After planning the fieldwork can start. The audit team is delegated specific tests to perform and the fieldwork commences. Everyone should know what they are doing, time allocated and who they will be seeing.
The work should be performed in sequence as per the audit programme. This prevents stops and blockages in performing the audit. Unfortunately in reality there is often kick-back from the client or employees (auditee) being audited. These stoppages must be cleared up without delay. This is why planning is so important to ensure that all documents, reports, information and employees are available during the audit. If the auditee still does not cooperate then the auditor must immediately go to their superior to resolve this. Most delays come from waiting for the client or auditee and these delays must be nipped in the bud (immediately stopped from growing longer). If these delays are not stopped the auditor will start several cycles or tests without completing them. This creates a mass of incomplete cycles and makes the work go much slower.
There are various types of fieldwork that are performed. This include:
1) Data analytics of the entire population of data being tested. This should actually be performed before the audit starts and is used as a way of selecting the ample to be tested.
2) Observation of the situation or the environment being audited looking for gaps or weaknesses in the existing structure.
3) Enquiry with employees and management on what is actually happening as opposed to what should be happening.
4) Detailed or substantive testing whereby a sample of documents or transactions is selected and these are tested. Mainly for validity, accuracy and completeness.
5) Negative testing – Testing of transactions to determine whether the system controls are working e.g. attempt to execute a transaction that shouldn’t be allowed. If the transaction goes through then the control or system isn’t working.
It is vitally important to ensure that tests are properly documented in the workpapers and that supporting documents are retained. All workpapers must be referenced to the programme, to the supporting documents and to the report. The supporting documents should include a sample pack of documents and evidence of all exceptions or findings raised. The audit file should be structured in such a way that anyone can pick up the file and understand what was done.
This concludes the second instalment on the anatomy of an audit. We will continue with monitoring and supervision, wrapping up the audit, handling queries, reporting and finalisation in the next article.