North Carolina
Charlotte
704.632.3500
Raleigh
919.881.2700
Ohio
Cincinnati
Cleveland
Oregon
Portland
South Carolina
Columbia
803.231.3100
816.412.2400
314.735.2200
New York
Albany
Long Island
Downtown
Midtown
405.218.2800
918.877.0800
248.262.1950
Missouri
Kansas City
St. Louis
New Jersey
Edison
Oklahoma
Oklahoma City
Tulsa
513.762.5000
216.771.1400
Texas
Austin
Dallas
Houston
San Antonio
512.391.6821
214.561.2300
832.476.3600
210.881.1800
Utah
Salt Lake City
801.415.1000
Virginia
Alexandria
McLean
703.837.4400
703.847.7500
Washington
Seattle
206.623.1121
Washington, D.C.
Washington, D.C. 202.296.7800
Wisconsin
Appleton
Madison
Milwaukee
920.968.6700
608.257.6761
414.289.8200