The Audit Approach is a risk analysis methodology that focuses on the combined impact of the environment in which a client operates, the client's management information and financial results, and the effectiveness of the client's internal controls. It is based on a thorough, up-to-date understanding of the client's business and industry, which is obtained through a comprehensive analysis of the external and internal operating environments. It enables us to design an audit programme that includes the most effective and efficient combination of test responsive to a client's unique circumstances. In addition, it provides a uniform method for developing and documenting the basis for the audit programme.
The Audit Approach enables us to plan our effort to be proportionate to the risk of material error in specific accounts and transactions. This provides the basis for planning the minimum effort necessary to limit audit risk in each area to a low level. As a result, every audit procedure has a specific purpose that is related to the company's particular situation – nothing is "routine" and hence potentially unnecessary. By following this approach we can avoid overauditing and underauditing, and we can distribute our audit work more evenly throughout the year.
MATERIALITY AND AUDIT RISK
Professional standards require us to consider materiality and audit risk when planning the nature, timing and extent of our audit procedures, and when evaluating the results of those procedures. Materiality is determined at two levels during the initial planning stage :
- An overall level as relates to the accounts taken as a whole – planning materiality; and
- An individual balance or class of transactions level – tolerable error.
Audit risk is defined as the risk that an auditor may unknowingly fail to modify his or her opinion on accounts that are materially misstated. We address materiality and audit risk at an overall level to help us develop an audit strategy that will provide sufficient evidence to enable us to evaluate whether the accounts are materially misstated.
At the account balance or class of transactions level, audit risk is the product of the risks that :
- Factors in a company's internal or external operating environment, before considering the functioning of internal controls, will lead to a material error – inherent risk;
- A material error will not prevented or detected on a timely basis by the system of internal control – control risk; and
- The auditor's procedures will fail to detect a material error not detected by the system of internal control – detection risk.
The Audit Approach provides a methodology for relating these risk concepts to materiality and correlating them to the nature, timing, and extent of our audit procedures. This is accomplished through the Specific Risk Analysis and the Preliminary Audit Approach.
SPECIFIC CONTROL OBJECTIVES
A key element of the Audit Approach is the relationship of specific control objectives to transactions and accounts. Specific control objectives are derived from the five general control objectives that an accounting system should be expected to achieve. The first three of the five – authorization, recording, and safeguarding – relate to establishing the system of accountability and provide for the prevention of errors and irregularities. The fourth general objective – reconciliation – ties together the system of accountability established by the first three and, along with the fifth objective – valuation – provides for the detection of errors and irregularities.
We have translated these general objectives into specific control objectives that are related to the accounts and transactions of a business. Specific control objectives relate to the activities in each operating component that originate and process transactions. Each type of transaction results in either debits or credits to various accounts. Because a number of accounts and transactions are normally affected by a single specific control objective, the specific control objectives provide convenient and efficient reference points for considering the inputs to the Specific Risk Analysis.
PHASES OF THE AUDIT APPROACH
We can divide an audit into three phases – initial planning, programme development, and programme execution. On paper, each phase – and each step within it – appears as a separate activity. However, in practice, the phases and steps are closely interrelated and should not be regarded as distinct steps that are set aside when done. Throughout any audit, we should be alert for new developments that may affect the client's business or industry. We should continue to challenge the effectiveness and efficiency of audit procedures, and modify them if necessary (Hrd).