Chapter 3: Process of Assurance: Planning the Assignment

Process of Assurance: Planning the Assignment

1. Planning
1.1 Understanding the Entity
1.2 Professional Scepticism
2. Analytical Procedures
2.1 Analytical procedures in planning the audit
3. Materiality
3.1 Review of Materiality
4. Continuous Risk Assessment
4.1 Risk of material misstatement in the F/S
4.2Risk that the auditor will not detect a material misstatement in the F/S
4.3 Identifying and assessing the risks
4.4 Significant risks
The auditors formulate an overall audit strategy which is translated into a detailed Audit Plan for audit
staff to follow. A key part of audit planning is obtaining an understanding of the entity its
environment, its internal control, so that risk may be assessed and audit work planned. An effective and
efficient audit relies on proper planning procedures.

The planning process is covered in general terms by BSA 300 Planning an Audit of F/Ss

Definitions
Audit strategy: The formulation of the general strategy for the audit, which sets the scope, timing
and direction of the audit and guides the development of the audit plan.

Audit plan: An audit plan is more detailed than the strategy and sets out the nature, timing and extent
of audit procedures (including risk assessment procedures) to be performed by engagement team
members in order to obtain sufficient appropriate audit evidence.

Professional Scepticism
An attitude of professional scepticism means the auditor makes a critical assessment, with a questioning
mind, of the validity of audit evidence obtained and is alert to audit evidence that contradicts, or brings
into question, the reliability of documents and responses to inquiries and other information obtained
from management and those charged with governance.

Audits are planned to:

Ensure appropriate attention is devoted to important areas of the audit
Identify potential problems and resolve them on a timely basis
Ensure that the audit is properly organized and managed
Assign work to engagement team members properly
Facilitate direction and supervision of engagement team members
Facilitate review of work

A structured approach to planning will include:

Step 1: Ensuring that ethical requirements continue to be met.
Step 2: Ensuring the terms of the engagement are understood
Step 3: Establishing the overall audit strategy.
Step 4: Developing an audit plan including risk assessment procedures, audit tests and
any other procedures necessary to comply with ISAs.

- The auditor should develop an audit plan in order to reduce audit risk to an acceptably low level.
- The audit plan and any significant changes to it during the audit must be documented.
 Establishment of overall
Audit Strategy includes:

Determining the relevant characteristics of the engagement, such as the

reporting framework used as this will set the scope for the engagement
and understanding the entity and its environment;

Discovering key dates for reporting and other communications;

Determining materiality, preliminary risk assessment, whether internal

controls are to be tested;

Consideration of when work is to be carried out, for example before or

after the year end;

Consideration of ' available, their skills and how and

when they are to be used, for example particular skills for high risk areas.
In addition, appropriate levels of staff are required to facilitate direction,
supervision and review of more junior team work.

Key contents of an overall audit strategy

Understanding the
Entity's Environment

Understanding the
accounting and ICS

Risk and
materiality

Consequent nature, timing

and extent of procedures

Co-ordination, direction,
supervision and review

Other matters
Analytical procedures means evaluation of financial information made by a study of
plausible relationships among both financial and non-financial data. Analytical procedures
also encompass the investigation of identified fluctuations and relationships that are
inconsistent with other relevant information or deviate significantly from predicted amounts.
BSA 520 Analytical Procedures requires auditors to apply analytical procedures as risk
assessment procedures to obtain an understanding of the entity and its environment and in
the overall review at the end of the audit. In addition to the uses of analytical procedures
above, they may also be used as substantive procedures, to obtain audit evidence directly.

Analytical procedures include:

The consideration of
comparisons with:

Consideration of
relationships between:

Possible sources of information about the client for the purpose of Analytical Procedures include:
Interim financial information
Budgets
Management accounts
Non-financial information
Bank and cash records
VAT returns
Board minutes
Discussions or correspondence with the client at the year-end
BSA Framework for the Preparation and Presentation of Financial Statements
states that:
A matter is material if its omission or misstatement
would reasonably influence the economic decisions of
users taken on the basis of the financial statements.

Materiality is an expression of the relative significance or importance of a particular matter in

the context of financial statements as a whole. Materiality relates to the level of error that affects
the decisions of users.

Materiality should be calculated at the planning stages of all audits. The calculation or
estimation of materiality should be based on experience and judgment. Materiality should be
reviewed during the audit.
BSA 320 Audit Materiality states that 'materiality should be considered by the auditor when:
Determining the nature, timing and extent of audit procedures; and
Evaluating the effect of misstatements.

Materiality can be thought of in terms of the size of the business. The size of a company can
be measured in terms of revenue and total assets, both of which tend not to be subject to the
fluctuations which may affect profit. Different firms have different methods. However,
Materiality has qualitative, as well as quantitative, aspects. For example, transactions relating
to directors are considered material by nature regardless of their value.
The level of materiality must be reviewed constantly as the audit progresses and changes may
be required because:
Draft accounts are altered and therefore overall materiality changes.
External factors may cause changes in risk estimates.
 The auditor usually adopts a risk-based approach to auditing. In the risk-based approach, auditors
analyze the risks associated with the client's business, transactions and systems which could lead to
misstatements in the financial statements, and direct their testing to risky areas. They are therefore not
concerned with individual routine transactions, although they will still be concerned with material, non-
routine transactions.
Audit Risk: The risk that the auditors give an inappropriate opinion on the financial statements.
Two elements of Audit Risk:
the risk that the financial statements contain a material misstatement and
the risk that the auditors will fail to detect any material misstatements (Detection Risk).
Risk of material misstatement in the F/S has two elements: Inherent Risk and Control Risk

Audit Risk = Risk of Material Misstatement + Detection Risk

First part is dependent on the entity - the The other part is dependent on the auditor - the
risk of material misstatement arising in risk that the auditor will not detect material
the F/Ss. misstatements in the financial statements.

Example
Issuing an unqualified audit report where a qualification is reasonably justified;
Issuing a qualified audit opinion where no qualification is necessary;
Failing to emphasize a significant matter in the audit report;

The susceptibility of an account balance or class of
transactions to misstatement that could be material
individually or when aggregated with misstatements in
other balances or classes, assuming there were no related
internal controls.
Risk that the auditors' procedures will not
detect a misstatement that exists in an
account balance/class of transactions that
could be material, either individually or
when aggregated with misstatements in other
balances or classes.

The risk that a material misstatement would not be

prevented, detected or corrected by the accounting and
internal control systems.
The possibility of incorrect or misleading information in accounting statements resulting from something
other than failure of controls. Inherent risk is the risk that items will be misstated due to characteristics
of those items. Example of issues that might increase inherent risk are:
Balance is or includes an estimate;
Balance is important in the account;
Financial statements are liable to misstatement because:
Company is in trouble
Company is seeking to raise finance
Other motivation for directors to misstate the figures
Financial statements contain balances with complex financial accounting requirements or a choice of
treatment.
Inherent risk is affected by the nature of the entity; for example,
The industry it is in and
The regulations it falls under, and
The nature of the strategies it adopts.
The auditors must use their professional judgment and all available knowledge to assess inherent risk. If
no such information or knowledge is available then the inherent risk is high.

The risk that a material misstatement would not be prevented, detected or corrected by the
accounting and internal control systems.

Control Risk ( side is the risk of a material misstatement in the financial

statements arising due to absence or failure in the operation of relevant controls of the entity.
Control risk is considered to be high where the audit entity does not have adequate internal
controls to prevent and detect instances of fraud and error in the financial statements.

Assessment of control risk may be higher for example in case of a small sized entity in which
segregation of duties is not well defined and the financial statements are prepared by individuals
who do not have the necessary technical knowledge of accounting and finance.

If internal control system is not preventing, detecting and correcting misstatements on timely basis
then inherent problems will creep in the system and thus risk of material misstatement will
increase.
There can be many reasons for control risk to arise and why it cannot be eliminated absolutely:
- Cost-benefit constraints
- Inappropriate design of controls
- Inappropriate application of controls
- Lack of control environment and accountability
- Outdated controls
Inherent risk cannot be eliminated completely and also internal control system also has its limitations
therefore, even in the presence of relevant controls material misstatements may still exist.
And Auditor is NOT responsible for: - Business risk; - Inherent risk - Control risk
But if these risks are not catered properly then F/S may be materially misstated. More material
misstatements means more chances of giving inappropriate opinion by the auditor. Thus the only
solution left to the auditor is detect such misstatements by himself by applying audit Procedures
designed by himself. Due to the same reason detection risk is considered to be part of the function of
audit risk which in equation form is usually written as follows:

Audit risk = Risk of material misstatements x Detection risk OR (Inherent risk x Control risk) x Detection risk
If risk of material misstatements is high then auditor will reduce the detection risk by applying more
procedures and tolerating less and less misstatements to go undetected and uncorrected.

There is no standard level of audit risk which is considered generally by auditors to be acceptable. This
is a matter of audit judgment, and so will vary from firm to firm and audit to audit. Audit firms are
likely to charge higher fees for higher risk clients.
Regardless of the risk level of the audit, however, it is vital that audit firms always carry out an audit of
sufficient quality.
BSA 315 requires the auditor to take the following steps:
Step 1: Identify risks throughout the process of obtaining an understanding of the entity
Step 2: Relate the risks to what can go wrong at the assertion level (assertions made in the financial statements by the
directors)
Step 3: Consider whether the risks are of a magnitude that could result in a material misstatement
Step 4: Consider the likelihood of the risks causing a material misstatement

Significant Risks
Some risks may be significant risks, which require special audit consideration. BSA 315 sets out the
following factors which indicate that a risk might be a significant risk:
Risk of fraud;
Related to recent significant economic, accounting or other development;
The complexity of the transaction;
It is a significant transaction with a related party;
The degree of subjectivity in the financial information;
It is an unusual transaction;

Routine, non-complex transactions are less likely to give rise to significant risk than unusual
transactions or matters of director judgment. Because unusual transactions are likely to have more:
Management intervention
Manual intervention
Complex accounting principles or calculations