Planning and Developing a Financial Statement Audit
Business Process Analysis
1
Steps in the Audit Process
1. Client acceptance and retention
2. Planning and understanding the client
Understand client strategies and business processes (strategic and process analyses)
Risk assessments
Planning analytics
3. Plan tests of financial statement assertions
4. Perform tests of financial statement assertions
Tests of control operating effectiveness and substantive tests
5. Wrapping up the audit
6. Audit reporting
1. 客户接受和保留
2.规划和理解客户
了解客户战略和业务流程(战略和流程分析)
风险评估
规划分析
3.计划财务报表断言的测试
4.执行财务报表断言的测试控制操作有效性和实质性测试的测试
5.结束审计
6.审计报告
2
What is a business process?
An organization is a collection of business processes. These processes reduce the potential impact of strategic risks by standardizing the organization’s response to external stimulation and coordinating operations to manage those risks.
Processes serve two primary purposes:
1. To advance the objectives of the organization
2. To minimize the risks of not achieving those objectives.
组织是业务流程的集合。 这些流程通过标准化组织对外部刺激的响应并协调运营来管理这些风险,从而减少战略风险的潜在影响。
流程有两个主要目的:
1.推进组织的目标
2.尽量减少未实现这些目标的风险
4
What is Process Analysis?
One output of the analysis is the identification of the client’s core business and resource management processes.
In most business risk auditing approaches (e.g., SSA), these processes are the building blocks of the audit.
In the past, firms used financial statement balances as the building blocks.
分析的一个输出是识别客户的核心业务和资源管理过程。
在大多数商业风险审计方法(例如SSA)中,这些流程是审计的基石。
过去,公司使用财务报表余额作为构建模块。
5
Why use processes as building blocks?
Understanding the processes that comprise an organization helps the auditor:
Identify process-level risks and their potential impact on the financial statements
Very difficult when using balance sheet as building blocks
Form well-developed expectations for financial statement balances
Develop well-calibrated risk assessments and audit programs targeted at high risk areas
了解组织的流程有助于审核员:
确定流程级风险及其对财务报表的潜在影响
使用资产负债表作为构建块时非常困难
形成对财务报表余额的良好发展预期
制定针对高风险领域的经过良好校准的风险评估和审计计划
6
3 Main Types of Business Processes
Strategic Management Process
Audit implications evaluated in strategic analysis
Core Business (Primary) Processes
Resource Management (Support) Processes
战略管理流程
在战略分析中评估审计影响
核心业务(主要)流程
资源管理(支持)流程
7
Core Business Processes
Processes that are performed to directly create value in the form of a product or service.
Auditors assess the relative importance of the CBPs as importance varies by client.
执行以直接以产品或服务的形式创造价值的流程。
审核员评估CBP的相对重要性,因为重要性因客户而异。
8
Core Business Processes
CBPs for a manufacturer, distributor, or seller of tangible products:
Inbound Logistics (procuring inputs)
Operations (inputs products)
Marketing and Sales (selling products)
Outbound logistics (products customers)
Service (keeping customers happy after the sale)
有形产品的制造商,分销商或销售商的CBP:
入境物流(采购投入)
操作(输入产品)
营销和销售(销售产品)
出境物流(产品客户)
服务(销售后让客户满意)
9
CBPs for a manufacturer, distributor, or seller of tangible products:
Inbound Logistics (procuring inputs)
Operations (inputs products)
Marketing and Sales (selling products)
Outbound logistics (products customers)
Service (keeping customers happy after the sale)
Coca-Cola: “targeting different areas across the globe with different products, gaining name and popularity”
有形产品的制造商,分销商或销售商的CBP:
入境物流(采购投入)
操作(输入产品)
营销和销售(销售产品)
出境物流(产品客户)
服务(销售后让客户满意)
可口可乐:“以不同的产品瞄准全球不同地区,获得名声和知名度”
10
Resource Management Processes
Have an indirect effect on the creation of product value.
Typical RMPs:
Financial Management
Human Resource Management
Technology and Information Management
Once again, importance varies by client.
Some of these RMPs may be CBPs for some clients (i.e., process is critical in value creation).
过程对价值创造至关重要
对产品价值的创造产生间接影响。
典型制冷剂管理计划:财务管理人力资源管理技术与信息管理客户的重要性再次变化。这些RMP中的一些可能是某些客户的CBP(即,过程在价值创造中至关重要)。
11
What is your client’s CBP?
Inbound Logistics (procuring inputs)
Operations (inputs products)
Marketing and Sales (selling products)
Outbound logistics (products customers)
Service (keeping customers happy after the sale)
Financial Management
Human Resource Management
Technology and Information Management
Note: the last 3 are typically RMPs. Thus, you must argue that these processes are critical to your company’s value creation, making them CBPs.
财务管理
人力资源管理
技术与信息管理
注意:最后3个通常是RMP。 因此,您必须争辩说这些流程对您公司的价值创造至关重要,使其成为CBP。
12
Identifying Sub-Processes
Typical Sub-Processes
Sales and Marketing
Price Management
Brand Management
Expansion and Growth
Research and Innovation
Inbound Logistics
Supplier Selection
Stock Management
Receiving
Outbound Logistics
Warehouse Management
Distribution Management
典型的子流程
销售和营销
价格管理
品牌管理
扩张和增长
研究与创新
入境物流
供应商选择
库存管理
接收
出境物流
仓库管理
分销管理
13
Audit-Sensitive Processes
A process that is critical to the conduct of the audit and is likely to have a significant impact on the evidence that an auditor collects.
Main source of residual risk
A process is audit-sensitive if it meets at least one of the following conditions:
1. Critical to achieving strategic objectives
Thus, all CBPs are audit-sensitive.
2. Extensive external interactions (e.g., M&A)
3. High risk
4. Related to a major class of transactions
审计敏感过程
对审计工作至关重要的流程,可能会对审计师收集的证据产生重大影响。残余风险的主要来源如果流程满足以下至少一个条件,
则该流程对审计敏感:
1.实现战略目标至关重要因此,
所有CBP都是审计敏感的。
2.广泛的外部互动(例如,并购)
3.高风险
4.与一大类交易有关
14
Process Analysis Document (PAD)
Identify the sub-process and sub-process objective.
Identify the process inputs, activities, and outputs.
Including information flow (needs and output)
Identify the accounting impact of process activities. What are the…
Routine transactions (e.g. inventory, sales, COGS)
Non-routine transactions (e.g., acquisitions)
Accounting estimates (e.g., warranties, allowance for doubtful accounts)
Uncertain future amounts that must be estimated
过程分析文档(PAD)
Non-routine tend to be must more risky
确定子流程和子流程目标。
确定流程输入,活动和输出。
包括信息流(需求和输出)
确定流程活动的会计影响。 什么是…
常规交易(例如库存,销售,COGS)
非常规交易(例如收购)
会计估计(例如,保证,可疑账户的准备金)
必须估计的未来不确定金额
15
(PAD)
Sub-process and sub-process objective:
Brand Management: To expand into new countries and markets
Inputs:
Marketing department, product design, sales force, product ideas
Activities:
Market research, team to explore new markets, advertising, R&D
Outputs:
Research reports, expansion plans, new products, etc.
子流程和子流程目标:
品牌管理:拓展新的国家和市场
输入:营销部门,产品设计,销售队伍,产品理念
活动内容:市场调研,团队探索新市场,广告,研发
输出:研究报告,扩展计划,新产品等
16
(PAD)
Accounting impact:
Routine transactions: Sales, COGS, R&D expense
Non-routine transactions: Acquisitions, fixed assets
Accounting estimates: Warranties, allowance for doubtful accounts, impairments, goodwill
会计影响:
常规交易:销售,COGS,研发费用
非常规交易:收购,固定资产
会计估计:担保,可疑账户备抵,减值,商誉
17
Process Risk Identification
People Risks
Managerial Risk (e.g., competence)
Ethics Risk (e.g., fraud)
Human Resource Risk (e.g., training)
Direct Process Risks
Operational Risk (e.g., product quality)
Information Risk (e.g., information reliability)
Indirect Process Risks
Technology Risk (e.g., system security)
Planning Risk (e.g., incentives)
Regulatory Risk (e.g., safety regulations)
See Figure 6-6 and p. 208-214 for more detail
流程风险识别:
人民风险
管理风险(例如能力)
道德风险(例如欺诈)
人力资源风险(例如,培训)
直接流程风险
操作风险(例如产品质量)
信息风险(例如,信息可靠性)
间接过程风险
技术风险(例如,系统安全性)
规划风险(例如,激励措施)
监管风险(例如,安全法规)
见图6-6和p。 208-214了解更多细节
18
Identify Potential Audit Implications
Once the auditor has identified the process risks, he/she must assess the potential audit implications:
Expectations (the risk affects the auditor’s expectations for account balances)
Viability (the risk affects the auditor’s going concern assessment
Control Environment (the risk affects the auditor’s assessment of control risk or the decision to rely on internal controls)
Audit Risk (the risk affects the risk of material misstatement)
一旦审核员确定了流程风险,他/她必须评估潜在的审计影响:
期望(风险影响审计师对账户余额的预期)
可行性(风险影响审计师的持续经营评估
控制环境(风险影响审计师对控制风险的评估或依赖内部控制的决策)
审计风险(风险影响重大错报风险)
19
KPIs for Process Analysis
Role of KPIs
KPIs are process-level controls that monitor/reduce process-level risks.
Existence of KPIs is not sufficient. Management must monitor and react to these measures to reduce the process risks.
What is management’s expected performance range for the KPI?
How often do they review the KPIs?
How do they (if at all) respond when KPIs fall outside the expected performance range?
Are the KPIs consistent with prior year, budgets, and industry averages?
Are KPI trends consistent with overall f/s trends?
KPI是监控/降低流程级风险的流程级控制。
KPI的存在是不够的。 管理层必须监控并对这些措施做出反应,以降低流程风险。
什么是管理层对KPI的预期绩效范围?
他们多久检查一次KPI?
当KPI超出预期的性能范围时,它们(如果有的话)如何响应?
关键绩效指标是否与上一年度,预算和行业平均值一致?
KPI趋势是否与整体f / s趋势一致?
21
Process Objectives and Risks (Logistics and Distribution Example)
Objectives:
Provide merchandise to customer at “right time and in right place”
Have lowest possible supply chain costs
Risks:
High costs due to excessive handling or too much order picking time at warehouse.
Supplier cannot meet requirements
High number of stock picking errors
KPI’s: Spoilage, shrinkage, # of out of stock items, overall and product profit margin
流程目标和风险(物流和配送示例)
目标:在“正确的时间和地点”向客户提供商品
尽可能降低供应链成本
风险:由于过度处理或仓库订单拣选时间过长导致成本高。
供应商无法满足要求
大量的选股错误
关键绩效指标:腐败,收缩,缺货商品数量,整体和产品利润率
22
Audit Implications (Logistics and distribution example)
The logistics and distribution process-level risks could affect these financial statement assertions:
Inventory existence and completeness
Accuracy of costs of goods sold
Distribution and warehouse expenses
Inventory obsolescence (valuation)
审计影响(物流和配送示例)
物流和配送流程级别的风险可能会影响这些财务报表断言:
库存存在和完整性
销售成本的准确性
分配和仓库费用
库存过时(估价)
23