When you think about the planning of a financial statement audit, the audit team has to identify and assess the risk that the financial statements do contain a material misstatement. And that's true whether the misstatement is caused by error or fraud. So some auditors don't like the idea that they are equally responsible for planning an audit to detect frauds as errors, because after all, errors occur by accident while fraud occurs on purpose. And if management's committing fraud on purpose, what will management do? They will conceal the fraud. There's no doubt harder to find fraud than errors when they both exist in most of the time. But you should understand, that the auditor's professional responsibility is about material misstatements regardless of whether it's due to error or fraud. So how are these inherent risks assessed? Well it starts out with a big picture overview of the company and its operating environment. So the auditor doesn't just dig right into the financial statements and say, well, what's the inherent risk of inventory? What's the inherent risk of accounts receivable? No, you want to come back at a much higher macro-level. Ask yourself, what's the nature of the company? What business is it in? What are its value propositions? What industry is it in? How regulated is this industry? That's what I mean by the environment. Then you consider all the information you gathered during the audit, and I would include in that, the information you learn about the company when you're thinking about whether you're going to have this company be your client at all. You see if it's a client whose integrity you doubt, or who poses too great of a risk to you as an audit firm, you won't even accept it as a client. But assuming it gets through that screening process, you will still use that information you learned in screening to condition your evaluations of evidence later on in the audit. So, all your planning activities, all that you've learned on prior audits, and if you're performing any non-audit activities, maybe you're helping that company with some of its tax work. Now there are prohibitions on what different kinds of non-audit services you can provide, but when you provide those service which you can do, you learn from those and you should inform the audit. So, what are some procedures that you do as an auditor? Well one thing you do is you'd be sure and ask hard questions. You ask hard questions, not only of top management, but also of middle management, and as appropriate of even manufacturing line employees or service line employees about the effectiveness and efficiency of business operations. You also obtain an understanding of the client's internal controls of a financial reporting, and this has to go beyond just how these internal controls look on paper. So you will want to do walk-throughs of how business processes unfold and actually see some of these key internal controls in action. It's very easy to look good on paper, but it can be much more difficult, right, to actually carry out these internal controls in a way that makes the design come to full fruition. Another thing you will do as an auditor is perform what's called analytical procedures, and you will do a batter of these, comparing current financial statements to prior year financial statements. Comparing this year's key financial statement ratios to the same ratios from last year. You can also compare a company's financial statement ratios to other firms in that industry, okay? These analytical procedures can be done at a financial statement level of aggregation or you can disaggregate, maybe by geographic region, or by product line, okay? Analytical procedures, you're looking for the presence of unexpected relationships. So, it could be a company tells you that they've had a very high credit sales this year. Well, if the revenue is high from credit sales, what also should be happening? Well, probably hire accounts receivable, okay? If you see a big spike in credit sales but no spike in accounts receivable, that's a very coarse analytical procedure that turns up the presence of an unexpected relationship. Good textbooks like to emphasize that you're not only looking for the presence of unexpected relationships, you're also looking for the presence of unex...or the absence of expected relationships, okay? So, presence of unexpected or absence of expected, either way. Another main feature of all audits, certainly all public company audit you have to do this. As an audit team, is probably best, or a subset of the audit team, you actually have to get together and have a brainstorming session with how management might commit fraud. So if you were bent on, put some of the management shoes. If you were bent on committing fraud at this organization, what might be a good way to do that? This is a way to just brainstorm because, why? Well, because auditors don't like to think about their clients deceiving them. You it's just not very functional to say, I'm going to do business with you, company. There's a handshake. We want to trust each other at some level, but then we turn around thinking about how you might be trying to deceive us. It's a little bit odd. So as a result of that oddness, the professional standards setter said, we really need us a discipline to get audit teams to actually brainstorm about fraud. You also have to ask hard questions of management, and then there's also some committee called the audit committee. Now, the audit committee is a subset of the board of directors at public companies. They all have to be independent of management, and they are the one actually responsible for hiring the auditor and negotiating the audit fee. So, what you want to do is ask all top management and all audit committee members, hey, are you aware of there being any cases of deception, financial statement fraud? If they do indicate some awareness, then it's important to follow through to document that, think of tests that can use for following up on it and do that. So it takes some courage as an auditor, doesn't it? You also can inquire of internal audit personnel regarding fraud risks, and if you're really worried about fraud, you should ask people who are not directly involved in the upper level management, like the controller or the CFO. If people who are committing fraud are the ones who are working with you as an auditor to get the financial statements in the hand and investment public, well you'll probably want to ask personnel who know about the fraud, but whose futures are not tied as much to those financial reporting outcomes.
