Planning the external audit

The audit committee guide series

Effective audit committees are critical to the quality of nancial reporting and the proper conduct of business. This guide is one of a series that is meant to help audit committees meet their oversight and duciary responsibilities.
Trent Gazzaway, National Managing Partner of Audit Services

Contents 2 Role of the external auditor 3 Audit planning 4 Financial statement assertions 6 Designing audits 7 Judging materiality 9 Assessing audit risk 10 Evaluating risk of material misstatement 11 Overseeing plan and team 12 Performing audit tests 13 Using the work of others

The audit committee guide series has been adapted from The Audit Committee Handbook, Fifth Edition, published by John Wiley & Sons and available for purchase at www. GrantThornton.com/ACHandbook and through major online booksellers and bookstores nationwide.

14 Evaluating the audit plan 15 More guidance 17 Grant Thorntons audit services 20 Suggested reading 21 Ofces of Grant Thornton LLP

When it comes to an external audit, the audit committee has responsibility to ensure auditors work is done right and with integrity. In the U.S., the audit committee is charged with overseeing the integrity of the nancial reporting process and the external auditor. To fulll these responsibilities, audit committee members must be prepared to evaluate and oversee both the external audit plan and the external auditor. That responsibility extends to appointing, compensating and overseeing the work of any registered public accounting rm employed by the company. During the audit engagement, external auditors report directly to the audit committee. To fulll their duty to oversee the external audit function, audit committee members must be familiar with how auditors consider management assertions contained in the nancial statements, and the planning process auditors go through prior to issuing an opinion. The remainder of this issue of the audit committee guide series summarizes the audit planning process and provides some attributes that audit committee members may look for in an effective audit plan.

How will nancial reform impact your company? The regulatory landscape is changing for companies and their audit committees. Visit www.GrantThornton.com/FinancialReform to read about the Dodd-Frank Act and how it may affect your company.

Planning the external audit 1

Role of the external auditor

External auditors are independent audit professionals who audit the nancial statements of a company, legal entity or organization. They are expected to express an opinion on whether an entitys nancial statements are free of material misstatements and are a true and fair representation of actual nancial position. The external auditors primary responsibilities are to: 1. identify items that have a reasonable possibility of causing the nancial statements to be materially misstated; 2. design and execute tests to determine whether such misstatements have occurred; and 3. in certain public company audits, test the effectiveness of internal control over nancial reporting.1

Applicable to companies subject to Section 404(b) of the Sarbanes-Oxley Act of 2002.

2 Planning the external audit

Audit planning

Audit planning is a three-step iterative process undertaken by the external auditor, and evaluated by the audit committee, each audit cycle. Audit planning, as dened in International Standards on Auditing (ISA) No. 300, includes: 1. obtaining an understanding of the entity, its environment and its internal control system; 2. assessing the risk of material misstatement in the nancial statements; and 3. designing audit procedures commensurate with the assessed level of risk.
Audit Process Flow

Planning the external audit 3

Financial statement assertions

When management issues nancial statements, it makes assertions regarding the recognition, measurement, presentation and disclosure of information in those nancial statements. Assertions identify the most important elements of a given nancial reporting line item or disclosure. In the planning phase, when the auditor is designing the tests that will be used during the audit, assertions allow the auditor to focus on what is most important to nancial statement users. For example, an auditor will focus on the existence of cash rather than the valuation of cash. Likewise, an auditor will focus on items that potentially could be understated rather than those that may be overstated. Although terminology may differ, auditors generally will consider the following assertions, separated into three categories:
Transactions

1. Occurrence Transactions took place. 2. Completeness Transactions that should have been recorded have been recorded. 3. Accuracy Transaction amounts and other data have been recorded appropriately. 4. Cutoff Transactions have been recorded in correct accounting period. 5. Classication Transactions have been recorded in proper accounts.

4 Planning the external audit

Account balances

1. Existence Assets, liabilities and equity interests exist. 2. Rights and obligations The entity has rights to assets and is obligated for liabilities. 3. Completeness All assets, liabilities and equity interests that should have been recorded have been recorded. 4. Valuation and allocation Assets, liabilities and equity interests are included and adjustments are recorded appropriately in the nancial statements.
Presentation and disclosure

1. Occurrence, rights and obligations Disclosed transactions have occurred and pertain to the entity. 2. Completeness Disclosures that should have been included have been included. 3. Classication and understandability Financial information is presented and described appropriately, and disclosures are expressed clearly. 4. Accuracy and valuation Information is disclosed fairly and at appropriate amounts.

Assertions Financial statements represent a complex and interrelated set of assertions. Auditors generally test assertions in three areas transactions and events, account balances, and presentation and disclosure.

Planning the external audit 5

Designing audits

It is not possible to design a practical audit that eliminates all risk of misstatement. Auditors must design audits to focus on areas that have the highest likelihood of containing material misstatements, and use methodologies that provide reasonable assurance that misstatements do not exist.2 To do so, auditors consider two key factors in planning and executing audits: materiality and audit risk.

Statement on Auditing Standard No. 1, par. 2 states, The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the nancial statements are free of material misstatement, whether caused by error or fraud.

6 Planning the external audit

Judging materiality

Materiality is used to evaluate audit ndings and determine whether any uncorrected errors render nancial statements materially inaccurate. Both quantitative and qualitative measures are used to judge materiality. Quantitative materiality is calculated as a percentage of a meaningful nancial statement number, such as pretax net income or total assets. Auditors then use a fraction of that overall materiality number to design their tests. This fraction of overall materiality is called the tolerable error. It represents the maximum undetected error that the auditor is willing to accept or tolerate in the samples he or she selects for testing.

Materiality, or the degree to which a reasonable person might be inuenced by an omission or misstatement, affects the scope of an audit, such as the nancial accounts and disclosures on which to focus, as well as the locations, subsidiaries or divisions to include in the audit.

The presence of qualitative risk considerations may cause the auditor to adjust testing scopes. They might also inuence the auditors conclusions about the signicance of an identied error that might, in purely quantitative measures, be considered immaterial.

Planning the external audit 7

Exhibit 1 lists some qualitative factors that auditors might consider.

Exhibit 1: Qualitative factors that may inuence the determination of materiality Qualitative considerations may include: The potential effect of the misstatements on trends, especially trends in protability A misstatement that changes a loss into income or vice versa The potential effect of the misstatement on the entitys compliance with loan covenants, other contractual agreements, and regulatory provisions The existence of statutory or regulatory reporting requirements that affect materiality thresholds A change masked in earnings or other trends, especially in the context of general economic and industry conditions A misstatement that has the effect of increasing managements compensation, for example, by satisfying the requirements for the award of bonuses or other forms of incentive compensation The sensitivity of the circumstances surrounding the misstatement, for example, the implications of misstatement involving fraud and possible illegal acts, violations of contractual provisions such as debt covenants, and conicts of interest The signicance of the nancial statement element affected by the misstatement, for example, a misstatement affecting recurring earnings as contrasted to one involving a nonrecurring charge or credit, such as an extraordinary item The effects of misclassications, for example, misclassication between operating and nonoperating income or recurring and nonrecurring income items, or a misclassication between fund-raising costs and program activity costs in a not-for-prot organization The signicance of the misstatement relative to reasonable user needs, for example: Earnings to investors and the equity amounts to creditors The magnifying effects of a misstatement on the calculation of purchase price in a transfer of interests (buy-sell agreement) The effect of misstatement of earnings when contrasted with expectations Copyright 2010. American Institute of Certied Public Accountants. All rights reserved. Used with permission.

8 Planning the external audit

Assessing audit risk

Audit risk is the risk that the auditor may unknowingly fail to modify his opinion on nancial statements that are materially misstated. It relates to (1) the risk that the nancial statements prepared by management are materially misstated (material misstatement risk) and (2) the risk that the auditor will not detect such material misstatement (detection risk). Misstatement risk and detection risk are inversely related. The greater the material misstatement risk, the less the detection risk the auditor can accept. Conversely, the lower the material misstatement risk, the greater the detection risk acceptable by the auditor.3 When audit risk is high, external auditors design audits with more extensive testing, less reliance on the work of others and less interim work. As that risk diminishes, auditors rely less on extensive testing and more on the work of others, and perform more interim work during the audit cycle.

SAS No. 107, par. 25 (New York: AICPA, 2006); and ISA 200, par. A42 (New York: IFAC 2009).

Planning the external audit 9

Evaluating risk of material misstatement

The auditor evaluates a companys risk of material misstatement by evaluating:4 Inherent risk (natural risk irrespective of internal controls). Some examples of inherent risk considerations include: volume, complexity, susceptibility of an asset to theft, estimates, and industry circumstances. 5 Control risk (risk that the internal control system will not prevent or detect a material misstatement). Some factors that inuence inherent risk can also impact control risk (complexity, judgment required, susceptibility to fraud). Other control risks include the nature of operations, changes in operations and environmental factors.6

4 5 6

Ibid., SAS No. 107, par. 21; and ISA 200, par. 13(n). See the AICPA Audit Guide: Assessing and Responding to Audit Risk in a Financial Statement Audit, par. 2.10. See COSO, Guidance on Monitoring Internal Control Systems, vol. 2, par. 58.

10 Planning the external audit

Overseeing plan and team7

The auditor must adequately plan the work and must properly supervise any assistants.8 Accordingly, the audit committee might ask the auditor-incharge about:9 The experience, training and amount of resources assigned to specic audit areas. When such resources are to be assigned, and how much time they are expected to incur. How resources are to be managed, directed and supervised, such as: When and how often team brieng and debrieng meetings are expected to be held. Whether the auditor will utilize a concurring reviewer or other form of engagement quality review. Every audit of a company listed on a U.S. exchange must include a concurring partner (or equivalent) quality review.

7 8 9

Ibid., par. 15. See also ISA 220, par. 1415. Statement on Auditing Standards No. 108, par. 1. New York: AICPA, 2006. Ibid., par. 15. See also ISA 220, par. 14-15.

Planning the external audit 11

Performing audit tests

Auditors perform two different types of audit tests: tests of controls and substantive procedures.
Tests of controls are designed to evaluate the effectiveness of the internal control system in preventing or in detecting and correcting errors before they result in a material misstatement in the nancial statements. Tests may include: a walkthrough, from beginning to end, of one or more transactions; and selecting samples of controls at a point in time, or over time, and observing or reperforming them to obtain evidence that they operate effectively. Audit committee considerations: The audit committee should know whether internal control areas exist that the auditor does not believe are effective enough to warrant any level of audit reliance. Such areas may lead to errors in internal reports used for decision-making purposes. Substantive procedures are designed to detect material misstatements at the assertion level by testing the output from the nancial reporting process. Procedures consist of:10 tests of details, which may include inspection, observation, external conrmation, recalculation, and/or inquiry11 on a sample of transactions or accounts; and substantive analytical procedures,12 which may range from simple comparisons to complex analyses using advanced statistical techniques. Examples may include analyzing nancial trends over time, comparing nancial ratios (e.g., gross margin percentages) to established expectations, and comparing nancial and non-nancial information (e.g., payroll costs and number of employees). Audit committee considerations: If an auditors substantive procedure discovers a material error, it is because the internal control system did not. Substantive procedures are performed for each material class of transactions, account balance and disclosure.

10 11 12

See ISA 500, par. A14-A22, and SAS No. 110, par 11. See ISA 315, par. A67, and SAS No. 110, par. 29. Audit committee members may hear auditors talk about planning analytics. While planning analytics employ the same tools as substantive analytical procedures, auditors perform them for a different purpose. Auditors use planning analytics early in the audit cycle to help identify inherent and control risks. They employ substantive analytical procedures (which usually are more comprehensive than planning analytics) throughout the audit cycle to determine whether material misstatements have occurred.

12 Planning the external audit

Using the work of others

External auditors often can enhance the efciency and effectiveness of their audits by using the work performed by others. Most standards that govern this topic relate to using the work performed by the internal audit functions.13 In the U.S., however, the PCAOB has expanded that potential use to include the work of company personnel (in addition to internal auditors), and third parties working under the direction of management or the audit committee when gathering evidence about the effectiveness of internal control over nancial reporting.14 Audit committee members should understand the extent to which auditors plan to use the work of others,15 and question whether auditors have considered the following: The nature, scope and adequacy of work performed by others The assessed risks of material misstatement The degree of subjectivity in evaluating audit evidence gathered by others to support relevant assertions The objectivity and technical competence of others Whether the others work is carried out with due professional care Whether effective communication is likely to occur between others and the external auditor The expected effect of the work of others on the nature, timing, or extent of the external auditors procedures

13 14 15

See ISA 610 and SAS No. 65. See PCAOB Auditing Standard No. 5, par. 17. See ISA 240, par. A14.

Planning the external audit 13

Evaluating the audit plan

Audit committee members will want to be condent that the external audit plan: 1. covers all risks that have a reasonable possibility of materially affecting the nancial statements; 2. focuses on the effectiveness of the internal control systems ability to mitigate those risks, with minimal time spent on controls whose failure likely would be immaterial, or detected and corrected by other controls; 3. takes appropriate advantage of the work performed by others, especially that of internal audit, but does not place unwarranted reliance on such work; and 4. focuses appropriately on areas where the risk of fraud is meaningful.

14 Planning the external audit

More guidance

Auditors and audit committee members may nd Exhibit 2 to be helpful in planning the audit and in tracking progress. The Audit Committee Handbook, Fifth Edition, contains more detailed guidance and is available for purchase at www.GrantThornton.com/ACHandbook and through major online booksellers and bookstores nationwide.
Exhibit 2: Example audit planning schedule
Q2 Month Phase I Planning, risk assessment and control design Integrated audit planning Review and comment on clients entity-level risk assessment and project plan (i.e., determine locations for testing) Identify signicant accounts/ cycles and critical assertions Update entity-level control documentation Update activity-level control documentation Evaluate control design effectiveness and note key controls Execute walkthroughs of identied (and potentially key) controls Follow up on previous recommendations for improvement Planning the external audit 15
4 5 6 7

Q3
8 9

Q4
10 11 12

Q1-Next Year
1 2 3

Budgeted Hours

Hours to Date

ETC

Q2 Month Phase II Tests of controls and preliminary nancial statement testing Identify key controls Review managements testing methodology Finalize testing strategy for key controls Evaluate competence and objectivity of clients control testers Determine possible use of others work Determine controls to test and testing procedures Execute and document tests of controls (including review of work of others) Quarterly nancial statement reviews
4 5 6 7

Q3
8 9

Q4
10 11 12

Q1-Next Year
1 2 3

Budgeted Hours

Hours to Date

ETC

Q2 Month Phase III Final testing, evaluate results and wrap up Evaluate and document deciencies Make recommendations for improvements Annual audit procedures Communicate and report results Draft opinion Complete review and documentation Issue opinion Total
4 5 6 7

Q3
8 9

Q4
10 11 12

Q1-Next Year
1 2 3

Budgeted Hours

Hours to Date

ETC

16 Planning the external audit

Grant Thorntons audit services

Credible, timely and relevant nancial information is fundamental to promoting condence in a company. Audit committees, as well as management, play a unique role in establishing and maintaining that condence. Because audit committee members must rely heavily on both internal and external auditors being independent and candid, nding the right auditors is paramount to the audit committees oversight role. Grant Thornton provides audit solutions that offer real value to todays dynamic global organizations. For over 80 years, we have served a wide range of private and public clients across Americas heartland. With Grant Thornton, you get: access to industry specialists and technical resources; local support from our 52 U.S. ofces and access to the global resources of Grant Thornton International Ltd member and correspondent rms in more than 100 countries; a high level of partner involvement and personalized service; experienced professionals who have the leadership and communications skills to deliver constructive feedback on complex issues; and quality services delivered consistently with state-of-the art tools.

Planning the external audit 17

Contact us for help with either your internal or external audit needs Warren Stippich Trent Gazzaway

Partner and National Governance, Risk and Compliance Solution Leader T 312.602.8499 E Warren.Stippich@us.gt.com

National Managing Partner of Audit Services T 312.602.8034 E Trent.Gazzaway@us.gt.com

18 Planning the external audit

Subscribe to Grant Thornton publications at www.GrantThornton.com/Subscribe Receive relevant white papers and timely updates on industry issues and the regulatory environment. CorporateGovernor white paper series Ensure your public company is run well and in accordance with applicable laws and regulations. Explore a range of topics from fraud prevention and detection to nancial reporting control and SOX compliance: Enterprise risk management: Creating value in a volatile economy discusses why implementing an enterprise risk management (ERM) program can benet companies in a down economy and how ERM can help enhance business strategy.

Hear that whistle blowing! Establishing an effective complaint-handling process addresses an important mandate of the Sarbanes-Oxley Act: the requirement that audit committees establish procedures for receiving, documenting and handling complaints related to accounting and auditing matters.

Fraud in the economic recovery As companies pick up the pieces following a bruising bout of the economic blues, they need to be on the lookout for fraud. From heightened fraud risk to due diligence strategies for companies purchasing distressed assets, this CorporateGovernor white paper provides a sound overview of fraud prevention in todays economic environment.

Timely updates Tailored to management, boards and audit committees of mid-cap public companies, these updates help you stay abreast of issues that affect the marketplace and your business. Boardroom awareness: Service organization reports in transition to new U.S. and international standards In this issue of CorporateGovernor newsletter, Grant Thornton advisory professionals discuss the new service organization reporting standards that are set to replace Statement on Auditing Standards No. 70 (SAS 70) by mid-2011.

Information overload: How to make data analytics work for the internal audit function Learn how your internal audit department can effectively use data analytics to add value to your organization.

Planning the external audit 19

Suggested reading

The Audit Committee Handbook, Fifth Edition (Wiley, 2010, ISBN: 978-0-470-56048-8, U.S. $95.00).

The Audit Committee Handbook is co-authored by Grant Thornton LLP audit committee experts R. Trent Gazzaway, national managing partner of Audit Services, and Robert H. Colson, retired partner in Public Policy and External Affairs, along with Louis Braiotta Jr., professor of accounting at SUNY Binghamtons School of Management, and Sridhar Ramamoorti, principal at Infogix Advisory Services. The Audit Committee Handbook provides practical, in-depth guidance on all audit committee functions, duties and responsibilities. This latest edition features regulatory updates, new chapters on audit planning and oversight, heightened focus on fraud risk, and broad international coverage. The Audit Committee Handbook is available at www.GrantThornton.com/ ACHandbook and through major online booksellers and bookstores nationwide.
The Anti-Corruption Handbook: How to Protect Your Business in the Global Marketplace (Wiley, 2010, ISBN: 978-0-470-61309-2, U.S. $75.00)

Todays demanding marketplace expects CFOs, auditors, compliance ofcers and forensic accountants to take responsibility for fraud detection. These expectations are buoyed by such legislation as the Foreign Corrupt Practices Act, which makes it a crime for any U.S. entity or individual to obtain or retain business by paying bribes to foreign government ofcials. Written by William P. Olsen, the practice leader of Anti-Corruption Services at Grant Thornton LLP, The Anti-Corruption Handbook provides guidelines addressing the challenges of maintaining business integrity in the global marketplace.

20 Planning the external audit

Grant Thornton LLP ofces

National Ofce 175 W. Jackson Blvd., 20th Floor Chicago, IL 60604-2687 312.856.0200 Washington National Tax Ofce 1250 Connecticut Ave. NW, Suite 400 Washington, DC 20036-3531 202.296.7800 Arizona Phoenix California Irvine Los Angeles Sacramento San Diego San Francisco San Jose Woodland Hills Colorado Denver Florida Fort Lauderdale Miami Orlando Tampa Georgia Atlanta

Kansas Wichita Maryland Baltimore

316.265.3231

Oklahoma Oklahoma City Tulsa Oregon Portland Pennsylvania Harrisburg Philadelphia

405.218.2800 918.877.0800

410.685.4000

503.222.3562

Massachusetts Boston 617.723.7900 Michigan Detroit Minnesota Minneapolis Missouri Kansas City St. Louis Nevada Reno New Jersey Edison New York Albany Long Island Downtown Midtown

717.265.8600 215.561.4200

248.262.1950 South Carolina Columbia 803.231.3100 612.332.0001 Texas Austin Dallas Houston San Antonio Utah Salt Lake City Virginia Alexandria McLean Washington Seattle 512.391.6821 214.561.2300 832.476.3600 210.881.1800

602.474.3400

949.553.1600 213.627.1717 916.449.3991 858.704.8000 415.986.3900 408.275.9000 818.936.5100

816.412.2400 314.735.2200

775.786.1520

801.415.1000

732.516.5500

303.813.4000

703.837.4400 703.847.7500

954.768.9900 305.341.8040 407.481.5100 813.229.7201

518.427.5197 631.249.6001 212.422.1000 212.599.0100

206.623.1121

North Carolina Charlotte 704.632.3500 Raleigh 919.881.2700 Ohio Cincinnati Cleveland

Washington, D.C. Washington, D.C. 202.296.7800 Wisconsin Appleton Madison Milwaukee

404.330.2000 513.762.5000 216.771.1400

Illinois Chicago 312.856.0200 Oakbrook Terrace 630.873.2500 Schaumburg 847.884.0123

920.968.6700 608.257.6761 414.289.8200

Planning the external audit 21

 Grant Thornton LLP All rights reserved U.S. member rm of Grant Thornton International Ltd The people in the independent rms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member rm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member rms are not a worldwide partnership, as each member rm is a separate and distinct legal entity. In the U.S., visit Grant Thornton LLP at www.GrantThornton.com.