Academic journal article Journal of Accountancy

Risk-Based Audit Best Practices

Academic journal article Journal of Accountancy

Risk-Based Audit Best Practices

Article excerpt

EXECUTIVE SUMMARY

On all audits the auditor must evaluate the design and implementation of internal control to properly identify and assess risk. Implementing and applying this standard in practice has proven to be a challenge for many firms.

* The key to implementing the internal control evaluation requirement is "the COSO process." The auditor starts at the highest level of aggregation, the financial statements, then proceeds through a sequence of analyses that grow increasingly granular until the auditor ultimately assesses individual control activities.

* Auditors have struggled to determine the nature and extent of the procedures they should perform on an ongoing basis. Instead of considering how to update the prior year's audit, make identifying changes in the organization your first priority.

* The broad scope of the risk assessment standards made it difficult for audit firms to optimize implementation of the standards by developing firm policies and practice aids. The temptation is to use policies and practice aids developed by others, but by developing and owning their own approach, firms gain more in-depth knowledge of the standards and of their clients' businesses that will help them truly optimize processes and maintain quality.

**********

[ILLUSTRATION OMITTED]

The aim of the risk assessment auditing standards was to improve the quality and effectiveness of audits by substantially changing audit practice. Statements on Auditing Standards nos. 104-111 provide increased rigor to the audit process in a number of key areas including the assessments of inherent and control risks and the linking of these risk assessments to further audit procedures.

This year marks the third anniversary of the standards' effective date. Across the profession much progress has been made toward the ultimate goal of a more reliable audit process, but even more is possible as we continue to learn about the standards' practical application.

This article captures some of the most important lessons learned and best practices that have emerged during the extended implementation of the risk assessment standards (see sidebar, "Methodology Behind Application Suggestions").

IMPLEMENTATION ISSUE No. 1: EVALUATING INTERNAL CONTROL

Previous auditing standards allowed auditors, at their discretion, to simply designate the client's internal control as a high risk, which allowed them to greatly reduce the effort required to understand and document internal control.

[ILLUSTRATION OMITTED]

The risk assessment standards prohibit the auditor from "defaulting to the maximum" control risk. On all audits the auditor should evaluate the design and implementation of internal control to properly identify and assess risk.

Implementing and applying this standard in practice has proven to be a challenge for many firms, which have difficulty linking their internal control work to the substantive procedures and other aspects of the engagement, finding sufficient benefit to justify the increased audit costs that result from the stricter standard and determining how to evaluate the effectiveness of internal control design.

APPLICATION SUGGESTION: FOLLOW THE COSO PROCESS

Karen Kerber, a shareholder with Kerber, Rose & Associates, sums up the fundamental dilemma her firm's auditors face. "Our staff struggles with understanding how internal control is relevant," she says. "They need to relate it to something."

The secret is for the auditor to gain a deeper understanding of the COSO integrated framework of internal control, according to Charles Landes, AICPA vice president--Professional Standards and Services. "COSO addresses the issues faced by Karen and the staff at many other firms because it relates internal control to the financial statements," he says.

To apply what Landes refers to as "the COSO process," the auditor starts at the highest level of aggregation, the financial statements. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.