Audit methodology is something that auditors are extremely proud of.
Visit a few sites of audit firms, large and small, known and unknown: you will see a lot of bragging about their innovative audit methodologies and how seriously they take risk-based audit approaches and how they invest massively in training their audit staff and in new technology that helps sharpen their audit findings. Nothing can be missed!
And yet, collapsing companies, like Patisserie Valerie most recently, are to be found everywhere. And seemingly surprised auditors follow them. See the recent statement by the chief executive of Grant Thornton to UK MPs about this case:
We’re not looking for fraud, we’re not looking at the future, we’re not giving a statement that the accounts are correct. We are saying [the accounts are] reasonable, we are looking in the past and we are not set up to look for fraud (Source: The Guardian).
The first comment to make in response to this is that auditors are meant to audit the management’s judgement to look into the future and value assets, estimate depreciation and amortisation rates, estimate residual values of assets, estimate contingent liabilities, etc. Looking into the future is what it’s all about in financial reporting and judging by the statement above, these auditors need fresh lenses.
Now, compare Grant Thornton's statement to Patisserie Valerie’s description of the discovered fraud: ‘the misstatement of its accounts was extensive, involving very significant manipulation of the balance sheet and profit and loss accounts’ (Source: The Guardian).
So, there was ‘extensive’ and ‘significant manipulation of the balance sheet’, yet the properly conducted audit did NOT catch this…
If we believe Grant Thornton, then it looks like it’s time for us to reconsider the value of audit methodology! If it is not actually helping management and shareholders avoid catastrophe, then what exactly is it doing?
How audit methodology works
Audit methodology is nothing other than the steps the auditor will take to carry out the job. It is pretty meticulous, as you see below, so the question that will keep resonating in your head is ‘how on earth can anything be missed in this process, let alone not noticing ongoing ‘“manipulation of the balance sheet and profit and loss”?
Here’s what the audit methodology process looks like:
|Explainer for non-auditors
Establish objectives with client: This ensures what kind of audit is to be conducted. In this article we are talking about reporting to shareholders or other interested parties that have asked for the audit if this is not a legal requirement.
Understand the business and its internal controls: This includes knowledge of the environment and competition. Without this step it would be impossible to identify risks in the next step. So for example if the control environment is one where top management do not take controls seriously then we know that a lot of detailed work will be needed as there can be no reliance on internal controls.
Assess risk: For each category on the financial statements risk is quantified and a decision is made about how much audit work should be spent on them. This Risk-Based approach also helps auditors become more knowledgeable about the company but also to divert resources to the highest risk areas. This would be valuable information for the client.
Perform tests and analytical review: This is the so-called "field work," i.e. the auditor actually performs the tests, the analytical review, asks all sorts of questions, tries to establish the fairness of the numbers, tries to evaluate any judgements made by management, etc.
Conclusion: In addition to the formal document where in one or two pages the auditor will state their opinion on the financial statements, there are other deliverables like letters to management explaining any weaknesses in the systems of controls with recommendations, e.g. budgeting processes may need improvement of upgrading or new and more sophisticated systems are suggested to be introduced.
Let’s look at some of the steps in more detail.
One step that auditors perform without exception is Analytical Review. This is an analysis of the financial statements that the management present to the auditors and are intended to be issued for the approval of the shareholders.
If misstatements of accounts are material and ongoing, then even a simple ratio and trend analysis can guide me to ask questions in order to remove any skepticism arising in my mind.
It is difficult to imagine such misstatement of accounts not being caught at this stage, unless such an analysis was never carried out, or it was carried out by incompetent staff, or if there was in fact involvement in the fraud by the auditor.
One other step that is also important in any methodology is the identification of risks and the assessment of these risks. This is best done at an early stage in order to allow the auditor time to act in case action is needed.
Understand the business and its internal controls
A crucial step (in my opinion the most important) is Understanding the entity in question.
That includes a thorough understanding of the general control environment and it is at this stage that the auditor will determine whether they are dealing with an entity that may have internal control issues.
A later stage in the methodology is without doubt the testing of any controls in order to determine whether the auditor is able to rely on these or not.
What does the accounting process look like?
It is relatively straightforward to assess whether this process is being done properly. Here is a visualisation of what such an accounting process in a cafe might look like:
Internal controls are crucial because they determine the likelihood that a transaction will flow through the accounting process and will finally be recorded in the financial statements. Auditors not only assess and evaluate controls but also report on them to management with suggestions for improvements or changes.
Auditors should be in possession of huge amounts of information and best practices as they audit many clients in various industries and various sizes. This massive information is what should make them so valuable to companies, to help them ensure that financial information given to shareholders is always true and fair.
The big question is, how come financial collapses still occur even when companies are being audited by auditors with impressive methodologies?
How can audit reports be so out of target? And should they be more accountable?
Let us know what you think!
For more such articles delivered straight to your inbox, sign up to our monthly email newsletter HERE.