Professional Documents
Culture Documents
AT Lecture Audit Planning PDF
AT Lecture Audit Planning PDF
Audit Planning:
Audit planning involves establishing the overall audit strategy for the engagement and developing an
audit plan, in or der to reduce audit risk to an acceptably low level
Objective of the auditor in planning the audit: So that the audit will be performed in an effective
manner
Who are involved in planning the audit: Engagement partner and other key members of the
engagement team (because of their experience and insight to enhance the effectiveness and efficiency of
the planning process)
Nature of Planning:
Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins
shortly after (or in connection with) the completion of the previous audit and continues until the completion of
the current audit engagement. In other wor ds, planning is a continuous function that last throughout the audit.
Planning stage of audit – the time before fieldwor k starts, w hen the a uditor is gathering information about
the client and its environment and designing overall audit strategy and audit plan
1. Modifying (updat ing) the overall audit strategy and the audit plan as necessary during the
course of the audit
Revision is necessary because of:
Unexpected events
Changes in conditions
Audit evidence obtained from the results of audit procedures
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete and or sequential pr ocesses, but are closely inter-related since changes in one may result
in consequential changes to the other.
2. Planning the nature, t iming and extent of direction, superv ision of the engagement team
members and the review of their wor k
The nature, timing and extent of direction, super vision of audit engagement team members and
review of their wor k depend on the following factors:
a. Size and complexity of the entity – Audits of small entities requires lesser (or even no)
direction, supervision, and review of the wor k of assistants
b. Area of audit – Difficult aspects of audit demand increased direction, supervision, and a
more detailed review of wor k of assistants.
c. Risks of material misstatement – As the assessed risk of material misstatement increases,
a given area of the audit, the auditor or dinarily increases the extent and timeliness of
direction, supervision and review
d. Capabilities and competence of personnel performing the audit work.
c. Considering the factors that are significant in directing the engagement team’s efforts
Examples:
Determining the appropriate materiality levels (Note 1.2)
Preliminary identification of areas where there may be higher risks of material misstatement
(Note 1.3)
The impact of assessed risk of material misstatement at the overall financial statement level on
direction, supervision and review
The manner in which professional skepticism is emphasized to engagement team members
Management commitment to a sound internal control
Volume of transactions, w hich may determine whether it is more efficient for the auditor to rely
on internal control
Importance attached to internal control throughout the entity to the successful operation of the
business
Significant business developments affecting the entity (such as changes in information
technology, changes in key management, acquisitions, mergers and divestments)
Significant industr y developments (such as changes in industry regulations and new reporting
requirements)
Significant changes in financial reporting framework (such as changes in accounting standards)
Other significant relevant developments (such as changes in the legal environment affecting the
entity)
d. Considering the results of preliminar y engagement activities and, where applicable, whether knowledge
gained on other engagements performed by the engagement par tner for the entity is relevant, and
Examples:
Results of previous audit regarding evaluation of internal control, identified weaknesses and
action taken to address them
e. Ascertaining the nature, timing and extent of resources necessar y to perform the engagement.
Examples:
Selection of the engagement team
Assignment of audit work to team members (experienced team members are assigned to areas
where there may be higher risks of material misstatement
Engagement budgeting (more audit time is set aside for areas w here there may be higher risks of
material misstatement)
Note 1.1 – Consider ing the wor k of internal audit ing/ auditors
The external auditor should consider the work of internal auditing in order to minimize audit costs.
The auditor should obtain a sufficient understanding of the inter nal audit function because the work
performed by internal auditors may be a factor in determining the nature, timing, and extent of
external auditor’s procedures.
Internal auditing can affect the scope of the external auditor’s audit of financial statements by
decreasing the auditor’s need to perform detailed tests.
The tasks that could be delegated to the internal audit staff include preparation of schedules. The
auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by
any use made of internal auditing.
Considering the wor k of inter nal auditing involves two important phases:
1. Making a preliminar y assessment of internal auditing – important criteria in assessment of internal
auditor’s:
a. Technical competence – personal qualifications and experience as inter nal auditors
b. Objectivity / organizational status – organizational level to which the internal auditor report
the results of his wor k
c. Due professional care – proper planning, super vision and documentation of inter nal auditor’s
work
d. Scope of function – nature and extent of inter nal auditing assignments performed
2. Evaluating and testing the wor k of internal auditing
Documentation on materiality: Documentation should include the amounts and the factors
considered in their determination:
a. Materiality level for the financial statements as a whole
b. Materiality level or levels for a particular classes of transactions, account balances or
disclosures, if applicable
c. Performance materiality
d. Any revision of materiality levels (a to c) as the audit progresses
Materiality levels:
a. Materiality at financial statement as a whole – it is the smallest aggregate level that could
misstate/distor t any of the financial statements
b. Materiality at assertion level – materiality level for individual or particular class of transactions,
account balance, or disclosure where appropriate; this is also know n as tolerable misstatement
Tolerable misstatement refers to allocated materiality to affected accounts (usually
statement of financial position accounts because they are fewer)
Account balance – an individual line item in the financial statements, such as cash and cash
equivalents, loans and receivable, etc.
Class of transactions – type of transaction processed by the client’s accounting system,
such as sales transactions and purchasing transactions
Allocation may be done judgmentally or using formal quantitative approaches.
Materiality at this level are lesser than the overall materiality level but could reasonably be
expected to influence the economic decisions of financial statement users.
Note 1.3 – Preliminary identification of areas where there may be higher r isks of material
misstatement
a. Risks of material misstatements may be greater for significant non-routine transactions which involve:
Greater management inter vention to specify the accounting treatment
Greater manual inter vention for data collection and processing
Complex calculations or accounting principles
b. Risk of material misstatements may be greater for significant judgmental matters such as:
Accounting estimates
Revenue recognition may be subject to differing interpretation
Required j udgment may be subjective or complex or require assumptions about the effects of
future events (for example, j udgment about fair value)
c. Significant risk of relating to risk of material misstatement due to fraud
d. There are areas where special audit consideration may be necessar y, for example:
Existence of related par ties and related party transactions
Related party transaction – a transfer of resources, ser vices or obligations between
related par ties, regardless of whether a price is charged
Note 2:
Note 2.1 – Required understanding of the entity and its env ironment, including internal control:
1. Understanding of the env ironment – external factors:
a. Relevant industry’s factors – the industry in which the entity operates may give rise to specific
risks of material misstatements arising from the nature of the business or the degree of regulation
Examples of industr y factors:
Industry conditions such as the competitive environment, supplier and customer relationships
and technological developments
Specific examples of industr y factors:
Market and competition (including demand, capacity, and price competition)
Cyclical or seasonal activity
Product technology relating to the entity’s products
Energy supply and cost
b. Regulatory factors – include the regulatory environment
Accounting principles and industr y specific practices
Regulatory framework for a regulated industry
Risk of material misstatement (RMM) – the risk that the financial statements contain a
material misstatement.
Components of RMM:
The risks of material missta tement are a combination of inherent risk and control risk:
1. Inherent risk – the susceptibility of an assertion to a misstatement that could be
material, either individually or when aggregated with other misstatements, assuming there
are no related contr ols to mitigate such risks
Inherent r isk may also be described as follows:
The concept of inherent r isk recognizes that the risk of misstatement is greater for
2. Contr ol r isk – the risk that a material misstatement, either individually or when
aggregated with other misstatements, that could occur will not be pr evented or detected
and corrected on a timely basis by the entity’s internal control
Contr ol risk is a function of the effectiveness of the entity’s inter nal contr ol.
Contr ol risk is the type of r isk that the management has the most contr ol over in the
short term.
Some control risk will always exist because of the inherent limitations of any internal
control system.
Risk of material misstatement (inher ent risk and control risk) cannot be eliminated or controlled
by the auditor because these are entity’s risks that exist independently of the audit of financial
statements.
The factor that distinguishes fraud from error is whether the underlying action is
intentional or unintentional.
The most serious types of fraud usually involve management. This results from the
fact that management is primarily responsible for the design and implementation of internal
control in the first place.
The most popular ways to manipulate financial statements involves journal entries and
accounting estimates because if manipulation is discovered management can easily deny
involvement. A bias in estimates can be attributed to excessive conservatism or optimism. An
unsuppor ted journal entry, if discovered, can be characterized as a simple mistake. This differs
from strategies such as falsified records that, if discovered by the auditor, would be quite
difficult for management to deny.
2. Management fraud vs. employee fraud – the risk of not detecting a material
misstatement resulting from management fraud is greater than for employee fraud
Reasons:
Management has the most oppor tunity to commit fraud, while employees need to
exploit weakness in internal contr ol in order to commit fraud.
Management has the ability to override or bypass an existing effective inter nal control.
Management can influence the preparation and presentation of financial statements.
Condit ions and events that may indicate risks of material misstatement:
The following are examples of conditions and events that may indicate t he existence of risks of
material misstatement. The examples provided cover a broad range of conditions and events;
however, not all conditions and events are relevant to ever y audit engagement and the list of
examples is not necessarily complete.
Operations in regions that are economically unstable, for example, countries with significant
currency devaluation or highly inflationary economies.
Operations exposed to volatile mar kets, for example, futures trading.
Operations that are subject to high degree of complex regulation.
Going concern and liquidity issues including loss of significant customers.
Constraints on the availability of capital and credit.
Changes in the industry in which the entity operates.
Changes in the supply chain.
Developing or offering new products or services, or moving into new lines of business.
Expanding into new locations.
Changes in the entity such as large acquisitions or reorganizations or other unusual events.
Entities or business segments likely to be sold.
Existence of complex alliances and joint ventures.
Use of off- balance-sheet finance, special- purpose entities, and other complex financing
arrangements.
Significant transactions with related par ties.
Lack of personnel with appropriate accounting and financial repor ting skills.
Changes in key personnel including depar ture of key executives.
Weaknesses in internal control, especially those not addressed by management.
Inconsistencies between the entity’s IT strategy and its business strategies.
Changes in the IT environment.
Installation of significant new IT systems related to financial reporting.
Inquiries into the entity’s operations or financial results by regulatory or government bodies.
Past misstatements, histor y of errors or a significant amount of adj ustments at period end.
Significant amount of non-routine or non-systematic transactions including intercompany
transactions and large revenue transactions at period end.
Transactions that are recorded based on management’s intent, for example, debt
refinancing, assets to be sold and classification of marketable securities.
Application of new accounting pronouncements.
Accounting measurements that involve complex processes.
Events or transactions that involve significant measurement uncertainty, including
accounting estimates.
Pending litigation and contingent liabilities, for example, sales warranties, financial
guarantees and environmental remediation
Significant risk – an identified and assessed risk of material misstatement that, in the auditor’s
judgment, requires special audit consideration
1. Inquires of management and others within the ent ity that is likely to assist the auditor in
identifying r isk of material misstatement due to fraud or error
For example, inquiries of management, audit committee, board of directors, internal auditors, in-
house legal counsel, and other client personnel
2. Analytical procedures
Analytical procedures – evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data
2. Assess the level of Inher ent Risk (such as low, medium, or high) – for example, low level if
likelihood of misstatement is low
Inherent risk – the susceptibility of an asser tion to a misstatement that could be material,
either individually or w hen aggregated with other misstatements, assuming ther e are no related
contr ols to mitigate such r isks
Sources of assessment include knowledge of entity and its envir onment and preliminar y
analytical procedur es.
3. Assess the level of Control Risk (such as low, medium, or high) – for example, low control risk if
inter nal contr ol is effective, or high control risk if inter nal control is not effective
Contr ol r isk – the risk that a mater ial misstatement, either individually or w hen aggregated
with other misstatements, that could occur w ill not be prevented or detected a nd corrected on a
timely basis by the entity’s inter nal contr ol
Sources of assessment include knowledge of inter nal contr ol and obser vation and inspection
Combined assessment:
The auditor usually makes combined assessment of inherent and control risks. If the combined
assessment of inherent risk and contr ol risk is high, the auditor should:
Place mor e emphasis on obtaining exter nal evidence
Reduce r eliance on inter nal evidence
Design more effective substantive pr ocedures
4. Determine the acceptable level o f detection risk: The acceptable level of detection risk depends on
the assessed level of inherent and control risk (inverse relationship)
Detection risk – the risk that the auditor will not detect such a material misstatement that
exists/occurs in an assertion
In summary, the auditor performs audit procedures to assess the risks of material misstatement
and seeks to limit detection risk by perfor ming further audit procedures based on that assessment.