For most companies, annual financial statement audits are an unavoidable part of business and remain the gold standard of assurance to stakeholders. These annual audits can be quite burdensome for the accounting team. In addition to daily business demands—the accounting team generally needs to prepare and pull schedules, load extracts, and provide supporting documentation. Due to the nature of audit, the staff of the company being audited should not be able to fully anticipate exactly what auditors will need to look at, while simultaneously making sure that the auditors have data that is complete, consistent, and correct. The following is a guide to understanding your audit, so you can be as prepared as possible.
Components of a Financial Statement Audit
The audit workflow generally begins with an internal review of the controls around financial reporting. These controls include who has access to the information, and delineates the processes around entering, updating, and deleting data. The review of the controls provides the general assurance that only authorized users are accessing the system consistent with their roles. The auditor will also test the processes involved to ensure that things such as three-way matches (invoice, PO, and receiving documents) are functioning and that the system readily identifies when these controls are overridden.
Upon completion of control testing the auditor will make a control assessment of each process as “effective rely,” “effective no rely,” or “ineffective.” For processes deemed “effective rely,” the auditor may be able to reduce substantive testing. For processes declared as “effective no rely,” more substantive testing may be required. Finally, for “ineffective” processes, the auditor will have to audit around the system, relying on all substantive procedures focused on outside documentation, such as bank statements or hardcopy shipping copies.
After the auditors makes the internal control assessment the next step is to determine materiality. At the conclusion of the audit, the auditors issue an opinion known as the auditor’s report. In this report the auditor provides assurance that the financial statements are in accordance with GAAP and are presented fairly, in all material respects (no absolute assurance). The substantive procedures the auditors perform are in the context of this materiality. They cannot look at all balances and transactions, but instead limit their procedures to balances and transactions that could either individually, or in aggregate, result in a material misstatement. There can be a variety of bases for determining materiality, but for US companies a percentage of net, or sometimes operating income, is most common because US GAAP is derived principally from the needs of equity owners, and secondarily from bond and debt holders. For non-US companies subject to International Audit Standards, a materiality measure based on assets is more common.
Materiality, for the purposes of the audit, is determined at both the aggregate entity level and disaggregated all the way to individual trial balances. Then audit standards dictate that initial analytics must be performed. These are performed on the audit units that are the trial balances. These serve to identify changes from the prior period (year) that may indicate where the auditor should focus their attention. After the planning analytics the extent of substantive testing necessary is determined. Then the substantive testing is performed to test balances and transactions. Upon completion of balance and transactions testing, reporting classifications and required financial statement disclosures are examined for correctness.
Trial Balance Analysis
After reviewing the controls, the auditor will analyze the trial balance report. The usual practice is to run the trial balance for both the current period (year) and the prior period (year).  Then the auditor will tie out the two years of trial balances with dollar and percentage comparisons of the differences.
The auditor will identify the accounts where they want to focus, most likely based on the materiality. A good rule of thumb is five percent of net or operating income because this is the most common measure used in US audits. For non-US companies, auditors commonly use the smallest of five percent of income or two percent of assets.
Identifying Common Substantive Audit Procedures
Upon completion of the trial balance analysis, and resolving or documenting significant matters that were found, the next step is that the auditor will run substantive procedures on transaction-level data. The auditor will check hundreds of substantive procedures in order to validate the business operations and the impact on the company’s financial standing. Common substantive procedures include matching of customer orders to invoices billed, or searching for unrecorded liabilities, confirmation of debt, analysis of assets, liabilities, revenue, and expenses.
One area the auditor will definitely spend time on, especially if your routine data processes have been deemed to be “effective” (either “rely” or “no rely”), is journal entries which are not automatically generated. An example of this could be a GL top-side entry to accounts receivable that becomes a reconciling difference between AR subledger detail of the GL/trail balance level amounts.
For each substantive procedure, the auditor will generate working papers with example anomalies, explanations of processes, attachments that document the substantive procedure, and the disposition of the substantive procedure.
The working papers are reviewed by at least one more auditor before submitting as part of the final working papers for the audit. The audit owner will summarize the audit, document the risks and management notes, sign off on the review and present the findings to the company.