Useful Guidance
Auditing Standard No.5
(AS5) - Opportunities for Efficiency
(4) Risk-focus of the standard - management should understand how IT affects the company's flow of transactions when understanding the likely sources of misstatement and identifying where material misstatements might occur.
(5) Auditors are allowed to incorporate the knowledge obtained during past audits into the decision-making process for determining the nature, timing, and extent of testing necessary in the current year.
Companies
that do not take the full
advantage of the Auditing
Standard No. 5 miss out on the opportunities
for efficiency and incur unnecessary costs
associated with the
regulatory compliance efforts.
Does your company take a
full advantage of the AS5? Listed below are the key opportunities
for efficiency:
(1) AS5 allows greater flexibility and places maximum emphasis on auditor judgment. What this means is that anything is possible as long as you can substantiate/ explain it. Documentation is the key.
(2) Restrictions on areas where and the extent to which External Auditors can use the work of others (management or consultants executing internal control compliance procedures on management’s behalf) to obtain evidence about design and operating effectiveness of controls are eliminated.
(1) AS5 allows greater flexibility and places maximum emphasis on auditor judgment. What this means is that anything is possible as long as you can substantiate/ explain it. Documentation is the key.
(2) Restrictions on areas where and the extent to which External Auditors can use the work of others (management or consultants executing internal control compliance procedures on management’s behalf) to obtain evidence about design and operating effectiveness of controls are eliminated.
The
necessary level of competence
and objectivity
of those who perform the work needs to meet the
requirements. As assessed risk related to the control increases, the
necessary level of competence
and objectivity
of those who perform the work needs to increase in order for the
External Auditors to be able to use their work - see guidance.
External Auditors will need to
determine whether the tests
are performed properly. This determination is done via
“reperformance” testing. External Auditors generally select
approximately 20% of control activities and reperform a sufficient
portion (judgmental) of management’s testing to conclude whether the
test of controls was performed properly. Again, documentation is the
key - see guidance.
(3) Auditors
are allowed to receive
direct assistance
from company personnel or third parties working under
the direction of management (i.e. consultants).
This
offers infinite possibilities.
External Auditors charge on average $450 per hour for their services.
Doing certain things internally means substantial savings.
Walk through
the budget with External Auditors and identify the areas where offering
direct assistance would make sense.
For instance, about 20% of External Audit’s budget is comprised of what they call “administrative costs” (things like coordinating status meetings, etc.). It does not take much effort to have such costs reduced to 5-10% of the budget just by helping with coordination of the audit. To save more, companies can have their internal staff help External Auditors with testing, etc.
For instance, about 20% of External Audit’s budget is comprised of what they call “administrative costs” (things like coordinating status meetings, etc.). It does not take much effort to have such costs reduced to 5-10% of the budget just by helping with coordination of the audit. To save more, companies can have their internal staff help External Auditors with testing, etc.
(4) Risk-focus of the standard - management should understand how IT affects the company's flow of transactions when understanding the likely sources of misstatement and identifying where material misstatements might occur.
What
this basically means is that
identification of risks and controls within IT should not be a separate
evaluation. Focus on application
systems that affect financials. If the
system cannot be linked to the financial statements, it should be
scoped out.
Also, focus on the systems and controls likely to pose a
greater risk to financial reporting - thus reducing effort and cost.
Helpful tip – put together a spreadsheet that lists application systems used by the organization and document your reasoning for scoping systems in or out to save time on explaining your reasoning to external auditors or other interested parties.
Helpful tip – put together a spreadsheet that lists application systems used by the organization and document your reasoning for scoping systems in or out to save time on explaining your reasoning to external auditors or other interested parties.
(5) Auditors are allowed to incorporate the knowledge obtained during past audits into the decision-making process for determining the nature, timing, and extent of testing necessary in the current year.
The extent of the testing
procedures performed in the current year can be further reduced by the
knowledge obtained from prior audits based on the following factors:
- Nature, timing and extent of testing performed in previous audits, and the results thereof - auditors can roll forward prior year’s testing when control was sufficiently tested and found to be effective in the past.
- Whether there have been changes in the control or the process in which it operates - auditors can roll forward prior year’s testing if no change has occurred in the control or the process in which it operates (a quick walkthrough or equivalent procedures should suffice for low-risk controls to assess the control’s operating effectiveness or less extensive than normal tests for higher risk controls).