The purpose of performing an external audit is to assure a set of financial statements. Following steps are performed by auditors for the performance of an external audit.
1-Understanding the business
Business understanding helps to understand dynamics for overall audit activity. It helps understand the macro-economic and internal factors that impact the business. It further helps to understand applicable regulations, tax clauses, industry, and other aspects of the competition.
Further, with the understanding of the business, auditors decide if they have the in-house expertise to perform an audit or they need to hire an expert from outside.
2-Understanding of internal controls
Internal controls are implemented to regulate business processes with transparency. Implementation of strong internal controls helps prevent errors and misstatements in the accounting record. On the other hand, if internal controls are weak, it may lead to a higher risk of errors and misstatement.
So, auditors assess internal controls to understand if audit client is risky. In case an audit client is risky, they need to plan significant resources for the performance of the audit. In some cases, auditors might withdraw from engagement if the risk is not assured.
3-Assessment of RMM – Risk of material misstatement
Business understanding and internal control assessment enable the business to conclude the risk of material misstatement. Usually, auditors classify RMM as low, medium, and higher.
Another important input for the assessment of RMM is preliminary Analytical Review. It’s about analyzing logical relations in the accounting figures. For instance, if there is a 20% increase in the receivable, the corresponding revenue increase should be around 20%. It’s a logical one. However, if a 50% increase in the receivables and a 5% increase in sales, it might indicate an overstatement of receivables.
So, auditors perform ratio analysis and study patter of the relationship between figures. Most of the risks are identified from PAR – Preliminary Analytical Review.
Based on the risk assessment, auditors plan and perform audit procedures. If RMM is higher, extensive audit procedures are planned and vice versa.
Sometimes, the fee of the audit client is also determined based on RMM. Suppose, if RMM is higher, auditors must perform extensive audit procedures. This will lead to the consumption of more resources and more costs. Hence, the audit fee to be charged should be more. On the other hand, if the RMM is lower, auditors do not need to perform extensive audit procedures. Hence, the audit fee can be lower.
4-Setting materiality and setting audit scope
Based on the risk identified, the auditors need to set materiality. The set materiality helps the auditor to determine the sample size. If the RMM is higher, auditors set a lower value of the materiality and vice versa. For instance, if the materiality value is lower, the planned audit procedures must be extensive and vice versa.
5-Design audit procedures
Based on identified risk in the above stages, auditors design audit procedures. These procedures include a test of control substantive audit procedures.
Test of control is about testing implemented business controls and assessing if controls are effective and performing. To test the control, auditors perform a walkthrough on a complete cycle. For instance, the sales cycle can be tested for approval and process efficiency.
Similarly, substantive audit procedures test account balance to obtain conclusive evidence. It’s about obtaining assurance on the assertions of the account balances.
Some account balances require the performance of both tests of control and substantive procedures. For instance, if RMM for the receivables was assessed as risky – both test of controls and substantive procedures can be planned. On the other hand, substantive audit procedures can be sufficient if the account balance is low risk.
6-Collection of audit evidence
Auditors need to obtain sufficient and appropriate audit evidence by performing audit procedures.
Sufficient audit evidence – sufficient audit evidence refers to the quantity of the evidence. For instance, how many vouchers were analyzed by the auditor?
Appropriateness of audit evidence – Appropriateness refers to the quality of the audit evidence. For instance, third-party documents are perceived to be more reliable than internal business documents.
The evidence collected is assessed against risk identified on the assertion level. For instance, an assertion of completeness and existence is relevant for the inventory. So, auditors need to ensure if they have collected evidence for the same.
Likewise, audit evidence must be collected for risk identified in the previous stages.
7-Formation of audit opinion
The science is simple. The audit opinion is formed based on collected audit evidence. For instance, a clean/unqualified audit opinion is formed if audit evidence is sufficient and appropriate. On the other hand, if audit evidence is not sufficient and appropriate, a qualified audit opinion is formed.
In some circumstances, auditors issue disclaimer and adverse opinion as well.
It’s equally important to note that the approach of an external audit is different from an internal audit.
Conclusion (steps of external audit)
The external audit approach is based on risk assessment. In the first step, auditors assess the risk of material misstatement and set the materiality level. If the risk of material misstatement is higher, the materiality level is lower and vice versa.
Level of materiality impacts on extend of performing audit procedures. For instance, if materiality is lower, a higher sample is selected from the population and vice versa. In the next stage, audit procedures are planned to cover the risk of material misstatement.
So, if auditors successfully obtain sufficient and appropriate audit evidence, they issue a clean report. Otherwise, the qualified audit report is issued. Sometimes, adverse opinions and disclaimers are issued as well.