Internal control over Financial Reporting is one of the buzzwords spreading within the auditor community and similar professionals. They also agree that the requirement introduced by Section 143(3)(i) of the Companies Act 2013 is not something completely new. The concept of risk assessment has always been part and parcel of audit strategies prepared around the country. The focus of SA 315 issued by the Institute of Chartered Accountants of India is also along the same lines.
Is Risk Based Auditing (Combined Audit) New?
Let us think about a scenario in which the audit client is an SME with tax audit being applicable. As a matter of fact, an appropriate audit plan will be prepared to perform the audit. For example, one of the audit programme may be to check the sales of the last three months (the instruction to the audit assistant may be to verify sales invoices above a particular limit). It is a substantive procedure as we all know. However, behind this selection of procedure, there is an inherent risk assessment process happening (please see the image below).
(Existence is considered as Existence & Occurrence as a combination in the above image)
Let us look at it a little bit in detail
|Sl No||Item||Reason for Selection||Reason for Selection|
|1||Sales||Based on the business knowledge of the auditor: Sales may be one of the significant item in the financial statements||Identification of significant class of transactions|
|2||Last three months||The auditor is keeping a sceptical mind on revenue to have a check on the fraudulent sales reporting (In short, the concentration is whether the sale has occurred (Occurrence assertion))||Identify risk of material misstatements|
|3||Fixing INR 50 000||Specific materiality||“Material” misstatements|
On a preliminary analysis we can find that an assessment of risk happens during the performance of a financial audit. However, it may not necessarily be systematic and documented as suggested by the Companies Act 2013.Also the lawmaker made the provision applicable for even a one-person company. Similar enactments like the SOX (Sarbanes Oxley Act) in the United States is only applicable for listed companies.
The real challenge lies in the fact that a framework has not been prescribed by the Act in this respect. The guidance note from ICAI on the subject is the major source of reference available as of now.
Documenting the work done is one of the key function of the auditor and considering the effect of these new requirements should be one of the significant matters in the audit strategy planning and team meetings in the coming days. Seeking automation through computer assisted audit tools like CaseWare Audit System or similar softwares will be something which can bring more efficiency to this process and reduce the pain of compliance.
Planning of a Combined Audit
With the Insertion of Section 143(3)(i) in the Companies Act 2013, it becomes the duty of every auditor to effectively document the risk assessment process as part of his planning documentation. Using automation and cutting edge technology to achieve this can improve the efficiency and as a result your practice can flow smooth.
During year-one, the auditor will take the effort to understand the entire internal control system and identify risks and controls to decide her course of action. From year-two onwards if there are no major changes in the organisation structure, the learning curve helps the auditor to fast forward planning and execution of the audit. Moreover, it can stand as a scientific evidence in a court of law or for any external or peer review.
Risk based auditing is not entirely an alien concept for Indian Chartered Accountants. However, the documentation and processes must have to be automated and streamlined to achieve compliance and efficiency and in turn boost the clientele portfolio.
How CaseWare can help?
CaseWare Audit System is a comprehensive suite of electronic software programs, checklists and audit work papers with a risk based approach, designed specifically for the audit practitioner in India, utilising the internationally recognised CaseWare software as the “software engine”.
Please talk to our representative or email us at firstname.lastname@example.org to know more about our Risk based Statutory Audit tool.