What is Strategic-Systems Auditing?
- Approaching auditing from a strategic systems lens
What is the conceptual foundation of SSA?
- Today’s dynamic business environment calls for a new way to audit
What does the auditor employing SSA conceive the audit as?
As a process of evidence-driven, belief-based, risk assessment
What are four dimensions of the audit environment today?
(1) Rapid change (business strategy, business models, processes, reduced barriers to competition)
(2) Heightened concern about and responsibility for detecting management fraud resulting in misstated F/S
(3) Consistent evidence that when audit failures occur, they are typically due to inadequate control of non-sampling risk/error
(4) Audit Risk Model (ARM) persists as a prominent aid for planning the audit and organizing audit quality control efforts on individual engagements
What four types of auditor judgment errors are culprits in audit failures?
- failure to obtain sufficient understanding of the client’s business
- failure to sufficiently corroborate management’s representations and explanations
- failure to exercise professional skepticism on unusual, last minute, or related party transactions
- failure to conduct adequate risk assessments
What are the two components of ROMM?
Inherent Risk and Control Risk
What was ARM (Audit Risk Model) originally designed to do?
To aid the auditor in the selection of sample sizes that would achieve audit objectives
What is Detection Risk (AR = DR * IR * CR) often decomposed into?
- AP = Analytical Procedures
* TD = Test of Details (sampling and non sampling risk)
What is Audit Risk jointly determined by?
(a) whether the F/S are materially misstated prior to the external audit (i.e. whetter MM exist in the first place)
(b) the likelihood that the auditor will not detect MM during the audit, should they exist
Judgment errors in assessing ROMM or any of its elements are likely to cause the auditor to do what?
Mis-assess and in turn, mismanage DR (assessed and managed by the auditor). As a consequence, Audit Risk is likely to be higher than targeted
What does SSA’s risk assessment orientation emphasize?
Emphasizes non-sampling risk and views mitigation of non-sampling risk as a key to sufficiently driving down Audit Risk
What does the term strategic extend to as used with SSA (Strategic Systems Auditing)?
- Extends beyond auditee management to encompass audited entity’s economic web (which includes numerous strategic players)
What does the term systems extend to as used with SSA (Strategic Systems Auditing)?
- Relatively new to audit practitioners and scholars
- Audited entity is a complex system
- Complex systems often feature nonlinear, sometimes abrupt shifts in behaviors over time instead of linear, steady state behaviors over time
- The audited entity/complex system examined in SSA is a dynamic web of relationships that has emerged and continues to exist because of its value-generating capabilities within a broader economic web
