There are seven phases to be passed through by an auditor in auditing financial statements. They are described in this post. Follow on…



Phase-1.  Audit Planning

Audit planning involves developing an overall strategy for performing the audit. During planning auditors establish an understanding with their client as to the nature of services to be provided and the responsibilities of each party—this is ordinarily accomplished through use of an engagement letter.  In addition, they develop an overall audit strategy, an audit plan, and an audit program.

Planning continues throughout the entire audit as the auditor accumulates sufficient appropriate audit evidence to support the audit opinion.


Phase-2. Obtain an Understanding of the Client and Its Environment [Including Internal Control]

Auditors must attain a sufficient background to assess the risk of material misstatement of the financial statements and to design the nature, timing, and extent of further audit procedures. Risk assessment procedures are used here and include inquiries of management and others within the entity, analytical procedures, observation and inspection, and other procedures.

Obtaining an understanding of the nature of internal control is an essential part of this understanding, as it allows the auditor to identify areas that may be misstated and to design other procedures based on characteristics of the existing system.


Phase-3.  Assess Risks of Misstatement and Design Further Audit Procedures

Auditors use the information collected while obtaining their understanding of the client and its environment to identify classes of transactions (transaction classes), account balances, and disclosures that might be materially misstated.  Assessing the risks of misstatement (the risk assessment) is performed both at the overall financial statement level and at the relevant assertion level and includes considering:

  • What could go wrong?
  • How likely it is that it will go wrong?
  • What are the likely amounts involved?


Risk assessment provides the auditors with evidence on potential risks of material misstatement.  The risks of material misstatement are composed of inherent and control risks for relevant assertions.  Inherent risk is the susceptibility of a relevant assertion to material misstatement, assuming that there are no related controls.  Inherent risk arises for a variety of reasons including the business risk faced by management, the possibility of material misstatement due to fraud, and significant measurement uncertainty in accounting estimates and in non-routine transactions.

Control risk is the risk that a material misstatement could occur in a relevant assertion and not be prevented or detected on a timely basis by the entity’s internal control.


After analyzing the design and implementation of internal control, the auditors must decide whether the system appears adequate to prevent or detect and correct material misstatements.  For example, if the auditors believe that internal control is weak for an important area (that is, control risk is high), they will assess the risk of material misstatement as high.  On the other hand, if the system seems capable of preventing or detecting and correcting misstatements, the auditors may conclude that internal control may be strong.  But in this case they must determine that it is strong by performing tests of controls.

Based on the assessed risks of misstatement for various transactions, account balances, and disclosures, and on various requirements to perform certain audit procedures regardless of the individual company risk assessment, the auditors will design and perform further audit procedures—tests of controls and substantive procedures.


Phase-4.  Perform Tests of Controls

Tests of controls are performed to determine whether key controls are properly designed and operating effectively.

To illustrate a test of a control, consider the control activity in which the accounting department accounts for the serial sequence of all shipping documents before preparing the related journal entries.  The purpose of this control is to ensure that each shipment of merchandise is recorded in the accounting records (i.e., to ensure the completeness of recorded sales and accounts receivable).


Phase-5.  Perform Substantive Procedures—General

Substantive procedures (also referred to as substantive tests) are used to “substantiate” account balances.  Substantive procedures restrict detection risk, the risk that audit procedures will incorrectly lead to a conclusion that a material misstatement does not exist in an account balance when in fact such a misstatement does exist.

While tests of controls, as noted above, provide evidence as to whether controls are operating effectively, substantive procedures provide evidence as to whether actual account balances are proper.  The auditor’s reliance on substantive procedures to achieve an audit objective may be derived from (1) substantive analytical procedures, and (2) tests of details of account balances, transactions, and disclosures as they are described in more detail below:

  • Substantive procedures—Analytical procedures.  Analytical procedures used as substantive procedures are used to obtain evidential matter about particular assertions related to account balances or classes of transactions.  In these tests auditors gather evidence about relationships among various accounting and non-accounting data such as industry and economic information.  When unexpected changes occur (or expected changes do not occur) in these relationships, an auditor obtains an explanation and investigates.
  • Substantive procedures—Tests of details of account balances, transactions and disclosures.  The objective of these tests is to detect misstatements in the financial statements—more specifically, misstatements of relevant assertions relating to transactions, account balances, and disclosures.  The details supporting financial statement accounts are tested to obtain assurance that material misstatements do not exist.  Sending confirmations for year-end receivable accounts is an example of a substantive test of details.


Phase-6.  Complete the Audit

Auditors perform a number of procedures near the end of the audit.  For example, evidence is aggregated and evaluated for sufficiency.

Analytical procedures are performed (again) to assist the auditor in assessing conclusions reached and for evaluating overall financial statement presentation.

Final decisions are made as to required financial statement disclosures and as to the appropriate audit report.


Phase-7.  Audit Report

A standard unqualified audit report is issued by CPAs when their examination and the results thereof are satisfactory. This standard unqualified report is modified as the audit examination deviates from normal, or as the financial statements fail to comply with generally accepted accounting principles (GAAP).