Professional Documents
Culture Documents
EXTENT OF AUDIT
The extent of planning will vary according to:
a. Size of the entity (SME, Multinational Company, Conglomerate, etc.)
b. Complexity of the audit
c. Auditor’s experience with the entity and knowledge of the business
d. Changes in circumstances that occur during the audit engagement.
PLANNING is not a discrete phase of an audit, but rather a continual and iterative
process that often begins shortly after (or in coordination with) the completion of the
previous audit and continues until the completion of the current audit engagement.
PLANNING ACTIVITIES
The auditor should establish the overall audit strategy for the audit.
Overall audit strategy sets the scope, timing and direction of the audit and guides the
development of the more detailed audit plan.
The establishment of OVERALL AUDIT STRATEGY involves:
a. Determining the characteristics of the engagement that define its scope, such as
financial reporting framework used industry-specific reporting requirements and the
locations of the components of the entity.
b. Ascertaining the reporting objectives of the engagement to plan the timing of the
audit and the nature of the communications required, such as the deadlines for
interim and final reporting, and key dates for the expected communications with
management and TCWG.
c. Considering the important factors that will determine the focus of the engagement
team’s efforts.
AUDIT PLAN is an overview of the expected scope and conduct of the audit. This is the
overall audit plan sets out in BROAD TERMS the NTE of the audit procedures to be
performed. The auditor should develop an AUDIT PLAN for the audit in order to reduce the
audit risk to an acceptably low level.
AUDIT PROGRAM executes the audit strategy, sets out in DETAIL the audit procedures to
be performed in each segment of the audit which includes:
• Detailed list of procedures
• Audit objectives per assertion
• Working papers needed
It is a set of audit procedures SPECIFICALLY designed for each audit. The program which
includes both substantive test and tests of controls will enable the auditor to express an
opinion on the financial statements taken as whole. The auditor should develop and
document an audit program setting out the NTE of planned audit procedures required to
implement the overall audit plan. The audit program serves as a set of instructions to
assistants involves in the audit and as a means to control and record the proper execution of
the work. The audit program may also contain the audit objectives in which hours are
budgeted for the various audit areas or procedures.
On initial engagements, the audit program typically will develop in three stages:
1. The broad phases of the program can be outlined at the time of the engagement.
2. Other details of the program can be identified after the review of internal control
structure and accounting procedures has begun.
3. Procedures on specific phases of the audit can be further challenged and revised as
the work progresses.
On recurring engagements, the program for the preceding audit should be studied before
preparing the program for the current audit. The program of the current audit should reflect
modifications or are required by the experience gained in the business, internal control or
accounting methods of the client.
“The overall audit plan and the audit program should be revised as necessary during the
course of the audit. Planning is continuous throughout the engagement because of changes
in conditions or unexpected results of audit procedures. The reasons for significant changes
would be recorded.”
TIME BUDGET is an estimate of the total hours an audit is expected to take. It is based on
the information obtained in the first major step in the audit, obtaining an understanding of the
client.
PSA 315 Redrafted outlines the KEY STEPS in understanding the entity and its
environment: (IINOM)
a. Industry, regulatory and other external factors, including applicable financial
reporting framework
1. Industry conditions
Understanding industry conditions include understanding the market for a
client’s products, the competition, the entities and competitor’s capacity
relative to market conditions and price competition.
2. Regulatory environment
The regulatory environment can have direct economic consequences and
effect accounting and disclosure requirements. PSA 250 “Consideration of
Laws and Regulations in an Audit of a Financial Report” states that the
auditor must obtain a general knowledge of the legal and regulatory
framework applicable to the entity and the industry and the entity’s level of
compliance.
3. Economy-wide factors
The general economy and its effect on the entity’s business should also
be considered by the auditor. This includes the general level of economy
activity, interest rates and the availability of financing, and the level of
inflation.
b. Internal Control
Please refer to the discussion below.
2. Investments
Knowledge of the entity’s investing activities includes understanding the
entity’s
a. Capital investment activities, including investments in plant and
equipment and technology and any recent or planned changes.
b. Acquisitions, mergers or disposals of plant activities
c. Investments and dispositions of securities and loans
d. Investments in non-consolidated entities, including partnerships, joint
ventures and special-purpose entities.
3. Financing
Knowledge of the entity’s financing activities includes understanding the
entity’s
a. Debt structure, including covenants, restrictions, guarantees and off-
balance sheet financing arrangements
b. Group structure – major subsidiaries and associated entities, including
consolidated and non-consolidated structures.
c. Leasing of property, plant and equipment for use in the business
d. Beneficial owners
e. Use of derivative financial instruments
4. Financial Reporting
Knowledge of the entity’s financial reporting activities includes
understanding such matters the entity’s
a. Accounting principles and industry-specific practices
b. Revenue recognition practices
c. Accounting for fair value
d. Inventories
e. Industry specific significant accounts and transactions classes
f. Accounting for unusual or complex transactions, including those in
controversial or emerging areas, such as accounting for share-based
transactions
g. Financial statement presentation and disclosures
d. Objectives and strategies and the related business risks that may result in a
material misstatement of the financial statements.
According to PSA 315 Redrafted, the auditor shall obtain an understanding of
the entity’s objectives and strategies and the related business risks that may
result in material misstatement of the financial report. These terms are
defined as follows:
Entity’s objectives – are the OVERALL PLANS for the entity as defined by
TCWG and management.
Entity’s strategies – are the OPERATIONAL APPROACHES by which
management intends to achieve the objectives.
Business risks – result from significant conditions, events, circumstances,
actions or inactions that could adversely affect the entity’s ability to achieve its
objectives and execute its strategies, or through the setting of inappropriate
objectives and strategies.
A BUSINESS RISK APPROACH allows the auditor to identify the threats that
the organization faces in attempting to achieve its goals and the extent to
which these give risk to audit risks. It also recognizes that most business risks
will eventually have financial consequences and therefore, have an effect on
the financial statements. Sometimes referred to TOP-DOWN APPROACH,
everything is considered at the highest level when reviewing business risks
and then worked down to the lowest level where a material risk might be
possible.
Analytical procedures involve the analysis of significant ratios and trends where
plausible relationship among financial and non-financial data may reasonably be
expected to exist and continue in the absence of known condition to the contrary.
In making the assessment whether fraud risk factors are present, the auditor
should understand the three conditions that are generally present when fraud
occurs. These are known as the FRAUD TRIANGLE (PAO).
Both INHERENT RISK and CONTROL RISK exist independently of the audit of
financial statements. That is, the risk of misstatement exists regardless of
whether an audit is performed. The auditor may make separate assessments of
the two risks or an overall assessment of the risk of material misstatement for the
relevant assertions.
DETECTION RISK – risk that the auditor will FAIL TO DETECT a material
misstatement that exists in relevant assertion. It is a function of the effectiveness
of audit procedures and their application by the auditors. Unlike inherent and
control risk, IT DOES NOT EXIST WHEN NO AUDIT IS PERFORMED. Rather
than assessing detection risk, auditors seek to restrict it through performance of
substantive procedures.
AUDIT RISK – is the risk that the auditor gives an inappropriate audit opinion
when the financial statements are materially misstated.
In setting the desired audit risk, auditor seek an appropriate balance between the
costs of an incorrect audit opinion and the costs of performing the additional
procedures necessary to reduce audit risk.
The first step involves obtaining an understanding of the entity and assessing the
level of business risks. Auditors than consider the effect these factors could have
on the ROMM at the financial statement level.
The audit risk model provides a framework for auditors to follow in responding to
these assessed risks through their choice of audit procedures. PSAs are not
specific on what is acceptable level of audit risk, and use of the audit risk model
required a significant degree of judgment by the auditor. In relating the
components of audit risk, the auditor generally expresses each component in
non-quantitative terms (LOW, MEDIUM and HIGH).
CONTROL RISK
HIGH MEDIUM LOW
INHERENT HIGH Lowest Lower Medium
RISK MEDIUM Lower Medium Higher
LOW Medium Higher Highest
NOTE:
All events and conditions
(NO REQUIRED DOCUMENTATION)
LEVELS OF MATERIALITY
1. PLANNING MATERIALITY
This assessment is referred to as PLANNING MATERIALITY and may differ from
the materiality levels used at the conclusion of the audit in the evaluation of audit
findings because surrounding circumstances may change, and additional
information about the entity will have been obtained during the course of the
audit.
Qualitative considerations
These relate to the causes of misstatements or to misstatements that do not have
quantifiable effect. A misstatement that is quantitatively immaterial may be
qualitatively material.
a. The significance of the misstatement to the particular entity.
b. The pervasiveness of the misstatement
c. The effect of misstatement on the financial statement as a whole.
2. PERFORMANCE MATERIALITY
PERFORMANCE MATERIALITY- is set to reduce to an appropriately low-level
probability that the aggregate of uncorrected and undetected misstatements in
the financial statements exceeds for financial statements as a whole.
DURING PLANNING
1. Establishing a PRELIMINARY JUDGMENT about MATERIALITY
2. Determine TOLERABLE MISSTATEMENT
AT AUDIT COMPLETION
3. Estimate likely misstatements and compare the totals to the preliminary
judgment about materiality.
If the aggregate of the uncorrected misstatements that the auditor has identified
approaches the performance materiality level, the auditor would consider whether
it is likely that undetected misstatements, when taken with aggregate uncorrected
misstatements could exceed materiality level. In such case, the auditor would
consider reducing audit risk by performing additional or extended procedures or
by requesting management to adjust financial statements for identified
misstatements.
NOTE: Materiality during the audit is flexible. There is a need to revise materiality
when facts come to the attention of the auditor that necessitates a revision.
The auditor is required to include in the audit documentation the amounts and the
factors considered in the determination of the materiality levels including the
basis for any revisions to those materiality levels. Audit documentation should
demonstrate the judgment and rationale used by the auditor in determining
materiality levels.
OTHER AUDIT CONSIDERATION
AUDIT STRATEGIES – the audit strategy significantly affects detailed work performed in the
audit. The interrelationship among audit evidence, materiality and the components of audit
risk affects the auditor’s decision on the type of audit strategy chosen – PREDOMINANTLY
SUBSTANTIVE APPROACH and LOWER ASSESSED LEVEL OF CONTROL RISK
APPROACH.
NOTE: If the auditor assesses the appropriate controls do not exist or are likely to be
ineffective, then no reliance can be placed on internal controls – control risk is assessed at
relatively high level and therefore PREDOMINANTLY SUBSTANTIVE APPROACH will be
adopted. More substantive procedures will be performed. An audit strategy that relies on
internal controls to support the use of a reduced level of substantive procedures is
sometimes referred to as LOWER ASSESSED LEVEL OF CONTROL RISK APPROACH
also known as COMBINED APPROACH. This is not a single strategy, but range of
strategies determined by the relative effectiveness of applicable control procedures
(combined assessments of inherent risk and materiality).