Overview of the Ernst & Young Global Audit Methodology
How the Ernst & Young Global Audit Methodology Supports Our AABS
The Ernst & Young Global Audit Methodology, along with the Global Documentation
Approach , ties together all four strategic themes on a global basis.
Operational Excellence: Operational excellence represents the strategic foundation.
By focusing on operational excellence, we can enhance our performance in delivering
People First: We empower you to be creative; develop an exciting environment in which you
can thrive; and recognize that your growth, commitment, and contribution are integral to our
success as a firm.
Clients: We create value and confidence for our clients and markets and build long-
term relationships as trusted, strategic business advisors.
Financial: Our ultimate objective is to be the leader in both revenue and profit growth
in the markets we serve. We all need to take personal responsibility and think of
ourselves as leaders to challenge the status quo and do it better!
You may be asking yourself…
How does the Ernst & Young Global Audit Methodology support our E&Y Global AABS
Strategy? Click the forward arrow to learn how.
Structure of the Ernst & Young Global Audit Methodology (Cont.)
The Ernst & Young Global Audit Methodology is presented in a three-layer format:
Click each box below to learn more about the three layers of the methodology:
The first layer, an overview of the Ernst & Young Global Audit Methodology, is a concise
description of our methodology for performing financial statement audits. The layer includes
the following sections:
• Key features of the Ernst & Young Global Audit Methodology
• Use of this methodology
• Overview of the Ernst & Young Global Audit Methodology
The Overview section identifies and describes the four phases of the audit, the activities
within each phase, and a summary of the procedures within each activity.
The second layer provides more specific guidance on how and why we perform the
procedures outlined in our methodology, along with policies used in making certain audit
decisions. This layer includes the following sections:
• Documentation Considerations
The Procedures section also describes briefly how to apply some of the guidance. These
examples appear in boxes (or bordered paragraphs) throughout the methodology.
The third layer consists of examples, checklists, and leading practice illustrations for
performing and documenting our procedures during the audit. The content in this layer
• Forms and Templates
• Industry and Business Knowledge
Combined, these three layers represent our comprehensive Ernst & Young Global Audit
Both the Detailed Guidance and Enablers layers may change over time with changes in
technology, auditing standards, and the addition of improved practice support materials.
How to Access the Ernst & Young Global Audit Methodology
Now that you know how the methodology is structured, you need to know where it can be
E&Y GAM (a Lotus Notes database)
You can find all three layers of the methodology (Overview, Detailed Guidance, and
Enablers) in a Lotus Notes database called E&Y GAM. This version of the methodology
also includes links to other internal and external sources of information. You need to be
in a connected environment to access certain links. Certain countries also make the
methodology available in other formats, such as Folio Views, for advanced search
Continue forward to answer some questions.
Which of the following is not one of the four phases of the Ernst & Young Global Audit
Lesson 2: risk considerations
Remember from Lesson 1 that one of the key features of the Ernst & Young Global Audit
Methodology is our focus on business risks and the effect they have on the audit.
The E&Y engagement team is responsible for evaluating, creating, executing, and updating
the audit strategy to make sure that our actions are responsive to the risks that are relevant to
Our ultimate goal is the effective (high-quality) and efficient (profitable) delivery of
our audit services.
This lesson focuses on how we consider risks in the Ernst & Young Global Audit
At the end of this lesson, you will be able to:
• Identify the importance of making appropriate risk assessments
• Describe how we consider business risks in our audits
How will this lesson help you on the job?
This lesson provides you with foundation knowledge that will help you apply the Ernst &
Young Global Audit Methodology, particularly as it pertains to making risk assessments.
Why Are Risk Concepts Important in E&Y GAM?
The Ernst & Young Global Audit Methodology is designed to align our audit process closely
with the client's underlying business risks. In this way, we look at our client's business from
the client's perspective.
Our risk assessments represent the cornerstone of our audit methodology and are
instrumental to fulfilling our value, cost, and risk objectives.
Do you remember the value, cost, and risk objectives we discussed in Lesson 1 of this
Select the answer that best completes the statement below.
In each audit, we develop a strategy to _______ the VALUE delivered to our clients, _______
the COST as a percentage of revenue in the delivery of our audit services, and _______ or
_______ the firm's RISK.
Relationship Between Our Audit Risk and Business Risk
How does making appropriate risk assessments help us fulfill our value, cost, and risk
We do not audit every transaction. Instead, we gather and evaluate audit
evidence until we have achieved reasonable assurance that the financial
statements do not contain material misstatements.
As a result, there always will be some risk of undetected misstatements remaining
in audited financial statements. Our objective is to reduce our audit risk to an
acceptable level while providing value to the client and reducing our costs.
Making the appropriate risk assessments and then reflecting them in our audit strategy
contributes significantly to our ability to deliver value to our clients while controlling audit costs
The Ernst & Young Global Audit Methodology recognizes that audit risk is affected by
the business risks our clients face and by how well they manage those risks.
The methodology relates, but does not equate, a client's business risks and our audit
risk, and requires that we seek to understand the client's business risks when we make
judgments concerning audit risk.
That is, by gaining an understanding of our client's principal business risks and their
relationship to the inherent and control risk components of audit risk, we can develop
more effective and efficient audit strategies as well as provide timely communications
on emerging issues to the client.
Click the forward arrow to refresh your memory on these various risk concepts.
The Audit Risk Formula
Audit risk is the risk that we may unknowingly fail to appropriately modify our opinion on
financial statements that are materially misstated. Click the elements of the formula above to
review the definitions of the audit risk components.
Inherent risk is the susceptibility of an assertion (e.g., account balance or class of
transactions) to a material misstatement, assuming that there were no related controls.
Control risk is the risk that a material misstatement that could occur in an assertion (e.g.,
account balance or class of transactions) will not be prevented or detected and corrected in a
timely manner by the client's internal control system.
Detection risk is the risk that we will not detect a material misstatement that exists in an
assertion (e.g., account balance or class of transactions). Detection risk relates to our audit
procedures, which we can change at our discretion.
Business and Financial Statement Risk
Business risk is defined as the potential for events, actions, or inactions to result in the client's
failure to meet its key business objectives, or its failure to define business objectives that are
responsive to its key stakeholders.
Financial statement risk is the risk that the client's financial statements, prior to the
performance of any audit procedures, will be materially misstated. Financial statement
risk as defined is combined risk, which is the product of inherent risk and control risk.
The E&Y Global Audit Methodology assumes that the most significant financial
statement risks are coming from the business.
Higher control risk often means higher business risk. Poor controls over a process or
system may be indicative of a situation that places the business at a higher risk of not
achieving its key business objectives.
Higher business risk ordinarily means higher inherent risk (for the related account
assertions). Many different factors influence inherent risk. Business risks may affect
an account assertion and, therefore, increase the inherent risk for that related account
Because of these interrelationships, we cannot properly assess inherent risk and
control risk without gaining an understanding of the business and the business risks
that can influence the audit of the financial statements.
Refer to the Audit Risk Concepts Web-based learning course for further information.
Short-Term and Long-Term Business Risks
Business risks may affect the client in the short or long term.
Short-term business risks encompass the risks that we expect could materialize within the
time frame of the survival of our audit opinion.
Long-term business risks may not affect the company's financial statements directly today;
however, they might affect the future operations of the company.
Refer to the Audit Risk Concepts Web-based learning course for further information or to
review these risk concepts.
How Do We Reduce Our Audit Risk?
The Ernst & Young Global Audit Methodology was developed to help engagement teams reduce
audit risk to an acceptable level.
A key aspect of reducing this audit risk is making appropriate inherent, control, and combined
risk assessments and customizing appropriate audit solutions based on those combined risk
Our ability to a make a proper combined risk assessment and develop an audit strategy
responsive to those assessments is critical to our performing effective and efficient audits.
Combined risk assessments are made for each relevant assertion of each significant account or
group of accounts.
The methodology equates a client's business risks to our audit risk.
Audit risk is the risk that we will not detect a material misstatement that exists in an assertion.
A key aspect of reducing audit risk is making appropriate inherent, control, and combined risk
assessments and customizing appropriate audit solutions based on those combined risk
How Do We Consider Business Risk in Our Audit?
We gain an understanding of the client's business so that we can identify significant
business risks, their financial statement implications, as well as significant accounts
We accomplish this by:
• Understanding the effects of relevant market forces and other environmental factors
on the business
• Considering how expectations of key stakeholders may influence management's
• Considering whether management has developed business goals, objectives, and
strategies that are reasonably responsive to these factors
• Identifying the critical success factors that are most important to the achievement of
the client's strategies
• Gaining a high-level understanding of the client's business processes
• Understanding how management controls those business processes that are critical
to the achievement of its critical success factors
How Do We Consider Business Risk in Our Audit? (Cont.)
As we indicated earlier, business risks arise when:
• The client's business strategies do not satisfy its key stakeholders
• The client's business strategies are not responsive to the market or other
• Changes in the business process are necessary to achieve the client’s business
We focus our attention and audit procedures on those key business risks that are expected to
materially affect the client and the accuracy of its financial statements in the short term.
However, we also recognize that long-term risks eventually will affect the business (and the
accuracy of its financial statements) if they are not addressed. Identifying and understanding
long-term risks also may present us with the opportunity to deliver additional value to the
We do not need to consider a client's long-term business risks because we do not expect
them to materialize within the time frame of the survival of our audit opinion.
Business risks arise when the client's business strategies:
What Is Your Role?
You are an integral part of the team that must develop a
comprehensive understanding of the client's risks.
• Our team includes specialists, each contributing to the reduction of audit risk.
• Our approach to risk affects everything that you and your team do on an
engagement, from planning through conclusion of the audit.
• Our assessment of the various risk components drives our audit strategies. Risk
affects the nature, timing, and extent of our substantive procedures.
• Our consideration of business risk puts us in a position to provide value to our
clients by identifying and communicating emerging risk issues.
• Our approach to risk assessment puts us in better control of our own business risk --
E&Y's audit risk.
Each client manages risk in its own way. The Ernst & Young Global Audit Methodology
provides direction to engagement teams on gaining an understanding of the client's business
risks and their implications and how the client manages and controls those risks.
Advising our clients as they seek to manage their business risks enhances our role as
business advisors and value providers. We ordinarily discuss with the client the risks we
identify, along with ways that the risks and related value opportunities may be addressed.
The Ernst & Young Global Audit Methodology dictates how engagement teams should gain an
understanding of the client's business risks and their implications and how the client manages
and controls those risks.
We never discuss with the client the risks that we identify during the audit engagement.
Lesson 3:Ernst & Young Global Audit Methodology
As we indicated earlier, the Ernst & Young Global Audit Methodology facilitates
effective and efficient delivery of high-quality audit services to our clients throughout
the world. It provides a framework for application of a consistent thought process to
all audits, enabling seamless delivery to our global accounts.
During this lesson, you will have an opportunity to explore further the activities that
make up the Ernst & Young Global Audit Methodology.
Upon completion of this lesson you will be able to:
• Identify the elements that make up the Ernst & Young Global Audit Methodology
• Describe the overall objective of each activity and, at a high-level, how it is executed
How will this lesson help you on the job?
The Ernst & Young Global Audit Methodology provides the foundation for approaching all
audits worldwide. Understanding the phases and activities of the methodology will prepare
you to handle assignments on your audit engagements.
Elements of the EY Global Audit Methodology
In the first two lessons, we briefly introduced the important influences on the delivery of our services.
In the graphic below, you see the complete Ernst & Young Global Audit Methodology map.
The two horizontal bars at the top represent the influences, and the two bars at the bottom
represent our outputs from the delivery of our services.
Click each of the horizontal bars to refresh your memory of what these represent.
When you are finished reading, click the forward arrow to learn about the four phases and related
Four Phases of the Methodology
The Ernst & Young Global Audit Methodology is organized into four interdependent phases.
These phases are designed to focus on the client's business and financial statement risks (as
we described in Lesson 2 of this course) and how those risks affect our audit of the financial
The four phases are:
As we discuss each phase and its related activities, several of the concepts will be new to
you. Since this course is an overview of the Ernst & Young Global Audit Methodology, we will
not go into the details of these topics and terms. You will acquire more in-depth information as
you participate in additional learning courses and gain on-the-job experience throughout your
Note: While there is a natural order to the performance of
many activities in an audit, the Ernst & Young Global Audit Methodology is not necessarily
executed in a standard sequence. The Ernst & Young Global Audit Methodology is a means
to an end and not a rigid set of instructions that is followed without exercising professional
Phase 1: Establish Engagement Objectives
The process by which we deliver our professional services, and to some extent
the services themselves, is unique to each engagement. We develop our service
delivery process after considering our needs related to the opinion we will
express and the client's needs and expectations and its perception of value.
On the graphic to the left, click each activity number within the Establish
Engagement Objectives phase for more details on the requirements of the
Activity 1: Co-Develop Client Expectations
We begin the audit by co-developing our client's expectations with the client's key decision
Developing strong client relationships is a key theme of our Global AABS Strategy as well as
our methodology. It enables us to better understand what the client values so we can develop
strategies to execute and communicate value. This understanding helps move the client
relationship to one where we deliver high-value services and receive fees appropriate to the
In complex IT environments, consider involving TSRS in the co-development meeting with the
The success of our relationship is affected directly by our ability to understand the client's
issues and communicate to the client the value of the services we provide.
Activity 2: Identify and Orient the Audit Team
Effective teamwork improves our ability to control audit risk, optimize efficiency, and deliver
value to the client.
In Activity 2, we identify the key members of the engagement team, including team specialists
representing Tax and TSRS , and others, and develop the team's goals and objectives. We
assign roles and responsibilities that will help the team achieve these goals and objectives as
well as address each individual engagement team member's development goals.
It is also at this stage that we plan for timely and direct executive participation. Our ability to
deliver an effective and efficient audit is influenced heavily by the involvement of engagement
executives during planning and throughout the audit.
The four phases of Ernst & Young's Global Audit Methodology focus primarily on:
Providing business solutions to clients
The client's financial statements
The client's business and financial statement risks
After we develop our service delivery process, we assess our client's needs and expectations.
Phase 2: Understand the Business and its Risks and Establish Our Audit
On the Phase 2 graphic to the left, click
each activity number for more details on
the requirements of the activity.
The core of the methodology requires us
to understand the client's business and
financial statement risks and their
implications -- especially how well a
client manages and controls those risks
-- so that we can design the most
effective, efficient, and value-added
By the end of this phase of the audit, we will
have used our understanding of the client to
develop an appropriate audit strategy,
perform a combined risk assessment, and
develop customized audit solutions.
Activity 3: Understand the Business
In Activity 3, we focus on:
• Understanding the client's key market forces
• How stakeholders' expectations may influence management's actions, goals,
objectives, strategies, and critical success factors
• How the client organizes and controls its business
• The importance the client places on its information technology (IT) environment
Our procedures should be sufficient to gain an understanding of the business and identify
those business risks that are most likely to influence financial statement risks in the short
The knowledge we gain about the client's business provides the basis for making more
comprehensive risk evaluations. By gaining an understanding of our client's key business
risks and their relationship to the inherent and control risk components of audit risk, we can
balance the value, cost, and risk tenets that we described earlier in this course.
Knowledge of the client's business also provides a frame of reference within which we
exercise professional judgment.
Activity 4: Assess Internal Control at the Entity Level and the Risk of
In this activity, we perform procedures that enable us to gain an understanding of each of the
five components of internal control at the entity level and the risk of fraud. We also gain an
understanding of how the client uses information technology (IT) to manage and control its
Our understanding of internal control at an entity level forms the foundation for several
activities. Together, these activities provide us with a detailed understanding of the client's
controls and assist us in designing the most effective and efficient audit procedures.
We use this information as we understand, evaluate, and test the components of internal
control at a process or application level.
Activity 5: Develop the Preliminary Audit Strategy
Developing the audit strategy provides focus and direction for the remainder of our audit
activities. Many of the procedures in this activity are best addressed as part of a
comprehensive "planning event." The planning event involves key members of the team
making decisions together regarding how the audit will be conducted. By having the key
members of the engagement team participate directly in the planning process, the team
shares its knowledge in a manner that focuses attention on the most critical issues and, just
as importantly, away from areas having little audit significance.
In more complex IT environments, it is most efficient to involve TSRS at an early stage in
During this activity, we:
• Perform an overall analysis of financial and non-financial information
• Establish planning materiality, tolerable error, and the nominal amount for posting
audit differences to the Summary of Audit Differences
• Identify the significant accounts and those processes that influence the significant
accounts (called significant processes)
• Preliminarily determine which of the client's significant processes we will further
understand and evaluate for the purpose of looking for controls (this decision is left to
the professional judgment of the executives on the engagement.)
• Make a preliminary assessment of inherent and control risks
• Establish preliminary audit scope
• Prepare the Audit Strategies Memorandum
• Prepare the preliminary audit program or work plan
• Complete other planning activities
Activity 6: Understand and Evaluate Significant Processes and Related
Evaluating the client's significant processes and related controls is critical in helping us
understand the client's business and financial statement risks, how those risks are managed,
and the most effective way to design our audit strategy in response to those risks.
We further our understanding of the client's significant processes through identifying what
could go wrong within the process -- these are points where controls are needed.
Where we plan to assess control risk at less than the maximum, we identify and understand
the controls (manual and automated) to prevent/detect the potential errors.
We conduct walk-throughs to confirm our understanding of the processes and that the
controls that we have identified have been placed in operation, and to make a preliminary
evaluation of the effectiveness of the controls. When we elect not to identify controls and
assess control risk at the maximum, the walk-through is limited to confirming our
understanding of the process.
Activity 7: Perform Tests of Controls
We finalize our strategy for testing controls and then design and execute those tests of
Many of the benefits of the Ernst & Young Global Audit Methodology are linked to our ability
to identify and test effective controls.
Activity 8: Perform Our Risk Assessments and Customize Audit
We gather information and audit evidence during the performance of earlier activities and use
that information and audit evidence to make informed assessments of inherent and control
risks (our combined risk assessment) associated with each of the client's significant accounts
and the related assertions.
We customize the nature, timing, and extent of our substantive audit procedures to respond to
the combined risk assessments.
When we test controls, we have the greatest flexibility regarding the timing of our substantive
procedures (we can perform procedures up to six months prior to year-end) and can reduce
significantly the extent of substantive testing necessary.
All of the following tasks are involved in Phase 2 of the Ernst & Young Global Audit
Methodology, Understand the Business and Its Risks and Establish Our Audit Strategy,
Consider the importance the client places on its IT environment
Develop the audit strategies
Co-develop client expectations
Understand the client's internal controls
Understanding the relationship between our client's key business risks and the inherent and
control risk components of audit risk enables us to do all of the following except:
Develop better audit strategies
Perform substantive procedures earlier in the year
Manage the firm's risk more effectively
Increase the value we deliver
During Activity 5, Develop the Preliminary Audit Strategy, we perform which of the following?
Select all that apply.
Establish planning materiality, tolerable error, and the nominal amount for posting audit
differences to the Summary of Audit Differences.
Perform an overall analysis of financial and non-financial information.
Perform procedures that enable us to gain an understanding of each of the five
components of internal control at the entity level and the risk of fraud.
Make a preliminary assessment of inherent and control risks.
We have the greatest flexibility regarding the timing of our substantive procedures when we
Phase 3: Perform Audit Procedures
At the end of the previous phase of the audit, we performed our risk
assessments and designed customized audit solutions. In this phase, we
execute those audit procedures.
Click each activity number within the Perform Audit Procedures graphic to
the left for more details on the requirements of the activity.
Activity 9: Perform Analytical and Data Analysis Procedures
On many audits (particularly those where we have tested controls), we are able to perform
analytical and data analysis procedures that provide audit evidence from which we gain
significant audit assurance or identify areas requiring further audit investigation. These
procedures also help us to manage audit evidence more efficiently.
Activity 10: Perform Tests of Details
Generally, we look first to key-item tests as the source of the additional audit evidence we
If we have not obtained sufficient audit evidence from key-item tests, we use representative
sampling. In addition, we may perform other tests of underlying data, including tests of client-
prepared schedules, roll-forward activity, and tests of data used in analytical procedures.
Activity 11: Perform General Audit Procedures
We perform general audit procedures on all audit engagements as required by generally
accepted auditing standards or firm policy.
Certain general audit procedures may be performed more effectively and efficiently as of a
specific interim date, at year-end, or in some combination.
We can identify areas requiring further audit investigation, but not significant audit assurance,
from the performance of analytical and data analysis procedures.
If key-item tests do not produce sufficient audit evidence, we utilize _____.
All general audit procedures must be performed at year-end.
Phase 4: Conclude the Audit and Assess Performance
Prior to issuance of our auditors' report, we consider whether our audit
procedures, in total, provide us with sufficient audit evidence to conclude
on the fairness of the presentation of the client's financial statements
taken as a whole.
During this process, we ordinarily meet with management (and,
when appropriate, the audit committee or its equivalent) to present
our audit deliverables and discuss the client's satisfaction with our
overall performance and service delivery. We also reassess our
team and individual performance and develop appropriate action
On the graphic to the left, click each activity number within the Conclude
the Audit and Assess Performance phase for more details on the
requirements of the activity.
Activity 12: Conclude the Audit
Conclude the Audit is typically a team activity during which any remaining open items are
completed and the overall evaluation of the presentation of the financial statements is made
We make this assessment by reconsidering the appropriateness of the amount we used for
planning materiality and our assessments of internal control and the risk of fraud,
summarizing and evaluating unrecorded audit differences in the Summary of Audit
Differences, and concluding on the sufficiency of our audit procedures.
We document our final conclusions in the Summary Review Memorandum.
In addition, we decide which working papers (electronic and paper) are necessary to
document the work that we have performed and the conclusions that we have drawn and
therefore should be retained.
We also may perform preliminary planning activities for next year's audit.
Activity 13: Assess Client Satisfaction
Now we come full circle and assess how satisfied the client is with our performance, based on
the expectations that we co-developed in Activity 1: Co-Develop Client Expectations.
We meet with the client's key decision makers to assess their satisfaction with our progress
toward meeting or exceeding their expectations. We also use our value scorecard or similar
document to communicate the value we have provided while performing our audit.
Activity 14: Assess Our Performance
We also assess the team's performance in achieving the goals and objectives established
during Activity 2 and develop an action plan for improving our performance in reaching those
goals and objectives that were not met.
An assessment of the team's performance and the development of an improvement plan are
important factors in maintaining an effective team. This assessment is an opportunity to
capitalize on successes; minimize concerns; improve our performance in meeting
professional standards, firm policies, and the client's needs and expectations; and optimize
the balance among the value, cost, and risk tenets.
During Activity 12, Conclude the Audit, we document our final conclusions in the:
In Activity 13, Assess Client Satisfaction, we meet with key decision makers to communicate
the _____ we have provided while performing our audit.
Type your answer in the box below, then click "Check Answer."
During Activity 14, Assess Our Performance, we decide which working papers are necessary
to document the work we performed.
The Ernst & Young Global Audit Methodology is organized into four interdependent phases.
These phases are designed to focus on the client's ______ and ______ risks and how those
risks affect our audit of the financial statements.
Inherent and control
Business and financial statement
Combined and financial statement
Audit and business
Combined risk assessment and value observations left, others right