Chapter Eight ~ Audit Planning CHAPTER EIGuy AUDIT PLANNI IG “if you go to work on your goals, your goals will go to work an you. If you go 10 work gq your plan, your plan will go to work on you. Whatever good things we build end y, building us." = Jim Rohn Learning Objectives After studying this chapter, you should be able to: State the general objective in planning an audit = Describe the standard planning procedures. = Determine how the auditor obtains an understanding of the client and its environment = Define analytical procedures and explain why they are important at the planning stage of the audit. = Discuss the contents of the audit plan and the audit program = List and explain other planning considerations. In every human undertaking or engagement, it is necessary 0 plan the course of actions before these actions are taken. Th complexity of the business of the client, its form, and its comme environment, all affect the nature and extent of the planning re PSA 300 (Redrafted) Planning an Audit of Financial Statements states: The objective of the auditor is to plan the audit so that it will performed in an effective manner." Planning an audit involves establishing the overall audit st for the engagement and developing an audit plan, in order to reduce audit risk to an acceptably low level. Planning involves “° engagement partner and other key members of the engagement =o" to benefit from their experience and insight and to enhance “e effectiveness and efficiency of the planning process. This chapter provides guidance to the auditor in making 3° examination in accordance with the generally accepted auci"d standards on the consideration and procedures applicable to pia"? and supervision, including preparing an audit program, obt2."I9 knowledge of the entity’s business, and dealing with differe' a opinion among firm personnel. Planning and supervision conte throughout the audit, and the related procedures frequently overl@? "PSA 300 (Redrafted), par. 4.Auditing and Assurance Principles Outputs of Audit Planning The auditor shall establish an overall audit strategy that sets the scope, timing and direction of the audit, and that guides the development of the audit plan. Accordingly, the main outputs of the planning stage are: * the overall audit strategy; + the overall audit plan; and + the draft audit programs detailing the work to be performed These are supported by a summary that documents the main decisions taken during planning, the information gathered in relation to the audit engagement, and the main administrative arrangements. The overall audit strategy is documented in a strategy document; oftentimes, it is combined with the overall audit plan and included in the Audit Planning Memorandum?. Major Audit Planning A Ss In establishing the overall audit strategy, the auditor shall: a, Identify the characteristics of the engagement that define its scope; b. Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required; c. Consider the factors that, in the auditor’s professional judgment, are significant in directing the engagement team’s efforts; d. Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and e. Ascertain the nature, timing and extent of resources necessary to perform the engagement. Based on the above, the following are the major audit planning activities 1. Obtaining an understanding of the client and its environment. 2. Assessing the possibility of non-compliance. 3. Establishing materiality and assessing risk. 4 5. Identifying related parties. Performing preliminary analytical procedures. The planning memorandum summarizes the decisions taken during the planning process. It communicates the main emphasis of these decisions and can be referred to by the audit team at any time during the audit. This is one of the tools used in providing proper direction to all members of ‘he audit team, See the end of this chapter for a sample audit planning memorandum.Chapter Eight ~ Audit Planning 6. Determining the need for experts. 7. Development of the overall audit strategy and detailed aucit pian 8. Preparation of preliminary audit programs. Obtain An Understanding of the Client and Its Environment PSA 300 (Redrafted) states that: The auditor shall develop an audit plan that shall include description of: (a) The nature, timing and extent of planned risk assessment procedures, as determined under PSA 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment.” (b) The nature, timing and extent of planned further audit procedures at the assertion level, as determined under PSA 330, “The Auditor's Responses to Assessed Risks.” (c) Other planned audit procedures that are required to be carried out so that the engagement complies with PSAS*. The objective of the auditor is to Identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.*. Such understanding enables the auditor to identify and understand the events, transactio and practices that, in the auditor's judgment, may have a significant effect on the financial statements, the engagement, or the oud report, The auditor should obtain knowledge about the general econom factors and industry conditions affecting the entity's bus important characteristics of the entity, its business, its fina’ performance and its reporting requirements including changes the date of the prior audit; and the general level of competence management. Table 8-1 summarizes the sources of the auditor understanding of the entity and its environment. Table 8-1 Sources of Understanding of the Entity and the Environment | | Previous experience with the entity and its industry. 2. Discussion with people with the entity (for example, directors and sen operating personnel). scussion with internal audit personnel and review of internal ® ts. audit *PSA 300 (Redrafted), par. 9 “PSA 315, par. 3Auditing and Assurance Principles cussion with other auditors and with Tegal and olher advisors who have provided services to the entity or within the industry 5. Discussion with knowledgeable people outside the enlity (for example, industry economists, industry regulators, customers, suppliers, competitors). 6. Publications related to the industry (for example, government statistics, surveys, texts, trade journals, reports prepared by banks and securities dealers, financial newspapers) 7. Legislation and regulations that significantly affect the entity. 8. Visits to the entty’s premises and plant facilities. 9. Documents produced by the entity (for example, minutes of meetings, material sent to shareholders or filed with regulatory authorities, promotional literature, prior years' annual and financial ‘reports, budgets, intemal management reports, interim financial reports, management policy manual, manuals of accounting and. intemal control systems, chart of accounts, job descriptions, marketing and sales plans) Understanding the entity and its environment and using this information appropriately assists the auditor in assessing risk and identifying problems and in planning and performing the audit effectively and efficiently. Risk Assessment Procedures The audit procedures performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, are known as risk assessment procedures. The auditor should perform the following risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control: Inquiries of management and others within the entity who in the auditor's judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error; * Analytical procedures; and ‘+ Observation and inspection Inquiries Although much of the information the auditor obtains by inquiries can be obtained from management and those responsible for financial Teporting, inquiries of other within the entity, such as production and internal audit personnel, and other employees with different levels of authority, may be useful in providing the auditor with a different Perspective in identifying risks of material misstatement. Inquiries can also be directed towards the following (see Table 8-2):Chapter Eight ~ Audit Planning ‘Table 8-2 Parties to Whom Inquiries Can be Directed To Those charged with governance may who may help the andig understand the environment in which the financial statements prepared imernal audit personnel who may relate their activities concerning the design and effectiveness of the entity’s internal control and whether management has satisfactorily responded to any findings from these activities 3. employees who are involved in initiating, processing or recording complex or unusual transactions that may help the auditor in evaluating the appropriateness of the selection and application of certain accounting policies 4, in-house legal counsel who may relate such matters as litigation, compliance with laws and regulations, knowledge of fraud or suspected fraud affecting the entity, warranties, post-sales obligations, arrangements with business partners and the meaning of contract terms marketing or sales personnel who may relate changes in the entity's marketing strategies, sales trends, or contractual arrangements with its customers. Observation and Inspection Observation and inspection may support inquiries of management and others, and also provide information about the entity and its environment. Such audit procedures ordinarily include those mentioned in Table 8-3: ‘Table 8-3 Observation and Inspection as Risk Assessment Procedures ‘Observation of entity activities and operations Inspection of documents (such as business plans and strategies). ‘°° and internal control manuals Reading reports prepared by management (such as asl ment reports and interim financial statements) and those with governance (such as minutes of board of directors’ meetings) Visits to the entity’s premises and plant facilities Tracing transactions through the information system relevant (0 1"! reporting (or walkthroughs) Analytical procedures are discussed under “preliminary procedures” within this Chapter.*PSA 315 (Redrafted) par. 11 Auditing and Assurance Principles The Required Understanding of the Entity and its Environment, The auditor's understanding of the entity and its environment consists of an understanding of the following: Industry, regulatory, and other external factors, including the applicable financial reporting framework The industry in which the entity operates may give rise to specific risks of material misstatement arising from the nature of the business or the degree of regulation. Legislative and regulatory requirements often determine the applicable financial reporting framework to be used by management in preparing the entity's financial statements. In most cases, the applicable financial reporting framework will be that of the jurisdiction in which the entity is registered or operates and the auditor is based, and the auditor and the entity will have a common understanding of that framework. In some cases there may be no local financial reporting framework, in which case the entity's choice will be severe by local practice, industry practice, user needs, or other ors. Nature of the entity An understanding of the nature of an entity enables the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements. The nature of the entity includes: + Its operations; «Its ownership and governance structures + The types of investments that the entity is making and plans to make * The way that the entity is structured and how it is financed, to enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements The entity’s selection and application of accounting policies, including the reasons for changes thereto The auditor should obtain an understanding of the entity’s selection and application of accounting policies and consider whether they are appropriate for its business and consistent with the applicable financial reporting framework and accounting polices used in the relevant industry. The understanding encompasses * the methods the entity uses to account for significant and unusual transactions;Chapter Eight — Audit Planning «the effect of significant accounting policies in controversy or emerging areas for which there is a lack of authoritative guidance or consensus; and + changes in the entity’s accounting policies. Objectives and strategies and the related business risks that may result in risks of material misstatement To respond to industry, regulatory and other internal and externa business factors, entity management and those charged with governance define objectives®. Strategies are the operational approaches by which management intends to achieve its objectives, Business risks result. from significant conditions, events, circumstances, actions or inactions that could adversely affect the entity’s ability to achieve its objectives and execute its strategies, or through the setting of inappropriate objectives and strategies. Business risk Is broader than the risk of material misstatement of the financial statements, though it includes the latter. Business risk particularly may arise from change or complexity, though a failure to recognize the need for change may also give rise to risk. Change may arise, for example, from the development of new products that may fail; from an inadequate market, even if successfully developed; or from flaws that may result in liabilities and reputational risk, An understanding of business risks increases the likelihood of identifying risks of material misstatement. However, the auditor does not have a responsibility to identify or assess all business risks. Most business risks will eventually have financial consequences and, therefore, an effect on the financial statements. However, not all business risks give rise to risks of material misstatement. A business risk may have an immediate consequence for the risk of misstatement of the financial statements, and a longer-term consequence (for example, an effect on the going concern assumption). Measurement and review of the entity’s financial performance. Performance measures and their review indicate to the audit aspects of the entity's performance that management and othe’ consider to be of importance. Performance measures, whether ex! or internal, create pressures on the entity that, in turn, may management to take action to improve the business performance 0” ‘° misstate the financial statements. Obtaining an understanding of the entity’s performance meas’ assists the auditor in considering whether such pressures resul' management actions that may have increased the risks of mat misstatement. Internal control. This refers to the process designed and effected by those char with governance, management, and other personnel to pro’ ide reasonable assurance about the achievement of the entity’s object'¥* ° Objectives are the overall plans for the entityAuditing and Assurance Principles with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. Internal control is covered in Chapter Nine. Assessing the Possibility of Non-Compliance The term “noncompliance” as used in PSAs refers to acts of omission or commission by the entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or regulations’. Such acts include transactions entered into by, or in the name of, the entity or on its behalf by its management or employees. Some laws and regulations may give rise to business risks that have a fundamental effect on the operations of the entity, or on its ability to continue as a going concern. In order to plan the audit, the auditor should obtain a general understanding of the legal and regulatory framework applicable to the entity and the industry and how the entity is complying with that framework®. Table 8-4 Procedures for Obtaining a General Understanding of the Legal and Regulatory Framework Use the existing understanding of the entity's industry, regulatory and other external factors; Inquire of management concerning the entity’s policies and procedures regarding compliance with laws and regulations; Inquire of management as to the laws or regulations that may be expected to have a fundamental effect on the operations of the entity: Discuss with management the policies or procedures adopted for identifying, evaluating and accounting for litigation claims and assessments; and Discuss the legal and regulatory framework with auditors of subsidiaries in other countries. Establishing Materiality and Assessing Risk When establishing the overall audit strategy, the auditor shall determine materiality for the financial statements as a whole. If, in the specific circumstances of the entity, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements, the auditor shall also determine the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. -gulations in an Audit of Financial StatementsChapter ght — Audit Planning ‘The auditor shall determine performance materiality for purpo, of assessing the risks of material misstatement and determining s<° ature, timing and extent of further audit procedures. e Planning the audit solely to detect individually mater misstatements overlooks the fact that the aggregate of individual Immaterial misstatements may cause the financial statements to pf materially misstated, and leaves no margin for possible undetecteq misstatements. Performance materiality is set to reduce to an Sppropriately low level the probability that the aggregate of Uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole. Similar, performance materiality relating to a materiality level determined for a particular class of transactions, account balance or disclosure is set to Feduce to an appropriately low level the probability that the aggregate ‘of uncorrected and undetected misstatements in that particular class of transactions, account balance or disclosure exceeds the materiality level for that particular class of transactions, account balance or disclosure. The determination of performance materiality is not a imple mechanical calculation and involves the exercise of professional judgment. It is affected by the auditor’s understanding of the entity, updated during the performance of the risk assessment procedures; and the nature and extent of misstatements identified in previous audits and thereby the auditor’s expectations in relation to misstatements in the current period, Steps in Applying Materiality® The following steps are used in applying materiality: During Planning 1. Establish a preliminary judgment about materiality 2. Determine tolerable misstatement At Audit Completion 3. Estimate likely misstatements and compare the totals to the preliminary judgment about materiality. Establish a Preliminary Judgment About Materiality ‘The preliminary judgment or estimate about materiality Fer the maximum amount by which a set of financial statement © misstated and still not cause the auditor to believe that the dec's!° of reasonable users would be affected. ns AASC-issued standards do not require that the Pp judgment be quantified; however, it is common to document # range in actual practice. The size of the client company affects the preliminary about materiality. Consider this example: a P140,000 misst * With material from Messi Approac William F., Jr, et al, Auditing and Assurance Services -h, de, pp. 110-116 .Auditing and Assurance Principles might be considered highly material for a medium-sized company, but would be immaterial for a large, billion-dollar conglomerate. In quantifying materiality, the auditor usually establishes a base (or bases) that, when multiplied by a percentage factor, determines the preliminary judgment about materiality. The materiality criteria often used by selected practicing auditors ai Percentage effect on net income before taxes percentage effect on total revenues Percentage effect on total assets"? The resulting materiality amount in pesos is known as planning materiality. This amount may be adjusted for qualitative factors that may be relevant to the audit (such as a quantitatively immaterial illegal payment or an immaterial misstatement, which violates existing laws and regulations). The most common quantitative materiality criterion used by practicing auditors has been the percentage effect on net income. Although many auditors differ as to what percentage is material, most agree that combined error of less than five percent of net income is normally immaterial, and combined error of more than ten percent is normally material. Determine the Tolerable Misstatement (Performance Materiality) Tolerable misstatement is the amount of planning materiality that is allocated to an account balance or class of transactions", The Process of allocation may be done judgmentally or using formal quantitative approaches. Example: During the audit of the 2015 financial statements of Gel Company, the audit partner determined that planning materiality is set at 10% of total assets (Total assets at December 31, 2015 is 25,000,000). For simplicity, assume that there are no other assets except as presented below: Tolerable Account Balance Misstatement Cash P 1,000,000 Trading securities 5,000,000 Accounts receivable 7,000,000 Inventories 100,000 151,000 25,000,000 250,000 "Other bases may be net income from continuing operations, gr0ss profit, or average of several {Wsually three) years” net income before taxes (Messier, et al., pt11). " An account balance represents an individual line item in the financial statements, such as cash and cash equivalents, loans and receivables, etc. A class of transactions refers to a type of transaction processed by the client's accounting system, such as sales transaetions and purchasing transactions,Chapter Eight ~ Audit Planning Notice that the tolerable misstatement is not assigned proportionately practice, professional judgment is used in determining the amount 1o per account, For large CPA firms, strict guidelines and methods are being used in computing tolerable misstatement In assign Quantitative The tolerable misstatement is used as follows: For cash, the amount of misstatements that can be tolerated amounted to P2,500. If the amount of misstatements exceeds P2,500, the auditor should consider performing additional procedures to reduce audit risk, or ask management to adjust ihe misstatements, The Effect of Materiality on Audit Procedures The amount of tolerable misstatement assigned to an account balance or class of transactions affects the extent of audit procedures performed for the said account or class of transaction. The lower the tolerable misstatement, the more extensive the required audit procedures. As an extreme case, assume that tolerable misstatement for accounts payable is zero. This means that any amount of misstatement in accounts payable, even a one centavo misstatement, can affect the decision of users of financial statements. Consequently the auditor would have to test every transaction making up the account. The concept of mater recognizes that auditors work within constraints of time and cost. Thus, the auditor (and financial statement users) must permit a reasonable allowance for error in the financial statement accounts. Estimate Likely Misstatements and Compare Totals to the Preliminary Judgment about Materiality Toward the end of an engagement, after all audit evidence been gathered and evaluated, an auditor again considers materiality by comparing the combined misstatements for all accounts wit!) the preliminary (or revised) estimate for the entire set of financi statements taken as a whole. In evaluating whether the financial statements are prepare material respects, in accordance with an applicable financial repo! framework, the auditor should assess whether the aggregate uncorrected misstatements that have been identified during the a! is material. The aggregate of uncorrected misstatements (also known as /ik misstatements) comprises: 1. Specific misstatements identified by the auditor including the net effect of uncorrected misstatements identified during the audit Previous periods; 2. The auditor's best estimate of other misstatements which cannot be specifically identified (i.e., projected errors).Auditing and Assurance Principles If the aggregate of the uncorrected misstatements that the auditor has identified approaches the performance materiality level, the auditor would consider whether it is likely that undetected misstatements, when taken with aggregate uncorrected misstatements could exceed materiality level, Thus, as aggregate uncorrected misstatements approach the materiality level the auditor would consider reducing audit risk by performing additional audit procedures or by requesting management to adjust the financial statements for identified misstatements. Assessing the Risks of Material Misstatement In assessing the risk of material misstatements (inherent risk and control risk) both at the financial statement and assertion level, the auditor is required to perform the following: 1. Identify risks by considering the understanding of the entity and its environment, (including relevant controls), and by considering the classes of transactions, account balances, and disclosures in the financial statements. 2. Relate the identified risks to what can go wrong at the assertion level; and 3. Consider whether the risks are of a magnitude that could result in amaterial misstatement of the financial statements" Assessment of Inherent Risk To assess inherent risk, the auditor uses professional judgment to evaluate numerous factors, examples of which are presented in Tables 8-5 and 8-6: Table 8-5 Factors Considered in Assessing Inherent Risk — tement Level inancial The integrity of management 2, Management experience and knowledge and changes in management during the period. 3. Unusual pressures on management (e.g. circumstances that_ might predispose management to misstate the financial statements, such asthe industry experiencing a large number of business failures oran entity that lacks sufficient capital to continue operations) 4. The nature of the entity's business, (e.g, the potential for technological obsolescence of its products and services, the complexity of its capital structure, the significance of related parties and the number of locations and geographical spread of its production facilities) 5. Factors affecting the industry in which the entity operates, (¢ economic and competitive conditions as identified by financial trends ‘and ratios, and change in technology, consumer demand and accounting practices common to the industry.) | PSA 315, par, 100,Chapte oy Eight — Audit Planning Table 8-6 ; Factors Considered in Assessing Inherent Risk — Account Balance 1 i Class of Transactions Level nd T Financial statement accounts likely to be susceplible (0 misstateman such as those which required adjustment in the prior period or which involve a high degree of estimation. 2 Complesity of underlying transactions and other events which mighy require using the work of an expert. 3. Degree of judgment involved in determining account balances 4. Susceptibility of assets to loss or misappropri 5S. Completion of unusual and complex transactions, particularly at or near period-end. Transactions not subjected to ordinat Assessment of Control Risk Management often reacts to inherent risk situations by designing internal control systems to prevent or detect and correct misstatements. The amount of substantive test procedures and related audit work in an engagement often depends on the extent of reliance that the auditor places on the internal control system of the company. During audit planning, the auditor obtains an overall “fee!” of the situation by determining, on a preliminary basis, the major areas where the audit work will place reliance on internal controls. Specifically, this means identification of major transaction cycles (2.9. revenue and receipts, purchasing and disbursement, payll conversion, investing and financing cycles), and the controls put In place to reduce the risks of material misstatements. Generally, the more reliable internal controls are, the les substantive test procedures to apply in auditing year-end account balances. Exhibit 8-1 shows a figurative representation of the assessment of inherent and control risk: Exhibit 8-1 Assessment of Inherent k and Control Risk Obtain an understanding of the entity and its environment ‘Obtain an understanding of the intemal control structure Obtaining an understanding of the internal control system ° making the preliminary control iscusse ae a ry risk assessment are dis The assessment of inherent é rent risk and control risk may be exPr® quantitatively or qualitatively. Of concern to the auditorAuditing and Assurance Principles presence of significant risks, since these requi it orrsideration. quire special audit ks Significant Determination and assessment of significant risks", which arise on most audits, is a matter of the auditor's professional judgment. In exercising this judgment, the auditor should consider the following. 1. Whether the risk is a risk of fraud. 2, Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention. 3. The complexity of transactions. Whether the risk involves significant transactions with related parties. 5. The degree of subjectivity in the measurement of financial information related to the risk especially those involving a wide range of measurement uncertainty. 6. Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual. Significant risks often relate to significant non-routine transactions and judgmental matters. Non-routine transactions are transactions that are unusual, either due to size or nature, and that therefore occur infrequently. Judgmental matters may include the development of accounting estimates for which there is significant measurement of uncertainty. If management has not appropriately responded by implementing controls over significant risks and if, as a result, the auditor judges that there is material weakness in the entity’s internal control, the auditor communicates this matter to those charged with governance and also considers the implications for the auditor's risk assessment The Effect of Audit Risk on Audit Procedures The higher the combined assessments of inherent and control risks, the lower the amount of detection risk that can be accepted. The lower the acceptable detection risk, the greater the amount of audit procedures to be performed in order to reduce the chances of not detecting misstatements. The Relationship Between Audit Risk and Materiality ‘ hat would make When planning the audit, the auditor considers w : the financial" statements | materially misstated. | The auditor’ understanding of the entity and its environment establishes a (fant & reference within which the auditor plans the audit and ex: Se ewes a a iniicant risk is defined as “a risk that rev Ibook, Glossary of Terms) os special audit consideration” (2014 IASBChapter Eight ~ Audit Planning professional judgment about assessing the risks of materia misstatement of the financial statements and responding to those se throughout the audit. Tt also assists the auditor to establish materiins and in evaluating whether the judgment about materiality remait” appropriate as the audit progresses. The auditor's assessment ny materiality, related to classes of transactions, account balances, af disclosures, helps the auditor decide such questions as what items t, examine and whether to use sampling and substantive analytics, procedures. This enables the auditor to select audit procedures that im combination, can be expected to reduce audit risk to an acceptably io level. There is an inverse relationship between materiality and the level of audit risk, that is, the higher the materiality level, the lower the audit risk and vice versa. The auditor takes the inverse relationship between materiality and audit risk into account when determining the nature, timing and extent of audit procedures. For example, if, after planning for specific audit procedures, the auditor determines that the acceptable materiality level is lower, audit risk is increased. The auditor would compensate for this by either: 1, Reducing the assessed risk of material misstatement, where this is Possible, and supporting the reduced level by carrying out extended or additional tests of control; or 2, Reducing detection risk by modifying the nature, timing and extent of planned substantive procedures. Materiality and Audit Risk in Evaluating Audit Evidence The auditor's assessment of materiality and audit risk may be different at the time of initially planning the engagement from at the time of evaluating the results of audit procedures. This could be because of a change in circumstances or because of a change in the auditor's knowledge as a result of performing audit procedures. For example, if audit procedures are performed prior to period end, the auditor will anticipate the results of operations and the financial Position. If actual results of operations and financial position substantially different, the assessment of materiality and audit may also change. Additionally, the auditor may, in planning the work, intentionally set the acceptable materiality level at a lower than is intended to be used to evaluate the results of the audit may be done to reduce the likelihood of undiscovered misstatements and to provide the auditor with a margin of safety when evaluating effect of misstatements discovered during the audit. Identifying Related Part The auditor needs to have a suffi and its environment to enable identification of the events, transactio" and practices that may result in a risk of material misstateme regarding related parties and transactions with such parties. icient understanding of the entityAuditing and Assurance Principles A related party transaction is a transfer of resources, services or obligations between related parties, regardless of whether a price Is charged ‘Table 8-7 Related Parties** ‘A party is related to an entity 1 1. Directly, or indirectly through one or more intermediaries, the party Controls, is controlled by, or is under common control with, the entity (this includes parents, subsidiaries and fellow subsidiaries); Has an interest in the entity that gives it significant influence over the entity; or Has joint control over the entity; The party is an associate of the entity; The party is a joint venture in which the entity is a venturer; The party is a member of the key management personnel of the entity or its parent; The party is a close member of the family of any individual referred to in Lor 4; The party is an entity that is controlled, jointly controlled or significantly influenced by, or for which significant voting power in such entity resides with, directly or indirectly, any individual referred to in 4 or 5; or The party is a post-employment benefit plan for the benefit of employees of the entity, or of any entity that is a related party of the entit While the existence of related parties and transactions between such parties are considered ordinary features of business, the auditor needs to be aware of them because: 1, The applicable financial reporting framework may require disclosure in the financial statements of certain related party relationships and transactions, such as those required by PAS 24; 2. The existence of related parties or related party transactions may affect the financial statements. For example, the entity’s tax liability and expense may be affected by the tax laws in various ns which require special consideration when related Parties exist; 3. The source of audit evidence affects the auditor's assessment of its reliability. Generally a greater degree of reliance may be placed on audit evidence that is obtained from or created by unrelated third parties; and A related party transaction may be motivated by other than ordinary business considerations, for example, profit sharing or even fraud. Related parties may be identified by inquiries of management and predecessor auditors and by reviews of stockholder listings, and material investment transactions. ee SRE eee PSA 550 covers related parties and related party transactionsChapter Eight — Audit Planning Perform Analytical Review Procedures ‘Analytical procedures refer to evaluations of financial information made by a study of plausible relationships among both financial ang non-financial data. Analytical procedures encompass the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts'’, These procedures are required to be performed in the planning and in the final review stages of the audit, but not as substantive test procedures in gathering audit evidence. Analytical Procedures During the Planning Stage The primary objective in performing analytical procedures in the planning stage of the audit, is to enhance the auditor's understanding of the client, its business and the industry in which the client operates and to identify areas of potential risk’®. Table 8-8 Examples of Analytical Procedures at the Planning Stage T. Study of the changes in a given account balance, item, or element over prior accounting periods with expectations for the current year; 2. Comparison of financial information with anticipated results (for ‘example, budgets and forecasts); 3. Study of the relationships between account balances over time or among firms in a given industry; 4, Comparison of simple computations or series of computations th develop an estimate for a given account balance, item, or element (for example, proof-in-total or reasonableness test 5. Study of the relationship of financial information with non-fine format The basic premise underlying the application of ana procedures is that relationships among data may reasonably © expected to exist and to continue to exist in the absence of conditions to the contrary. Particular conditions that can “als variations in these relationships include, for example, specific un su! transactions or events, accounting changes, business changes; ‘2 fluctuations or misstatements. Analytical procedures may be helpful in identifying the ex! unusual transactions or events, and amounts, ratios, and tre" might indicate matters that have financial statement nd @ implications. ‘A 520, Analytical Procedures, par. 3 © PSA 520, par, 8 states that “The auditor should apply analytical procedures as risk assess procedures to obtain an understanding of the entity and its environment. Application of an procedures may indicate aspects of the entity of which the auditor was unaware and will 35 assessing the risks of material misstatement in order to determine the nature, timing ane! exe" °! further audit procedures.”Auditing and Assurance Principles In. performing analytical procedures as risk assessment procedures, the auditor develops expectations about plausible relationships that are reasonably expected to exist. When comparison of those expectations with recorded amounts or ratios developed from recorded amounts yields unusual or unexpected relationships, the auditor considers those results in identifying risks of material misstatement. However, when such analytical procedures use data aggregated at a high level (which is often the situation), the results of those analytical procedures only provide a broad initial indication about whether a material misstatement may exist Accordingly, the auditor considers the results of such analytical procedures’ along with other information gathered in identifying the risks of material misstatement!”. Determining the Need for Auditor's Expert The auditor is not expected to have the expertise of a person trained for or qualified to engage in the practice of another profession or occupation, such as an actuary or engineer. During the course of the audit, the auditor may require audit evidence in the form of reports, opinions, valuations and statements of an auditor’s expert. Examples include the situations mentioned in Table 8-9. An expert may be contracted/employed by the entity or by the auditor. Table 8-9 Situations Which May Warrant the Use of An Auditor's Expert T. Valuations of certain types of assets, for example, land and buildings, plant and machinery, works of art, and precious stones. 2. Determination of quantities or physical condition of assets, for example, minerals stored in stockpiles, underground mineral and petroleum reserves, and the remaining useful life of plant and machinery 3. Determination of amounts using specialized techniques or methods, for example, an actuarial valuation. 4, The measurement of work completed and to be completed on contracts in progress. . 5. Legal opinions concerning interpretations of agreements, statutes and regulations. When determining the need to use the work of an auditor’s expert, the auditor would consider: 1. The engagement team’s knowledge and previous experience of the matter being considered; 2. The risk of material misstatement based on the nature, complexity, and materiality of the matter being considered; and eee las Bie Ria A Paraphrased from PSA 315, par. A16. Ee sean. 18 Expert means a person of firm possessing special skill, knowledge and expe field other than accounting and auditing jee in a particularChapter Eight ~ Audit Planning 3. The quantity and quality of other audit evidence expected to y obtained. © When planning to use the work of an auditor's expert, the auditor should evaluate the professional competence of the expert. This yi involve considering the expert's professional certification or licensing by, or membership in, an appropriate professional body. it als, involves considering the expert's experience and reputation in the fieig in which the auditor is seeking audit evidence. The auditor should evaluate the objectivity of the expert, since the risk that an expert's objectivity will be impaired increases when the expert is: 1, Employed by the entity; or 2. Related in some other manner to the entity, for example, by being financially dependent upon or having an investment in the entity. If the auditor is concerned regarding the competence or objectivity of the expert, the auditor needs to discuss any reservations with managément ‘and consider whether sufficient appropriate audit evidence can be obtained concerning the work of an expert. The auditor may need to undertake additional audit procedures or seek audit evidence from another expert. Development of the Audit Strategy Establishing the audit strategy involves designing optimized audit approaches that seek to achieve the necessary audit assurance at the lowest cost within the constraints of the information available. Aucit procedures should be relevant to the important assertions, and a5 cost-effective as possible to perform. The overall audit strategy sets the scope, timing and dire the audit, and guides the development of the more detailed audit The establishment of the overall audit strategy involves: 1. Determining the characteristics of the engagement that defin« scope; 2. Ascertaining the reporting objectives of the engagement to the timing of the audit and the nature of the communicat 0" required; and 3. Considering the important factors that will determine the foc direction of the engagement team’s efforts. Many audits of small entities invoive the audit engagement part! working with one engagement team member. With a smaller (©2"" coordination and communication between team members are 2°) Establishing the overall audit strategy for the audit of a small © need not be a complex or time-consuming exercise. A » memorandum prepared at the completion of the previous audit, 0 She otal at the working papers and highlighting issues identified fe audit just completed, updated and changed in the current peroAuditing and Assurance Principles based on discussions with the owner-manager, can serveas the basis for planning the current audit engagement. Scope of an Audit Engagement The scope of an audit engagement includes the following: 1, The financial reporting framework on which the financial information to be audited has been prepared, including any need for reconciliations to another financial reporting framework. 2, Industry-specific reporting requirements such as reports mandated by industry regulators. 3. The expected audit coverage, including the number and locations of components to be included. 4. The nature of the control relationships between a parent and its components that determine how the group is to be consolidated. 5. The extent to which components are audited by other auditors. 6. The nature of the business segments to be audited, including the need for specialized knowledge. 7. The reporting currency to be used, including any need for currency translation for the financial information audited. 8. The need for a statutory audit of standalone financial statements in addition to an audit for consolidation purposes. 9, The availability of the work of internal auditors and the extent of the auditor's potential reliance on such work. 10. The entity’s use of service organizations and how the auditor may obtain evidence concerning the design or operation of controls performed by them. 11. The expected use of audit evidence obtained in prior audits, for example, audit evidence related to risk assessment procedures and tests of controls. 12.The effect of information technology on the audit procedures, including the availability of data and the expected use of computer-assisted audit techniques. 13. The coordination of the expected coverage and timing of the audit work with any reviews of interim financial information and the effect on the audit of the information obtained during such reviews. 14. The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity. 15. The availability of client personnel and dataChapte £ factored in when establishing the audit strategy. consideration of the following: 1. The entity's timetable for reporting with government a 2. The organizal ight — Audit Planning Reporting Objectives, Timing of the Audit and Nature op Communications. Reporting objectives, timetable and communications are alsg This includes i gencies, those charged with governance, and the audit committee, such ag at interim and final stages of the audit. \n of meetings with management and those charged with governance to discuss the nature, extent and timing of the audit work. 3. The discussion with management and those charged with governance regarding the expected type and timing of reports to be issued and other communications, both written and oral, including the auditor's report, management letters and communications to those charged with governance. 4, Communication with auditors of components regarding the expected types and timing of reports to be issued and other communications in connection with the audit of components. 5. The expected nature and timing of communications among engagement team members, including the nature and timing of team meetings and timing of the review of work performed 6. Whether there are any other expected communications with third parties, including any statutory or contractual reporting responsibilities arising from the audit. Direction of the Audit The direction of an audit refers to the focus of the engagement team’s efforts. This includes the following: 1, With respect to materiality: © Setting materiality for planning purposes. © Setting and communicating materiality for auditors components. © Reconsidering materiality as audit procedures are perform during the course of the audit © Identifying the material components and account balances: Audit areas where there is a higher risk of material misstatemen ‘The impact of the assessed risk of material misstatement at th overall financial statement level on direction, supervision review 4. The selection of the engagement team (including, whe! necessary, the engagement quality control reviewer) and the assignment of audit work to the team members, including theAuditing and Assurance Principles assignment of appropriately ex perienced team members to areas where there may be higher risks of material misstatement. 5. topo apudnedau® ecialng considering the appropriate ide for areas wher risks of material misstatement. oo 6. The manner in which the auditor emphasizes to engagement team members the need to maintain a questioning mind and to exercise professional skepticism in gathering and evaluating audit evidence. 7. Results of previous audits that involved evaluating the operating effectiveness of internal control, including the nature of identified weaknesses and action taken to address them. 8. Evidence of management's commitment to the design and operation of sound internal control, including evidence of appropriate documentation of such internal control. 9, Volume of transactions, which may determine whether it is more efficient for the auditor to rely on internal control. 10. Importance attached to internal control throughout the entity to the successful operation of the business. 11. Significant business developments affecting the entity, including changes in information technology and business processes, changes in key management, and acquisitions, mergers and divestments. 12, Significant industry developments such as changes in industry regulations and new reporting requirements. 13. Significant changes in the financial reporting framework, such as changes in accounting standards. 44, Other significant relevant developments, such as changes in the legal environment affecting the entity. Development of the Detailed Audit Plan A detailed audit plan addresses the various matters identified in the overall audit strategy, taking into account the need to achieve the audit objectives through the efficient use of the auditor's resources. Although the auditor ordinarily establishes the overall audit strategy before developing the detailed audit plan, the two planning activities are not necessarily discrete or sequential processes but are closely inter-related since changes in one may result in consequential changes to the other’, The audit plan includes a description of the nature, timing and extent of risk assessment procedures, further aucit procedures (tests Be Ge Seana s a PSA:300, par. A10Chapter Fight ~ Audit Planning of controls and substantive tests) and other audit procedures to be carried out for the engagement in order to comply with poate Documentation of the audit plan also serves as a record of proper planning and performance of the audit procedures that ca"? reviewed and approved prior to the performance of further aC? | procedures. us Planning takes place over the course of the audit as the audit py for the engagement develops. For example, planning of the audi fisk assessment procedures ordinarily occurs early in the sss process. However, planning of the nature, timing and extent of specific further audit procedures depends on the outcome of those risk assessment procedures. In addition, the auditor may begin the execution of further audit procedures for some classes of transactions, account balances and disclosures before completing the more detailed audit plan of al remaining further audit procedures. Preparation of the Prel ary Audit Programs The most important control mechanism in an audit is the audit program. The audit program is a list of procedures (tests of controls or ‘substantive tests) used to gather sufficient appropriate audit evidence. For initial engagements, preliminary audit programs are not usually prepared until the client’s control structure has been reviewed and documented, since the auditor has no prior information about the client’s internal. control structure. In continuing engagements, preliminary audit programs can be drafted in advance of fieldwork, based on the auditor's prior knowledge of the client's control structure and the results of previous assessments of control risk. In most accounting firms, audit programs are already pre-printed Auditors would normally modify these printed programs to suit the client’s conditions, situations and peculiarities. There are two t audit programs: 1. Tests of controls audit program (compliance test audit progra prepared when the auditor has identified controls which he/she plans to rely on (reliance approach). Exhibit 8-2 shows a sample audit program for compliance tests. 2. Substantive test audit program - prepared regardless of approach taken by the auditor (reliance or no reliance). Exhibit 8-3 shows a sample audit program for substantive tests. pes of "Ibid. par. 15Auditing and Assurance Principles exhibit 8-2 ‘Sample Control Test Audit Program ~ Purchasing Cycle Procedure Audit Objective Done WP Ref eject inventory analysis reports used by the lent to monior inventory levels and determine whether the reports were prepared ona timely basis and appear complete Perform a walkthrough of the client's replenishment and allocation system to assess its effectiveness. ‘Select a sample of receiving reports and compare them to the corresponding journal entries and purchase orders to evaluate the effectiveness of the | systems three-way match cont ‘Obtain a copy of the findings of the Internal Audit Department regarding three-way match control Evaluate the findings of Internal Aucit. Perform a walkthrough of the supplier contract managers review of purchase returns and assess performance. Evaluate the effectiveness of the clients supplier reconciliation pracess by inspecting a sample of reconciliation and the client's resolution and follow up on any discrepancies. ‘Assess residual business risk based on resulls of control test work. Consider the aucit implications of residual risk and revise assessments as needed. ‘Consider the implications of any findings related to the client's business while performing these procedures and report the findings to management ‘and those charged with governance, as Laporopriate Sample Substantive Test Audit Program — Trade Account s Payable Procedure Done by WP Ref Oblain a summary of trade accounts payable. Trace totals per summary to the client’s general ledger. ‘Compare the balance of trade accounts payable with the balance for the prior period. For significant or unusual fluctuations, obtain explanations from client management and Supporting documentation. Oblain a detaod listing of rade accounts payable (by supper) foot and trace totals to the summary of trade accounts payable. Test the mathematical accuracy of detailed listing. Ask the client for a reconciliation of differences between the ropriety of reconciling items. ‘Summary and the detailed listing, if any. Determine the Scan the deta isting of accounis payable and investigate ‘gnificant unusual items (such as supplier's debit balances and lengeulstaning acount amine adjustments made throughout the year, neluding 5 Lpporting documents, in reconciling detailed accounts payableChapter Eight ~ Audit Planning CHAPTER EIGHT AUDIT PLANNING 0 10 work on you. you go t ‘f'you go to work on your goals, your goals will go fo work 8010 work op your plan, your plan will go to work on you. Whatever good things we build end building us.” = Jim Rohn Learning Objectives ‘After studying this chapter, you should be able to: m= State the general objective in planning an audit = Describe the standard planning procedures. = Determine how the auditor obtains an understanding of the client and its environment = Define analytical procedures and explain why they are important at the planning stage of the audit. Discuss the contents of the audit plan and the audit program. st and explain other planning considerations. Introduction —.. introduction. "PSA 300 (Redrated, par 254 In every human undertaking or engagement, it is necessary to Plan the course of actions before these actions are taken. The Complexity of the business of the client, its form, and its commercial environment, all affect the nature and extent of the planning required. stare 200 (Redrafted) Planning an Auait of Financial Statements The objective of the auditor is to plan the audit so that it will be Performed in an effective manner.' Planning an audit involves establishing the ov it strategy forthe engagement and developing an audit plan In order to Teaice ae ek .t2 an acceptably low level. Planning involves the to banene Ybartner and other key members of the engagement te2% effectiveness and effi perience and insight and to enhance the iveness and efficiency of the planning pocese exammatig Pte" Provides guidance to the auditor in making 2° Stondarde on the scrordance with the generally accepted audtind and supervision, “onslderation and procedures applicable to plennind knowledge of the “tUaing Preparing an audit program, obtaining opinion among er enety’s business, and dealing ‘with differences throughout the anit Personnel. Planning and supervision continue 'e audit, and the related procedures frequently overle?Auditing and Assurance Principles Outputs of Audit Planning + the draft audit programs detalling the work to be performed ‘These are supported by a summary that documents the main decisions taken during planning, the information gathered in relation to the audit engagement, and the main administrative arrangements. The overall audit strategy is documented in a strategy document; oftentimes, it is combined with the overall audit plan and included in the Audit Planning Memorandum?, Major Audit Planning Activities In establishing the overall audit strategy, the auditor shall: a. Identify the characteristics of the engagement that define its scope; b. Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required; . Consider the factors that, in the auditor's professional judgment, are significant in directing the engagement team’s efforts; 4. Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and €. Ascertain the nature, timing and extent of resources necessary to perform the engagement. Based on the above, the following are the major audit planning activities: 1, Obtaining an understanding of the client and its environment. Assessing the possibility of non-compliance. EB 3. Establishing materiality and assessing risk. 4. Identifying related parties. 5. Performing preliminary analytical procedures. ss aa ZT planning memorandum summarizes the decisions taken during the planning proces. It umancses the main emphasis ofthese decisions and ean be referred toby te ait eam a ay ding the audit. This some ofthe tools used in providing proper direction to all members of ‘ud tam. See the end ofthis chapter fra sample audit planning memorandum. 255Chapter Eight ~ Audit Planning 6. Determining the need for experts. 7. Development of the overall audit strategy and detailed audit plan, 8, Preparation of preliminary audit programs. 4 Obtain An Understanding of the Client and Its Environment PSA 300 (Redrafted) states that: ‘The auditor shall develop an audit plan that shall include @ description of (a) The nature, timing and extent of planned risk assessment procedures, as determined under PSA 315, “Identifying and Assessing ‘the Risks of Material Misstatement Through Understanding the Entity and Its Environment.” (b) The nature, timing and extent of planned further audit procedures at the assertion level, as determined under PSA 330, "The Auditor’s Responses to Assessed Risks,” (©) Other planned audit procedures that are required to be carried Out so that the engagement complies with PSAS®, The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and Ks ‘environment, including the entity's internal control, thereby Providing a basis for designing and implementing responses to the assessed risks of material misstatement.‘. Such understanding enables the auditor to identify and understand the events, transactions and practices that, in the auditor’s judgment, may have a significant Steen the financial statements, the engagement, or the ud The auditor should obtain knowl neral economic maleate. ledge about the general econor Conditions affecting the entity's business) important characteristics of the en i neta Important charac he entity, its business, its financial i reporting regu ee eusie ral the date of he pce suat ane Geren, elucng changes 8 management. Table 8-1 summarizes tee tor's Sources of Understanding ofthe Entity and the Env ronment 1} Previous experience withthe eau Discussion with people withthe ‘operating personnel), Discussion with inter reports ty and Ws industry ty (for example, directors and seniot ‘mal audit personnel and review of intemal sui PSA 300 (Redraed), par, 9 “PSA-315, pat. 3. 256Auditing and Assurance Principles Discussion with other auditors and with Tegal and other advisor who have provided services to the enty or within the industry 5. Discussion with knowledgeable people outside the entity industry economists, industry regulators, competitors) 6. Publications related to the industry (for example, government statistics, surveys, texts, trade journals, reports prepared by banks and securities dealers, financial newspapers). 7. Lexislation and regulations that significantly affect the entity 8. Visits tothe entity's premises and plant facilities, 9. Documents produced by the entity (for example, minutes of meetings, material sent to shareholders or filed with regulatory authorities, promotional literature, prior years annual and financial ‘reports, budgets, internal management repors, interim financial reports, management policy manual, manuals of accounting and. intemal control systems, chart of accounts, job descriptions, marketing and sales plans) (for example, customers, suppliers, Understanding the entity and its environment and using this information appropriately assists the auditor in assessing risk and identifying problems and in planning and performing the audit effectively and efficiently. Risk Assessment Procedures ‘The audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, are known as risk assessment procedures. ‘The auditor should perform the following risk assessment Procedures to obtain an understanding of the entity and its environment, including its internal contri + Inquiries of management and others within the entity who in the auditor's judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error; + Analytical procedures; and ‘+ Observation and inspection Inquiries Although much of the Information the auditor obtains by inquiries ‘can be obtained from management and those responsible for financial Teporting, inquiries of other within the entity, such as production and internal audit personnel, and other employees with different levels of authority, may be useful in providing the auditor with a different Perspective in identifying risks of material misstatement. Inquiries can also be directed towards the following (see Table 8-2): 257(Chapter Bight ~ Audie Planning Table 8-2 Parties to Whom Inquiries Can be Directed Observation and Inspection Observation and inspection may support inquiries of management and thers, and also provide information about the entity and its environment. Such audit procedures ordinarily include those ‘mentioned in Table 8-3: Table 83 Observation and Inspection as Risk Assessment Procedures Observation of enity activites and operations {nspection of documents (suchas business plans and strategies), records and intemal contol manuals 3 Reading ‘reports prepared by management (such as quately Wah cement TePors and interim financial statements) and those charged With governance (such as minutes of board of dire ings) 4 Visits to the entity's premises and plan facilites Zrocing transactions through the information system relevant to frac eporting (or walkthroughs) lors" met Analytical procedures ay < al procedures” within this charg S¢H58@d under “preliminary ana 258Auditing and Assurance Principles ‘The Required Understanding of the Entity and its Environment, ‘The auditor's understanding of the entity and its environi consists of an understanding of the following: oes Industry, regulatory, and other external factors, including the applicable financial reporting framework ‘The industry in which the entity operates may give rise to specific risks of material misstatement arising from the nature of the business or the degree of regulation. Legislative and regulatory requirements often determine the applicable financial reporting framework to be used by management in preparing the entity's financial statements. In most cases, the applicable financial reporting framework will be that of the jurisdiction in which the entity is registered or operates and the auditor is based, and the auditor and the entity will have a common understanding of that framework. In some cases there may be no local financial reporting framework, in which case the entity's choice will be governed by local practice, industry practice, user needs, or other factors. Nature of the entity ‘An understanding of the nature of an entity enables the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements. The nature of the entity includes: + _ Its operations; ‘+ Its ownership and governance structures + The types of investments that the entity is making and plans to make © The way that the entity is structured and how it is financed, to enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements The entity's selection and application of accounting policies, including the reasons for changes thereto The auditor should obtain an understanding of the entity's selection and application of accounting policies and consider whether they are appropriate for its business and consistent with the applicable financial reporting framework and accounting polices used in the relevant industry. The understanding encompasses: + the methods the entity uses to account for significant and unusual transactions; PSA31S (Redeated) par. 11Chapter Eight ~ Audit Planning, «changes in the entity's accounting policies Onjectives and strategies and the related business risks that may result in risks of material misstatement To respond to industry, regulatory and other internal and extemal business factors, entity management and those charged with governance define objectives’. Strategies are the operational Spproaches by which management intends to achieve its objectives, Business risks result. from significant conditions, events, Gireumstances, actions or inactions that could adversely affect the tentty’s ability to achieve its objectives and execute its strategies, or through the setting of inappropriate objectives and strategies. Business risk is broader than the risk of material misstatement of the financial statements, though it includes the latter. Business risk particularly may arise from change or complexity, though a failure to Fecognize the need for change may also give rise to risk. Change may arise, for example, from the development of new products that may fail; from an inadequate market, even if successfully developed; or from flaws that may result in liabilities and reputational risk. An Understanding of business risks increases the likelihood of identifying risks of material misstatement. However, the auditor does not have a responsibilty to identify or assess all business risks. Most business risks will eventually have financial consequences and, therefore, an effect on the financial statements. However, not all business risks give rise to risks of material misstatement. A business risk may have an immediate consequence for the risk of misstatement af the financial statements, and a longer-term consequence (f° example, an effect on the gaing concern assumption). Measurement and review of the entity’s financial performance. Performance measures and the a sure leir review indicate to the audit reac ae entity's performance that management and others eoraisents bs of importance. Performance measures, whether external Ranpocrert is, on the entity that, in turn, may moti” mist the ran statemennay * “'e Dusies Peformance 2 misstatement. that may have increased the risks of mater Internal control. This refers to the process desi wan goterane, manage abit 2ssurance about the achievement of the entity's © Objectives are the overall plans forthe entity. igned and effected by those “ra ov" and _ather personnel, Presi 260| Auditing and Assurance Principles with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. Internal control is covered in Chapter Nine. Assessing the Possibility of Non-Compliance The term “noncompliance” as used in PSAs refers to acts of ‘omission or commission by the entity being audited, either intentional ‘or unintentional, which are contrary to the prevailing laws or regulations’. Such acts include transactions entered into by, or in the name of, the entity or on its behalf by its management or employees. Some laws and regulations may give rise to business risks that have a fundamental effect on the operations of the entity, or on its ability to continue as a going concern. In order to plan the audit, the auditor should obtain a general understanding of the legal and regulatory framework applicable to the entity and the industry and how the entity is complying with that framework®, Table 8-4 Procedures for Obtaining a General Understanding of the Legal and Regulatory Framework Use the existing understanding of the entity's industry, regulatory and other external factors; Inquire of management conceming the entity's policies and procedures regarding compliance with laws and regulations; Inquire of management as to the laws or regulations that may be expected to have a fundamental effect on the operations of the entity; Discuss with management the policies or procedures adopted for eS identifying, evaluating and accounting for litigation claims and assessments; and Discuss the legal and regulatory framework with auditors of subsidiaries in other countries. When establishing the overall audit strategy, the auditor shall | determine materiality for the financial statements as a whole. If, in the | specific circumstances of the entity, there Is one or more particular | classes of transactions, account balances or disclosures for which | misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the | economic decisions of users taken on the basis of the financial statements, the auditor shall also determine the materiality level or levels to be applied to those particular classes of transactions, account | balances or disclosures. | wih 280 covers Consideration of Laws and Regulations in an Aust of Financia Statements | pa. 12 | 261 | i edChapuer Bight ~ Audit Planning determine performance materiality for puro ‘material misstatement and deter i The Sng tne risks of materia or po of assessing rf extent of further audit procedures 9 he Planning the audit solely to detect individually “mater rmisceatoments overlooks the fact that the aggregate of indivduay risscepral misstatements may cause the financial statements to be ira misstated, and leaves no margin for possible undetecteg matencements. Performance materiality is set to reduce to ay sissopriately low level the probability that the aggregate of aperoracted and undetected misstatements in the financial statement ereettss materiality for the financial statements as a whole. Similar, Serformance materiality relating to a materiality level determined fora particular class of transactions, account balance or disclosure is set to peice to on appropriately low level the probability that the aggregate Sr uncorrected and undetected misstatements in that particular class of transactions, account balance or disclosure exceeds the materiality level for that particular class of transactions, account balance or Gisciosure. The determination of performance materiality is not a simple mechanical calculation and involves the exercise of professional judgment. It is affected by the auditor's understanding of the entity, Updated during the performance of the risk assessment procedures; and the nature and extent of misstatements identified in previous audits and thereby the auditor's expectations in relation to misstatements in the current period. The auditor shall ‘Steps in Applying Materiality® ‘The following steps are used in applying materiality: During Panning 1, Establish a preliminary judgment about materiality 2. Determine tolerable misstatement ‘AL Audit Completion 3. Estimate likely misstatements and compare the totals to the preliminary judgment about materiality. Establish a Preliminary Judgment About Materiality ie ate ero Judgment or estimate about materiality represe™s ee sea cla ay nie a set of financial statement could sti ause tl ji se es reosmnable Usenet isu itor to believe that the dec Aasce Judgment be gacnahe fas 02, Mot require that the prelimi Tage metal pace, mneve 1 carmen to dacamet a The size of the cl i about matic iene company affects the preliminary jude sider this example: a P140,000 miss@te™=™ ° With material from Messier, Will tam Fe tal ! Approach, 4e, pp. 0-116 Fetal, Auduing and Assurance Serices: A S8AS 262[ Auditing and Assurance Principles might be considered highly material for a mediu! ig im-sized company, but imaterial for a large, billion-dollar conglomerate. In quantifying materiality, the auditor usually establishes a base (or bases) that, when multiplied by a percentage factor, determines the preliminary judgment about materiality. The materiality critena often used by selected practicing auditors ar + percentage effect on net income before taxes ‘+ percentage effect on total revenues + percentage effect on total assets? The resulting materiality amount in pesos is known as planning ‘materiality. ‘This amount may be adjusted for qualitative factors that may be relevant to the audit (such as a quantitatively immaterial illegal payment or an immaterial misstatement, which violates existing laws and regulations). ‘The most common quantitative materiality criterion used by practicing auditors has been the percentage effect on net income. Although many auditors differ as to what percentage is material, most agree that combined error of less than five percent of net income is ‘normally immaterial, and combined error of more than ten percent is normally material. Determine the Tolerable Misstatement (Performance Materiality) Tolerable misstatement is the amount of planning materiality that is allocated to an account balance or class of transactions". The process of allocation may be done judgmentally or using formal quantitative approaches. Example: During the audit of the 2015 financial statements of Gel Company, the audit partner determined that planning materiality is set at 10% of total assets (Total assets at December 31, 2015 is 25,000,000). For simplicity, assume that there are no other assets except as presented below: ‘Tolerable Account Balance Misstatement Cash P 1,000,000 P 2,500 Trading securities 5,000,000 1.250 ‘Accounts receivable 7,000,000 95,000 Inventories 12,000,000 151,000 25,000,000 250,000 ( (ust bases may be net income from continuing operations, gross profit or average of several ually thre) years” net income before taxes (Messier tal, p11). and cecum balance represents an individual line item in the financial statements, such as cash <3sh equivalents, joans and receivables, ete. A class of transactions refers to a type of ion processed by the client's accounting system, such as sales transactions and purchasing tions, 263Chapter Eight ~ Audit Planning 264 Notice that the tolerable misstatement is not assigned proportionately practice, professional judgment is used in determining the amount tog per account, For large CPA firms, strict guidelines and trethods are being used in computing tolerable misstatement hh sign quantitative c tolerable misstatement is used a5 follows: For cash, the amount sateen that en be tolerated amounted to P2500. Ifthe amo misstatements exceeds P2,500, the auditor should consider performing additional procedures to reduce audit risk, oF ask management 10 adjust the misstatements ‘The Effect of Materiality on Audit Procedures ‘The amount of tolerable misstatement assigned to an account balance or class of transactions affects the extent of audit procedures performed for the said account or class of transaction. The lower the tolerable misstatement, the more extensive the required audit procedures. As an extreme case, assume that tolerable misstatement for accounts payable is zero, This means that any amount of ‘misstatement in accounts payable, even a one centavo misstatement, can affect the decision of users of financial statements. Consequently the auditor would have to test every transaction making up the account, ‘The concept of materiality recognizes that auditors work within constraints of time and cost. Thus, the auditor (and financial statement users) must permit a reasonable allowance for error in the financial statement accounts. Estimate Likely Misstatements and Compare Totals to the Preliminary Judgment about Materiality Toward the end of an engagement, after all audit evidence has been gathered and evaluated, an auditor again considers materialty Pretmary Tat ecambned fistatements forall accounts withthe reliminary (of revised) estimate tor ie set of financil Statements taken asa whole, [°” the entre set of finan In evaluating whether the finan 7 Sel sn r cial statements are prepared, in 2 amenore. Tet. in accordance with an applicable finsneial reporting Uncorrected mesteneter Should assess whether the aggregate of uncorrecte "ents that have been identified during the aust The aggregat re of uncorrecte ‘misstatements) compneeer e128 Misstatements (also known as like 1. Specie misstatements identied by effect of uncorrected ii preven rected mistatement be specifically identified (1, Projected errors),Auditing and Assurance Principles If the aggregate of the uncorrected misstatements thatthe auditor has identified approaches. the performance’ mateieney neg tet auditor would consider whether itis ‘ikeiy tae’ eae the misstatements, when taken with aggregate uncorrected missteterserte could exceed’ materiality level. ‘Thus, as aggrevate ements misstatements approach the materiality level’ the ‘auditee eee Consider reducing audit risk by performing adattional eit ence ar by requesting management to adjust the financial statements ee identified misstatements Assessing the Risks of Material Misstatement In assessing the risk of material misstatements (inherent risk and . control risk) both at the financial statement and assertion level, the auditor is required to perform the followin 1. Identify risks by considering the understanding of the entity and its environment, (including relevant controls), and by considering the classes of transactions, account balances, and disclosures in the financial statements. 2. Relate the identified risks to what can go wrong at the assertion level; and 3. Consider whether the risks are of a magnitude that could result in material misstatement of the financial statements", Assessment of Inherent Risk To assess inherent risk, the auditor uses professional judgment to evaluate numerous factors, examples of which are presented in Tables 8-5 and 8-6: Table 8-5 Factors Considered in Assessing Inherent Risk ~ Financial Statement Level 1. The integrity of management 2. Management experience and knowledge and changes in management during the period Unusual pressures on management (e.g. circumstances that might Predispose management to misstate the financial statements, such asthe industry experiencing a large number of business failures oran entity that lacks sufficient capital to continue operations). The nature of the entity’s business, (e.g, the potential for technological obsolescence of its products and services, the complexity of its capital structure, the significance of related parties and the number of locations and geographical spread ofits produetion facilities). Factors affecting the industry in which the entity operates, (©. economic and competitive conditions as idemified by financial trends and ratios, and change in technology, consumer demand and accounting ractices common to the industry.) SA315, par. 100Chapter Eight ~ Audit Planning Table 8-6 Factors Considered in Assessing Inherent Risk ~ Account Balances a Class of Transactions Level Financial statement accounis likely to be susceptible wo misstatomeny such as those which required adjustment in the prior period or which involve a high degree of estimation. ‘Complexity of underlying transactions and other events which might require using the work ofan expert Degree of judgment involved in determining account balances Susceptibility of assets to loss or misappropriation. Completion of unusual and complex transactions, particularly at or near period-end, Assessment of Control Risk Management often reacts to inherent risk situations by designing internal control systems to prevent or detect and correct misstatements, ‘The amount of substantive test procedures and related audit work Im an engagement often depends on the extent of reliance that the ‘auditor places on the internal control system of the company. During audit planning, the auditor obtains an overall “ee ofthe Stuation by determining, on a: preliminary basis, the, molor res where the: audit work ‘wil place. ellance. on internal contol Specifically, this means identification of major transaction cycles (€.9-, cams, ord teats “purchasing ord dbursement, Pr Wersion, investing and financing cycles), and the controls put in Blace to reduce the risks of materi missense Generally, the more reliable inter a : internal controls are, the lesser substan test gcedures to apply in auditing year-end eco xhibit 8-1 shows a figurative sentation of the assessment of inherent and contol rise ne TES Exhibit 8-1 Assessment of Inherent Risk and Control Risk, Obiain an understanding ofthe entity and its environment Obiain an understanding ofthe iterna contol structureAuditing and Assurance Principles presence of significant risks, since these require special audit consideration, pecial audit Significant Risks Determination and assessment of significant risks’?, which arise Sarasna tus ussreets We sense eater ae Te: i wnat Ui Vek gaff ial | 2, Whether the risk is related to recent significant economic, 1 ing or ene evopinans ona ercres oawes eae The complexity of transactions. 4, Whether the risk involves significant transactions with related parties. 5. The degree of subjectivity in the measurement of financial Information related to the risk especially those involving a wide range of measurement uncertainty. 6. Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual. Significant risks often relate to significant non-routine transactions and judgmental matters. Non-routine transactions are transactions that are unusual, either due to size or nature, and that therefore occur infrequently. Judgmental matters may include the development of accounting estimates for which there is significant measurement of uncertainty. If management has not appropriately responded by implementing controls over significant risks and if, as a result, the auditor judges that there is material weakness in the entity's internal control, the auditor communicates this matter to those charged with governance and also considers the Implications for the auditor's risk assessment, The Effect of Audit Risk on Audit Procedures The higher the combined assessments of inherent and control | Fisks, the lower the amount of detection risk that can be accepted. | The lower the acceptable detection risk, the greater the amount of | audit procedures to be performed in order to reduce the chances of not | detecting misstatements. The Relationship Between Audit Risk and Materiality When planning the audit, the auditor considers what would make the financial statements materially misstated. The pests understanding of the entity and its environment establishes a frame of Teference within which the auditor plans the audit and exercises ep ern Ls he eo ica risks defined a8" isk thal requires special ait consideration” (2014 IAASH | Glossary of Term) 267Chapter Eight ~ Audit Planning professional judgment about assessing the risks of materia) risstatemient of the financial statements and responding to those rise throughout the audit, It also assists the auditor to establish materialiny and in evaluating whether the judgment about materiality remaing appropriate as the audit progresses. The auditor's assessment of materiality, related to classes of transactions, account balances, ang disclosures, helps the auditor decide such questions as what items to examine and whether to use sampling and substantive analytical procedures. This enables the auditor to select audit procedures that, in ‘combination, can be expected to reduce audit risk to an acceptably ow level. There is an inverse relationship between materiality and the level of audit risk, that is, the higher the materiality level, the lower the audit risk and vice versa. The auditor takes the inverse relationship between materiality and audit risk into account when determining the ature, timing and extent of audit procedures. For example, if, after planning for specific audit procedures, the auditor determines that the acceptable materiality level is lower, audit risk is increased. The auditor would compensate for this by either: 1, Reducing the assessed risk of material misstatement, where this is possible, and supporting the reduced level by ‘carrying out extended or additional tests of control; or 2, Reducing detection risk by modifying the nature, timing and extent of planned substantive procedures. Materi and Audit Risk in Evaluating Audit Evidence The auditor’s assessment of materiality and audit risk may be different at the time of initially planning the engagement from at the time of evaluating the results of audit procedures. This could be because of a change in circumstances or because of a change in the auditor's knowledge as a result of performing audit procedures. For example, if audit procedures are performed prior to period end, the auditor will anticipate the results of operations and the financial Position. If actual results of operations and financial position are substantially different, the assessment of materiality and audit risk may also change. Additionally, the auditor may, in planning the audit Work, intentionally set the acceptable materiality level at a lower level than is intended to be used to evaluate the results of the audit. ThS may be done to reduce the likelihood of undiscovered misstatements and to provide the auditor with a margin of safety when evaluating the effect of misstatements discovered during the audit, ‘ Identifying Related Parties The auditor needs to have a suffi el ve a suificient understanding of the ent and its environment to enable identification ofthe cuenta, rrarsactiOnS and practices that may result in a risk of ‘mateval misstatement "regarding related parties and transactions with ever tice 268Auditing and Assurance Principles A related party transaction Is a transfer of resources, services or obiigations between related parties, regardless of wearer gees charged ‘able 827 Related Parties" ‘A party 1s related to an entity iF 1. Directly, or indirectly through one or more intermediaries, the party: = Controls, is controlled by, or is under common control with, the entity (this includes parents, subsidiaries and fellow subsidiaries); - Has an interest in the entity that gives it significant influence over the entity; or = Has joint control over the entity: ‘The party is an associate of the entity: The party is a joint venture in which the entity is a venturer; ‘The party is a member of the key management personnel of the entity or its parent; ‘The party is a close member of the family of any individual referred to in Lor 4: ‘The party is an entity that is controlled, jointly controlled or significantly influenced by, or for which significant voting power in such entity resides with, directly ot indirectly, any individual referred to in 4 or 5; or The party is a post-employment benefit plan for the benefit of employees cof the entity, or of any entity that is a related party of the entity While the existence of related parties and transactions between such parties are considered ordinary features of business, the auditor needs to be aware of them because: 1. The applicable financial reporting framework may require disclosure in the financial statements of certain related party relationships and transactions, such as those required by PAS 24; 2. The existence of related parties or related party transactions may affect the financial statements. For example, the entity's tax liability and expense may be affected by the tax laws in various Jurisdictions which require special consideration when related Parties exist; 3. The source of audit evidence affects the auditor’s assessment of its reliability. Generally a greater degree of reliance may be placed on audit evidence that is obtained from or created by unrelated third Parties; and 4. A related party transaction may be motivated by other than ordinary business considerations, for example, profit sharing or even fraud. Related parties may be identified by inquiries of management and Predecessor auditors and by reviews of stockholder listings, and material investment transactions. SA 550 covers relate parties and related party transactions. 269