We will help you to remain ‘in control’, and we will do that by looking closely at the way in which the main risks are dealt with internally (who does what, when and how?). This involves a specific examination of your own control procedures.
We have had positive experiences of conducting discussions with the management in the initial phase of an audit concerning the latest developments, including changes in relevant regulations and the risks identified by the management. This enables us to exchange views at an early stage in the financial statement cycle, allowing clear communications and early identification of areas potentially requiring attention. In this way, we can share our knowledge and experience with you and avoid surprises as far as possible. This approach ensures an efficient and effective approach to the audit.
An audit measure usually follows the question: ‘What would happen if…? The answer will start with: ‘Because we…’. An important aspect of control concerns completeness. The completeness of purchasing, for example; you sign all incoming invoices, but how do you know whether you are actually seeing all the incoming invoices? By aligning our procedures with your own internal control as far as possible, we can minimize any duplication of work. Adequate internal control also enables us to restrict the nature and extent of the data-based controls. Any gaps in the control environment result in additional work. If required, in consultation with the management, we draw up a summary of the additional work we will have to perform.
In audit engagements, we focus our attention largely on identifying possible risks of material errors in the financial statements, and on the way in which you deal with these risks.
Where possible, we rely on the internal controls and associated measures carried out by your organization. We are careful to look not only at the formalized internal controls, but also at the ‘soft controls’ and entity-level controls (“ELC”). Entity-level controls concern matters that do not relate specifically to a statement or an item in the financial statements, but which are important to auditors. The existence of entity-level controls (nature of the organization, involvement of directors/major shareholder/management, planning and budgeting cycle) has a positive impact on the risk profile.
Moore DRV performs audits based on the latest auditing standards and with the aid of an electronic file that assists with risk analysis. The benchmark is provided by the International Standards on Auditing, which to a large extent have been incorporated in the Dutch Auditing and Other Standards (NV COS). These international standards have been introduced into many national auditing standards under European law. Moore DRV also has internal quality standards that comply with International Standards on Quality Control 1 (ISQC 1). In addition, Moore DRV has an internal quality-control system that is assessed among other things by means of file reviews and specific engagement quality-control procedures at engagement level. As one of the Netherlands’ larger accounting firms, Moore DRV is also a member of the SRA, the professional organization for auditing firms operating in the SME segment. Quality levels are also monitored by peer review in this context.
Before starting our work, we carry out a survey of the company:
This involves conducting interviews and studying documents. We do this not by going through checklists, but by asking and answering open questions. This familiarizes us with the characteristics of the organization and the procedures and business processes involved in it. On this basis, we will draw up a risk analysis tailored to your organization and an audit plan. We will then devise an appropriate audit approach to address the identified risks, including the procedures to be carried out. The procedures and the form, content and extent of the documentation depend on the size, accounting complexity and nature of the entity, as well as the internal control. If desired, additional procedures will be agreed based on your requirements.
The automated provision of information is important for business operations and their control and management. It is also important for the audit that a judgement is formed on the level of the internal control measures in the automated information systems and in the supporting IT management organization. This is to guarantee continuity and reliability. Moore DRV has a specialist team of IT auditors with experience and knowledge of large and complex IT systems and organizations. This experience has been gained both in the auditing of financial statements and in specific examinations of the effectiveness, reliability, continuity and/or efficiency of the automated information provision. The members of the audit team are accustomed to operating in an automated environment.
The interim procedures are focused particularly on testing internal procedures and internal control measures. In accordance with Dutch auditing standards, an annual assessment is made of the IT procedures that are essential to the internal control system. The depth of our testing depends on the type of internal control measures of importance for our audit. We also use data analyses where possible. Data analysis is not only often of benefit in less formalized internal control environments, but also frequently generates added value, particularly because we focus on exceptions.
The result of our internal audit is primarily the confirmation or reconfirmation of our assessment of the quality of the internal control measures, and hence our audit approach. Our work on internal procedures can also lead to recommendations aimed at improving your internal processes, so as to increase your return or to adjust your financing structure. These recommendations may be reported in the form of a management letter.
In the final procedures, we devote particular attention to a number of specific items in the financial statements that involve an increased likelihood of (possibly material) misstatements as a result of errors and/or fraud. In determining the nature and depth of our work, the results of the interim audit and the degree to which an item is susceptible to a (possibly material) error play an important role. The characteristics of an item, such as its complexity, susceptibility to fraud and subjectivity, are key to our analysis. By taking these decisions, both you and we can devote our time to items in the financial statements that are genuinely relevant to the overall picture of the financial statements. We also devote specific attention to the consolidation and compliance with the accounting principles in Title 9, Book 2 of the Netherlands Civil Code and the management report.
To ensure an efficient audit, we make as much use as possible of the internal procedures conducted as part of the period-end closings. In consultation with you, we will then determine which specific additional procedures we will carry out. Well before the start of our work, we will send you a list of documents to be supplied, which we will discuss with you. This sets out our requirements for the preparation of the balance sheet audit.
Based on the results of our work, we will hold a final discussion with you to share our findings. We will also provide you with our audit opinion and explain our audit report in the discussion with the management and, if applicable, with the body responsible for governance.
The auditor is legally required to report to the management on their findings with regard to the reliability and continuity of the automated data processing.
The following is a schematic summary of the main phases of our audit approach and their interrelationship: