Visit our AuditSkills site! Visit our Happy Cash Flow site

“I have been ranting and raving to my peers, family and friends about your seminar… you had me on the edge of my seat just absorbing all the information you covered! Anyone that can teach [auditing]… in such a fun, exciting and upbeat way… deserves more than just KUDOS. I am already looking into other seminars you teach.”
 

Home

Seminars & Workshops

Schedule

About

Clients

Newsletter / Archives

Store

Resources

Links

Contact
 

SIGN UP FOR OUR
FREE NEWSLETTERS
First Name
Last Name
*  Email Address
*  Preferred Format
 
Mailing Lists:
 
*  Enter security code:

 
AuditSkills Archives
Happy Cash Flow Archives

 

Contact Us
P.O. Box 202w138
Austin, Texas 78720

P: 512-996-8588
F: 512-996-8585
Email
 

The Steps of an Audit—Step 8

September 2007

Finally, we are back to talking about the steps of conducting an audit! I started the discussion earlier this summer and paused to discuss the new Yellow Book and the PCIE report.

To refresh your memory, here are the steps to conducting an audit:

  1. receive vague audit assignment
  2. gather information about audit subject
  3. determine audit criteria
  4. perform a risk assessment
  5. refine audit objective and sub-objectives
  6. choose methodologies
  7. budget each methodology
  8. document the audit plan
  9. formalize the audit program
  10. perform audit steps
  11. document results in the working papers
  12. review working papers
  13. write findings
  14. confer on findings with client
  15. conclude
  16. finalize report

Please go to www.auditskills.com to look up previous newsletters that covered steps 1-7. Today, it is all about documenting what you have done so far—creating an audit plan.

Step 8: Document the audit plan

Most audit standards require you to document your audit plan before you move on to fieldwork. This is not to say that the audit plan is static or unchangeable, but it is to say that you should have a pretty good idea of what you are going to do and how you are going to do it before you begin your fieldwork.

Steps 2-7 are all about deciding what you are going to do. This step is about writing it all down.

The format is up to you

I once had the pleasure of working with a very seasoned auditor (who also tended to err on the side of incredible amounts of detail—“When in doubt, write it down!” was her motto) and her audit planning documentation was 15 pages long. Yes, you read that right—15 pages. You could really go to town on this!

But guess what? The audit standards aren’t very specific. The standards do outline the topics that should be covered in an audit plan, but leave the technique for documenting up to our professional judgment. And what does “professional judgment” mean, people? Your way of doing it is as good as mine!

But don’t leave the basics out

At a minimum, your audit planning documentation should include answers to some very important questions:

  • What are you going to do? (Objective)
  • How much are you going to do? (Scope)
  • And how are you going to do it? (Methodology)

The objective is the question the audit is going to answer. For example, your objective may be: “Does every school child receive breakfast each morning?” or “Is royalty revenue classified correctly?”

GAGAS: 7.08
The objectives are what the audit is intended to accomplish. They identify the audit subject matter and performance aspects to be included, and may also include the potential findings and reporting elements that the auditors expect to develop. Audit objectives can be thought of as questions about the program that the auditors seek to answer based on evidence obtained and assessed against criteria.

Scope is the boundary around your work. You can’t do everything for every period, every location, and every student who eats lunch! Scope can be described in general terms in the planning phase of the audit—such as, “For the fall semester, 2005”. But you can also add scope to each methodology (you can limit the sample size, time period, subject, etc.).

An old version of the Yellow Book defined scope as “the definition of the relationship between the audit universe and what you actually audited”. I loved that description, but they took it out of more recent versions.

7.09
Scope is the boundary of the audit and is directly tied to the audit objectives. The scope defines the subject matter that the auditors will assess and report on, such as a particular program or aspect of a program, the necessary documents or records, the period of time reviewed, and the locations that will be included.

Methodologies are the techniques you use to answer the questions:

    7.10
    The methodology describes the nature and extent of audit procedures for gathering and analyzing evidence to address the audit objectives. Audit procedures are the specific steps and tests auditors will carry out to address the audit objectives. Auditors should design the methodology to obtain sufficient, appropriate evidence to address the audit objectives, reduce audit risk to an acceptable level, and provide reasonable assurance that the evidence is sufficient and appropriate to support the auditors’ findings and conclusions. Methodology includes both the nature and extent of audit procedures used to address the audit objectives.

You would also be wise to document:

  • how many resources you are going to dedicate to the project as well as how you are going to allocate those resources;
  • how you plan on addressing the risks that you identified during planning;
  • what evidence you plan on using to support your conclusions.

GAGAS 7.51
A written audit plan provides an opportunity for the audit organization management to supervise audit planning and to determine whether:

a. the proposed audit objectives are likely to result in a useful report;
b. the audit plan adequately addresses relevant risks;
c. the proposed audit scope and methodology are adequate to address the audit objectives;
d. available evidence is likely to be sufficient and appropriate for purposes of the audit, and;
e. sufficient staff, supervisors, and specialists with adequate, collective, professional competence and other resources are available to perform the audit and to meet expected time frames for completing the work.

The audit plan must be in writing

Under GAGAS standards, the audit plan must be written down.

GAGAS 7.50
Auditors must prepare a written audit plan for each audit. The form and content of the written audit plan may vary among audits and may include an audit strategy, audit program, project plan, audit planning paper, or other appropriate documentation of key decisions about the audit objectives, scope, and methodology and of the auditors’ basis for those decisions. Auditors should update the plan, as necessary, to reflect any significant changes to the plan made during the audit.

What the AICPA says

For some odd reason, the AICPA refers to the audit plan as the “audit strategy” and the audit program as the “audit plan” in the SASs. Be careful that you don’t get hung up in this terminology mess. It is almost as if they are purposely trying to confuse us… hmm… I wonder…

AICPA SAS 108: 13.
The auditor should establish the overall audit strategy for the audit… should:

  • Determine the characteristics of the engagement that define its scope—such as the basis of reporting, industry specific reporting requirements, and the locations of the entity.
  • Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of communications with the client that are required.

Next month: More steps...

 

  © 2000 to 2008 Leita Hart-Fanta. All rights reserved. | Privacy Policy