This paper was concerned with the theoretical foundation of audit process, focusing on the audit plan, internal control, risk and materiality. The chosen issues were discussed on the basis on the information derived from the article content analysis.
The primary aim of this paper was to make a contribution to general understanding of the auditing process, beginning from the theoretical aspects that refer to determining materiality, and the relationships between established materiality and audit risk, through providing a practical example of materiality and risk calculation in a chosen company.
The general idea of this paper was to contribute to the theoretical foundation on the topics of audit plan, internal control, risk and materiality. By defining the audit process the paper outlined the main risk audit categories and identified the reference foundation of materiality. In conclusion, as the financial reporting is not an end in itself but, as stated in FASB (2008), it is expected to provide useful information in conducting business activities- in making decisions, making choices between alternative uses of scarce recourses. Therefore appropriate system for control and audit is the first step to exposure, prevention and correction of every compliance program.
As a summary, by combining the reviewed material, it can be concluded that the primal focus of the audit outcomes is on the control of flaws and potential omissions. In doing so, it identifies and recommends steps that should be followed within the audit process in order to provide a clear risk insight.
Contents
Introduction
Jugoeksport Stil Doo Skopje is one of the leading retail companies for furniture, light equipment and other house appliances, in the country. Through its growth and expansion on the market, the company succeeded in creating a recognizable brand with its quality products, after-sales services and reasonable prices. The retail furniture market in the country was greatly affected by the general economic climate, the decline in the GDP, constant rising of the gas prices, and a flat stock market. Considering the complex environment, in serving its long term goal of achieving a save, efficient and successful business for all the concerned shareholders, the company faces numerous risks in its everyday's operations. Therefore, one of the fundamental responsibilities of company's management is to grant a system that provides reasonable guarantees for risk control.
The purpose of this study is to present the issues regarding the overall auditing process, through a theoretical and a case study approach. This paper looks at the core theory of the audit process in order to comprehend the pillars of the audit activity, and the effect that the issues of materiality and risk have on the overall financial audit process.
In this context, the present paper focuses on the following objectives:
Review the academic literature on auditing, specifically focusing on the audit plan, internal control, risk and materiality;
Integrate the findings of the conducted sales audit of the chosen company with relevant literature views; and
Make use of research findings in order to examine and explain the influence that different risk factors have on determining the type of audit report to be issued.
Literature review
The audit plan
There is a significant amount of literature discussing the importance and necessity of planning the auditing process. According to Hayes, R. et al. (2005), before writing an audit program, the planning of the audit process needs to involve procedures to: first, gain understanding of the company and its environment, by conducting a review of the financial and non-financial information, then, categorize the accounting and the system of internal control, and assess risk and materiality. Further in their study, the authors argue that issues like engagement nature and timing, and extend of audit procedures, are determined by the auditor in the audit program, along with the supervision form and the review. The planning and review phases of the audit, as argued by Trompeter and Wright (2010), require analytical procedures, as they provide the auditor with a broader scope, simultaneously giving sound facts regarding the financial outcomes based on expectations.
According to Cohen et al. (2010) the auditors, besides the audit committee, the management, and the Board of Directors, as part of the Corporate Governance play a vital role in ensuring the quality of the financial reporting. In order to enable the audit strategy implementation, according to ISA 300, IFAC (2004), the auditor must develop an audit plan. The audit program, as defined by Hayes, R. et al. (2005), sets out the required procedures to proper execution of the overall audit strategy, serving as an instruction manual and a control tool to the audit staff. The obtained data from the risk assessment procedure, as explained further by the authors, is used to plan further audit procedures, continuously updating the audit plan to fit the given circumstances.
Academics and practitioners, such as Joldos et al. (2010), come to a conclusion that in the process of audit plan preparation, a certain level of materiality is required, in order to detect the significant distortions, not only from a quantitative (value) perspective, but as importantly, the qualitative (nature) perspective needs to be accounted for. From this perspective, Morariu and Turlea (2001) state that when total of the uncorrected inaccurate data approaches the selected materiality level, an auditor could consider risk reduction through implementation of additional procedures, or requiring the management to correct the flawed financial statement. Throughout the audit, according to Socol (2008), one considers materiality and audit risk in the processes of: identification and assessment of the risk of material misstatement, determination of nature, timing and extend of ongoing audit procedures, the evaluation of the effect of potential misstatements on the financial statements and ultimately, on shaping the opinion in the auditor's report. Similar to this, Danescu (2007) argues that, in the process of establishing the audit procedures, financial auditors strictly follow the audit risks- the higher the risk, the auditor sends more time checking.
Concluding in this section, the demand for audit evidence derives from the stage of planning. As explained by Hayes, R. et al. (2005), the amount of evidence needed to provide adequate assurance, is determined by both materiality and risk. The authors give proportional correlation among the diversity of selected procedures and the combined assurance that can result from them.
Although conducted literature review on the audit process, illustrates consensus about the content of an effective process, Knechel (2007) defines an audit structure as a mechanic approach towards decision making, which limits the available courses of action to the auditors as individuals in certain circumstances. The foundation for re-engineering of the audit, according to Knechel (2007), is provided by the contemporary risk management theories. In his paper about the origins, obstacles and opportunities of the business risk audit, Knechel (2007) argues that the regulatory initiatives, derived from Enron and subsequent scandals, could provide a solid base for reconsideration of the business risk methods and comprise the best of the traditional essential audit with the best of business risk auditing.
Internal Control
A wide range of theoretical perspectives attempts to give an insight to the essence of internal control. Internal auditing is defined by the IIA as an independent activity for consulting and assurance, which is created in order to enhance and improve company's operations, by introducing a systematic, disciplined approach for evaluation and improvement of risk management effectiveness, control and process of governance (Goodwin, 2004). Throughout the years, researchers have challenged themselves to define internal control, introducing a view of risk and internal control that reflect more than accounting errors (COSO). Furthermore, the COSO report identified five components necessary for conducting an effective internal control: control environment, risk assessment, control activities, monitoring information and communication (Knechel, 2007).
Theoreticians in the past commonly focus the effectiveness of the internal audit either on the ability to plan, execute and exchange findings, or broadening the view and including factors that exceed one company's borders. However, a study of internal audit effectiveness, conducted by Mihret and Yismaw (2007), underlines the four factors of internal control efficiency that justify its existence: internal audit quality, management support, organizational setting and attributes of the audit subject. Therefore, according to the authors, the effectiveness of internal audit should be considered as a dynamic process constantly formed by the relations of these factors.
In a study by Arena et al. (2006) it is argued that the resent years financial scandals shed a light on the inadequacy of control systems in many companies, emphasizing the role of internal audit and internal controls, in contemporary organizations. In his literature review on internal auditing, Allegrini et al. (2006) examined how the internal audit is changing in response to the increasing complexity of business environment, the dynamic regulations, and the significant progress of the information technology. In line with the aforesaid, a survey conducted by IFACI (2005) assessed the impact of the new regulations on the future evolution of internal audit. The findings take account of the role of internal audit in corporate governance, the strong focus of internal control on assurance, its role in implementation of new laws and regulations, its role as a credible, objective and professional partner and the sufficiency of the financial and human resources.
The literature connects the later with an inquiry about how internal auditor can stay unbiased, while working with the management on performance improvement. A research conducted by Van Peursem (2005) defined three characteristics of a fair, unbiased auditor: his external professional status, existence of a formal and informal communication network and the auditors' part in determining his own role. Considering the internal audits' efficiency other authors, such as Cooper et al. (2006), found that the monitoring aspect of internal control system, is greatly influenced by the internal audit department management, professional skills, independence and review processes.
As the literature review shows, the internal audit has evolved through the years, changing its focus from mainly financial auditing, to allocating its resources to operational and management audit, as suggested by Allegrini et al. (2006), or, from risk-based audits to assurance works, as stated by PwC (2005). In conclusion, as Hass et al. (2006) state, the literature signifies alteration in the internal auditors' activities, as a response to all the opportunities and challenges of the increasing complexity and constantly dynamic business environment.
Risk and Materiality
Risk
The following section, describes the concepts of audit risk and materiality from a theoretical perspective, providing approaches found within the inspected literature. The main responsibility of risk management, as defined by Stulz (2008) is to assess company's risk and communicate that information to the top management, who makes the final decision about the level of risk appetite or risk tolerance of the company. After measuring and communicating risks, risk management must supervise and administer company's risks, hedging them in order to keep the risks in the established boundaries (Stulz, 2008). The author further defines six types of failures of risk management that, in case they happen, could result in turning risks into material, even if they were not to be considered material previously. Derivatives allow companies to hedge risks, as stated by Stulz (2005), or to bear the risk at minimum cost.
The International Standard on Auditing 400 (2008) defines three components of the audit risk: inherent risk, control risk and detection risk. However, in the literature, there is a general agreement among researchers about a classification of the audit risk components in dependence of the auditors' intervention capacity over them (Joldos et al, 2010):
the risk that financial statement contain errors (inherent and control) and
the risk that the auditor will not detect these errors (detection risk).
Further on, the authors distinguish the audit risk in terms of quantity, as percentage, and of quality, as low, moderate and high. The most usual method for audit risk assessment is calculated by multiplication of the values attributed to the audit risk components, further introducing the concept of trust level (TR= 100-DR) and the audit assurance (AA= 100-AR).
Summarizing, the role of the risk manager, as determined by Stulz (2008), is to methodologically identify and anticipate all major sources of uncertainty and risk, making sure that the company undertakes the wanted risks and avoids the others. Furthermore, they need to manage and hedge the known risks in order to ensure that the company meets its objectives.
Materiality
The second important issue, besides the risk, which must be presented by the auditor in the financial audit report, is the materiality. Materiality is defined by Joldos et al. (2010) as the amount that is set by the auditor as an error, omission or incorrectness that could lead to misstatements in annual reports. The authors determine information as material if its misstatement or oversight has a possible influence on the decisions made on the basis of the financial statements. Various references that can be used to determine materiality are known in the literature as benchmarks. In the process of audit planning, as per Joldos et al. (2010), the auditor needs to determine an acceptable level of materiality, in order to enable the exposure of considerable distortions. The authors impose the auditor to take into consideration both the quantity and the quality of the distortions. Arens et al. (2010), also provide an overview of the steps for materiality setting: preliminary judgment about materiality, allocation of materiality to the segments and the actual use of the materiality for audit findings evaluation. Further on, the authors underline the importance of materiality, as it is designed to provide reasonable assurance that the reports are free of material misstatement (Arens et al., 2010).
There is a general agreement among the auditing and accounting standard setters about the guidelines for assessing the materiality of financial statements. However, as argued by Acito et al. (2007), these publicized criteria do not provide clear rules for determining if a certain error is material, instead the standards identify qualitative and quantitative factors and observe materiality as a matter of professional judgment.
Application- The Sales Audit of Jugoksport Still DOO Skopje
The audit of the financial statements of Jugoeksport is performed on the annual report for the year ending 31.12.2011 of the chosen trade company, made according to the generally accepted accounting principles. The analysis implies control of the available evidence: documents, records and other sources of verification.
Considering that, through a process of sales compliance, sales inventory could be used to attain information about the possible future results of a company, the following section explores the concept of sales audit. The primary objective of conducting a sales audit is to identify and document the existing sales process, detect various problems and process obstructions, appraise the process effectiveness, and perceive ways to improve the overall sales process of the company. It was found that, besides the way company recognizes revenue, the sales processes considerably vary according to specific human styles and behaviors.
In order to conduct an audit of the sales we have to take a look at the current process of revenue recognition in the case study company. Jugoeksport recognizes and measures revenues by the objective value of the compensation that's been received or claimed. The revenues of the preformed services are also recognized by the objective value of the compensation that will be received and refer to revenues gained from services performed in the process of regular business operations. In order for the company to recognize revenue from the sale, the following conditions must be fulfilled:
The company had transferred the benefits and the risks of the ownership of the products over to the buyer;
The company hadn't kept any involvement nor effective control over the sold products;
The revenue amount can be correctly measured;
It is expected that the economic benefits of the transaction, will be a revenue for the company; and
The expenses made, or needed to be made, for the transaction, can be correctly measured.
The revenues are recorded applying the accrual principle, which requires the company to record the revenue or income when it is actually earned. The findings of this study, pointed the steps recommended by Arens et al. (2006) as the most appropriate theoretical framework to be applied at the sales auditing process. The following diagram depicts the directions of tests for sales:
Figure.1. Directions of tests for sales
[Source: Arens et al. (2006) Prentice Hall Business Publishing, Auditing 11/e.]
The transaction-related objectives of the sales cycle include: existence, accuracy and completeness, classification, timing, posting and summarization. The general control looked into the existing documentation, analyzing what's already included as well as defining what needs to be provided. For the purpose of this paper, through a simplified procedure of sampling, a selection of 20 items was made, choosing randomly from the population of "sales for the year". The audit was conducted using the original trial balance, financial reports, and documents for the chosen transactions (invoices, analytical accounts, journal entries, etc.) The chosen sample was subjected to the following control tests (Arens et al., 2010; Sullivan and McMullen, 2006):
Throughout the process of auditing the sales, the following information proved to be of great additional importance:
The evidence of complaints from clients;
Reasons for destructive events;
Potential for receivables write-off.
In line with the previous dimensions, the gathered information about the audited company is considered sufficient to define the two important issues of financial audit- define materiality and assess risk (Joldos et al., 2010). According to these authors, in the process of audit plan preparation, from a quantitative perspective, the auditor needs an acceptable level of materiality in order to identify the distortions considered noteworthy. Afterwards, Joldos et al. (2010) state the need for determining the audit risk, consisting of the process of determination of the inherent, control and detection risk.
To support the theoretical base, in the preliminary stage of the case study analysis, materiality was established depending on the turnover, as the most relevant indicator for the shareholders. Next step is adapting the foreseen level of materiality, defined by Oprean et al. (2007), as the maximum level of distortions that by auditor assessment could influence users' decisions. As stated by Joldos et al. (2010) the minimum audit standards recommend a materiality level "between 0.5% and 1% in regard to the turnover". Regardless of the time constrains for conducting more detailed tests, for the purpose of this paper the chosen materiality value is set on 0.5% of turnover. The examination of the chosen sample of the documentation (invoices, journal entries, etc.) showed no discrepancies in 18 selections. The min/max values were set based on the preliminary judgment on materiality, and the analysis proved no material errors in the rest of the randomly selected items: 1 omission was found bellow the sales minimum value- which defines it as immaterial; and 1 misstatement value requires further judgment, considering it was found in between the min and max values.
According to the conducted sales audit, an opinion is drawn that the sales represent true and fair the actual situation in all material aspects.
Subsequent to establishing materiality, the next step refers to the three stages of determining audit risk. Even though there is a great competition in the furniture trade industry, the extended experience and the prime quality of the furniture and services offered by Jugoeksport, are considered an advantage, assessing the business risk at low. After reviewing the randomly selected items, according to the previously stated test program, we can report the need of a clearly defined control process for sales recording and clear system for risk recognition. A potential weakness was identified in the process of recording of the sales, as there was a risk for the data not to be documented completely, accurately, on time and only once. Special attention has to be dedicated to the sales that go through different organizational units (different stores and departments) including their reverse path. The records made in one store, have to be transferred properly, otherwise the misstated amount can be deemed material as it could turn a profit into a loss situation. Furthermore, the misstated amount that were found immaterial before making a final judgment, may also affect presentation of trends in earnings, causing material weakness.
The performed audit of the financial statements of Jugoeksport, shed a light on the key risk postulates and other potential sources of uncertainty regarding the company's future. Namely, the company has been affected by the recent financial crisis and the deterioration of the economic conditions on the domestic market. Considering the continuous uncertainty in the company's business environment, the inability to anticipate the effects of the financial crisis on the future operation of the company, leaves an element of general ambiguity. The global financial crisis has had its effect on certain industries in the country, facing companies with increasing difficulties in collecting receivables, causing reduced liquidity and ultimately problems in repayment of own dept. Concerning the financial statements, the above could have subsequent effect in 2012, on the amount of correction of the receivables and other areas that need management estimation. Therefore, company's key priority for this year, is the management of client's portfolio and its continuous adjustment to the changes in the economic environment, in order for the company to preserve and strengthen its market position.
Furthermore, as shown in the literature review section of this paper, a company is subject to various financial risks, market risk associated with interest rate and currency, credit risk and liquidity risk. The company is subjected to currency and interest risk, mainly as a result of the used loans denominated in foreign currency, as well as from the liabilities towards its foreign suppliers. The conducted literature research recommended various financial derivatives allowing companies to decrease their exposure to these risks. Bearing in mind the limited use and availability of financial instruments in Macedonia, Jugoeksport is not in a position to apply specific derivatives. Considering the previous, Jugoesport cannot use hedging in order to decrease its exposure at the risk of change in the interest rates, so the company administers this risk by sustaining a certain ratio among the repayment of the existing loans and new borrowings in accordance to the dynamics of company's activities. The responsibility for the overall strategy and the risk control is therefore set in the hands of company's management.
The credit risk of the company refers to the possibility that the buyers will not fulfill their commitments. The company should review its credit exposure considering that the receivables are not secured with any kind of collateral, and furthermore, the company does not write off accounts matured in between 90-180 days, unless there is information that the client is facing financial and liquidity problems.
Considering the liquidity risk, the company's exposure of the payments regarding its loan obligations and the liabilities to its suppliers, is managed through balancing the collection of the receivables. Additionally, in order to provide protection against liquidity risk, Jugoeksport has a revolving credit-limit balance, approved by its partner bank, available for withdrawal to facilitate the payment of potential due liabilities.
In addition to the aforesaid, as the Macedonian legislative is considered subject of various interpretations and frequent alterations, the company cannot be considered immune to the existence of a supplementary risk-the tax risk. Different interpretations could cause different calculations, ultimately exposing the company to additional taxes, penalties and interest.
Conclusions
Throughout this paper, the essential role of auditing process, in means of internal control as well as an external, for the organizations has been emphasized. The conducted literature research identified that determining whether the registered data reflects accurately the actions that took place in the accounting year is the most important issue in financial auditing.
This study emphasizes the risk and materiality determination as the cornerstone of the overall audit process. However, even though accounting for all the risks is costly and difficult task, we must keep in mind that a failure to identify the vital risks can result in dangerous consequences for the company. In this regard, the paper discusses the improvement of the risk management practices, based on the lessons derived from the resent financial crisis. The conducted literature review recommends the use of financial instruments- derivatives as a cheaper, more effective way for risk management.
For practical demonstration purposes, the last part of the paper provides an insight of the case company by performing a sales audit. Through the theoretical approach and the case study it was identified that there is an existence of a clear organizational structure and risk management practice, applied throughout every level of the overall organizational structure of the case company.
