AUDIT PLANNING
Whether the audit is initial or recurring, the purpose and objective
Audit Planning:
Audit planning involves establishing the overall audit strategy for the
engagement and developing an audit plan, in order to reduce audit risk to an
acceptably low level
Objective of the auditor in planning the audit: So that the audit will be
performed in an effective manner
Who are involved in planning the audit: Engagement partner and other
key members of the engagement team (because of their experience and
insight to enhance the effectiveness and efficiency of the planning process)
Benefits/Importance of adequate audit planning:
 Appropriate attention is devoted to important areas of the audit
 Potential problems are identified and resolved on a timely basis
 The audit is performed in an effective and efficient manner
 The audit engagement is properly organized, staffed and managed
 The audit is completed expeditiously
 Assists in the selection of engagement team members with appropriate
levels of capabilities and competence to respond to anticipated risks
 Assists in the proper assignment of work or proper utilization of assistants
 Facilitates the direction and supervision and the review of work
 Assists in coordination of work done by auditors of components and experts
 Proper utilization of experience gained from previous years’ engagements
and other assignments
Nature of Planning:
Planning is not a discrete phase of an audit, but rather a continual and iterative
process that often begins shortly after (or in connection with) the completion of the
previous audit and continues until the completion of the current audit engagement.
In other words, planning is a continuous function that last throughout the audit.
Factors that affect the nature and extent of audit planning:
The nature and extent of planning activities will vary according to the following
factors:
a. The size and complexity of the entity – big companies and companies
with more complex operations require more audit planning time
b. Changes in circumstances that occur during the audit engagement
– for example, expansion of operation because of diversification
c. The auditor’s previous experience with and understanding of the
entity – more work is required to obtain information regarding a new client
than for an existing client
 Initial audit requires more audit time because the auditor has no
previous knowledge or is unfamiliar with the client’s business, industry
and internal control which need to be carefully studied.
 Recurring audit requires lesser audit time because of auditor’s previous
knowledge of the entity and its industry
of audit planning are the same. It is the nature and extent of
audit planning that varies. For example, in case of initial audit the
auditor may need to expand the planning activities because he
does not ordinarily have the previous experience with the entity
that is considered when planning recurring audit engagements.
Additional considerations in initial audit engagements are
necessary such as the need for the auditor to review the
predecessor’s working papers and to perform audit procedures
regarding opening balances.
d. The composition and size of the audit team
Planning stage of audit – the time before fieldwork starts, when the auditor is
gathering information about the client and its environment and designing overall
audit strategy and audit plan
Effect of timing of appointment of auditor on audit planning:
 The earlier the auditor is appointed, the more efficient the audit plan and
performance can be. Thus, early appointment of the auditor allows the
auditor to plan a more efficient audit.
 It is acceptable for an auditor to accept an audit engagement near or after
year-end. However, the auditor should consider whether late appointment
will pose limitations on the audit that may lead to a qualified opinion or a
disclaimer of opinion, and should discuss such concerns with the client.
PLANNING ACTIVITIES FOR THE AUDIT ENGAGEMENT:
In order to reduce audit risk to an acceptably low level (Note 3), the
auditor shall:
1. Establish an overall audit strategy that sets the scope, timing and
direction for the audit, and that guides the development of the more
detailed audit plan (Note 1)
2. Develop an audit plan that addresses the various matters identified in the
overall audit strategy
Audit plan includes a description of:
a. The nature, timing and extent of planned risk assessment procedures
(Note 2)
b. The nature, timing and extent of planned further audit procedures (at
the assertion level) – to be performed during testing stage
Further audit procedures include:
(1) Tests of controls – tests of the operating effectiveness of internal
control
(2) Substantive tests/procedures – include tests of details and
analytical procedures
c. Other planned audit procedures (that are required to be carried out to
comply with PSAs)

AUDIT PLANNING ALSO INVOLVES:
1. Modifying (updating) the overall audit strategy and the audit plan
as necessary during the course of the audit
Revision is necessary because of:
 Unexpected events
 Changes in conditions
 Audit evidence obtained from the results of audit procedures
The establishment of the overall audit strategy and the detailed audit
plan are not necessarily discrete and or sequential processes, but are
closely inter-related since changes in one may result in consequential
changes to the other.
2. Planning the nature, timing and extent of direction, supervision of
the engagement team members and the review of their work
The nature, timing and extent of direction, supervision of audit
engagement team members and review of their work depend on the
following factors:
a. Size and complexity of the entity – Audits of small entities
requires lesser (or even no) direction, supervision, and review
of the work of assistants
b. Area of audit – Difficult aspects of audit demand increased
direction, supervision, and a more detailed review of work of
assistants.
c. Risks of material misstatement – As the assessed risk of
material misstatement increases, a given area of the audit,
the auditor ordinarily increases the extent and timeliness of
direction, supervision and review
d. Capabilities and competence of personnel performing the
audit work.
3. Other planning considerations:
 The auditor should consider the work of experts and other
independent auditors
a. Considering the work of an expert – An expert is a person or
firm possessing special skill, knowledge and experience in a
particular field or discipline other than accounting and auditing.
Examples of work of experts include:
 Valuation of certain assets (such as
precious stones, works of arts, real estate, plant and
machinery)
 Valuation of financial instruments
 Actuarial valuation
 Determination of quantities or
physical condition of assets such as minerals stored in
stockpiles, underground mineral and petroleum
reserves, and the remaining useful life of plant and
machinery
 Measurement of % of completion on
contracts in progress
 Legal opinions concerning
interpretations of statute and regulations and contracts
such as legal documents or legal title to property
When determining the need for an expert, the auditor would
consider:
a. The materiality of the financial statement item
being considered
b. The risk of misstatement
c. The quality and quantity of other audit evidence
available
b. Considering the work of other independent auditors –
applicable when a component of the entity is to be audited by other
independent auditor
 Discussing planned audit procedures with client management:
 Discussion is allowed to facilitate the conduct and management of
the audit engagement (for example, to coordinate some of the
planned audit procedures with the work of the client’s personnel)
 Discussion should not compromise the effectiveness of the audit
(audit procedures should not be too predictable)
 Audit engagement team discussions :
 The members of the engagement team should discuss the
susceptibility of the entity’s financial statements to material
misstatements.
 Communication between audit team members is necessary at all
stages of the engagement to ensure all matters are appropriately
considered.
 The objective of audit team discussions is to:
 Share insights based on their knowledge of the entity;
 Exchange information about business risks;
 Gain a better understanding of the potential for material
misstatements (especially for the audit areas assigned to
them);
 Consider the susceptibility of the entity’s financial statements
to material misstatement due to fraud;
 Consider application of the applicable financial reporting
framework to the entity’s facts and circumstances; and
 Understand how the results of the audit procedures
performed may affect other aspects of the audit including the
decisions about the nature, timing, and extent of further
audit procedures.
 Members of the engagement team have an ongoing responsibility
to discuss:
 Their understanding of the entity to be audited;
 The business risks to which the entity is subject;
  Application of the applicable financial reporting framework;
and
 The susceptibility of the financial statements to material
misstatements, including fraud.
4. Developing the audit program:
The auditor should prepare an audit program.
 An audit program is a listing of audit procedures (tests
of controls and/or substantive tests) that the auditor will
perform to gather sufficient appropriate evidence.
 It sets out in detail the nature, timing and extent of
planned audit procedures required to implement the
overall audit plan.
 It is a set of instructions to assistants involved in the audit
and as a means to control and record the proper execution
of work
 It provides a proof that the audit was adequately planned
 It is a basic tool used by the auditor to control the audit
work and review the progress of the audit.
 The form and content of audit program may vary for each
particular engagement.
 The auditor may use standard audit programs or audit
completion checklists but should appropriately tailor to suit
the circumstances on particular engagement.
 An audit program at the beginning of the audit process is
temporary because a complete audit program for an
engagement generally should be developed after
evaluation of internal control.
Time budget – an estimate of time that will be spent in
executing audit procedures listed in the audit program that provides
a basis for estimating audit fees and assists the auditor in assessing
the efficiency of the assistants
5. The auditor should document the planning activities:
Documentation of the following serves as a record/evidence of the
proper planning and performance of the audit procedures:
a. The overall audit strategy – documentation or record of the key
decisions
b. The audit plan (including the audit program) – documentation of
the planned nature, timing and extent of audit procedures
c. Record of:
 Any significant changes made to the overall audit strategy and
the audit plan during the audit
 Resulting changes to the planned nature, timing and extent of
audit procedures
 Final overall audit strategy and audit plan
 Appropriate response to the significant changes occurring
during the audit
The following shall also be documented:
a. Discussion among the engagement team
b. Key elements of the understanding of the entity, its environment,
including internal control
c. The identified and assessed risks of material misstatements
d. The risks identified, and related controls about which the auditor has
obtained an understanding
Note 1:
Establishing the overall audit strategy involves:
a. Identifying the characteristics of the engagement that define its scope
Examples:
 Financial reporting framework (Ex. PFRS)
 Industry specific reporting requirements (Reports required by industry
regulators)
 Expected coverage of the audit (Ex. Locations and number of
components of the entity to be included in the audit)
 Nature of the control relationships between a parent and its
components (this affects how the group is to consolidated)
 Extent to which components are audited by other auditors
 Nature of business segments to be audited (this may require the need
for specialized knowledge)
 Reporting currency to be used (may involve foreign currency
translation)
 The need for a statutory audit of standalone financial statements in
addition to an audit for consolidation purposes
 Availability of the work of internal auditors and the extent of the
auditor’s reliance on such work (Note 1.1)
 The entity’s use of service organizations
 Expected use of audit evidence obtained in previous audits (in case of
recurring audit), for example, audit evidence related to risk
assessment procedures and tests of controls
 The effect of information technology (IT) on the audit procedures
 Coordination of audit work with reviews of interim financial
information
 Availability of client personnel and data
b. Ascertaining the reporting objectives of the engagement to plan the timing
of the audit and the nature of the communications required
Examples:
 Deadlines or timetable for interim and final reporting
 Organization of meeting with the management to discuss the nature,
timing and extent of the audit work
 Discussion with management regarding the expected type and timing
of reports to be issued and other communications, both oral and
written, including the auditor’s report, management letter and
communications to those charged with governance
  Discussion with management regarding the expected communication
and status of audit work throughout the engagement
 Communication with auditors of components
 Expected nature and timing of communications among engagement
tem members
 Any other expected communications with third parties
c. Considering the factors that are significant in directing the engagement
team’s efforts
Examples:
 Determining the appropriate materiality levels (Note 1.2)
 Preliminary identification of areas where there may be higher risks of
material misstatement (Note 1.3)
 The impact of assessed risk of material misstatement at the overall
financial statement level on direction, supervision and review
 The manner in which professional skepticism is emphasized to
engagement team members
 Management commitment to a sound internal control
 Volume of transactions, which may determine whether it is more
efficient for the auditor to rely on internal control
 Importance attached to internal control throughout the entity to the
successful operation of the business
 Significant business developments affecting the entity (such as
changes in information technology, changes in key management,
acquisitions, mergers and divestments)
 Significant industry developments (such as changes in industry
regulations and new reporting requirements)
 Significant changes in financial reporting framework (such as changes
in accounting standards)
 Other significant relevant developments (such as changes in the legal
environment affecting the entity)
d. Considering the results of preliminary engagement activities and, where
applicable, whether knowledge gained on other engagements performed by
the engagement partner for the entity is relevant, and
Examples:
 Results of previous audit regarding evaluation of internal control,
identified weaknesses and action taken to address them
 The discussion of matters that may affect the audit with firm
personnel responsible for performing other services to the entity
e. Ascertaining the nature, timing and extent of resources necessary to perform
the engagement.
Examples:
 Selection of the engagement team
 Assignment of audit work to team members (experienced team
members are assigned to areas where there may be higher risks of
material misstatement
 Engagement budgeting (more audit time is set aside for areas where
there may be higher risks of material misstatement)
Benefits of developing the overall audit strategy:
Establishing the overall audit strategy assists the auditor in determining the
following:
a. The resources to deploy for specific audit areas
For example:
 Use of experienced team members for high risk areas
 Involvement of experts on complex matters
b. The amount of resources to allocate to specific audit areas
For example:
 Number of team members assigned to observe the inventory count at
material locations
 Extent of review of other auditors’ work in the case of group audits
 Audit budget in hours to allocate to high risk areas
c. When these resources are to be deployed
 Is it at an interim audit stage or at key cut-off dates?
d. How such resources are managed, directed and supervised
 When to hold team briefing and debriefing meetings
 How engagement partner and manager reviews are expected to take
place (for example, on-site or off-site)
 Whether to complete engagement quality control reviews
Note 1.1 – Considering the work of internal auditing/ auditors
 The external auditor should consider the work of internal auditing in order to
minimize audit costs.
 The auditor should obtain a sufficient understanding of the internal audit
function because the work performed by internal auditors may be a factor in
determining the nature, timing, and extent of external auditor’s procedures.
 Internal auditing can affect the scope of the external auditor’s audit of
financial statements by decreasing the auditor’s need to perform detailed
tests.
 The tasks that could be delegated to the internal audit staff include
preparation of schedules. The auditor has sole responsibility for the audit
opinion expressed, and that responsibility is not reduced by any use made of
internal auditing.
Considering the work of internal auditing involves two important phases:
1. Making a preliminary assessment of internal auditing – important
criteria in assessment of internal auditor’s:
a. Technical competence – personal qualifications and
experience as internal auditors
b. Objectivity / organizational status – organizational level to
which the internal auditor report the results of his work
c. Due professional care – proper planning, supervision and
documentation of internal auditor’s work
d. Scope of function – nature and extent of internal auditing
assignments performed
 2. Evaluating and testing the work of internal auditing
Note 1.2 – Determining the appropriate materiality levels
The auditor shall determine materiality and performance materiality when
planning the audit.
Concept of materiality:
 Materiality is the amount (threshold or cut-off point) at which
judgment of informed decision makers based on the financial
statement may be altered (changed or influenced).
 An item or information is material if its omission or misstatement
could influence the economic decisions of users taken on the basis
of the financial statements.
 In determining appropriate level of materiality, the auditor uses
professional judgment using his perception of the needs of
reasonable users of the financial statements.
Uses of materiality in planning the audit:
a. To determine the nature, timing and extent of risk assessment
procedures
b. To identify and assess risk of material misstatement, and
c. To determine the nature, timing and extent of further audit
procedures
Considering materiality throughout the audit:
1. Planning stage
a. To identify and assess risks of material misstatements
b. To determine the nature, timing and extent of further audit
procedures
2. Testing stage (materiality levels set during audit planning are simply
updated/revised if necessary)
3. Completion stage
c. To evaluate the effect of uncorrected misstatements, if any, on the
financial statements and in forming the opinion in the auditor’s
report
Documentation on materiality: Documentation should include the
amounts and the factors considered in their determination:
a. Materiality level for the financial statements as a whole
b. Materiality level or levels for a particular classes of transactions,
account balances or disclosures, if applicable
c. Performance materiality
d. Any revision of materiality levels (a to c) as the audit progresses
Qualitative and quantitative considerations:
Materiality should address qualitative and quantitative considerations.
In some cases, misstatements of relatively small amounts could have a
material effect on the financial statements. For example, an illegal payment
of an otherwise immaterial amount or failure to comply with a regulatory
requirement may be material if there is a reasonable possibility of such
payment or failure leading to a material contingent liability, a material loss of
assets, or a material loss of revenue.
Inverse relationship between materiality and audit
procedures/evidence:
 More evidence will be required for a low peso amount of materiality
than for a high peso amount.
 The lower the tolerable misstatement, the more extensive the required
audit procedures.
Materiality levels:
a. Materiality at financial statement as a whole – it is the smallest
aggregate level that could misstate/distort any of the financial statements
 Also known as materiality threshold or planning materiality
or overall materiality
 Overall materiality is usually expressed as a % of a chosen
benchmark (such as profit before tax, total revenues, gross profit,
total expenses, total equity or net asset value).
 Profit from continuing operations is often used for profit-oriented
entities except when the profit from continuing operations is
volatile.
 Relevant financial data as source of benchmarks:
 Prior periods’ financial statements
 Annualized interim financial statements
 Period-to-date financial statements
 Budgeted financial statements of the current year
b. Materiality at assertion level – materiality level for individual or
particular class of transactions, account balance, or disclosure where
appropriate; this is also known as tolerable misstatement
 Tolerable misstatement refers to allocated materiality to
affected accounts (usually statement of financial position accounts
because they are fewer)
 Account balance – an individual line item in the financial
statements, such as cash and cash equivalents, loans and
receivable, etc.
 Class of transactions – type of transaction processed by the
client’s accounting system, such as sales transactions and
purchasing transactions
 Allocation may be done judgmentally or using formal quantitative
approaches.
 Materiality at this level are lesser than the overall materiality level
but could reasonably be expected to influence the economic
decisions of financial statement users.
c. Performance materiality – amount or amounts set by the auditor:
  At less than materiality for the financial statements as a whole
 At less than materiality level or levels for particular classes of
transactions, account balances or disclosures
Purpose of performance materiality: It provides margin to
reduce the possibility of undetected misstatements because:
a. It reduces to an appropriately low level the probability that
the aggregate of uncorrected and undetected
misstatements in the financial statements exceeds the
materiality level for the financial statements as a whole
b. It reduces to an appropriately low level the probability that
the aggregate of uncorrected and undetected
misstatements in the particular class of transactions,
account balance or disclosure exceeds the materiality level
for that particular class of transactions, account balance or
disclosure
Note 1.3 – Preliminary identification of areas where there may be higher
risks of material misstatement
a. Risks of material misstatements may be greater for significant non-routine
transactions which involves:
 Greater management intervention to specify the accounting treatment
 Greater manual intervention for data collection and processing
 Complex calculations or accounting principles
b. Risk of material misstatements may be greater for significant judgmental
matters such as:
 Accounting estimates
 Revenue recognition may be subject to differing interpretation
 Required judgment may be subjective or complex or require
assumptions about the effects of future events (for example, judgment
about fair value)
c. Significant risk of relating to risk of material misstatement due to fraud
d. There are areas where special audit consideration may be necessary, for
example:
 Related party transaction – a transfer of resources, services or
obligations between related parties, regardless of whether a price is
charged
The auditor shall inquire of management regarding:
a. The identity of the entity’s related parties (relationships
and transactions), including changes from the prior
period;
b. The nature of the relationships between the entity and
these related parties; and
c. Whether the entity entered into any transactions with
these related parties during the period and, if so, the type
and purpose of the transactions.
Existence of related parties and related party transactions
 Management’s use of going concern assumption (financial statements
are prepared based on going concern assumption but there is a
significant doubt as to the continued existence of the entity) – the
auditor shall assess the appropriateness of management’s use of going
concern assumption
Note 2:
Risk assessment procedures – are audit procedures whose purposes include:
a. To obtain understanding of the entity and its environment, including the
entity’s internal control (Note 2.1)
b. To identify risks of material misstatements, whether due to fraud or error,
at the financial statement and assertion levels (Note 2.2)
c. To assess risks of material misstatement (Note 2.3)
d. To provide a basis for the identification and assessment of risks of material
misstatements
e. To provide a basis for designing and implementing responses to the
assessed risks of material misstatement
Risk assessment procedures include (Note 2.4):
1. Inquiry of management and other firm personnel
2. Analytical procedures
3. Observation and inquiry
Note 2.1 – Required understanding of the entity and its environment,
including internal control:
1. Understanding of the environment – external factors:
a. Relevant industry’s factors – the industry in which the entity
operates may give rise to specific risks of material misstatements arising
from the nature of the business or the degree of regulation
Examples of industry factors:
 Industry conditions such as the competitive environment, supplier
and customer relationships and technological developments
Specific examples of industry factors:
 Market and competition (including demand, capacity, and price
competition)
 Cyclical or seasonal activity
 Product technology relating to the entity’s products
 Energy supply and cost
b. Regulatory factors – include the regulatory environment
 Accounting principles and industry specific practices
 Regulatory framework for a regulated industry
 Laws/legislations or regulations that significantly affect the entity’s
operations, including direct supervisory activities
 Taxation
 Legal and political environment
  Government policies currently affecting the conduct of the entity’s
business
 Environmental requirements affecting the industry and the entity
c. Applicable financial reporting framework
d. Other external factors affecting the entity – such as general
economic conditions, interest rates and availability of financing, and
inflation or currency revaluation
2. Entity – internal factors:
a. Nature of the entity: An understanding of the nature of an entity
enables the auditor to understand the classes of transactions, account
balances, and disclosures to be expected in the financial statements.
Factors to consider include:
 Entity’s operations
 Ownership and governance structures
 Types of investments that the entity is making and plans to make
 Entity structure (locations, subsidiaries, etc.) – complex structures
may give rise to risks of material misstatement
 How the entity is financed
 How related party transactions are identified and accounted for
b. Entity’s selection and application of accounting policies –
consider whether accounting policies are:
 Appropriate for the entity’s business
 Consistent with the applicable financial reporting framework, and
 Used in the relevant industry
c. Entity’s objectives and strategies, and those related business
risks that may result in risks of material misstatement of the
financial statements
1. Objectives – relate to entity’s mission, vision or values statement
2. Strategies – pertain to operational approaches by which
management intends to achieve its objectives
3. Business risks – risks of inability to achieve the objectives
 The term “business risk” is broader than the risks of material
misstatement in the financial statements. Not all business risks
give rise to risk of material misstatement.
 An understanding of business risks increases the likelihood of
identifying the risks of material misstatement. However, the
auditor does not have a responsibility to identify or assess all
business risks.
d. Measurement and review of the entity’s financial performance
Performance measures, whether external or internal, create
pressures on the entity that may motivate management to take action to
improve the business performance or to manipulate/misstate the financial
statements.
e. Internal control – The auditor shall obtain an understanding of
internal control relevant to the audit.
Internal control is designed, implemented and maintained to
address identified business risks that threaten the achievement of any
of the entity’s objectives that concern:
1. The reliability of the entity’s financial reporting;
2. The effectiveness and efficiency of its operations; and
3. Its compliance with applicable laws and regulations.
An understanding of internal control assists the auditor in
identifying types of potential misstatements and factors that affect the
risks of material misstatement, and in designing the nature, timing, and
extent of further audit procedures.
Note 2.2 – Identify the risks of material misstatement:
 Identify risks of material misstatement (inherent risk and control risk) based on
understanding the entity and its environment, including the entity’s relevant
internal control. The auditor shall provide reasonable assurance of detecting
material misstatements, whether arising from errors or fraud.
Risk of material misstatement (RMM) – the risk that the financial
statements contain a material misstatement.
Components of RMM:
The risks of material misstatement are a combination of inherent risk
and control risk:
1. Inherent risk – the susceptibility of an assertion to a
misstatement that could be material, either individually or when
aggregated with other misstatements, assuming there are no
related controls to mitigate such risks
Inherent risk may also be described as follows:
 The concept of inherent risk recognizes that the risk of
misstatement is greater for some assertions than for
others.
 Inherent risk is the risk that financial statements are
likely to be materially misstated.
Examples of inherent risk:
 Cash is more susceptible to theft than an
inventory of coal
 Complex calculations are more likely to be
misstated than simple calculations
 Estimation transactions, especially if they involve
accounting estimates that are subject to significant
measurement uncertainty
 High value inventory (could be easily stolen, thus,
there would be an inherent risk relating to the existence
assertion)
2. Control risk – the risk that a material misstatement, either
individually or when aggregated with other misstatements, that
could occur will not be prevented or detected and corrected
on a timely basis by the entity’s internal control
 Control risk is a function of the effectiveness of the
entity’s internal control.
 Control risk is the type of risk that the management has
the most control over in the short term.
  Some control risk will always exist because of the inherent
limitations of any internal control system.
Risk of material misstatement (inherent risk and control risk) cannot
be eliminated or controlled by the auditor because these are entity’s
risks that exist independently of the audit of financial statements.
Causes of misstatements of the financial statements:
1. Errors – refer to mistakes or unintentional misstatements or
omissions of amounts or disclosures in the financial statements.
Examples:
 Mistakes in gathering or processing data from which FS are
prepared
 Incorrect accounting estimate arising from oversight or
misinterpretation of facts
 Mistake in applying accounting principles
2. Fraud – intentional misstatements or omissions of amounts or
disclosures in the financial statements
The term “fraud” refers to an intentional act by one or
more individuals among management, those charged with
governance, employees or third parties, involving the use of
deception to obtain an unjust or illegal advantage.
The factor that distinguishes fraud from error is whether the
underlying action is intentional or unintentional.
Two types of Fraud:
a. Fraudulent financial reporting (or management fraud) –
intentional misstatements committed by members of
management or those charged with governance or oversight to
render financial statements misleading to deceive users of the
financial statements
The most serious types of fraud usually involve
management. This results from the fact that management is
primarily responsible for the design and implementation of
internal control in the first place.
Fraudulent financial reporting may be accomplished by:
 Manipulation, falsification, or alteration of accounting
records or related supporting documents
 Misrepresentation in, or intentional omission from, the FS of
events/transactions or other significant information
 Intentional misapplication of accounting principles
Examples of techniques used by management are:
 Recording fictitious journal entries
 Using inappropriate assumptions in accounting estimate
 Untimely recognition in the FS of events and transactions
 Concealing, or not disclosing, facts that could affect the
amounts recorded in the FS
Manipulation of financial statements occurs when a higher
or lower level of earnings is reported than that which actually
occurred. It could also take the form of omissions (failure to
disclose certain matters) or false statements in the notes and/or
other disclosures. The motive may be to raise finances, reach a
bonus threshold, inflate the value of the business or simply
minimize taxes.
b. Misappropriation of assets (employee fraud or
defalcation) – theft of assets and is often perpetrated by non-
management employees. Examples:
 Misappropriating collections on accounts receivable
 Stealing inventory
 Colluding with a competitor by disclosing technological data
in return for payment
 Payments to fictitious employees or vendors
 Using the entity’s assets as collateral for a personal loan
The most popular ways to manipulate financial statements
involves journal entries and accounting estimates because if
manipulation is discovered management can easily deny
involvement. A bias in estimates can be attributed to excessive
conservatism or optimism. An unsupported journal entry, if
discovered, can be characterized as a simple mistake. This differs
from strategies such as falsified records that, if discovered by the
auditor, would be quite difficult for management to deny.
Fraud Risk Factors:
Fraud risk factors – conditions that could heighten an auditor’s
concern about risk of material misstatements because they provide clues
or red flags to the existence of fraud
1. Incentives/pressures – reasons to commit fraud. A pressure
is often generated by immediate needs (such as having
significant personal debts or meeting an analyst’s or bank’s
expectations for profit) that are difficult to share with others.
Examples:
 Management is under pressure to reduce earnings to
minimize taxes
 Management is under pressure to inflate earnings to secure
bank financing
 Meeting analyst’s or bank’s expectations for profit
 Inflating the purchase price of the business
 Meeting the threshold for a performance bonus
 Having significant personal debts or poor credit
 Trying to cover financial losses
  Being greedy or involved in gambling, drugs, and/or affairs
 Being under undue peer or family pressure to succeed
 Living beyond one’s means
Other situations or characteristics, not necessarily financial in
nature, include:
 Enjoying the challenge of beating the system
 Fearing personal loss of pride, position or status such as
when a company is doing poorly
 Being dissatisfied with a job or wanting revenge against an
employer
 Being emotionally unstable
Some of these pressures can easily be identified (such as
performance incentive plans). Others are more difficult to
identify (such as family or peer pressure, living beyond one’s
means or having a gambling problem).
2. Opportunity (whether perceived or real) – Opportunity
pertains to an individual’s perception that he can commit fraud
and that it will not be detected. Potential perpetrators who
think they might be detected and charged with a criminal
offense would not likely to commit fraud. A poor corporate
culture and a lack of adequate internal control procedures can
often create the confidence that a fraud could go undetected.
Opportunity often emanates from:
 Poor corporate culture
 Where a person feels they can take advantage of the trust
placed in him or her
 Knowledge of specific control weakness
3. Attitudes/rationalizations – fraud involves some
rationalization to commit fraud or the belief that a crime has not
been committed. For example:
 Some individuals possess an attitude or character to
knowingly and intentionally commit a dishonest act
 Being dissatisfied with pay
 Feeling underappreciated (such as not getting an expected
promotion)
Degree of assurance between detection of material fraud and
material errors:
1. Fraud is harder to detect than errors: Reasons:
a. Fraud may involve sophisticated and carefully organized
schemes designed to conceal it.
b. Fraud may be accompanied by collusion.
2. Management fraud vs. employee fraud – the risk of not
detecting a material misstatement resulting from management
fraud is greater than for employee fraud
Reasons:
 Management has the most opportunity to commit fraud,
while employees need to exploit weakness in internal
control in order to commit fraud.
 Management has the ability to override or bypass an
existing effective internal control.
 Management can influence the preparation and
presentation of financial statements.
Conditions and events that may indicate risks of material
misstatement:
The following are examples of conditions and events that may
indicate the existence of risks of material misstatement. The examples
provided cover a broad range of conditions and events; however, not all
conditions and events are relevant to every audit engagement and the
list of examples is not necessarily complete.
 Operations in regions that are economically unstable, for
example, countries with significant currency devaluation or
highly inflationary economies.
 Operations exposed to volatile markets, for example, futures
trading.
 Operations that are subject to high degree of complex
regulation.
 Going concern and liquidity issues including loss of significant
customers.
 Constraints on the availability of capital and credit.
 Changes in the industry in which the entity operates.
 Changes in the supply chain.
 Developing or offering new products or services, or moving into
new lines of business.
 Expanding into new locations.
 Changes in the entity such as large acquisitions or
reorganizations or other unusual events.
 Entities or business segments likely to be sold.
 Existence of complex alliances and joint ventures.
 Use of off-balance-sheet finance, special-purpose entities, and
other complex financing arrangements.
 Significant transactions with related parties.
 Lack of personnel with appropriate accounting and financial
reporting skills.
 Changes in key personnel including departure of key executives.
 Weaknesses in internal control, especially those not addressed
by management.
 Inconsistencies between the entity’s IT strategy and its business
strategies.
 Changes in the IT environment.
 Installation of significant new IT systems related to financial
reporting.
  Inquiries into the entity’s operations or financial results by
regulatory or government bodies.
 Past misstatements, history of errors or a significant amount of
adjustments at period end.
 Significant amount of non-routine or non-systematic
transactions including intercompany transactions and large
revenue transactions at period end.
 Transactions that are recorded based on management’s intent,
for example, debt refinancing, assets to be sold and
classification of marketable securities.
 Application of new accounting pronouncements.
 Accounting measurements that involve complex processes.
 Events or transactions that involve significant measurement
uncertainty, including accounting estimates.
 Pending litigation and contingent liabilities, for example, sales
warranties, financial guarantees and environmental remediation
Considering compliance with laws and regulations:
 Non-compliance refers to acts of omission or commission by
the entity being audited, either intentional or unintentional,
which are contrary to the prevailing laws or regulations.
 The auditor should consider compliance with laws and
regulations since noncompliance by the entity with laws and
regulations may materially affect the financial statements.
However, an audit cannot be expected to detect noncompliance
with all laws and regulations.
 Noncompliance is sometimes described as violations of law or
regulations or illegal acts.
 Common examples of non-compliance:
 Violation of tax laws and environmental laws
 Occupational safety and health
 Inside trading of securities
 Result of non-compliance with laws and regulations:
 Fines/penalties
 Damages
 Threat of expropriation of assets
 Enforced discontinuation of operations
 Litigation
 Auditor’s responsibility in detecting non-compliance is limited
to material direct-effect noncompliance or illegal act.
(Reason: Generally, the further removed non-compliance is
from the events and transactions that are ordinarily reflected
in financial statements, the less likely the auditor is to become
aware of or to recognize non-compliance.
 Responsibility for the compliance with laws and regulations
rests with management. This responsibility includes
prevention and detection (and correction) of noncompliance
with laws and regulations.
Indications that noncompliance may have occurred:
 The entity is under investigation by government departments
 Payment of fines or penalties.
 Payments for unspecified services or loans to consultants,
related parties, employees or government employees.
 Sales commissions or agent's fees that appear excessive in
relation to those ordinarily paid by the entity or in its industry or
to the services actually received.
 Purchasing at prices significantly above or below market price.
 Unusual payments in cash, purchases in the form of cashiers'
checks payable to bearer or transfers to numbered bank
accounts.
 Unusual transactions with companies registered in tax havens.
 Payments for goods or services made other than to the country
from which the goods or services originated.
 Payments without proper exchange control documentation.
 Existence of an accounting system with inadequate audit trail or
sufficient evidence.
 Unauthorized transactions or improperly recorded transactions
 Media comment
Note 2.3 – Assess the identified risks of material misstatement:
Factors to consider whether a risk is significant:
 Whether the risk is a risk of fraud
 Whether the risk is related to recent significant economic accounting or
other developments and, therefore, requires specific attention
 Complexity of transactions
 Whether the risk involves significant transactions with related parties
 The degree of subjectivity in the measurement of financial information
related to the risk, especially those involving uncertainty
 Whether the risk involves significant transactions that are outside the
normal course of business for the entity, or that otherwise appear to be
unusual
Significant risk – an identified and assessed risk of material
misstatement that, in the auditor’s judgment, requires special audit
consideration
Significant risks often relate to:
a. Non-routine transactions – unusual (in size or nature) and
infrequent transactions
b. Judgmental matters – such as those involving accounting
estimates for which there is significant measurement
uncertainty
Note 2.4 – Risk assessment procedures include:
1. Inquires of management and others within the entity that is likely
to assist the auditor in identifying risk of material misstatement
due to fraud or error
For example, inquiries of management, audit committee, board of
directors, internal auditors, in-house legal counsel, and other client
personnel
2. Analytical procedures
 Analytical procedures – evaluations of financial information made by
a study of plausible relationships among both financial and nonfinancial
data
 Purpose of preliminary analytical procedures:
a. To identify areas that may represent specific risks such as the
existence of unusual transactions or events, and amounts, ratios,
and trends that may assist the auditor in identifying risks of
material misstatements that the auditor may need to investigate
further
b. To enhance the auditor’s understanding of the entity’s business and
transactions to help plan the nature, timing, and extent of
substantive auditing procedures that will be used to gather audit
evidence
 Analytical procedures performed during audit planning is known as
preliminary analytical procedures
 Analytical procedures involve:
a. Analysis of significant ratios and trends or the study of plausible
relationships among both financial and non-financial data
b. Investigation of fluctuations and relationships that are inconsistent
with other relevant information or deviate significantly from
predicted amounts by:
 Inquiries of management
 Corroboration of management responses, and
 Applying other appropriate audit procedures
Basic premise underlying the use of analytical procedures:
The basic premise underlying the use of analytical procedures is
that plausible relationships among data may reasonably expected to
exist and continue (predictable) in the absence of known conditions to
the contrary. The relationship among data should be both:
a. Plausible – there is a clear cause and effect relationship
among data
b. Predictable – reasonably expected to exist and continue
in the absence of known conditions to the contrary
Generalizations in assessing the predictability of the accounts:
 Income statements accounts are more predictable
than balance sheet accounts.
 Accounts that are not subject to management
discretion are generally predictable.
 Relationships in a stable environment are more
predictable that those in a dynamic or unstable environment.
Main purpose of analytical procedures: To assess the overall
reasonableness of account balances and transactions
Specific purpose/focus/objective of analytical procedures in
the three stages of audit:
1. In the planning stage – performed as risk assessment
procedures (required/mandatory) to obtain an understanding
of the entity and its environment
Objective/purpose/focus during planning stage:
 To enhance the auditor’s understanding of the entity’s
business and transactions to help plan the nature, timing,
and extent of substantive auditing procedures that will be
used to gather audit evidence.
 To identify areas that may represent specific risks (such as
unusual transactions and events or abnormal/significant
fluctuations in amounts, ratios, or trends) that the auditor
may need to investigate further
2. In testing stage – as substantive procedures when their
application is, based on the auditors judgment, more effective
and efficient than test of details (not required)
Objective/purpose/focus during testing stage:
 To obtain audit evidence to confirm individual account
balances
3. In the overall review or completion stage – As an overall
review of the financial statements (required)
Objective/purpose/focus:
 To identify a previously unrecognized risk of material
misstatement (unusual fluctuations that were not identified
in the planning and testing phases of the audit)
 To confirm conclusions reached with respect to the
fairness of the financial statements
3. Observation and inspection – these include:
 Observation of entity activities and operations
 Inspection of documents (such as business plans and strategies,
records, and internal control manuals)
 Inspection of reports prepared by management (such as quarterly
management reports) and those charged with governance (such as
minutes of board of directors’ meetings)
 Visit or tour of entity’s premise/facilities
Note 3 – Reducing audit risk to an acceptably low level
To reduce audit risk to acceptably low level the auditor shall:
a. Assess the risks of material misstatement (inherent and control risk);
and
b. Limit detection risk. This may be achieved by performing procedures
that respond to the assessed risks of material misstatement at the financial
statements, class of transactions, account balance and assertion levels.
Steps in assessing Audit Risk:
1. Set the desired level of Audit Risk
Audit risk – the risk that the auditor gives an inappropriate audit
opinion when the financial statements are materially misstated; it is the risk
that the auditor may unknowingly fail to modify appropriately the opinion on
financial statements that are materially misstated
2. Assess the level of Inherent Risk (such as low, medium, or high) –
for example, low level if likelihood of misstatement is low
 Inherent risk – the susceptibility of an assertion to a misstatement
that could be material, either individually or when aggregated with
other misstatements, assuming there are no related controls to
mitigate such risks
 Sources of assessment include knowledge of entity and its
environment and preliminary analytical procedures.
3. Assess the level of Control Risk (such as low, medium, or high) –
for example, low control risk if internal control is effective, or high
control risk if internal control is not effective
 Control risk – the risk that a material misstatement, either
individually or when aggregated with other misstatements, that could
occur will not be prevented or detected and corrected on a timely
basis by the entity’s internal control
 Sources of assessment include knowledge of internal control and
observation and inspection
Combined assessment:
The auditor usually makes combined assessment of inherent and control
risks. If the combined assessment of inherent risk and control risk is
high, the auditor should:
 Place more emphasis on obtaining external evidence
 Reduce reliance on internal evidence
 Design more effective substantive procedures
4. Determine the acceptable level of detection risk: The acceptable
level of detection risk depends on the assessed level of inherent and
control risk (inverse relationship)
 Detection risk – the risk that the auditor will not detect such a
material misstatement that exists/occurs in an assertion
 Detection risk is a function of the effectiveness of an auditing
procedure and its application by the auditor
 Detection risk is significantly affected by the nature, timing, and
extent of the auditor’s substantive procedures
 Detection risk is a complement of assurance provided by
substantive tests (for example, a 10% detection risk means a
90% assurance of detecting material misstatement)
 Detection risk can be increased or decreased by the auditor by
performing substantive tests but can never be reduced to zero
because of the inherent limitations in the procedures carried out,
the human judgments required, and the nature of the evidence
examined.
 The auditor uses the Audit Risk Model:
Audit Risk = Inherent risk x Control risk x Detection risk
Acceptable level of Audit risk
Detection risk = Inherent risk x
Control risk
5. Design audit substantive tests
 Auditor’s reaction to level of detection risk:
a. Lower acceptable level of detection risk – higher assurance
are to be provided by substantive tests by changing any or
combination of the following:
 Nature – performing more effective substantive
procedures
 Timing – performing substantive procedures at year-end
rather than at interim dates (decreases detection risk by
reducing the risk for the period subsequent to the
performance of those tests)
 Extent – increasing the extent of substantive tests by
using larger sample size
b. Higher acceptable level of detection risk – low assurance
are to be provided by substantive tests by changing any or
combination of the following:
 Nature – performing less effective substantive
procedures
 Timing – performing substantive procedures at
interim dates
 Extent – decreasing the extent of substantive tests
using smaller sample size
In summary, the auditor performs audit procedures to assess the risks
of material misstatement and seeks to limit detection risk by performing
further audit procedures based on that assessment.
Summary of relationships among audit risk components:
 The acceptable level of detection risk for a given level of audit risk
bears an inverse relationship to the risks of material misstatement
at the assertion level. Therefore:
↑ Risk of material misstatement (inherent risk and control risk),
↓ detection risk that can be accepted, and vice versa.
 Audit risk and detection risk move in the same direction: ↑ Audit
risk, ↑ detection risk, and vice versa
 The relationship between the risks can also be expressed
mathematically in the following formula:
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk
Inherent risk and control risk are independent variables while
detection risk is a dependent variable.
 All the components of audit risk cannot be eliminated by the
auditor due to the following reasons:
a. Inherent risk – some accounts are susceptible to a material
misstatement or the risk of such misstatement is greater for
some accounts than for others
b. Control risk – due to inherent limitations of internal control
system
c. Detection risk –
 Use of testing/sampling
 Use of auditor’s judgment
 Even when the auditor conducts 100% examination
because audit evidence is persuasive rather than
conclusive in nature
 The components of audit risk that can or cannot be controlled by
the auditor:
a. Inherent risk and control risk – cannot be controlled
because these are entity’s risk and exist independently of
the audit
b. Detection risk – can be directly controlled (increased or
decreased) by the auditor because detection risk relates to
the auditor’s procedures and can be altered by adjusting the
nature, timing, and extent of substantive procedures

The relationship between materiality and audit risk:

 There is an inverse relationship between materiality and the
level of audit risk – ↑ materiality level, ↓ audit risk and vice
versa.
 Materiality is directly related to the acceptable level of
detection risk.
 It would lead to most audit work if both audit risk and
materiality levels are low.