What auditors do: the scope of audit
Recent corporate failures have increased public concern about the value of audit and the role of auditors. To help inform debate on the scope of audit, this second supporting paper to our Future of Audit thought leadership essays explains what auditors do, why audits are necessary, the limitations of audit, and what gets audited and what doesn’t.
Why audits are necessary
To help shareholders and other interested parties hold directors to account, the directors of companies are required to publish annual reports. Among other elements, these contain financial statements, which need to be independently audited to be considered credible.
Auditors report to shareholders on the ‘truth and fairness’ of these financial statements. To give a ‘true and fair’ view, financial statements must not be materially misstated and must be prepared, in all material respects, in accordance with accounting standards and legal requirements.
Auditing plays an important role in maintaining confidence in financial reporting, which in its absence would almost certainly be highly unreliable.
What auditors do
An audit involves three main elements:
- Substantial risk assessment: auditors build up a detailed understanding of the business so that they can highlight and assess the key areas in the financial statements most at risk of material misstatement;
- Evidence-gathering: focusing their efforts on the identified higher-risk areas – eg, revenue, debtors, inventory and the valuation of assets and liabilities – auditors look for material misstatements, regardless of how they are caused; and
- Reporting: auditors report their opinion to the shareholders.
The limitations of audit
An audit provides auditors with ‘reasonable’ assurance to support their audit opinion. This high but not absolute level of assurance reflects the fact that time and cost constraints and some inherent limitations of audit mean there is an unavoidable risk that some material misstatements may not be detected. This is not to say that auditors are permitted to accept inadequate audit evidence; on the contrary, in the absence of persuasive audit evidence, auditors are required to qualify their audit report.
What auditors do and don’t audit
Audited information actually makes up a minority of most annual reports. Auditors cannot, however, just ignore the rest of the information. The current audit model requires them to read the rest of the report for inconsistencies with the audited information and with the knowledge of the business they gained during the audit. Auditors also have to review some specific elements of the report to check for compliance with the relevant government codes and other legal requirements. Reading and reviewing are, however, substantially less in depth processes than auditing.
Rethinking audit scope
There is undoubtedly room for auditors to do more. Reporting on internal controls over financial reporting, for example, is already in place in the US and Japan.