AUDIT PLANNING

PURPOSE OF PLANNING

'The objective of the auditor is to plan the audit so that it will be performed in an effective
manner.’
It is vital that engagements are planned to ensure that the auditor:
• Devotes appropriate attention to important areas of the audit.
• Identifies and resolves potential problems on a timely basis.
• Organises and manages the audit so that it is performed in an effective and efficient
manner.
• Selects team members with appropriate capabilities and competencies. risk assessment
 PURPOSE OF PLANNING

• Directs and supervises the team and reviews their work.

• Effectively coordinates the work of others, such as experts and internal audit.
 THE PLANNING PROCESS

• Preliminary engagement activities:

– Perform procedures regarding the continuance of the client engagement.
– Evaluating compliance with ethical requirements.
– Ensuring there are no misunderstandings with the client as to the terms of the
engagement.
• The preliminary engagement activities were covered in the previous chapter.
 THE PLANNING PROCESS

• Planning activities:
– Developing the audit strategy
– Developing an audit plan.
 THE AUDIT STRATEGY

The audit strategy sets the scope, timing and direction of the audit. It allows the
auditor to determine:
• The resources to deploy for specific audit areas (e.g. experience level, external experts)
• The amount of resources to allocate (i.e. number of team members) when the resources
are to be deployed
• How the resources are managed, directed and supervised, including the timings of
meetings, debriefs and reviews.
 THE AUDIT STRATEGY

• Following are the items included in audit strategy:

1. Significant factors:
• Assessed risk of material misstatements.
• Materiality
• Internal controls of the client
2. Reporting objectives, timing and communication
• Reporting timetable
• Timing of communication with client`s management & those charged with governance (audit committee)
 THE AUDIT STRATEGY

• Timing of communication amongst team

• Communication with third party e.g. experts
3. Characteristics of engagement:
• Industry
• Internal audit function
• Availability of clients' staff
4. Nature, timing & extent of resources (staff)
• Selection of audit team
 THE AUDIT PLAN

• Once the audit strategy has been established, the next stage is to develop a specific,
detailed plan to address how the various matters identified in the overall strategy will be
applied.
• The strategy sets the overall approach to the audit, the plan fills in the operational details
of how the strategy is to be achieved.
• The audit plan should include specific descriptions of:
• The nature (what), timing (when) and extent (how much) of risk assessment procedures
and other audit procedures.
 THE AUDIT PLAN

The nature, timing and extent of further audit procedures, including:

– What (nature)audit procedures are to be carried out
– Who should do them
– How (extent) much work should be done (sample sizes, etc.)
– When (timing) the work should be done (interim vs. final)
THE RELATIONSHIP BETWEEN THE AUDIT
STRATEGY AND THE AUDIT PLAN
Audit strategy: determines scope and the direction of audit. So its overall plan of audit.
It’s for audit as a whole.
Audit plan: Shows how overall strategy will be implemented, so its detailed plan of action.
It’s developed for each & every item of financial statements.
 INTERIM AND FINAL AUDIT

• It is performed before the year end. The auditor must consider the timing of audit procedures such as
whether to carry out an interim audit and a final audit, or just a final audit.
• An interim audit should improve risk assessment and make final procedures more efficient.
Tasks that can be done during interim audit:
1. Documenting systems after understanding systems. (KOB)
2. Performing Test of controls(to assess effectiveness of controls)
3. Opening balance of balance sheets items can be verified.
4. Transactions can be tested.
 INTERIM AND FINAL AUDIT

Purpose of interim audit: it helps auditors to spread the work load and it is specifically
useful where detection risk is high due to short deadline.
Timing of interim audit: It should be
• Neither too late: if performed too late it can interfere with the client`s year end
procedures. 31 Dec 2020
• Nor too early: if performed too early there will be not enough data available to verify.
• It should be performed after mid year.
 INTERIM AND FINAL AUDIT

Impact of interim audit work on the final audit

• If the controls tested at the interim stage provided evidence that control risk is low,
fewer substantive procedures (pin point specific errors and manipulations in F/S) can be
performed.
• If substantive procedures were performed at the interim stage, fewer procedures will be
required at the final audit in general.
• As fewer procedures are being performed, the final audit will require less time to
perform.
 INTERIM AND FINAL AUDIT

• The auditor's report can be signed closer to the year-end resulting in more timely
reporting to shareholders.
• If the interim audit identified areas of increased risk, for example, controls were found
not to be working effectively, increased substantive procedures will be required at the
final audit.
 FRAUD AND ERROR

• Fraud is an intentional act by one or more individuals among management, employees

or third parties, involving the use of deception to obtain an unjust or illegal advantage.
Fraud can be split into two types:
• Fraudulent financial reporting – deliberately misstating the financial statements to
make the company's performance or position look better/worse than it actually is.
• Misappropriation – the theft of a company’s assets such as cash or inventory.
 FRAUD AND ERROR

• Error: An error can be defined as an unintentional misstatement in financial statements,

including the omission of amounts or disclosures.
Directors’ responsibilities in respect of fraud
• The primary responsibility for the prevention and detection of fraud rests with the
management of an entity. This is achieved by:
• Implementing an effective system of internal control, reducing opportunities for fraud
to take place and increasing the likelihood of detection (and punishment)
• Creating a culture of honesty, ethical behaviour, and active oversight by those charged with
governance.
 FRAUD AND ERROR

• Internal auditors: can help management fulfil their responsibilities in respect of fraud and
error. Typical functions the internal auditor can perform include:
• Testing the effectiveness of the internal controls at preventing and detecting fraud and error
and provide recommendations for improvements to the controls.
• Performing fraud investigations to identify:
– how the fraud was committed
– the extent(duration) of the fraud
– provide recommendations on how to prevent the fraud from happening again.
 FRAUD AND ERROR

External auditor's responsibilities in respect of fraud: it is external auditor`s

responsibility to assess the risk of material misstatement whether due to fraud or due to error.
1. Assessing the risk of fraud
• Apply professional scepticism and remain alert to the possibility that fraud could take place.
• This means that the auditor must recognise the possibility that a material misstatement due
to fraud could occur, regardless of the auditor's prior experience of the client's integrity and
honesty.
 FRAUD AND ERROR

• Consider the potential for management override of controls and recognise that audit
procedures that are effective for detecting error may not be effective for detecting fraud.
• Consider any incentives/pressure to commit fraud such as profit/revenue related bonuses
or applications for finance.
– Opportunities to commit fraud such as ineffective internal controls.
– Management’s attitude e.g. disputes with the auditor over auditing matters or failure to
remedy known deficiencies.
 FRAUD AND ERROR

2. Responding to the assessed risks: following procedures can be performed for

responding to the identified risk of material misstatements due to fraud.
• Review unusual journal entries made to identify manipulation of figures recorded or
unauthorised journal adjustments. (close to the year end)
• Select journal entries and adjustments made at the end of the reporting period.
• For accounting estimates evaluate the reasonableness of judgments and whether they
indicate any bias on behalf of management.
 FRAUD AND ERROR

• Obtain written representation from management and those charged with governance
that they:
1. Have disclosed to the auditor the results of management’s fraud risk assessment.
2. Have disclosed to the auditor any known or suspected frauds.
3. Have disclosed to the auditor any allegations of fraud affecting the entity’s financial
statements.
 FRAUD AND ERROR

3. Reporting of fraud and error

1. If the auditor identifies a fraud during audit they must communicate the matter on a
timely basis to the appropriate level of management.
2. If the suspected fraud involves management the auditor must communicate the matter
to those charged with governance. If the auditor has doubts about the integrity of
those charged with governance they should seek legal advice regarding an appropriate
course of action.
 FRAUD AND ERROR

3. In addition to these responsibilities the auditor must also consider whether they have a
responsibility to report the occurrence of a suspicion to a party outside the entity. Whilst
the auditor does have an ethical duty to maintain confidentiality, it is likely that any legal
responsibility will take precedence. In these circumstances it is advisable to seek legal
advice.
4. If the fraud has a material impact on the financial statements the auditor's report will be
modified/qualified. When the auditor's report is modified, the auditor will explain why it has
been modified and this will make the shareholders aware of the fraud.
 COMPLIANCE WITH LAWS & REGULATIONS

• Guidance relating to laws and regulations in an audit of financial statements is provided in

ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements.
• Non-compliance must specifically relate to the business activities i.e. transactions entered into
on behalf of the company. It does not include personal misconduct.
Responsibilities of management
It is the responsibility of management, with the oversight of those charged with governance, to
ensure that the entity's operations are conducted in accordance with relevant laws and
regulations, including those that determine the reported amounts and disclosures in the financial
statements.
 COMPLIANCE WITH LAWS & REGULATIONS

Responsibilities of the auditor

1. The auditor must perform audit procedures to help identify non-compliance with laws and
regulations that may have a material impact on the financial statements.
2. The auditor must obtain sufficient, appropriate evidence regarding compliance with laws
and regulations generally recognised to have a direct effect on the determination of
material amounts and disclosures in the financial statements. Fine provision/contingent
liability.
3. The auditor must perform audit procedures to help identify non-compliance with other
laws and regulations that may have a material impact on the financial statements.
 COMPLIANCE WITH LAWS & REGULATIONS

Audit procedures to identify instances of non-compliance

• Obtaining a general understanding of the legal and regulatory framework applicable
to the entity and the industry, and of how the entity is complying with that framework.
• Enquiring of the management and those charged with governance as to
whether the entity is in compliance with such laws and regulations.
• Inspecting correspondence with relevant licensing or regulatory authorities.
 COMPLIANCE WITH LAWS & REGULATIONS

• Remaining alert to the possibility that other audit procedures applied may bring instances
of non-compliance to the auditor's attention.
• Inspect correspondence between the management & the legal advisor of the company.
• Inspect board minutes for management's discussion on actions to be taken regarding the
non-compliance.
• Obtaining written representation from the directors that they have disclosed to the
auditors all those events of which they are aware which involve possible non-compliance,
together with the actual or contingent consequences which may arise from such non-
compliance.
 COMPLIANCE WITH LAWS & REGULATIONS

Reporting non-compliance
• The auditor should report non-compliance to management.
• If the auditor suspects management is involved in the non-compliance, the matter should
be reported to the audit committee .
• If the non-compliance has a material effect on the financial statements, a qualified or
adverse opinion should be issued.
• The auditor should also consider whether they have any legal or ethical responsibility to
report non-compliance to third parties e.g. to a regulatory authority.