AUDIT PLANNING

Audit planning involves developing a general audit strategy and detailed

approach for the expected conduct of the audit. The auditor’s main objective in
planning the audit is to determine the scope of the audit procedures to be
performed.

The auditor should plan the audit work so that the audit will be performed in an
effective and efficient manner. The extent of planning will vary according to the
size of the entity; the complexity of the audit, and the auditor’s experience with
the entity, and knowledge of the business.

Adequate planning of the audit work is important because:

 Planning helps ensure that appropriate attention is devoted to important
areas of the audit;
 It helps identify potential problems;
 It assists in the proper assignment and coordination of work; and
 It helps ensure that the audit is conducted effectively and efficiently.

PSA 315 requires the auditor to obtain sufficient understanding of the entity and
its environment including its eternal control. Such understanding involves
obtaining knowledge about the entity’s:

a. Industry, regulatory, and other external factors, including financial reporting

framework;
b. Nature of the entity, including entity’s selection and application of accounting
policies;
c. Objectives and strategies and the related business risk that may result in a
material misstatement of the financial statements;
d. Measurement and review of the entity’s performance; and
e. Internal Control.
 Understanding the client
Knowledge of the client’s business and industry – how and why a client does what
it does – is essential if the audit id to be carried out effectively and efficiently.
The auditor should obtain a sufficient level of knowledge of the entity’s business
to identify and understand the events, transactions and practices that may
have a significant effect on the financial statements. The better the auditor
understands the client’s operations, the more efficient the examination is likely
to be, and the greater the value of the client of the auditor’s services.
If the auditor understands the operations of the client, the auditor is often able
to evaluate the reasonableness of the client’s estimates. In addition,
procedures can be selected with more assurance, or perhaps uniquely applicable
procedures can be designed .
Knowledge of the entity would also include understanding the entity’s objectives
and strategies, and the related business risks. An auditor’s understanding of
business risks encountered by the entity increases the likelihood of identifying
risk of material misstatement and helps the auditor design appropriate audit
procedures. Furthermore, the auditor should obtain understanding of entity’s
measurement of performance as this may create pressures on the entity that
either motivate management to take action to improve the business performance
or it may lead management to manipulate the financial statements.
 Source of information
The auditor can obtain knowledge of the business and industry from a number of
sources. These may include:
 Review of prior years’ working papers;
 Tour of the client’s facilities;
 Reading relevant books, periodicals and other publications;
 Discussion with people within and outside the entity; or
 Reading corporate documents and financial reports.
The auditor should also ensure that assistants assigned to an audit engagement obtain
sufficient knowledge of the client’s business and industry to enable them to carry out
the work delegated to them.
 Uses of information obtained
Knowledge of the client’s business is a frame of reference within which the auditor
exercise professional judgment. Understanding the business and using this information
appropriately assists the auditor in:
 Assessing risks and identifying potential problems;
 Planning and performing the audit effectively and efficiently;
 Evaluating audit evidence as well as the reasonableness of client’s
representations and estimates; and
 Providing better service of the client
To make effective use of the knowledge about the client’s business and industry,
the auditor should consider how it affects the financial statements and whether
the assertions in the financial statements are consistent with the auditor’s
knowledge of the entity.
Obtaining understanding of the client’s business is a continuous and cumulative
process. For continuing engagements, the auditor should re-evaluate information
gathered previously, including information in the prior year’s working papers, and
update this information if needed.

Additional Consideration on New Engagements

A first time audit engagement requires more work than a repeat engagement.
This is because there are additional audit procedures that need to be performed
in connection with the opening balances of the accounts. In this regard, PSA 510
requires the auditor obtain sufficient appropriate audit evidence that:
 The opening balances do not contain misstatements that materially affect
the current year’s financial statements;
 The prior periods’ closing balances have been correctly brought forward to
the current period or, when appropriate have been restated; and
 Accounting policies are appropriate and have been consistently applied.
Where the prior year financial statements were audited by another auditor, the
auditor may be able to obtain sufficient appropriate evidence regarding opening
balances by reviewing the predecessor auditor’s working papers. If not, the auditor
should evaluate whether the audit procedures performed in the current period
provide evidence relevant to opening balances; or may consider performing specific
audit procedures to obtain evidence regarding balances.

 Understanding the Internal Control

Another important step in assessing the risk material misstatements in the financial
statements is for the auditor to obtain sufficient understanding about the entity’s
internal control systems. The main reason the auditor is required to understand the
internal control is for the auditor to anticipate the type of the potential
misstatements that can occur in the financial statements and thus helping the auditor
plan the appropriate audit procedures.
Procedures to obtain understanding of the accounting and the internal control systems
will be discussed thoroughly in Chapter 6.

 Developing an Overall Audit Strategy

Once the auditor has gained sufficient understanding about the entity and its
environment including it internal control, the auditor should formulate an overall
audit strategy for the expected conduct of engagement. The best audit strategy is the
approach that results in the most efficient audit - that is, an effective audit
performed at the least possible cost. An audit plan should be made regarding.
 How much evidence to accumulate
 What are the procedures to be performed; and
 When should the procedures be performed.
Adequate consideration of materiality and audit risk should enable the auditor to
answer the questions.

 Materiality
PSA 320 does not include a definition for materiality. This is because the principle
of materiality is first and foremost a financial reporting rather than an audit,
concept. Materiality is defined in accounting literature in the following terms:
“Information is material if its omission or misstatement could influence the
economic decision of users taken on the basis of the financial statements.”
Financial reporting frameworks often discuss the concept of materiality in the
context of the preparation and presentation of financial statements. It is
important therefore the auditors understand the accounting concept of
materiality as this will provide them with a frame of reference in determining
audit materiality.
In designing an audit plan, PSA 320 requires the auditor to make a preliminary
estimate of materiality for use during the examination. The concept of
materiality recognizes that some matters are important for fair presentation of
financial statements while other matters are not. Materiality may be viewed as:
 The largest amount of misstatement that the auditor could tolerate in the
financial statements; or
 The smallest aggregate amount that could misstate any one of the financial
statements.
Materiality is a matter of professional judgment and necessarily involves
quantitative factors (amount of the item in relation to the financial statements)
and qualitative factors (the nature of misstatement).

 Importance of materiality in planning an audit

The auditors should make a preliminary estimate of materiality to assist them in
determining the amount of evidence needed to support their opinion. There is
an inverse relationship between materiality and the audit evidence. This means,
more evidence is needed as the level of materiality for the account decreases.
 Uses of materiality
According to PSA 320, materiality should be considered by the auditor:
 In the planning stage, to determine the scope of audit procedures; and
 In the completion phase of the audit, to evaluate the effect of
misstatements on the financial statements.
The following steps may be used as a guide when using materiality levels. Step 1
and 2 are performed in the planning phase , while Step 3 is performed in the
completion phase of the audit.
Step 1 Determine the Overall Materiality – Financial Statement Level
The auditor should determine the amount of misstatement that could be
material to the financial statements taken as a whole. If the materiality level
is set too low, auditor will be wasting his time auditing accounts that are not
important. However, if materiality level is set too high, auditor may not be able
detect misstatements that could be material to some readers of the financial
statements.
When establishing overall materiality at the financial statement level, the
auditor should consider that the financial statements are interrelated – that is, a
misstatement in one financial statement usually affects the other statements.
For this reason, the auditor should consider materiality in terms of the smallest
aggregate level of misstatement that could distort any one of the financial
statements.
A common method of estimating the overall materiality at the financial
statement level is to multiply a financial statement base (total asset, sales, or
net income) by a certain percentage.
Step 2 Determine the tolerable misstatement – Account Balance Level
Once the overall materiality has been established, the auditor determines
materiality at the account balance level. This is done by allocating the overall
materiality to the financial statement account balances. This allows the
auditor to design the appropriate audit procedures that will be applied to
specific accounts. The allocated materiality to an account is called the
tolerable misstatement for that account.

The professional standards do not provide specific guidelines as to how the

allocation should be done. This process is highly subjective and requires the
exercise of great deal of professional judgment.
Step 3 Compare the aggregate amount of uncorrected misstatements with the
overall materiality.
After performing audit procedures, the auditor will have to compare the
aggregate uncorrected misstatements with the overall materiality (preliminary
estimate of materiality or revised materiality level) to determine whether or not
the financial statements are materiality misstated. Before an unmodified opinion
can be issued, the auditor must be confident that the combined uncorrected
misstatements do not exceed the overall materiality level.
 Performance Materiality
Planning the audit solely based on the materiality guidelines discussed in the
proceeding section leaves no margin for possible undetected misstatements.
When auditing financial statements, it is common for auditors to exercise
prudence by setting materiality at an amount lower than the overall
materiality. By using a lower level of materiality in the performance of the
audit, the extent of the audit procedures is increased thereby reducing the
risk that the amount of uncorrected and undetected misstatements will exceed
the overall materiality which the auditors use both at the financial statement
and account balance level is called the “performance materiality”.
The determination of performance materiality involves the exercise of
professional judgment. It is affected by the auditor’s understanding of the entity,
updated during performance of the risk assessment procedures; and the nature
and extent of misstatements identified in previous audits thereby the auditor’s
expectations in relation to misstatements in the current period. Also, the level of
performance materiality can be set at different levels for different accounts.
 Bases that can be used to determine the materiality level
Since audit planning is often performed before year-end, annual financial
statements are usually not available . As a result, the auditor uses alternative
bases to compute for the preliminary estimate of materiality, such as:
 Annualized interim financial statements;
 Prior year financial statements; or
 Budget financial statements of the current year.
Adjustments should be made to the preliminary estimates of materiality as the
year-end financial statement account balances become available.
 AUDIT RISK
The audit of financial statements is not guarantee that all material
misstatements in the financial statements are detected. Due to the inherent
limitations of the audit, there is always a risk that the auditor may not be able
detect material misstatements in the financial statements, the auditor’s
responsibility is to design the audit to provide reasonable assurance that the
financial statements taken as a whole are free from material misstatements.
The concept of reasonable assurance mans that the auditors accepts some level
of uncertainty in performing the audit function. The auditor’s objective is not to
eliminate this risk but to reduce the risk an acceptably low level by applying
effective audit procedures.
When designing substantive tests, the auditor should consider three main issues:
1. What level of assurance does the auditor wish to attain that the susceptibility
of the account to material misstatement? As this level of assurance increases,
the scope of the auditor’s substantive test increases;
2. How susceptible is the account to material misstatement? As the susceptibility
of the account to material misstatement increases, the scope of the auditor’s
substantive tests also increases; and
3. How effective is the client’s internal control in preventing or detecting
misstatements? As the effectiveness of the client’s internal control increases, the
scope of auditor’s substantive tests decreases.
These three issues are the preliminary basis for the development of the audit risk
model:
Audit Risk = Inherent Risk * Detection Risk
 Audit risk refer to the risk that the auditor might give an inappropriate audit
opinion on the financial statements. This occurs when the auditor concludes
that the financial statements are fairly presented when they are, in fact
materially misstated.
Audit risk is the complement of audit assurance. A 5% audit risk means that there
is 95% assurance or confidence level that the opinion expressed by the auditor of
the financial statements is appropriate in the circumstances.
The auditor’s judgment about the acceptable level of audit risk is influenced by
the type of client. For example, auditors will choose a lower level for public
companies over private companies because more users depend on the financial
statements of publicly-held companies. In general, as the acceptable level of
audit risk decreases, the amount of audit evidence needed to support the
auditor’s opinion increases.
 Inherent risk is the susceptibility of an account balance or class of
transactions to a material misstatement assuming that there were no related
internal controls. This concept recognizes that some account balances, by
nature, are more susceptible to misstatement than others.
PSA 315 requires the auditor to assess inherent risk at the financial statement
and account balance or transaction class levels. Factors that may influence the
auditor’s assessment of the risk of misstatement at the financial statement level
include:
1. The management integrity;
2. Management Characteristics (e.g. profitability of the entity toward financial
reporting);
3. Operating Characteristics (e.g. profitability of the entity relative to its
industry is inadequate) and
4. Industry Characteristics (e.g. the industry is experiencing a large number of
business failures)
Factors affecting inherent risk at the account balance level may
include the following:
1. Susceptibility of the account to theft:
2. Complexity of calculations related to account;
3. The complexity underlying transactions and other events; and
4. The degree of judgment involved in determining account
balances.

As the assessed level of inherent risk increases, the auditor

should design more effective substantive procedures.

o Control risk is the risk that a material misstatement that could

occur in an account balance or class of transactions will not be
prevented or detected, and corrected in a timely manner by
accounting and internal control systems. Control risk is directly
related to the condition of the entity’s internal control system.
If the entity’s internal control is effective, then the risk that
the control will fail to detect or prevent material
misstatement (control risk) decreases.
Holding other planning considerations equal, as the assessed
level of control risk increases, the auditor should design
more effective substantive procedures.

o Detection risk is the risk that an auditor may not detect a

material misstatement that exists tin an assertion. As regard
to minimizing this risk, the auditor relies primarily on
substantive tests. The more effective the substantive test
are, the lower the detection risk will be.

Detection risk is the complement of the assurance provided

by substantive tests. Hence, as the acceptable level of
detection risk decreases, the assurance provided by
substantive tests should increase with the application of more
effective substantive procedures.
o Steps in using the audit risk model

Step 1 set the Acceptable Level of Audit Risk.

There are no specific guidelines for setting individual audit

risk. The auditor uses professional judgment in determining
the risk of accepting an assertion as fairly stated when in fact
it is materially misstated. The auditor should plan the audit in
such a way that, after performing audit procedures, an opinion
can be issued on the financial statements at a low level of
audit risk.

It is to be emphasized that it is the auditor, not the entity

being audited, who determines the acceptable level of audit
risk. The lower the level of acceptable audit risk, the higher
the desired level of assurance/certainty, and vice versa.
Step 2 Asses the Level of Inherent Risk

Every account or assertion has built-in risk of being misstated.

However, there are some accounts that, by nature, are more likely
to be misstated compared to other accounts. These are the
accounts that have high inherent risks. Client that may affect risk
of a material misstatement for a particular account. In making this
assessment, the auditor relies primarily on the knowledge of the
entity, and the results of preliminary analytical procedures.

Step 3 Assess the Level of Control Risk

As stated earlier, control risk is the risk that the client’s internal
control may not detected or prevent a material misstatement.
Assessment of control risk would involve studying and evaluating
the effectiveness of the client’s internal control systems.
Step 4 Determine the Acceptable Level of Detection Risk

Based on the acceptable audit risk level (Step 1) and the auditor’s
assessment of inherent and control risks (Step 2 and 3), the
auditor determines the acceptable level of detection risk. By
rearranging the audit risk model,

Audit Inherent Control Detection

Risk= Risk * Risk * Risk

The acceptable level of detection risk can be determined as

follows:

Acceptable level = Acceptable level of Audit Risk

Of Detection Risk Inherent Risk * Control Risk
For this equation, we can conclude that for a given level of
Audit Risk, there is an inverse relationship between the
Acceptable level of Detection Risk and the assessed level of
Inherent and Control Risks.

Step 5 Design Substantive Tests.

Designing substantive tests depends on the acceptable level of

detection risks; after giving consideration to the assessment of
inherent and control risks. As the acceptable level of
detection risks decreases, the assurance provided by
substantive tests increases. In order to achieve that high
level of assurance, the auditor will have to modify the nature,
timing and extent of substantive tests as follows:
 Performing more effective substantive procedures; (nature)
 Applying the substantive procedures at year-end (timing); or
 Using larger sample size (extent) when performing substantive
procedures.

o Relating inherent, control, and detection risk to the overall

audit risk

Of the three components, only the detection risk can be

controlled by the auditor. Inherent and control risks are functions
of management and its environment, and as such, the auditor
cannot change their levels. The auditor can only assess the levels
inherent and control risk. Detection risk, in contrast, is a function
of the auditor which can be controlled by the auditor by
modifying the nature, timing and extent of substantive tests.
o Relationship between materiality and risk

When planning the audit, the auditor considers what would

make the financial statements materially misstated. The
auditor’s assessment of materiality, related to specific
account, helps the auditor select audit procedures that can be
expected to reduce audit risk to an acceptable level.

There is an inverse relationship between materiality and the

level of audit risk, that is, the higher the materiality level,
the lower the audit risk and vice versa.

The auditor takes the inverse relationship between materiality

and audit risk into account when determining the nature,
timing and extent of audit procedures.
 Reducing the assessed level of control risk, where this is
possible, and supporting the reduced level by carrying out
extended or additional tests of control; or
 Reducing detection risk by modifying the nature, timing and
extent of planned substantive tests.

 Risk Assessment Procedures

The procedures performed by auditors to obtain an understanding

of the entity and its environment including its internal control
and to assess the risks of material misstatements in the financial
statements are called “risk assessment procedures”. These include
the following:

a. Inquiries of management and others within the entity

b. Analytical procedures; and
c. Observation and inspection.
 ANALYTICAL PROCEDURES

Analytical procedures involve analysis of significant ratios and

trends, including the result investigation of fluctuations and
relationships that are inconsistent with other relevant
information or deviate from predicted amounts. A basic
premise underlying the use of analytical procedures is that
plausible relationship among data may reasonably be expected
to exist and continue in the absence of known conditions to
the contrary.

PSA requires the auditor to use analytical procedures in the

planning and overall review stages of the audit. In the
planning stage of the audit, the application of analytical
procedures helps the auditor in assessing the risk of material
misstatements in the financial statements.
o Steps in Applying Analytical Procedures

Analytical procedures help the auditor in identifying unusual

transactions and events that may indicate possible misstatement
of the financial statements. Application of analytical procedures
involves the following steps:

Step 1 Develop expectations regarding statements using:

 Prior year’s financial statements

 Anticipated results such as budgets or forecasts
 Industry averages or financial statements of other entities
operating within the same industry.
 Non-financial information relevant to the financial statements
 Typical relationships among financial statement accounts
balances.
Step 2 Compare the expectations with the financial
statements under audit.

The auditor compares the financial statements with the

expectations to identify significant fluctuations that are
inconsistent with the auditor’s expectations. This step allows
the auditor to identify unusual or unexpected balances in the
financial statements which may indicate risk of material
misstatement.

Step 3 Investigate significant unexpected differences (unusual

fluctuations) to determine whether financial statements
contain material misstatements.

Investigation of unusual fluctuations ordinarily begins with

inquiries of management responses and applying other
appropriate audit procedures.
o Uses of analytical procedures

Analytical procedures may be used for the following purposes:

 As a planning tool, to determine the nature, timing, and
extent of other auditing procedures;
 As a substantive test to obtain corroborative evidence
about particular assertions related to the account balance
or transaction class; or
 As an overall review of the financial statements in the
completion phase of the audit.
o Analytical procedures in planning an audit

Analytical procedures used in planning an audit should focus

on:
 Enhancing the auditor’s understanding of the client’s
business; and
 Identifying areas that may represent specific risks.

The auditor’s understanding of the client’s business enables

the auditor to develop certain expectations regarding the
client’s financial position and performance during the period.
If the figures reflected in the financial statements do not
conform to the auditor’s expectations, questions can be raised
about the reliability of the financial statements or about the
accuracy of information obtained about the entity’s business.
Thus, analytical procedures performed in planning phase of the
audit are useful for confirming or challenging the auditor’s
understanding of the client’s business.
 Documenting the Audit Plan
The final step in the planning process is the documentation of
the audit planning process by preparing an overall audit plan,
audit program, and time budget.

 Audit Plan
An audit plan is an overview of the expected scope and
conduct of the audit. The overall audit plan sets out in broad
terms the nature, timing, and extent of the audit procedures
to be performed. While the audit varies for each client, it
should be sufficiently detailed to guide in the development of
an audit program.

 Audit Program
The auditor should develop and document an audit program
setting out the nature, timing and extent of planned audit
procedures required to implement the overall audit plan.
In effect, audit program executes the audit strategy. It sets out
in detail the audit procedures to be performed in each
segment of the audit. The audit program serves as a set of
instructions to assistants involved in the audit and as a means
to control and record the proper execution of the work.

The form and content of the audit program may vary for each
particular engagement but it should always include a detailed
list of audit procedures that the auditor believes are
necessary to accomplish the audit objectives.

 Time Budget
A time budget is an estimate of the time that will spent in
executing the audit procedures listed in the audit program.
This provides a basis for estimating audit fees and assists the
auditor in assessing the efficiency of the assistants.
Changes to audit plan and program

Planning is continuous throughout the engagement because of

changes in conditions or unexpected results of audit
procedures. The overall audit plan and the audit program
should be revised as necessary during the course of the audit,
and the reasons for significant changes should be recorded.