Auditing &

Investigations I

2. Audit Planning and Risk

Assessment
 Part 1

Audit Risk and

Assessment
Introduction

 Planning is critical to good auditing

and the planning process involves:

o a thorough understanding of the

concept of audit risk and;

o the use of professional judgement

in evaluating financial information
Key Auditing Standards

 ISA 220 Quality control for audit work

 ISA 230 Documentation
 ISA 250 Consideration of laws and regulations
 ISA 300 Planning
 ISA 310 Knowledge of the business
 ISA 320 Audit materiality
 ISA 400 Risk assessments and internal control
 ISA 510 Initial engagements – opening balances
 ISA 520 Analytical procedures
 ISA 710 Comparatives
2.1. Introduction
Knowing the Client

To carry out an audit effectively, the auditor

must:

a) Understand client’s business (strengths,

weaknesses, markets, products…)

b) Be clear of the services to be provided to

the client.

c) Have good working relationship with client.

d) Be aware of best practices.

2.1.Introduction
New Audits
Key issue to consider:

a) Capability and resources to carry out the

audit
b) Independent issues with client

c) Any other reasons for not accepting the

engagement.

d) Opening balance being capable of being

verified and fairly stated (ISA510)
 2.1.Introduction
ISA 510 Initial engagements – opening balances
offers guidance when the financial statements
are being audited for the first time or when the
financial statements for the prior period were
audited by another auditor.

Approaches in this case:

a) Review prior auditors working papers.

b) Examining current events to support opening
balance.
c) Examining the records supporting opening
balances.
 2.1. Introduction

ISA 710 Comparatives additionally requires the

auditor to obtain sufficient appropriate audit
evidence that the comparative figures:

a) For new audits, auditor may have to carry out

specific substantive tests on the comparative
figures to secure the evidence required.

b) If auditor is unable to obtain sufficient

evidence, he may qualify his opinion on that
basis.
2.2. Audit Planning
 Audit Planning refers to developing a
general strategy and a detailed
approach for the expected nature,
timing and extent of the audit.

 The auditor must plan to perform the

audit in an effective manner.

 ISA 300 - Planning provides general

guidance in a context of recurring
audits.
2.2. ISA 300 – Planning Provisions

 “The auditor should plan the audit work so

that the audit will be performed in an
effective manner.
 The auditor should develop and document an
overall audit plan describing the expected
scope and conduct of the audit.
 The auditor should develop and document an
audit programme setting out the nature,
timing and extent of planned audit procedures
required to implement the overall audit plan.
 The overall audit plan and the audit
programme should be revised as necessary
during the course of the audit.”
2.2. Planning
To effectively plan, the auditor must:
a) Have knowledge of the client’s business and
recent history;
b) Have knowledge of the persons involved in
running the business (Corporate Governance);
c) Appreciate of the client’s system of
controls and the extent of reliance thereon;
d) Know the scale and size of the organisation;
e) Know the volumes and value of
transactions; and;
f) the geographical spread of business
operations.
2.2. Practical approach

 Reviewinghis files of working

papers; and

 Regular contact with the

client.
 2.2. Knowledge of Client
 Before planning commences, the auditor
must collect all necessary information that
will enable understanding the client, its
business and operating environment.

Typical information could be:

a) Type of business and industry

b) Business function (manufacturing,
distribution etc..)
c) Main Sources of Income
d) Major expenditure
e) Kind of record kept
f) Management information need.
2.2. ISA310-Knowledge of Business Provisions

“In performing an audit of financial

statements, the auditor should have or
obtain a knowledge of the business
sufficient to enable the auditor to identify
and understand the events, transactions
and practices that, in the auditor’s
judgement, may have a significant effect on
the financial statements or on the
examination or audit report.
The auditor should ensure that assistants
assigned to an audit engagement obtain
sufficient knowledge of the business to
enable them to carry out the audit work
delegated to them.”
 Information about Client
Business Personal
Size and nature Names of key contacts
Locations Qualifications and background
Product range Experience and competence
Customers and suppliers Responsibilities
Competitors Staff turnover
Organisation structure Industrial relations
Brochures and tariffs
Sources of finance
Bankers

Accounting Audit administration

Prior year financial statements Legal documents
Location of accounts department Legal advisors
Accounting system (computerised?) Client schedules and working papers
Management or interim accounts Timetable
Budgets Internal audit
Terms of loan agreements Inventory counts
Branch visits
2.2. Laws and Regulations
 It is important for the auditor to understand the
laws and regulation governing the client and its
industry.
 The auditor is expect to assess compliance.

 ISA250- Consideration of Law and Regulations

provide guidance.

 ISA250 provision - “When planning and

performing audit procedures and in evaluating
and reporting the results thereof, the auditor
should recognise that non-compliance by the
entity with laws and regulations may materially
affect the financial statements.”
Question

How would you require when

trying to understand the law
and regulations guiding the
client and its business?
 End

Thank for your

attention
 PART 2

Audit Planning and Risk Assessment

Client Liaison
 The auditor should pay attention to the client’s
requirements in carrying out the audit.

 The auditor should consult with his client in order to

ascertain important dates as follows:

 When accounts are fully prepared for review;

 When final account and schedule are ready.

 When director intend to meet and approve financial

statements.

 Date of the AGM.

 Dates when accounts are filed with register of companies.

Time and Fee Budgets
 The auditor should aim to provide his
client with an efficient and cost effective
service.
 Budgetary planning is an important part of
the overall audit plan in order to ensure
that:
 the work is completed efficiently;
 the costs of carrying out the audit are
monitored;
 the client’s fee can be negotiated on a
reasonable basis; and
 forward planning for staff requirements is
facilitated.
Staffing
 The audit budget will also assist the
auditor to determine the manpower
requirements.
 Factors to consider in staffing
includes:

 staff members’ prior experience of

the client; and

 personal qualities of staff (e.g.,

potential personality clashes with
client or other audit staff).
Planning Meetings

 Once staff have been selected they

should be briefed at a planning meeting.

 Matters that may be discussed may

include:

 any special features that may be

encountered on the audit; and

 the general instructions to staff on their

responsibilities.
Timing of audit Visits

 The timing of the audit visits varies with

organisations.
 Visits can be as follows:

 First Interim visits – review accounting systems,

any changes, evaluate internal controls and
conduct ‘walk through tests’.
 Second Interim visits – testing processes (cycle of
purchases, sales, payroll) and testing records
(Client documentation & system).
 Year-end Inventory Counts – witness counting and
ascertain physical inventory existence.
 Final Visit – devote to verifying assets and
liabilities and be in a position to signoff financial
statements.
Audit Planning Memo
 Most audit firms prepare an
audit planning memorandum (a
work plan) which sets out
factors to be taken into
account, the methods by which
the audit objectives will be
achieved and the
organisational matters which
need to be considered.
Memo Content
 Terms of the engagement – work to be done.
 The client and its background – history,
products, locations and branches etc.
 Important figures and ratios – from previous
working paper or draft accounts.
 Audit risk areas – identified risk areas like
inventory and contracts or areas that require
specialists.
 Preliminary estimate of materiality – initial
materiality levels
 Deadlines for completion – dates of
completion
 Feedback on important issues to engagement
partner – highlights of important matter
before partners signs off.
Working with Internal Auditors (ISA610)
 The extent to which the external auditor is able to take
account of the work of the internal auditor will depend on his
assessment of the effectiveness of the internal audit function.

 Factors to consider:

 The degree of independence of the internal auditor from

those whose responsibilities he is reviewing.
 The number of suitably qualified and experienced staff
employed in the internal audit function.
 The scope, extent, direction and timing of the tests carried
out by the internal auditor.
 The evidence available of the work done by the internal
auditor and of the review of that work.
 The extent to which management takes action based upon the
reports of the internal audit function.
 To Be Continued

Thank you for

your attention
Part 3

Audit Planning
and Risk
Assessment
 Using the work of an Expert – ISA620
 Auditors have a general knowledge of business but
are not expected to have the expertise of other
professions.

 An expert is a person or firm possessing special

skills, knowledge and experience in a field other
than accounting and auditing.

 The need for the auditor to seek expert evidence

will depend upon:

 the importance of the matter to the financial

statements (i.e., the materiality).
 the risk of misstatements and the complexity of the
matter.
 the quantity and quality of other evidence.
 Continued…

 The auditor will need to assess

the competence and
objectivity of an expert by:

 Professional certification; and

 Experience and reputation.

If an expert’s evidence is unsatisfactory

then qualification should be considered.
 Quality Control during Audit – ISA220
Quality control for audit work.

 “The audit firm should

implement quality control
policies and procedures
designed to ensure that all
audits are conducted in
accordance with ISAs or
relevant national standards or
practices.”

ISA220 Extract
QC Procedures
 Audit engagement partners should
review the firm’s independence
annually.
 Work should be done by staff with
suitable skill and experience.
 The audit partner should be in
constant contact with team
members, ensuring that supervision
is carried out
 The audit plan should be monitored
by regular reports on work done
Cont.

 The procedures for carrying out

audit field work should be
documented
 The work carried out by audit
staff should be properly
documented and reviewed by a
more senior person.
 Troublesome points should be
brought to the attention of
partners
 There should be written evidence
that audit work has been
reviewed.
Quality control reviews
 These quality control reviews can
be performed in several ways :

A. “Hot” reviews are carried out

before signing the report.

B. “Cold” reviews are done after the

report is signed.
 Audit Reviews
Review panel or department

 A review panel or department may be charged with the task of

reviewing an audit file either before the report is signed or
after the audit has been completed. (Even partners make
mistakes or oversights!)
 It is essential that the review panel:
 possesses the necessary technical expertise; and
 is truly independent.

Second partner review

 The file is examined by another member of the partnership who

has had no dealings with the client.
Recording the Audit Work –
ISA230 Documentation
 ‘Documentation’ means the working
papers prepared by or for, or obtained
and retained by, the auditor in
connection with the performance of the
audit.

 “The auditor should document matters

which are important in providing
evidence to support the audit opinion
and evidence that the audit was carried
out in accordance with ISAs.” - ISA230
Audit Documentation

 Permanent audit file - Matters of continuing

importance affecting the company or the audit
should be kept in a separate file, suitably indexed
 E.g. Engagement letters, Minutes of Board, Client
background etc.

 Current audit file - current year’s file which relate

primarily to the set of accounts or statements
being audited.

 E.g. copies of current financial statements,

schedules etc.
Ownership and custody of
working papers
 “The auditor should adopt
appropriate procedures for
maintaining the confidentiality and
safe custody of the working papers
and for retaining them for a period
sufficient to meet the needs of the
practice and in accordance with
legal and professional requirements
of record retention.” ISA230
Audit Risk - ISA 400 – Risk
assessments and internal control
 Audit risk is defined as the risk that the auditor
may give an inappropriate opinion on financial
statements.

 As such, the end-product of auditing process may

not be a risk-free activity due to a number of
factors.

 ISA 400 explains that audit risk has three

component risks:

 Inherent risk (IR)

 Control risk (CR)
 Detection risk (DR)
 Inherent risk
 This risk derives from the characteristics of the
company to be audited, or the circumstances of the
audit.
E.g.
 Operates in a high technology industry could be
regarded as risky owing to the impact of specialist
technical advances on inventory values and trading
base.
 An audit performed to a tight reporting deadline

Factor which may affect IR:

 The level of competition.
 The possibility of being taken over.
 Complex transactions undertaken

The level of inherent risk is usually assessed as high,

medium or low by way of a questionnaire where the
answer “Yes” to a question indicates a high level of
inherent risk.
Control risk
 Control risk can be defined as the risk that
material misstatement could occur and not be
prevented, or detected on a timely basis, by the
accounting and internal control systems.

Factors affecting CR:

 The history of errors found by the auditor.

 Management attitude and dominance.
 Inexperienced or incompetent staff.
 Lack of segregation of duties or inadequate
supervision.
 The size of the entity and its accounting systems.

It can be measured using a questionnaire, with a

“No” answer indicating a high level of control
Detection risk
 Detection risk is the risk that the
auditor’s substantive procedures
(tests of detail on transactions and
balances, or analytical procedures)
do not detect a material
misstatement.

 This could be due to the

inappropriate nature, extent or
timing of audit procedures.
 End of Session

To be Continued
Discussion Question

What factors would

you consider when
assessing the inherent
risk of a company?
 PART 4

Audit Planning and Risk

Assessment
The audit risk model
 Inherent risk and control risk exist independently of the
audit and must be assessed by the auditor in order that
detection risk (which is under the auditor’s control) can
be “managed” to achieve an acceptable level of overall
risk.
 Where inherent risk and control risk together are high,
detection risk must be minimised by the audit
procedures performed.
Dealing with detection risk

 Methods of varying detection risk- Examples where

inherent/control risk are high.

 Change the nature of audit work - Obtain third party

confirmation in preference to relying on internal
documentation.

 Use experienced staff - Use audit staff who are

familiar with the client’s risk profile.

 Change the extent of audit work - Submit more items

to scrutiny in audit testing.

 Change the timing of audit work-Perform a

circularisation closer to the year end rather than at the
interim audit.
Audit test Categories

 Substantive tests (Tests of Detail) - These are tests

that apply directly to figures found in the financial
statements (e.g.., tests to determine whether the
balance sheet figure for receivables or the income
statement figure for payroll costs is correctly
stated). Analytical review is also a form of
substantive test.

 Compliance tests (Tests of control) - These tests

aimed at establishing how well the accounting
control systems have functioned during the period
under review.
Audit materiality – ISA 320
 Materiality can be described as an expression of relative
significance or importance of a matter in the context of
the financial statements as a whole.

 A matter is material if its omission or misstatement

would reasonably influence the economic decisions of
users taken on the basis of the financial statements.

 The idea of materiality is closely associated with that of

tolerable error, the maximum error that the auditor is
willing to accept in an account balance.

 The definition of materiality is “user-oriented”.

 Different users base their assessment of materiality on

different criteria.
The calculation of materiality

 Materiality is not based purely around a mathematical

formula.

 It cannot be calculated exactly because materiality is

based largely upon judgement.

 Certain percentages can be used as a guide for

materiality levels:

 0.5–1% of sales revenue

 1–2% of total assets
 5–10% of profit before tax
ISA 320 – Audit materiality -
Requirements
 “The auditor should consider materiality and its
relationship with audit risk when conducting an audit.

 Materiality should be considered by the auditor when:

(a) determining the nature, timing and extent of audit

procedures; and
(b) evaluating the effect of misstatements.
 In evaluating the fair presentation of the financial
statements, the auditor should assess whether the
aggregate of uncorrected misstatements that have been
identified during the audit is material.”

ISA Extracts…
Evaluation of misstatements
 This is illustrated in a specimen working paper.

Doolittle and Ticket

CHARTERED CERTIFIED ACCOUNTANTS
CLIENT:
PERIOD ENDED:
STATEMENT OF ERRORS AND CUMULATIVE EFFECT

ITEM ERROR Net profit Net profit - Net assets Net assets
+ + -

TOTAL

Conclusion
I have reviewed the above and enquired into the errors and in my opinion the above is material/not material to the
financial statements.
I have noted these errors for the management letter which will be sent out on or about xx/xx/xx.
A Manager
Using IT to automate planning
and recording
 Audit planning can be automated by the use of models
that enable the auditor to carry out various
computational or statistical routines with speed and
accuracy.

Examples of audit software:

 Auditplus is a software package that documents the

process for you but does depend on the skill and
experience of the user.
 Auditplus assists in planning, controlling and recording
audits in compliance with auditing standards, by
facilitating the production of a well documented audit
file.
 Auditplus will run on any Windows type IBM-compatible
hard disk PC, using either mono or colour display.
Analytical procedures – ISA
520
 The assessment of what is reasonable in the financial
statements is done by analytical procedures which is
the study of ratios, trends and comparators.
 Graphs and accounting ratios can be used to bring out
the key features of accounting data.
 Some of the key ratios used by auditors are as follows:
 Gross profit/sales
 PBIT/sales
 Debt/shareholders’ funds
 Inventory age in days
 Receivables age in days
 Current ratio
 Quick asset ratio
 Year by year % changes
Analytical procedures
 “Analytical procedures” means the analysis of
relationships:

(a) between items of financial data, or between items of

financial and non-financial data, deriving from the same
period; or

(b) between comparable financial information deriving

from different periods or different entities:

 To identify consistencies and predicted patterns or

significant fluctuations and unexpected relationships,
and the results of investigations thereof.
 To assist in planning the audit and as part of the
evaluation of the financial statements.
 To obtain audit evidence directly.
ISA 520 – Key provisions

 “The auditor should apply analytical

procedures at the planning and overall
review stages of the audit.”

 “The auditor should apply analytical

procedures at the planning stage to assist
in understanding the business and in
identifying areas of potential risk.”
Analytical procedures

 Analytical procedures at the planning

stage are usually based on interim
financial information, budgets and
management accounts.

 Application of analytical procedures may

indicate aspects of the entity’s business
of which the auditors were previously
unaware and assist in determining the
nature, timing and extent of other audit
procedures.
 End of Section:

Audit Planning and Risk

Assessment

Thanks you for your

attention
Assignment 2

 Norbert Limited is a UK company based

in Cornwall which designs and builds
yachts. It also has a small yard in
Scotland which it purchased recently.
Most of the yachts are built to customer
specification. However, as trade has
been slack recently, the company is
building some yachts without orders in
the hope of obtaining buyers when the
market picks up. Most of the company’s
output is for export and it quotes its
prices in US dollars.
Continued….

 Youare asked to act as senior

in charge of the audit. The
company has a year end of 30
September. It is apparent from
the previous year’s audit file
that the company has always
had weak internal controls.
Continued…
 The company is currently amending
its designs to take advantage of new
technology and has invested a
considerable amount of time and
money in this. Consequently it is
heavily indebted to the bank. The
bank overdraft facility is to be
reviewed in November 20X8 and the
managing director wishes to ensure
the continuing availability of the
overdraft facility before attending a
major trade fair in late November
20X8.
Required
 Identify, from the situation outlined above,
circumstances particular to Norbert Limited
that must be taken into account when
planning the audit. (10 marks)

 Explain clearly why such factors must be

taken into account. (10 marks)