System based audit approach is quite similar to the risks based audit approach. This approach required the auditor to understand and assess the effectiveness of the client’s key control system especial the key system related to financial reporting.
Once the auditor assesses the effectiveness of the system, auditors’ works then focusing on the areas that are more concerned. Auditor also assesses whether the control system set by the entity is meeting the objective or not.
The substantive audit procedures and audit works might reduce the area that less concern by auditors or the areas that result in the assessment concludes fewer risks.
System based audit approach could help auditors to reduce the works that auditors perform by them on the areas that do not add value to them.
In other words, the auditor will pay very close attention to the areas that have high risks of material misstatement on the financial statements than on the low risks. By using System based audit approach, the auditor could minimize their risks of issued incorrect opinions.
Risks based audit approach is one of the well-known audit approaches used by the auditor to perform an audit of financial statements. The principle of this approach requires the auditor to put their effort into the high risks areas rather than spend a lot of time on the areas that are low risks.
Risks based audit approach comes from the international standard on auditing ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment.
This standard requires an auditor to obtain an understanding of entity key internal control, internal environment, and the effect of the external environment that could potentially affect to entity’s business as well as financial reporting. Once the risks are assessed and identified, audit procedures are tailored.
For example, a high turnover of key staff in the finance department can be the factor that financial reporting system might not run appropriately and risks of material misstatement on the financial statements are likely to increase.
The audit procedures to detect the likelihood of incorrect accounting treatments as well as over right the level of authorization should be established.
If you are familiar with ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment, you might understand the principle audit approach on auditing financial statements.
This standard required the risk assessment to be performed at the planning stage through internal and external factors that influence client internal control.
This approach starts with the planning stage of an audit. Normally, the auditor obtains an understanding of the client’s key internal control and its environments before they perform risks assessment.
And once the risks related to financial statements are assessed and identifies, the audit procedures are tailored to detect those risks.
There are many kinds of risks that might influence the misstatement of financial statements such as Financial Risks, Compliance Risks, and Operational Risks. If auditors could identify these risks and then execute the right audit procedure to detect all of those risks, then audit risks will be minimized.
It is good to note that risks contain three important risks include inherent risks, control risks, and detection risks. Inherent risks involve the risks outside the scope of management and auditors.
Control risks; in addition, refer to the risks resulting from management internal control over financial reporting could not detect the material misstatements due form both error and fraud.
Detection risk is the risk that auditors could not design the right audit procedures to detect the material misstatements that contain in the financial statements.
Risks base internal audit approach:
Risks based audit approach is also used by internal auditors to perform internal audit activities. This approach requires the internal auditor to understand and assess the entity’s risks.
For example, let classify those risks into three simple areas include operational risks, compliant risks, and financial risks.
The Balance sheet audit approach is a kind of audit approach that executes by the auditor in the situation that auditors perform most of their testing on the items in the balance sheet rather than items or transactions in the income statement.
An auditor applies the balance sheet audit approach is based on the concept that the items in the income statement are closely related to the items in the balance sheet.
The audit approach is the strategy or methodology that auditors use to perform an audit of financial statements. Before deciding which approach that should use in the audit engagement, the auditor needs to perform understand client nature of the business, business environment, and internal control over financial reporting.
By acquiring this information, the auditor could be able to assess where the risks of material misstatements could be and what kind of audit procedures fit with those kinds of financial statements.
For example, if you look into balance sheet assertions or account balance assertions: Existence, Right and Obligation, Completeness, Valuation, and allocation, you will see that these asserts link to certain income statements assertions.
That means if the assertions in the account balance are correctly account in the balance sheet, the income statement assertion is also assumed to correctly account for.
This is the main principle behind the balance sheet audit approach.
Put it simply, this approach auditor performs most of their testing on the items or balance in the balance sheet. Some items in the income statement might be select for testing in the part of the balance sheet approach.
The balance sheet approach is not normally used by auditors except the entity is just establish and not many transactions occurred during the year of financial statements. For the company that many transactions, risks based approach is the most select audit.
Substantive Audit Approach is one of the audit approaches used by auditors to verify the event and transactions in the financial statements by cover the larges volume of them.
The principle of substantive audit approach is that when auditors cover the larges volumes with a high value of financial transactions and events in financial statements, there are fewer risks that material misstatements are uncovered.
A substantive audit approach could be used by both internal audit and external audit activities and it is sometimes called a vouching approach. That meant most of the audit works that perform by using this approach are done mainly by vouching and verifying documents based on their selection.
This approach is considered a traditional approach while risks based approach is now the most popular. However, the substantive audit approach still using in the situation where there is weak internal control over financial reporting.
There are two main principles involved with the substantive audit approach. First, auditors review the client’s internal control system that involved with the financial reporting system or the areas being audited.
For example, internal control on financial reporting, internal control on cash collection, payment to customers, and procurement, etc. They doing this by documenting all key control areas, procedures, and related procedures.
Once the understanding of internal control is done, the auditor needs to validate the key control to ensure that all key control areas are working properly and no overrides from management. At the end of validating key control, the audit will then concluded whether those key control areas are reliable or not.
If they are reliable, that means the risks of misstatements that could not detect by control are low. And if the controls are not reliable, then the risks of misstatement that might not be detected by internal control over financial reporting are high.
Mostly, the auditor uses the COSO framework to documents client internal control. Five major elements of the COSO framework that they normally documents are control environment, risk assessment, information and communication, and monitoring of control.
The substantive audit testing really depends on the conclusion of internal control testing. Technically, if the controls are concluded by auditors as strong, then auditors will not do many works on substantive testing. That means fewer samples will be tested and verified.
However, in some situations, auditors might not test the client’s internal control based their knowledge about the client’s internal control concluded to be unreliable.
In this situation, auditors will decide not to test the key controls and they jump to a substantive test. Because control over financial reporting is not reliable, to minimize the risks of material misstatements, auditors need to have a large sample size and it could be reached to 100%.
No matter how strong internal controls over financial reporting are, the auditor could not rely 100% on those internal controls by ignoring substantive tests. Substantive review still needs to be done by the auditor.
How does a substantive audit approach is performed?
As we mentioned above, the substantive audit approach is focused more on vouching. That means when auditor performs an audit on financial statements by using a substantive approach, most of the event and transactions of elements in financial statements are selected and verified.
The elements of financial statements here include assets, liabilities, equity, revenue, and expenses. For example, when auditor testing on assets, the substantial event, and transaction of assets need to be tested.
In other words, the large volume of assets is selected to physically inspected when the auditor wants to verify the existence and completeness of assets listing.
Recommended audit book: Best Selling Auditing Book
The following are the best selling auditing books that we think could help you to understand more about an audit from principle to advance.
Principles of Auditing & Other Assurance Services (Irwin Accounting):
Auditing and Assurance Services (16th Edition):
Auditing & Assurance Services with ACL Software Student CD-ROM (Irwin Accounting):
Audit approaches are the methods or techniques that auditors use in their audit assignments.
Both internal and external audits apply audit approaches to conduct their audit activities differently based on the nature of engagement, scope, nature of the client’s business, and audit risks.
Selecting the right audit approach is important. It can help the auditor to improve audit performance in terms of efficiency and effectiveness.
The right audit approach could also help auditors to focus on the hight risks areas and pay less effort on the low risks areas. Different audit firms might use different audit approach to perform their audit testing.
Risks based approach is the popular approach. This is because this approach could help the auditor to work in the key concerning areas and minimize the audit risks. We will talk detail later in this article about risks based approach.
There are four essential audit approaches that normally use by auditors both internal or external.
We say four essential here because there are many other approaches that also used by auditors, but these four are the most useful as per experiences. Here are the four essential audit approaches:
Substantive Procedures Audit Approach:
This approach is generally used where the financial reporting system or internal controls over financial reporting are not reliable.
Auditors will not perform their testing on the entity’s internal control on financial reporting. They will jump to the substantive testing by focusing on the large or material transactions.
This approach is also called a vouching approach which means auditors select (five methods of audit sampling) the large and significant amounts of transactions and then check whether the transactions selected have enough and reliable supporting documents.
Auditors will also check whether accounting recognition and classifications are complying with the accounting standard and framework being used to prepare the audit financial statements.
The disadvantages of this approach are that it’s required to test a large number of transactions where the audit resources will require more than others.
And the benefit of this approach is it could help auditors to minimize that risks that internal control over financial reporting could not detect. Check here for a detail explanation of the substantive audit approach.
Balance Sheet Audit Approach:
The concept of a balance sheet audit approach is that auditors believe that once the account balance in the balance sheet correctly records, then the accounting transactions in the income statements will also be correctly records.
This approach, the auditor will focus their testing high values balance sheet items where the transaction in the income statements will be less focus on.
In this approach, auditors assessed that if the items or accounting balance in the statement of financial position is correct, the transaction in the income statements is unlikely materially misstated.
Existence, Valuation, Right, and Obligation are the main financial assertion in balance sheet items.
And as long as these assertions are correct, their related assertion is highly likely correct as well.
For example, if the right, valuation, existence of assets are confirmed to be correctly recorded in the balance sheet for both periods. There is less changed than depreciation if incorrectly records.
Noted: Balance Sheet Audit Approach is applicable to be used in the situation where the company has just started its business with larges balance sheet items and fewer transactions.
System Based Approach:
The system-based approach is different from the substantive based approach. In the substantive based approach, the auditor is not relying on the client’s internal control over financial reporting so they don’t test. They go to vouching for all material transactions in stat.
However, in the system based audit approach, auditors first understand that there is a strong internal control system being used based on their understanding from the entity’s management team.
Once they performed an understanding of internal control, auditors will then need to perform testing and validating those internal controls. This is to ensure that they are strong enough to produce the correct financial reporting.
If auditors concluded that the internal control over financial reporting is strong, they also need to perform substantive testing but the volume of transactions is not that large as the substantive approach.
The main concept of risks based approach is: reduce audit risks, do fewer works, and meet the objectives. That is why this approach is mostly used by auditors.
Risks based approach principally performs by understanding the client’s business, environments, and internal control. Auditors will then need to assess the possible risks areas and material misstatement that could possibly happen to the financial statements.
Once the risk areas are identified, the auditors will design the auditor’s program and resources to detect those risks.
Doing so, auditors will not spend so much time to test the areas that have fewer risks and still meet the objective.
The following are the two example of audit approach that uses by big four audit firms:
The capture below is the example of PWC’s Audit Approach;
The capture below is the example of Deloitte Audit Approach;