There are six key steps that auditors must follow. FMD has laid out the basics that we follow below.
Step 1--Planning and Supervision
Professional standards require that the auditor adequately plan the work and supervise any assistants.
Audit planning includes developing an overall audit strategy for the expected conduct, including:
- Organization and staffing of the audit
- Establishing a written understanding with the client regarding the services to be performed
- Obtaining an understanding of the plan’s internal controls
The nature, timing, and extent of planning will vary according to the type of employee benefit plan, the size and complexity of the plan’s operations, the auditor’s experience with the plan, and his or her understanding of the plan and its environment, including its internal control.
Step 2--Risk Assessment
Audit risk is the risk that the auditor expresses an unmodified opinion when the plan’s financial statements are materially misstated. The auditor considers audit risk in relation to the overall financial statement level and the assertion level for classes of transactions, account balances, and disclosures, and performs procedures to assess the risks of material misstatement at both levels.
Step 3--Internal Control
The auditor must obtain an understanding of the plan and its environment, including its internal control relevant to the audit, which will provide a basis for designing and implementing the audit plan.
An important part of the auditor’s planning is to look at the internal control over the financial reporting that are in place and then evaluate their effectiveness to assess the risks of material misstatement.
Step 4--Audit Testing
In developing an audit strategy, the auditor considers whether to rely on the relevant controls at the plan and the plan’s service organizations for various areas of the audit based on an assessment of factors such as:
- Cost/benefit considerations
- The size of the plan and prior year results of control testing
If test results indicate the plan’s controls are effective, the auditor may reduce the level of “substantive tests” he or she performs as a basis for the audit opinion.
The auditor evaluates the audit evidence obtained and considers what type of audit opinion to issue. Professional standards define certain requirements and provide broad guidelines about the evaluation of audit evidence. However, the auditor also is required to exercise professional judgment to determine the nature and amount of evidence required to support the audit opinion.
Depending on the test results, the engagement team may need to adjust its audit plan, modify its tests, or perform additional procedures in response to this updated information as warranted.
To conclude the audit, the auditor issues the written audit report, which contains their findings.