Systems Based audit approach

The basis of IAS 400, Risk Assessment and Internal Control.

The term systems audit refers to the typical audit approach to medium and large companies and is based on the assumption that such companies have internal control systems which will hopefully constitute a reliable base for the preparation of the accounts. In other words, the characteristic of a systems audit is an examination of internal control.

We have already established that many small companies cannot achieve satisfactory internal control and it is hence clearly futile for the auditor to seek to rely on controls if they don't exist or are patently unreliable. For such enterprises the auditor has no alternative but to carry out a so called 'substantive audit' involving extensive verification of transactions followed by a detailed examination of the balance sheet (verification of assets and liabilities and review of the financial statements).

The contemporary audit approach to reasonably sophisticated companies is therefore to carry out a system-based audit during the course of the accounting year, followed by a balance sheet audit at the year end - if the systems audit work is successful, i.e. the controls prove reliable, the auditor can use his judgement to reduce the extent of the balance sheet work (in no circumstances will the balance sheet work be eliminated entirely!).