MAIN AUDIT

CONCEPTS AND
PLANNING THE AUDIT
(ISA 300, 315, 320)

Chapter 6
Planning Obective and Procedures
In other words, the objective of planning is to determine timing and
scope of the audit and the amount and type of evidence and review
required to assure the auditor that there is no material misstatement of
the financial statements. This is Pahse II in the Audit Process Model
The planning procedures are :

1. Perform audit procedures to understand the entity and its

environment, including the entity’s internal control.
2. Assess the risks of material misstatements of the financial
statements
3. determine materiality
4. prepare the planning memorandum and audit progamme containing
the auditor’s response to the identified risks.
Audit Proses Model
Phase I : Client Acceptance
Phase II : Planning the Audit
Phase III : Testing and Evidence
Phase IV : Evaluation and
Reporting
Understanding the
Entity and its
Environment
1. Procedures to Obtain an Understanding
ISA 315 provides an overview of the procedures that the auditor
should follow in order to obtain and understanding sufficient to assess
the risks and consider these risks in designing the audit plans. The risk
assessment procedures should, at minimum, be a combination of the
follwing.

➜Inquiries of management and others within the entity. It is important

to have discussions with the client’s management about their
objectives and expectations, and plans for achieving these goals.

➜Analytical procedures. These may help the auditor in identifying

unusual transactions or positions.

➜Observation and inspection. These procedures may cover a broad

area, ranging from the observation of an entity’s core activites, the
reading of management reports or internal control manuals to the
inspection of documents.
2. Audit Team Discussion
Finally, ISA 315 requires a team-wide discussion of the
susceptibility of the financial statemnts to material misstatement.
An important reason for this requirement is the consideration that
the team members collectively have a broader access to people
within the organisation and their insights. As they say, the most
interesting information may typically be obtained in elevators and
on the car park, and, again, there might be a better balance in the
team’s inshigts if the perspectives on the entity are not just
confined to those conveyed by top management.
3. Continuing Client
If the client is a countinuing one, prior year’s working papers are
reviewed and reliance can be place on the observations from prior
periods. The client’s permanent audit file frequently contains
information on company history records of most important
accounting policies in previous years. However, before relying on
existing working papers, the auditor needs to make sure that there
have been no significant changes in the relevant aspects of the
client’s entity or environement.
4. Understanding the Entity nad its Environment
ISA 315 distinguishes the following relevant aspects in the
understanding of the entity reporting and its environment:

➜Industry, regulatory and other external factors, including the

applicable financial policies;

➜Nature of the entity, including the entity’s selection and

application of accounting policies;

➜The entity’s selection and application of accounting policies,

including the reasons for changes the appropriateness for its
business and consistency with the applicable financial reporting
framework;

➜Objectives and strategies, and the related business risks that

may result in a material misstatement of the financial statements;

➜Measurement and review of the entity;s financial performance.

GLOBAL PERSPECTIVES ON CLIENT BUSINESS
RISK
 Industry,
Regulatory and
Other External
Factors
Industry conditions

➜ The market and competition, including demand, capacity and

price competition

➜ Cyclical or seasonal activity

➜ Product technology relating to the entity’s products

➜ Energy supply and cost

 Regulatory environment

➜ Accounting principles and industry specific practices

➜ Regulatory framework for a regulated industry
➜ Legislation and regulation that significantly affect the entity’s
operations
— Regulatory requirements
— Direct supervisory activities
➜ Govemment policies currently affecting the conduct of the
entity’sbusiness
— Monetary, including foreign exchange controls
— Financial incentives (e.g. government aid programmes)
— Tariffs, trade restrictions
➜ Environmental requirements affecting the industry and the entity’s
business
Other external factors currently affecting the
entity’s business

➜ General level of economic activity (e.g. recession, growth)

➜ Interest rates and availability of financing

➜ Inflation, currency revaluation

Nature of the entity

This aspect of the understanding phase deals with the entity’s cor
its operations, types of investments, its financing Ioershjp and how
management applies and discloses accounting policies.
Information

Information acquired about business operations may include

nature of revenue sources(retailer, manufacturer, and professional
services); products and services (e.g. pricingpolicies, locations and
quantities of inventory, profit margins, warranties, order
book);market (exports, contracts, terms of payment, market share,
franchises, licences,patents, composition of customer group),
location of company facilities (warehouses,offices); employment
(wage levels, supply, union contracts, pensions), key suppliers,and
customers
Investments

Investments that have reduced in value have been the downfall of

as diverse a group of entities as Metallgesellschaft a German
manufacturer who lost a large amount on the derivatives market,
and Orange County, California, which was forced into bankruptcy
by speculation on their municipal bonds.8 Important transactions
for which information should be gathered include: acquisitions,
mergers and disposais of business divisions; use of derivative
financial instruments; type of major investments by the company;
capital investment activities (in plant and equipment, technology,
etc.) and investment in nonconsolidated entities such as joint
ventures, special purpose entities,9and partnerships.
The entity’s choice and application of financial
reporting policies

The entity’s choice and application of financial reporting policies

is one of the coreconsiderations of the auditor, because this is the
criteria on which the auditor giveshis assurance. The auditor should
review company accounting policies including revenue recognition,
inventories, research and development, important expense
categories, judgmental accounting valuations, and financial
statement presentation and disclosure. Foreign currency assets,
liabilities, and transactions require special attention.
CONSIDERATION WHEN OBTAINING AND
UNDERSTANDING OF NATURE OF ENTITY
ENTITY BUSINESS MODEL
Example of legal documents and records to
consider in the context of understanding the
entity's nature

➜ Corporate charter
➜ Bylaws
➜ Corporate minutes
➜ Contracts
The Entity’s Objectives, Strategies and Related
Business Risks

The auditor will also consider the entity’s objectives and strategies,
and the related business risks that may affect the financial
statements. The entity’s objectives are the overall plans for the
company as determined by those charged with governance and
management. Strategies are the operational approaches by which
management intends to achieve its objectives. Significant
conditions, events, circumstances or actions that could adversely
affect the entity’s ability to achieve its objectives and execute its
strategies create business risks. The concept of business risks is
broader than the concept of risks of material misstatements in the
financial statements. However, most business risks will typically
have a financial consequence, and hence will find their way into the
financial statements.
Strategic Framework
An interesting interpretation of this part of the ‘understanding and risk
assessment’ phaseis taken in a strategy-orientated framework,’3 which
involves the following steps:
1. Understand the client’s strategic advantage. What are the entity’s plans?
What market niches do they control?
2. Understand the risks that threaten the client’s business objectives. What
forces are challenging the entity’s competitive advantages?
3. Understand the key processes and related competencies to realise
strategic advantage.What advantages and competencies are needed to
increase market share in their business area? What are the risks and
safeguards?
4. Measure and benchmark process performance. What is the evidence that
the expectedvalue is being created by the strategy?
5. Document the understanding of the client’s ability to create value and
generate future cash flows using a client business model, process analysis,
key performance indicators, and a business risk profile.
6. Use the comprehensive business knowledge decision frame to develop
expectations about key assertions embodied in the overall financial
statements.
7. Compare reported financial results to expectations and design additional
audit test work to address any gaps between expectations.
Measurement and Review of’the Entity’s Financial
Performance

In order to assess the risk of material misstatements in the financial

statements, an auditor should examine internally generated
information used by management and external (third party)
evaluations of the company. Internal measures provide
management with information about progress towards meeting
the entity’s objectives. Internal information may include key
performance indicators, budgets, variance analysis, segment
information, and divisional, departmental or other level
performance reports, and comparisons of an entity’s performance
with that of competitors. External information, such as analysts’
reports and credit rating agency reports, may be useful to the
auditor. Internal or external performance measures may create
pressures on management to misstate the financial statements. A
deviation in the performance measures may indicate a risk of
misstatement of related financial statement information.
Internal Control

As addressed before, internal control — the final aspect to consider

in understanding the entity and its environment — will be dealt
with separately later in the text (Chapter 7 ‘Internal Control and
Control Risk’), given the complexity and extent of this topic.
However, it should be borne in mind that the auditor needs to
obtain a level of under standing of an entity’s internal control that
is sufficient for a proper understanding of the entity. A good
understanding of internal control is required for an appropriate
assess ment of the risk of material misstatement in the financial
statements.
Audit Risk Model
Assessment Tasks

To assess the risks of misstatement of the financial statements, the

auditor performs four
tasks:
1. Identify risks by developing an understanding of the entity and
its environment, including relevant controls that relate to the
risks. Analyse the strategic risks and the significant classes of
transactions.
2. Relate the identified risks to what could go wrong in
management’s assertions about completeness, existence,
valuation, occurrence, and measurement of transactions or
assertions about rights, obligations, presentation, and
disclosure.
3. Determine whether the risks are of a magnitude that could
result in a material misstatement of the financial statements.
4. Consider the likelihood that the risks will result in a material
misstatement of the financial statements and their impact on
classes of transactions, account balances and disclosures.
Audit Risk
Audit risk has three components: inherent risk, control risk and detection risk.
The three components are traditionally defined as follows:
1. Inherent risk is the susceptibility of an account balance or class of
transactions to mis. statements that could be material, individually or when
aggregated with misstatements. in other balances or classes, assuming
that there were no related internal controls. The assessment of inherent
risk is discussed in more detail later in this chapter
2. Control risk is the risk that a misstatement that could occur in an account
balance or class of transactions and that could be material — individually
or when aggregated with misstatements in other balances or classes —
will not be prevented or detected and corrected on a timely basis by
accounting and internal control systems.
3. Detection risk is the risk that an auditor’s substantive will not detect a
misstatement that exists in an account balance or class of transactions
that could be material, individually or when aggregated with
misstatements in other balances or classes.
 RESIKO BAWAAN

Kesalahan yang
mungkin terjadi
di laporan
keuangan klien

RESIKO PENGENDALIAN
Kesalahan yang
terlewat dari
pengendalian
Kesalahan yang tidak
dapat di diteksi oleh
sejumlah pengendalain
Kesalahan yang
RESIKO DITEKSI dapat diditeksi
oleh auditor

Kesalahan yang
tidak dapat
RESIKO AUDIT diditeksi oleh
auditor
Significant Risks

Significant risks are audit risks that require special audit

consideration. Significant risks generally relate to judgemental
matters and significant non-routine transactions. judgement is
used, for example, in the development of significant accounting or
fair value estimates. Non-routine transactions are transactions that
are unusual, either due to size or nature, and that therefore occur
infrequently. Risks of material misstatement may be greater for
significant judgmental matters requiring accounting estimates or
revenue recognition and for assumptions about the effects of future
events (e.g. fair value) than for ordinary transactions.
Is the Risk Significant?

Significant risks arise on most audits, but their determination is a

matter for the auditor’s professional judgement. In determining
what a significant risk is the auditor considers a number of matters,
including the following:
1. Whether the risk is a risk of fraud.
2. The likelihood of the occurrence of the risk.
3. Whether the risk is related to recent significant economic,
accounting, or other developments and, therefore, requires
specific attention.
4. The complexity of transactions that may give rise to the risk.
5. Whether the risk involves significant transactions with related
parties.
6. The degree of subjectivity in the measurement of financial
information related to the risk.
7. Whether the risk involves significant transactions that are
outside the normal course of business for the entity, or that
otherwise appear to be unusual given the auditor’s
understanding of the entity and its environment.
Materiality
ISA 320
Materiality Level

Planning materiality is a concept that is used to design the audit

such that the auditor can obtain reasonable assurance that any
error of a relevant (material) size or nature will be identified. There
are additional costs for an auditor to audit with a lower materiality.
The lower the materiality, the more costly is the audit. If any error of
whatever small size needs to be found in the audit, the auditor
would spend significantly more time than when a certain level of
imprecision (higher materiality level) is considered acceptable.
Nature of the Item

The nature of an item is a qualitative characteristic. An auditor

cannot quantify the materiality decision in all cases; certain items
may have significance even though the dollar amount may not be
quite as large as the auditor would typically consider material. For
example, a political bribe by an auditee, even though immaterial in
size, may nevertheless be of such a sensitive nature and have such
an effect on the company financial statement that users would
need tobe told. It has been suggested that in making judgements
about materiality, the following aspects of the nature of a
misstatement should be considered:
1. the events or transactions giving rise to the misstatement;
2. the legality, sensitivity, normality and potential circumstances
of the event or transaction;
3. the identity of any other parties involved; and
4. the accounts and disclosure notes affected.
Circumstances of Occurrence

The materiality of an error depends upon the

circumstances of its occurrence. There are two types of
relevant circumstances:
1. the users of the accounting information’s economic
decision-making process;
2. the context of the accounting information in which an
item or error occurs.
Materiality

➜5%-10% from Net income Before Tax

➜5%-10% from Current Asset
➜5%-10% from Short term liabilities
➜0,5%- 2% from total asset
➜0,5%- 2% from net income
➜ 1% - 5% from total equity
FRAUD
ISA 240
Incentive/pressure

Pressure, such as a financial need, is the ‘motive’ for committing

the fraud. Individuals may be under pressure to misappropriate
assets because of a gambling problem or because the individuals
are living beyond their means. Fraudulent financial reporting may
be committed because management is under pressure from
sources outside or inside the entity, to achieve an expected (and
perhaps unrealistic) earnings target — particularly since the
consequences to management for failing to meet financial goals
can be significant.
Opportunity

The person committing the fraud sees an internal control weakness

and believes internal control can be overridden, for example,
because the individual is in a position of trust or has knowledge of
specific weak.nesses in internal control The individual, believing no
one will notice if funds are taken, begins the fraud with a small
amount of money. If no one notices, the amount will usually grow
larger.
Rationalisation

The person committing the fraud frequently rationalises th

fraud. Rationalisations may include, ‘I’ll pay the money
back’, ‘They will never miss the funds’ or ‘They don’t pay
me enough.
FRAUD TRIANGLE

PRESSURE
Procedures to Consider Regarding Fraud

Risk assessment procedures that may indicate fraud include

inquiries of management regarding:
1. Management’s assessment of the risk that the financial
statements may be materially misstated due to fraud, including
the nature, extent and frequency of such assessments.
2. Management’s process for identifying and responding to the
risks of fraud, including any specific risks of fraud that has
been brought to management’s attention, and classes of
transactions, account balances or disclosures for which a risk
of fraud is likely to exist;
3. Any management communication to those charged with
governance regarding the risks of fraud in the entity; and, to
employees regarding management views on business
practices and ethical behaviour.
4. Whether management has knowledge of any actual,
suspected or alleged fraud affecting the entity.
Evaluation of Audit Evidence and Documentation

Once procedures to determine fraud are complete the auditor must

evaluate the audit evidence gathered, especially results of
analytical procedures and misstatements possibly due to fraud.
The auditor must evaluate whether analytical procedures that are
performed near the end of the audit indicate a previously
unrecognised risk of material misstatement due to fraud. Ifa
misstatement is found and it is indicative of fraud, the auditor must
determine if the findings affect other aspects of the audit,
particularly the reliability of management representations. An
instance of fraud is unlikely to be an isolated occurrence
Discontinuance of the Engagement

If there is a misstatement resulting from fraud or suspected fraud,

this might bring into question whether the auditor should continue
performing the audit. Before she acts, the auditor should determine
the professional and legal responsibilities applicable in the
circumstances, including whether there is a requirement for her to
report to management, those charged with governance, or
regulatory authorities. Further, the auditor must consider whether it
is appropriate to withdraw from the engagement. Before the
auditor withdraws from the engagement she should discuss the
possibility of, and the reasons for, withdrawal with management
and those charged with governance. There may be professional or
legal requirements to report withdrawal from the engagement.
Using the work of others (including ISA 610) and
considering auditee use of service organisations
(ISA402)

➜ Using the Work of an Auditor’s Expert

➜ Auditor’s Expert Agreement and Reports
➜ Using the Work of the Auditee’s Internal
Auditors
➜ Audit Considerations Relating to an
Auditee Using a Service Organization
Other Planning Activities

➜ Discussions with Those Charged

with Governance
➜ Audit Planning Memorandum
➜ Audit Plan (Audit Programme)
➜ Audit Evidence
THANKS