By Phil Cowperthwaite
Illustration: Mike Constable
Generic checklists may be a great way to start an audit, but they can lead to a lessened focus on judgment
Accountants love their checklists. “Thank you for the theory, now please just tell me what to do” is a common refrain from auditors, especially when faced with the 570-plus requirements in the Canadian auditing and quality control standards.
But ours is a thinking profession, not one that relies on a mechanical approach to deliver a product. Every audit is unique, so reliance on a common set of checklists is unlikely to be efficient, nor will it result in an effective audit. Research shows that reliance on systems designed to do your thinking for you can reduce your ability to make good judgments. Professional judgment is the crux of our profession. It is what the public expects and what clients pay for.
The relatively new Canadian auditing standards (CAS) clock in at 800-plus pages. Many experienced auditors rely on generic checklists developed in-house or by third parties to cope with the volume, with reliance on generic checklists appearing easier than crafting their own.
And the initial setup is easy — just import the lists and tick the boxes. On the face of it, relying on someone else’s expert system avoids the need for a complete knowledge of CAS. A purchased methodology may even suggest procedures you haven’t thought of. However, there are significant drawbacks to this approach.
Drawbacks to generic checklists
Consider this: computer application designers are faced with the problem where providing too much guidance to operators (that is, programming a computer system to make decisions in the background) can have negative impacts on the ability of the operator to make complex judgments and the time it takes to make those decisions.
In addition, not having to think your way through a problem because you are guided by application software may foster shallow thinking. This comes down to operators who understand the workings of their systems having an advantage over those who don’t.
In an effort to make application software easy, designers often bury the underlying logic in the application so users can focus on moving or clicking through the program to reach their goal quickly. While this is an admirable design goal for many computer applications, it is the antithesis of a quality audit process. Removing the decision-making process could impair a user’s ability to think deeply — and deep thinking is essential in making sound judgments.
This situation is more than relevant to the audit profession. Auditors must think their way through every aspect of an audit to decide what evidence needs to be obtained, evaluate the quality of that evidence and then use this information to make a myriad of professional judgments. Just because an auditor understands the individual steps suggested by the expert system does not mean he or she grasps the bigger picture of how the steps fit together. Bottom line: a successful audit is not built on a system that encourages superficial thought.
Relying on CAS
The CASs are not an easy read and they aren’t meant to be. They demand operator-style knowledge of the underlying goals and structure. They are designed for problem solving and are not intended to result in an audit being performed by rote.
The process is all about judgment, with an essential time investment required up front to read and understand the standards. This is the process that helps determine what requirements are relevant to your audit and results in the ultimate benefits — more effective and efficient problem solving.
In addition, using the standards as they are intended encourages the development of professional judgment in up-and-coming professionals. Without generic checklists, auditors have the opportunity to think. Practice makes perfect, with the process of auditing being just as critical to the final result as the individual steps leading up to it.
The most effective way to internalize the standards is to read and understand them yourself. It is not a task to delegate. Figuring out which requirements are relevant to an individual audit and which aren’t requires knowledge of each requirement.
The good news is the format of CAS makes this relatively easy. In fact, several of the 36 CASs will not be relevant to many audits, with some requirements needing just a brief consideration. Once requirements have been determined not relevant to your engagement, they can be ignored year after year unless engagement circumstances change.
For example, in the case of a micro-entity or small-entity audit, several of the standards will likely not be relevant, such as CAS 600, Special Considerations — Audits of Group Financial Statements. In addition, many of the requirements in relevant CASs may not be relevant to the audit at hand. For example, CAS 210, Agreeing the Terms of Audit Engagements, has 16 requirements, but only three will likely be applicable in every micro-entity audit (CAS 210.06, 09 and 10).
Can the Herculean task of customizing checklists be managed? Assign one person as a project leader in your firm to go through the CAS requirements in depth to highlight those likely relevant in every one of your audits. From here, you can incorporate those requirements into your firm’s audit methodology. The project leader can hold a series of guided information sessions for all staff, referring directly to CAS at all times.
It is hard to imagine having all the steps required in a CAS audit in working memory. This is where checklists come in again, but this time they’re customized and promote sound and effective professional judgment.
More than this, generic, inappropriate and/or overly detailed checklists may be completed on auto-pilot by experienced auditors or completed by junior accountants who may not understand the subtlety of all the steps. Preparing tailor-made checklists that suit the needs of each specific engagement is the key to efficiency and effectiveness.
For example, an experienced auditor performing an audit for a longtime client doesn’t always need to complete a 10- to 15-step bank reconciliation checklist. A better approach for the auditor would be to have one or two high-level questions focused on the existence of cash, possible bank debt and statement disclosure.
Consider tailoring checklists to your type of client and industry specialization; to your staff mix (the more junior the staff, the more detailed the checklists need to be); and to the areas of your audits where professional judgment is most critical.
A generic checklist may be a great place to start, but it must be customized using your comprehensive knowledge and understanding of CAS. Ensure no key steps have been missed by designing a comprehensive document index for every audit file covering every aspect of the engagement — from planning to reporting. With every document in the index requiring completion prior to the engagement’s end, you can be assured nothing significant has been omitted.
Generic checklists can lead to a lessened focus on professional judgment, which is the antithesis of the intent of CAS. However, customizing checklists for each audit can heighten professional judgment. Once customized, audit automation provides the ability to carry your unique approach forward annually — tailoring changes as appropriate, improving recoveries and reducing engagement risk.
Phil Cowperthwaite, FCA, is a partner of Toronto CA firm Cowperthwaite Mehta and a member of the IFAC Small and Medium Practices Committee
Technical editor: Ron Salole, vice-president, Standards, CICA