Today we will talk about drafting audit procedures.
One widely prevalent mistake that students commit is to write generic procedures that do not address the very reason why the risk has emerged.
Consider this extract from a question.
‘The company’s license of mining is expiring in September 20X3. The management has applied for a license in May 2023, the renewal of which is subject to inspection. Of late, due to the political unrest of opposition parties, the government is under enormous pressure to not renew mining licenses to all foreign entities. The company’s 80 percent of the existing business is contingent on its mining operations.”
Given that the company is a foreign entity, there exists a clear indication of a going concern matter.
Now, a well-drafted Audit Risk for this situation would be:
Mining operations constitute a significant 80% of the company’s business. Given the likelihood of non-renewal of license in the current political scenarios, this may cast significant doubt on the company’s ability to continue as a going concern. (Risk factor). Hence, there is a risk the condition may not be disclosed adequately in FS. (Risk)
Now, what would be the audit procedure?
A typical student would write the following audit procedures:
Perform review of the cashflow forecast prepared by the management.
Evaluate the significant assumptions taken for the reasonableness.
Obtain the management representation on reasonableness of significant assumptions used.
Review the financial statements for adequacy of disclosures made.
While these are generic procedures to address the risk of going concern, and by no means incorrect, but they stay clear of aiming the very source of the risk. The likelihood of non-renewal of license is the very factor that caused the risk of going concern. If that is not addressed, the examiner is likely going to consider that you have not grasped the central idea and only regurgitated the general procedures from your memory.
In this context, two procedures must be written to address the source of risk:
Discuss with management on the likelihood of non-renewability in light of the inspection and government’s agenda.
Review correspondence with the government, if any, to understand the status of non-renewability.
One must not forget that the act of performing audit procedure is for a specific purpose. And that purpose is to enhance your knowledge about the entity that could eventually serve as an (audit) evidence for your audit opinion. Hence, you must cover all the procedures that you need to perform to acquire that knowledge. You can ask a very simple prompt for your mind to think in that direction.
What further information (audit procedure) do I need to address this particular risk?
Also, I have noticed students to quite usually leaving out these two very useful procedures. ‘Obtaining Management representations’ and ‘discussion (inquiry) with the management’. And, on their behalf, I wish to emphasise, or maybe protest, that they equally deserve your attention as audit procedures. They are as much audit procedures as is debtors ageing analysis or NRV testing. :)
TL;DR
Always write procedures that address the source of audit risk
Always ask yourself, what further information (audit procedure) do I need to address this particular risk?
Do not forget to write, ‘Inquiry procedure’ or ‘Management representation procedure’, where relevant.