Question

What is the auditing process for revenue? How do you perform a risk analysis on the revenue cycle?

Answer 1

At the top of the income statement, the revenue account is one of the most influential accounts in the ledger. Accordingly, auditors must design and execute a plan to reasonably assure that this account is free of material misstatement. Revenue audit procedures can account for a substantial portion of your company's audit budget. As such, understanding the revenue audit process can help you better align company resources to complete this section of the audit as efficiently as possible.

Understand Internal Controls :  The first step in performing an audit of revenue is to understand internal controls and transaction cycles related to sales. This involves meeting with company management and learning about the company's sales process, procedures and controls that the company has implemented to guard against loss. This process is often called design and implementation testing. In addition to performing inquiries of management, auditors will also examine flowcharts of the company's invoice flow, ask for copies of significant contracts and document any changes to the company's revenue process that has occurred since the last audit.

Assess Control Risk: Once the auditor has an understanding of the company's sales process and the expected level of internal control sophistication that the auditor expects to find, the auditor assesses the risk that internal controls will not detect an error in the sales process. This process is completed by mapping the internal control activities that were identified when learning about the internal control system to specific management assertions related to sales. Once control activities are mapped to management assertions, the audit can make a judgment as to how effective she believes the controls will be at detecting misstatement.

Determine Extent of Testing:  Once control risk has been assessed, the auditor determines the amount of testing to complete. This includes both control testing and tests of accounts and transactions, called substantive testing. The amount of control testing to complete is dependent on the auditor's testing strategy. For example, if the company appears to have an effective internal control system, the auditor may wish to test more internal controls with the hope of reducing substantive testing. However, if the control system appears weak, auditors may not find that extensively testing controls is efficient. In this case, auditors will likely perform greater substantive testing.

Perform Testing: Lastly, auditors will perform control and substantive testing. Because revenue is usually considered to be a fraud risk area, the testing for this account is often completed by the more senior members of the audit staff or audit senior accountant. In addition, the manager and partner are likely to spend some extra time reviewing the revenue work papers on many audits. It is important to note that if control or substantive testing results reveal that controls are not operating effectively or account balances are misstated, the testing process can begin anew with the auditor gaining a better understanding of the transaction flow, reassessing risk, changing the nature, extent and timing of audit procedures and performing more testing.