Risk is part of life – and part of business. When companies think about risk, it’s usually in areas such as competition, safety, expansion, new lines of business, price increases or staffing.
When auditors think about risk, it is always about the company’s financial statements.
The auditors’ work comes down to one result: their opinion on the financial statements. To quote the auditors’ report, it is the auditors’ responsibility to “obtain reasonable assurance that the financial statements are free of material misstatement.”
For auditors, the risk is that they perform an audit and either don’t choose the right procedures or don’t appropriately interpret the results of those procedures in forming their opinion on the financial statements.
The risk of material misstatement falls into two categories: errors and fraud. Errors can occur from lack of experience of the client’s accounting personnel or from basic human error. Fraud occurs when someone purposely manipulates financial statements to show better results or when someone steals from the company.
It is important to note that auditors are responsible for identifying only material misstatements, not every error or instance of fraud. The auditors assess risk during the audit solely to determine what procedures to perform and the extent of those procedures.
Auditors spend significant time in the planning phase of the audit. This is when the initial audit plan is developed.
In the planning phase, auditors consider several factors, such as:
- The industry in which the company operates
- External factors affecting the company
- The company’s operating results
- The company’s dependence on financing
- The role of owners in the day-to-day operations of the company
- The number of employees
- Segregation of duties within the accounting function
- Management’s overall integrity
- Business philosophy
- The tone set at the top regarding ethical practices
The auditors also gain a thorough understanding of the company’s accounting cycles and internal controls over the financial reporting process. Discussions are held with owners, management, board members, department heads and line employees – both within and outside the accounting department – to determine where risks might be and where the company may be particularly susceptible to financial reporting errors or fraud.
In addition, auditors keep in mind the users of the financial statements. In gathering information, they consider industry issues, the impact of the economy on the company, operating results as compared to expectations, the nature of accounts and materiality of account balances or transactions.
Once this information is gathered, the auditors hold a brainstorming session to make their assessment of where the risk is and how fraud might occur.
All of this is done to determine the nature and extent of audit procedures. The auditor also incorporates elements of unpredictability in determining audit procedures. So, no single audit is the same from one year to the next.
As the audit progresses, procedures may be modified as new information becomes available. Auditors make adjustments as necessary and consider materiality throughout the audit.
At times, the auditor may make adjustments below materiality at the request of the client. All adjustments, unless deemed trivial, must be approved by the client.
In the wrap-up stage of the audit, the work is reviewed with a focus on adhering to professional standards and considering whether the audit procedures identified and addressed all appropriate risks. Analytical procedures in the final stages of the audit serve to highlight any unusual fluctuations not previously identified and addressed.
Auditors consider events occurring subsequent to year-end to determine whether there are additional risks not previously identified or whether additional accruals or disclosures are required. At the completion of the audit, the audit report is drafted based on the auditors’ conclusions and formation of an opinion on the financial statements. The audit report on the financial statements is presented to management prior to issuance.
An important aspect of the audit is the reporting of comments and observations by the auditors to management or others charged with governance. This meaningful feedback enables the client to improve operations.
While auditors maintain their independence at all times, through their experience, they are able to assist the client in identifying best practices and improving operations through better controls and processes.