In an audit, know your client means an auditor needs to understand client business. The understanding needs to be obtained from different perspectives including product, services, business model, supply chain, operations, and many other functional areas.
The purpose of performing KYC is to assess business risk and risk of material misstatement. It helps auditors in planning audit procedures. In fact, it’s only a logical way to start an audit.
Some of the well-known areas where auditor needs to focus include the following,
1-Understanding control environment
Control environment refers to management attitude for the internal controls. If management is committed to the quality aspects of operations and reporting, they are expected to hire professional staff with experience and vice versa.
Similarly, the culture set by higher management is reflected throughout the company. Hence, an auditor needs to understand if people in the organization value control or not. If the control environment is weak, it might reflect a higher risk of material misstatement and vice versa.
2-Understanding applicable regulations
Auditors need to understand applicable regulations. It’s because, they need to report shareholders about the company’s compliance with applicable laws. Usually, it’s done by comparing an internal business policies and operational documents with the regulator guideline.
A review of business correspondence with regulators can further help the auditor to understand ongoing and recent issues. Usually, auditors cover their risk by disclosing such matters in the management letter.
Further, depending on the type of business, the audit client may need to comply with different regulations. For instance, banks also need to comply with central bank directives and companies’ ordinances.
3-Understanding applicable reporting framework
Depending on the place of registration and place of work, an audit client may need to comply with regulations in more than one country.
Broadly, there are two types of accounting frameworks: GAAP and IFRS. So, the auditor needs to understand reporting requirements of the applicable accounting framework.
4-Understand internal reporting structure
The internal reporting structure is about financial reporting and business hierarchy. An auditor needs to understand if there are control gaps in the reporting lines. For instance, the auditor checks if a journal voucher is prepared and posted by the same staff.
There can be several places where auditors need to assess controls regarding segregation of duties etc.
It’s one of the most important areas during risk assessment. An auditor needs to understand features related to the product. For instance, some specialized product may require expert input in the counting process. It’s mostly the case with oil and gas companies where experts are hired to count inventory.
Likewise, the understanding of the product market can be helpful. It helps auditors to understand if products are sold in the local/foreign markets. Further, It helps auditors understand if the company has currency risk and if they need to vouch for export sales as well.
6-Understand the business model of the audit client
The business model is a broader term. It involves analyzing and understanding operations, product lines, employees’ hierarchy, product, market, and all aspects of doing business.
Generally, the business model can be seen from different perspectives that include operational, financial, marketing, product, and management structure.
Why does the auditor need to perform (KYC) -know your client?
The purpose of KYC – know your client is to understand client business and extract the risk of material misstatement. Once the risk of material misstatement is identified, it’s used to design audit procedures that help collect audit evidence.
Based on audit procedures, the auditor forms an opinion and issues an audit report based on audit evidence collected. Hence, KYC – Know your client is the first step towards successful audit execution.