Årgang 18 | Nummer 54 | September 2013
The short story of any audit methodology employed to offer an opinion on a financial statement is as follows.
level of assurance is also assumed to be “high”. Finally it is assumed, that the audit subject matter is
1. AR is equal to the inverse level of assurance required which is given in ISA. The desired level of assurance of a financial statement audit is defined as “reasonable” or “high”, wherefore the audit risk must be “low”. Sometimes the audit risk is quantified as 5% 2. In order to reduce the audit risk to 5%, the auditor must understand the risks inherent to the business, IR. IR is out of the auditors hands – it cannot be reduced by the auditor to reach the required level of assurance 3. The auditor must understand the control processes employed by the business to reduce IR. However – to reduce AR, the auditor must test if the controls are operating effectively. If none of the controls are opera ting effectively, CR is set to 100%. If the controls are operating effectively, CR and AR is reduced accordingly 4. Regardless of whether the controls are operating effectively, further testing is always necessary to reduce AR to 5% due to the inherent limitations in manual control processes. Therefore, the auditor must employ substantive procedures on the audit subject matter to reduce DR thus reducing AR the final notch. The auditor will adjust the extent of substantive procedures according to how much residual AR is left subsequent to determining CR. The mere fact that the whole audit process can be captured in four steps by merit of the ARM demonstrates its comprehensive application value. What also becomes evident, however, is that an unformatted ARM from this form is useless in any other assurance engagement than the audit of a financial statement. First of all the definition of AR, IR, CR, and DR is hinged upon the financial statement and a notion of materiality. Furthermore, it implicitly refers to a system of measurement that the financial statements must live up to in order to be free from material misstatement. The desired Outcome The financial statement gives a Example a) fair representation of the entity’s financial position, performance, and cash flows. The control process is effective. Example b)
historical data resulting from a 12 month cycle of control processes. All these assumptions stand in the way of adapting the ARM to assurance engagements in general and must be addressed by substituting them with general terms. Ironically, this is most easily done by returning the framework ISA is based upon.
3. The Definition and Objective of an Assurance Engagement
ISA is based upon the “International Framework for Assurance Engagements”. This framework, in turn, is based upon the ARM and is designed to apply to assurance engagements in general. Although it does not get the job done entirely, it does offer very usable concepts and definitions on the road to achieving a complete adaptation of the ARM. An assurance engagement is defined as: “An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.” This general definition operates with three core concepts: subject matter, outcome, and criteria. The outcome is a hypothesis about the subject matter meeting certain criteria. The outcome is what the auditor expresses a conclusion about. Two examples are offered in the framework – here given in a shortened version: a. The financial statement gives a fair representation of the entity’s financial position, performance, and cash flows b. The control process is effective. These two examples can be deconstructed as a function of the core concepts as follows: Criteria The term “fair representation” – i.e. a reporting framework such as IFRS.
Subject matter The financial statement
The control process
The term “effective”. From a holistic perspective, the term could refer to i.e. the COSO framework. The criteria must, however, be specified according to the nature of the assurance engagement.
Side 28 | Foreningen af Interne Revisorer