overview of the ernst
DESCRIPTION
TRANSCRIPT
Overview of the Ernst & Young Global Audit Methodology
Lesson 1
How the Ernst & Young Global Audit Methodology Supports Our AABS Strategy
The Ernst & Young Global Audit Methodology, along with the Global Documentation Approach , ties together all four strategic themes on a global basis.
Operational Excellence: Operational excellence represents the strategic foundation. By focusing on operational excellence, we can enhance our performance in delivering assurance services.
People First: We empower you to be creative; develop an exciting environment in which you can thrive; and recognize that your growth, commitment, and contribution are integral to our success as a firm.
Clients: We create value and confidence for our clients and markets and build long-term relationships as trusted, strategic business advisors.
Financial: Our ultimate objective is to be the leader in both revenue and profit growth in the markets we serve. We all need to take personal responsibility and think of ourselves as leaders to challenge the status quo and do it better!
You may be asking yourself…
How does the Ernst & Young Global Audit Methodology support our E&Y Global AABS Strategy? Click the forward arrow to learn how.
I.1
I.2
Structure of the Ernst & Young Global Audit Methodology (Cont.)
The Ernst & Young Global Audit Methodology is presented in a three-layer format:
Click each box below to learn more about the three layers of the methodology:
Overview
The first layer, an overview of the Ernst & Young Global Audit Methodology, is a concise description of our methodology for performing financial statement audits. The layer includes the following sections:
Introduction Key features of the Ernst & Young Global Audit Methodology Use of this methodology Overview of the Ernst & Young Global Audit Methodology
The Overview section identifies and describes the four phases of the audit, the activities within each phase, and a summary of the procedures within each activity.
I.3
Detailed Guidance
The second layer provides more specific guidance on how and why we perform the procedures outlined in our methodology, along with policies used in making certain audit decisions. This layer includes the following sections:
Procedures Documentation Considerations Exhibits
The Procedures section also describes briefly how to apply some of the guidance. These examples appear in boxes (or bordered paragraphs) throughout the methodology.
Enablers
The third layer consists of examples, checklists, and leading practice illustrations for performing and documenting our procedures during the audit. The content in this layer includes:
Forms and Templates Industry and Business Knowledge Learning Examples Tools
Combined, these three layers represent our comprehensive Ernst & Young Global Audit Methodology.
Both the Detailed Guidance and Enablers layers may change over time with changes in technology, auditing standards, and the addition of improved practice support materials.
How to Access the Ernst & Young Global Audit Methodology
Now that you know how the methodology is structured, you need to know where it can be accessed.
E&Y GAM (a Lotus Notes database)
You can find all three layers of the methodology (Overview, Detailed Guidance, and Enablers) in a Lotus Notes database called E&Y GAM. This version of the methodology also includes links to other internal and external sources of information. You need to be in a connected environment to access certain links. Certain countries also make the methodology available in other formats, such as Folio Views, for advanced search capabilities.
Continue forward to answer some questions.
I.4
Exercise
Which of the following is not one of the four phases of the Ernst & Young Global Audit Methodology?
Perform Audit Procedures
Conclude the Audit and Assess Performance
Gain Business Intelligence
Understand the Business and Establish Audit Strategy
I.5
Lesson 2: risk considerations
Lesson Overview
Remember from Lesson 1 that one of the key features of the Ernst & Young Global Audit Methodology is our focus on business risks and the effect they have on the audit.
The E&Y engagement team is responsible for evaluating, creating, executing, and updating the audit strategy to make sure that our actions are responsive to the risks that are relevant to our audit.
Our ultimate goal is the effective (high-quality) and efficient (profitable) delivery of our audit services.
This lesson focuses on how we consider risks in the Ernst & Young Global Audit Methodology.
At the end of this lesson, you will be able to:
Identify the importance of making appropriate risk assessments
Describe how we consider business risks in our auditsHow will this lesson help you on the job?
This lesson provides you with foundation knowledge that will help you apply the Ernst & Young Global Audit Methodology, particularly as it pertains to making risk assessments.
Why Are Risk Concepts Important in E&Y GAM?
The Ernst & Young Global Audit Methodology is designed to align our audit process closely with the client's underlying business risks. In this way, we look at our client's business from the client's perspective.
Our risk assessments represent the cornerstone of our audit methodology and are instrumental to fulfilling our value, cost, and risk objectives.
I.6
Exercise
Do you remember the value, cost, and risk objectives we discussed in Lesson 1 of this course?
Select the answer that best completes the statement below.
In each audit, we develop a strategy to _______ the VALUE delivered to our clients, _______ the COST as a percentage of revenue in the delivery of our audit services, and _______ or _______ the firm's RISK.
Maintain, reduce, increase/decrease
Increase, decrease, maintain/reduce
Increase, maintain, reduce/lessen
None of the above
Relationship Between Our Audit Risk and Business Risk
How does making appropriate risk assessments help us fulfill our value, cost, and risk objectives?
We do not audit every transaction. Instead, we gather and evaluate audit evidence until we have achieved reasonable assurance that the financial statements do not contain material misstatements.
As a result, there always will be some risk of undetected misstatements remaining in audited financial statements. Our objective is to reduce our audit risk to an acceptable level while providing value to the client and reducing our costs.
Making the appropriate risk assessments and then reflecting them in our audit strategy contributes significantly to our ability to deliver value to our clients while controlling audit costs and risks.
The Ernst & Young Global Audit Methodology recognizes that audit risk is affected by the business risks our clients face and by how well they manage those risks.
The methodology relates, but does not equate, a client's business risks and our audit risk, and requires that we seek to understand the client's business risks when we make judgments concerning audit risk.
That is, by gaining an understanding of our client's principal business risks and their relationship to the inherent and control risk components of audit risk, we can develop more effective and efficient audit strategies as well as provide timely communications on emerging issues to the client.
Click the forward arrow to refresh your memory on these various risk concepts.
I.7
The Audit Risk Formula
Audit risk is the risk that we may unknowingly fail to appropriately modify our opinion on financial statements that are materially misstated. Click the elements of the formula above to review the definitions of the audit risk components.
Inherent risk is the susceptibility of an assertion (e.g., account balance or class of transactions) to a material misstatement, assuming that there were no related controls.
Control risk is the risk that a material misstatement that could occur in an assertion (e.g., account balance or class of transactions) will not be prevented or detected and corrected in a timely manner by the client's internal control system.
Detection risk is the risk that we will not detect a material misstatement that exists in an assertion (e.g., account balance or class of transactions). Detection risk relates to our audit procedures, which we can change at our discretion.
Business and Financial Statement Risk
Business risk is defined as the potential for events, actions, or inactions to result in the client's failure to meet its key business objectives, or its failure to define business objectives that are responsive to its key stakeholders.
Financial statement risk is the risk that the client's financial statements, prior to the performance of any audit procedures, will be materially misstated. Financial statement risk as defined is combined risk, which is the product of inherent risk and control risk.
The E&Y Global Audit Methodology assumes that the most significant financial statement risks are coming from the business.
Higher control risk often means higher business risk. Poor controls over a process or system may be indicative of a situation that places the business at a higher risk of not achieving its key business objectives.
Higher business risk ordinarily means higher inherent risk (for the related account assertions). Many different factors influence inherent risk. Business risks may affect an account assertion and, therefore, increase the inherent risk for that related account assertion(s).
Because of these interrelationships, we cannot properly assess inherent risk and control risk without gaining an understanding of the business and the business risks
I.8
that can influence the audit of the financial statements.
Refer to the Audit Risk Concepts Web-based learning course for further information.
Short-Term and Long-Term Business Risks
Business risks may affect the client in the short or long term.
Short-term business risks encompass the risks that we expect could materialize within the time frame of the survival of our audit opinion.
Long-term business risks may not affect the company's financial statements directly today; however, they might affect the future operations of the company.
Refer to the Audit Risk Concepts Web-based learning course for further information or to review these risk concepts.
How Do We Reduce Our Audit Risk?
The Ernst & Young Global Audit Methodology was developed to help engagement teams reduce audit risk to an acceptable level.
A key aspect of reducing this audit risk is making appropriate inherent, control, and combined risk assessments and customizing appropriate audit solutions based on those combined risk assessments.
Note
Our ability to a make a proper combined risk assessment and develop an audit strategy responsive to those assessments is critical to our performing effective and efficient audits.
Combined risk assessments are made for each relevant assertion of each significant account or group of accounts.
Exercise
The methodology equates a client's business risks to our audit risk.
True
False
Exercise
Audit risk is the risk that we will not detect a material misstatement that exists in an assertion. True
False
Exercise
A key aspect of reducing audit risk is making appropriate inherent, control, and combined risk assessments and customizing appropriate audit solutions based on those combined risk
I.9
assessments. True
False
How Do We Consider Business Risk in Our Audit?
We gain an understanding of the client's business so that we can identify significant business risks, their financial statement implications, as well as significant accounts affected.
We accomplish this by:
Understanding the effects of relevant market forces and other environmental factors on the business
Considering how expectations of key stakeholders may influence management's actions
Considering whether management has developed business goals, objectives, and strategies that are reasonably responsive to these factors
Identifying the critical success factors that are most important to the achievement of the client's strategies
Gaining a high-level understanding of the client's business processes Understanding how management controls those business processes that are critical
to the achievement of its critical success factors
How Do We Consider Business Risk in Our Audit? (Cont.)
As we indicated earlier, business risks arise when:
The client's business strategies do not satisfy its key stakeholders The client's business strategies are not responsive to the market or other
environmental factors Changes in the business process are necessary to achieve the client’s business
strategies
We focus our attention and audit procedures on those key business risks that are expected to materially affect the client and the accuracy of its financial statements in the short term.
However, we also recognize that long-term risks eventually will affect the business (and the accuracy of its financial statements) if they are not addressed. Identifying and understanding long-term risks also may present us with the opportunity to deliver additional value to the client.
Exercise
We do not need to consider a client's long-term business risks because we do not expect them to materialize within the time frame of the survival of our audit opinion.
I.10
True
False
Exercise
Business risks arise when the client's business strategies:Necessitate changes in its business processes
Do not satisfy one or more of its key stakeholders
Are not responsive to the market or other environmental factors
All of the above
What Is Your Role?
You are an integral part of the team that must develop a comprehensive understanding of the client's risks.
Our team includes specialists, each contributing to the reduction of audit risk. Our approach to risk affects everything that you and your team do on an
engagement, from planning through conclusion of the audit. Our assessment of the various risk components drives our audit strategies. Risk
affects the nature, timing, and extent of our substantive procedures. Our consideration of business risk puts us in a position to provide value to our
clients by identifying and communicating emerging risk issues.
Our approach to risk assessment puts us in better control of our own business risk -- E&Y's audit risk.
Each client manages risk in its own way. The Ernst & Young Global Audit Methodology provides direction to engagement teams on gaining an understanding of the client's business risks and their implications and how the client manages and controls those risks.
Advising our clients as they seek to manage their business risks enhances our role as business advisors and value providers. We ordinarily discuss with the client the risks we identify, along with ways that the risks and related value opportunities may be addressed.
I.11
The Ernst & Young Global Audit Methodology dictates how engagement teams should gain an understanding of the client's business risks and their implications and how the client manages and controls those risks.
True
False
Exercise
We never discuss with the client the risks that we identify during the audit engagement.True
False
I.12
Lesson 3:Ernst & Young Global Audit Methodology
Lesson Overview
As we indicated earlier, the Ernst & Young Global Audit Methodology facilitates effective and efficient delivery of high-quality audit services to our clients throughout the world. It provides a framework for application of a consistent thought process to all audits, enabling seamless delivery to our global accounts.
During this lesson, you will have an opportunity to explore further the activities that make up the Ernst & Young Global Audit Methodology.
Upon completion of this lesson you will be able to:
Identify the elements that make up the Ernst & Young Global Audit Methodology
Describe the overall objective of each activity and, at a high-level, how it is executedHow will this lesson help you on the job?
The Ernst & Young Global Audit Methodology provides the foundation for approaching all audits worldwide. Understanding the phases and activities of the methodology will prepare you to handle assignments on your audit engagements.
Elements of the EY Global Audit Methodology
In the first two lessons, we briefly introduced the important influences on the delivery of our services.
In the graphic below, you see the complete Ernst & Young Global Audit Methodology map.
The two horizontal bars at the top represent the influences, and the two bars at the bottom represent our outputs from the delivery of our services.
Click each of the horizontal bars to refresh your memory of what these represent.
I.13
When you are finished reading, click the forward arrow to learn about the four phases and related activities.
Four Phases of the Methodology
The Ernst & Young Global Audit Methodology is organized into four interdependent phases. These phases are designed to focus on the client's business and financial statement risks (as we described in Lesson 2 of this course) and how those risks affect our audit of the financial statements.
The four phases are:
As we discuss each phase and its related activities, several of the concepts will be new to you. Since this course is an overview of the Ernst & Young Global Audit Methodology, we will not go into the details of these topics and terms. You will acquire more in-depth information as you participate in additional learning courses and gain on-the-job experience throughout your career.
Note: While there is a natural order to the performance of many activities in an audit, the Ernst & Young Global Audit Methodology is not necessarily executed in a standard sequence. The Ernst & Young Global Audit Methodology is a means to an end and not a rigid set of instructions that is followed without exercising professional judgment.
I.14
Phase 1: Establish Engagement Objectives
The process by which we deliver our professional services, and to some extent the services themselves, is unique to each engagement. We develop our service delivery process after considering our needs related to the opinion we will express and the client's needs and expectations and its perception of value.
On the graphic to the left, click each activity number within the Establish Engagement Objectives phase for more details on the requirements of the activity.
Activity 1: Co-Develop Client Expectations
We begin the audit by co-developing our client's expectations with the client's key decision makers.
Developing strong client relationships is a key theme of our Global AABS Strategy as well as our methodology. It enables us to better understand what the client values so we can develop strategies to execute and communicate value. This understanding helps move the client relationship to one where we deliver high-value services and receive fees appropriate to the value delivered.
In complex IT environments, consider involving TSRS in the co-development meeting with the client.
The success of our relationship is affected directly by our ability to understand the client's issues and communicate to the client the value of the services we provide.
Activity 2: Identify and Orient the Audit Team
Effective teamwork improves our ability to control audit risk, optimize efficiency, and deliver value to the client.
In Activity 2, we identify the key members of the engagement team, including team specialists representing Tax and TSRS , and others, and develop the team's goals and objectives. We assign roles and responsibilities that will help the team achieve these goals and objectives as well as address each individual engagement team member's development goals.
It is also at this stage that we plan for timely and direct executive participation. Our ability to deliver an effective and efficient audit is influenced heavily by the involvement of engagement executives during planning and throughout the audit.
I.15
Exercise
The four phases of Ernst & Young's Global Audit Methodology focus primarily on:
Providing business solutions to clients
The client's financial statements
The client's business and financial statement risks
Audit strategy
Exercise
After we develop our service delivery process, we assess our client's needs and expectations.
True
False
I.16
Phase 2: Understand the Business and its Risks and Establish Our Audit Strategy
On the Phase 2 graphic to the left, click each activity number for more details on the requirements of the activity.
The core of the methodology requires us to understand the client's business and financial statement risks and their implications -- especially how well a client manages and controls those risks -- so that we can design the most effective, efficient, and value-added audit.
By the end of this phase of the audit, we will have used our understanding of the client to develop an appropriate audit strategy, perform a combined risk assessment, and develop customized audit solutions.
Activity 3: Understand the Business
In Activity 3, we focus on: Understanding the client's key market forces How stakeholders' expectations may influence management's actions, goals,
objectives, strategies, and critical success factors How the client organizes and controls its business
The importance the client places on its information technology (IT) environment
Our procedures should be sufficient to gain an understanding of the business and identify those business risks that are most likely to influence financial statement risks in the short term.
The knowledge we gain about the client's business provides the basis for making more comprehensive risk evaluations. By gaining an understanding of our client's key business risks and their relationship to the inherent and control risk components of audit risk, we can balance the value, cost, and risk tenets that we described earlier in this course.
Knowledge of the client's business also provides a frame of reference within which we exercise professional judgment.
I.17
Activity 4: Assess Internal Control at the Entity Level and the Risk of Fraud
In this activity, we perform procedures that enable us to gain an understanding of each of the five components of internal control at the entity level and the risk of fraud. We also gain an understanding of how the client uses information technology (IT) to manage and control its business.
Our understanding of internal control at an entity level forms the foundation for several activities. Together, these activities provide us with a detailed understanding of the client's controls and assist us in designing the most effective and efficient audit procedures.
We use this information as we understand, evaluate, and test the components of internal control at a process or application level.
Activity 5: Develop the Preliminary Audit Strategy
Developing the audit strategy provides focus and direction for the remainder of our audit activities. Many of the procedures in this activity are best addressed as part of a comprehensive "planning event." The planning event involves key members of the team making decisions together regarding how the audit will be conducted. By having the key members of the engagement team participate directly in the planning process, the team shares its knowledge in a manner that focuses attention on the most critical issues and, just as importantly, away from areas having little audit significance.
In more complex IT environments, it is most efficient to involve TSRS at an early stage in planning.
During this activity, we:
Perform an overall analysis of financial and non-financial information Establish planning materiality, tolerable error, and the nominal amount for posting
audit differences to the Summary of Audit Differences Identify the significant accounts and those processes that influence the significant
accounts (called significant processes) Preliminarily determine which of the client's significant processes we will further
understand and evaluate for the purpose of looking for controls (this decision is left to the professional judgment of the executives on the engagement.)
Make a preliminary assessment of inherent and control risks Establish preliminary audit scope Prepare the Audit Strategies Memorandum Prepare the preliminary audit program or work plan Complete other planning activities
Activity 6: Understand and Evaluate Significant Processes and Related Controls
Evaluating the client's significant processes and related controls is critical in helping us understand the client's business and financial statement risks, how those risks are managed, and the most effective way to design our audit strategy in response to those risks.
We further our understanding of the client's significant processes through identifying what could go wrong within the process -- these are points where controls are needed.
I.18
Where we plan to assess control risk at less than the maximum, we identify and understand the controls (manual and automated) to prevent/detect the potential errors.
We conduct walk-throughs to confirm our understanding of the processes and that the controls that we have identified have been placed in operation, and to make a preliminary evaluation of the effectiveness of the controls. When we elect not to identify controls and assess control risk at the maximum, the walk-through is limited to confirming our understanding of the process.
Activity 7: Perform Tests of Controls
We finalize our strategy for testing controls and then design and execute those tests of controls.
Many of the benefits of the Ernst & Young Global Audit Methodology are linked to our ability to identify and test effective controls.
Activity 8: Perform Our Risk Assessments and Customize Audit Solutions
We gather information and audit evidence during the performance of earlier activities and use that information and audit evidence to make informed assessments of inherent and control risks (our combined risk assessment) associated with each of the client's significant accounts and the related assertions.
We customize the nature, timing, and extent of our substantive audit procedures to respond to the combined risk assessments.
When we test controls, we have the greatest flexibility regarding the timing of our substantive procedures (we can perform procedures up to six months prior to year-end) and can reduce significantly the extent of substantive testing necessary.
I.19
Exercise
All of the following tasks are involved in Phase 2 of the Ernst & Young Global Audit Methodology, Understand the Business and Its Risks and Establish Our Audit Strategy, except:
Consider the importance the client places on its IT environment
Develop the audit strategies
Co-develop client expectations
Understand the client's internal controls
Exercise
Understanding the relationship between our client's key business risks and the inherent and control risk components of audit risk enables us to do all of the following except:
Develop better audit strategies
Perform substantive procedures earlier in the year
Manage the firm's risk more effectively
Increase the value we deliver
Exercise
During Activity 5, Develop the Preliminary Audit Strategy, we perform which of the following? Select all that apply.
Establish planning materiality, tolerable error, and the nominal amount for posting audit differences to the Summary of Audit Differences.
I.20
Perform an overall analysis of financial and non-financial information.
Perform procedures that enable us to gain an understanding of each of the five components of internal control at the entity level and the risk of fraud.Make a preliminary assessment of inherent and control risks.
Exercise
We have the greatest flexibility regarding the timing of our substantive procedures when we test controls.
True
False
I.21
Phase 3: Perform Audit Procedures
At the end of the previous phase of the audit, we performed our risk assessments and designed customized audit solutions. In this phase, we execute those audit procedures.
Click each activity number within the Perform Audit Procedures graphic to the left for more details on the requirements of the activity.
Activity 9: Perform Analytical and Data Analysis Procedures
On many audits (particularly those where we have tested controls), we are able to perform analytical and data analysis procedures that provide audit evidence from which we gain significant audit assurance or identify areas requiring further audit investigation. These procedures also help us to manage audit evidence more efficiently.
Activity 10: Perform Tests of Details
Generally, we look first to key-item tests as the source of the additional audit evidence we require.
If we have not obtained sufficient audit evidence from key-item tests, we use representative sampling. In addition, we may perform other tests of underlying data, including tests of client-prepared schedules, roll-forward activity, and tests of data used in analytical procedures.
Activity 11: Perform General Audit Procedures
We perform general audit procedures on all audit engagements as required by generally accepted auditing standards or firm policy.
Certain general audit procedures may be performed more effectively and efficiently as of a specific interim date, at year-end, or in some combination.
I.22
Exercise
We can identify areas requiring further audit investigation, but not significant audit assurance, from the performance of analytical and data analysis procedures.
True
False
If key-item tests do not produce sufficient audit evidence, we utilize _____.
Tests of controls
General audit procedures
Representative sampling
Analytical review procedures
All general audit procedures must be performed at year-end.
True
False
I.23
Phase 4: Conclude the Audit and Assess Performance
Prior to issuance of our auditors' report, we consider whether our audit procedures, in total, provide us with sufficient audit evidence to conclude on the fairness of the presentation of the client's financial statements taken as a whole.
During this process, we ordinarily meet with management (and, when appropriate, the audit committee or its equivalent) to present our audit deliverables and discuss the client's satisfaction with our overall performance and service delivery. We also reassess our team and individual performance and develop appropriate action plans.
On the graphic to the left, click each activity number within the Conclude the Audit and Assess Performance phase for more details on the requirements of the activity.
Activity 12: Conclude the Audit
Conclude the Audit is typically a team activity during which any remaining open items are completed and the overall evaluation of the presentation of the financial statements is made and documented.
We make this assessment by reconsidering the appropriateness of the amount we used for planning materiality and our assessments of internal control and the risk of fraud, summarizing and evaluating unrecorded audit differences in the Summary of Audit Differences, and concluding on the sufficiency of our audit procedures.
We document our final conclusions in the Summary Review Memorandum.
In addition, we decide which working papers (electronic and paper) are necessary to document the work that we have performed and the conclusions that we have drawn and therefore should be retained.
We also may perform preliminary planning activities for next year's audit.
Activity 13: Assess Client Satisfaction
Now we come full circle and assess how satisfied the client is with our performance, based on the expectations that we co-developed in Activity 1: Co-Develop Client Expectations.
We meet with the client's key decision makers to assess their satisfaction with our progress toward meeting or exceeding their expectations. We also use our value scorecard or similar document to communicate the value we have provided while performing our audit.
I.24
Activity 14: Assess Our Performance
We also assess the team's performance in achieving the goals and objectives established during Activity 2 and develop an action plan for improving our performance in reaching those goals and objectives that were not met.
An assessment of the team's performance and the development of an improvement plan are important factors in maintaining an effective team. This assessment is an opportunity to capitalize on successes; minimize concerns; improve our performance in meeting professional standards, firm policies, and the client's needs and expectations; and optimize the balance among the value, cost, and risk tenets.
I.25
Exercise
During Activity 12, Conclude the Audit, we document our final conclusions in the:
Summary Review Memorandum
Audit Strategies Memorandum
Value scorecard
All of the above
Exercise
In Activity 13, Assess Client Satisfaction, we meet with key decision makers to communicate the _____ we have provided while performing our audit.
Type your answer in the box below, then click "Check Answer."
Answer: Value
value
Exercise
During Activity 14, Assess Our Performance, we decide which working papers are necessary to document the work we performed.
True
False
Exercise
The Ernst & Young Global Audit Methodology is organized into four interdependent phases. These phases are designed to focus on the client's ______ and ______ risks and how those risks affect our audit of the financial statements.
I.26
Inherent and control
Business and financial statement
Combined and financial statement
Audit and business
Combined risk assessment and value observations left, others right
I.27
SUMMARYSummary lesson 1
Summary lesson 2
Summary lesson 3
I.28