AUDIT AND ASSURANCE

Audit Planning and risk

Assessment

Session- 9

ALI SAJJAD
 Contents
1. Why audit planning is essential.
2. audit planning and audit approach procedure
3. accept client and initial audit planning
4. engagement letter
5. purpose of audit planning
6. professional skepticism
7. interim audit and final audit
8. Understand entity and its environment
9. understanding accounting and internal control
system
10. Risk and materiality
11. Materiality
 Three reasons why auditor should
properly plan engagement

1. To obtain sufficient appropriate evidence for

circumstances
2. To help keep audit costs reasonable
3. To avoid misunderstandings with client
 Planning an Audit and
Designing an Audit Approach
Accept client and perform initial audit planning.

Understand the client’s business and industry.

Assess client business risk.

Perform preliminary analytical procedures.

 Planning an Audit and
Designing an Audit Approach
Set materiality and assess acceptable audit risk
and inherent risk.

Understand internal control and assess control risk.

Gather information to assess fraud risks.

Develop overall audit plan and audit program.

 Auditor assess these risks

1. Acceptable
audit risk

It is a measure of how willing the auditor is to accept that the financial

statements may be materially misstated after the audit is completed
and an unqualified opinion has been issued. When the auditor decides
on a lower acceptable audit risk, it means that the auditor wants to be
more certain that the financial state- ments are not materially
misstated. Zero risk is certainty, and a 100 percent risk is complete
uncertainty.
 2. Inherent risk

it is a measure of the auditor’s assessment of the likelihood that

there are material misstatements in an account balance before
considering the effectiveness of internal control. If, for example, the
auditor concludes that there is a high likelihood of material
misstatement in accounts receivable due to changing economic
conditions, the auditor concludes that inherent risk for accounts
receivable is high.
Auditing standards require that auditor understanding
with client in an engagement letter which includes
followings:

1. Objectives
2. Responsibilities of management
3. Responsibility of auditor
4. Engagement limitations
5. Expected fees
Audit engagement letter
Written representative letter

A management representation letter is a form letter

written by a company's external auditors, which is
signed by senior company management. The letter
attests to the accuracy of the financial statements that
the company has submitted to the auditors for their
analysis.
Written representative letter
 Planning and audit
1.1 The purpose of an audit plan
A plan sets out what needs to be done to achieve an objective. In the case of an
external or internal audit, the objective is the production of an audit report
containing an opinion on the information subject to audit. An audit plan should be
prepared as a means of achieving this objective efficiently and effectively.
 1.1.1 Content of audit plan

Preparing an audit plan is the first stage in the conduct of an audit engagement.
The plan sets out answers to three main questions (the ‘3Ws’):

 Who will perform the audit work? (Staffing)

  
 When will the work be done? (Timing)
 What work is to be done? (The scope of the audit)
 1.1.2 Risk assessment and
audit planning
To prepare a suitable audit plan, the auditor needs to have an in-depth knowledge and
understanding of:
 the entity to be audited, and
 the environment in which the entity operates.

The auditor needs this knowledge and understanding in order to assess the risk
attached to the audit. Risk assessment is a key feature of the audit planning process
and the assessment of risk in the audit will affect:

 the amount of audit work performed in general, and

 the areas on which the auditor will focus his attention.

The planning process is essential to all audits, both internal and external. It is equally
important to other assurance engagements such as a ‘review’ assignment. 
 1.2 Professional skepticism
 “An attitude that includes a questioning mind,
being alert to conditions which may indicate
possible misstatement due to error or fraud,
and a critical assessment of audit evidence”.
 1.3 Interim audit final audit
Interim audit and final audit

 Most large audits will be split into two phases. Much of the systems assessment work and
transaction testing will be carried out on the interim audit (taking place perhaps two-thirds of the
way through the year) with the balance of the work and testing of statement of financial position
items taking place at the final audit shortly after the year end.

 A number of key benefits may arise from spreading the work across interim and final audit such as:
 
1. More flexible resource planning within the firm – the timing of interim audit is typically
more flexible than the timing of final audit. This helps reduce demand for audit staff
during ‘busy season’ (traditionally the first few months of a calendar year when many
clients require their final audit to take place) 

2. Earlier identification of significant matters

3. Shareholders and other users receive audited accounts earlier
4.   Increased audit efficiency
1.3.1. Typical interim audit procedure
includes

1. Understanding the entity, assessing inherent risk (see ISA 315)

and identifying significant matters which will be reflected in the
subsequent audit strategy and audit plan.

2. Recording, evaluating the design and testing the entity’s system

of internal control.

3. Performing substantive testing to ensure the books and records

are a sound basis for performing the year end audit.
 1.3.2. Typical final audit procedures
include:

1. Substantive testing. Note that where substantive testing was performed at the
interim phase auditors typically test the subsequent period between interim audit
and period end.
2. Tests to ensure conclusions formed at interim audit remain valid
3. Obtaining third party confirmations such as bank letters and trade receivables
confirmations
4. Analytical review and subsequent events review
5. Subsequent events review
6. Obtaining written representations
ISA 330 specifically states that the following procedures can only be performed at or after the
period end:
1. Agreeing the financial statements to the accounting records;
2. Examining adjustments made during the course of preparing the financial statements; and
3.  Procedures to respond to a risk that, at the period end, the entity may have entered into
improper sales contracts, or transactions may not have been finalized
 2. Understanding accounting and internal control
system

 If the entity has an internal audit function then auditor shall obtain an understanding of the
nature of the internal audit function’s responsibilities, its organizational status, and the
activities performed, or to be performed.

 The auditor should try to reach a judgment about how strong (or weak) the internal controls
are, in order to make a decision about the amount of testing that should be carried out in the
audit. He should consider:

1. his previous knowledge of the client company

2. any recent changes

3. any known problems in the internal controls of the client

4. the effect of any new auditing or accounting requirements.

 Analytical procedure
 which involves the study of ratios and trends to identify the existence of
unusual transactions or events or amounts, ratios or trends that might have
implications for the audit (information technology may be of use here in
calculating changes to balances in the financial statements from previous
years and graphing trends).
 For example, an analysis of payables days compared to previous years might
indicate that the company is having difficulty in paying its debts. As a result,

Observation and inspection

the auditor may plan to do more work on this area.

 (for example, inspecting internal control manuals or business plans).

Risk and materiality
The auditor is required by ISA 315 to identify and assess the risks of
material misstatement at both the financial statement and assertion
levels.

1. The financial statement level refers to risks which are pervasive to the
financial statements as a whole and which potentially affect many
assertions (see below). An example might be if management have a
tendency to override internal controls – this would affect all areas of the
accounting systems.

2. The assertion level refers to specific objectives of the financial

statements, for example, that all liabilities have been recorded and that
recorded assets exist. The use of financial statement assertions is
considered in detail in a later chapter.
 Risk assessment is an important aspect of planning an
audit. Issues to consider are:

1. the areas where risk of misstatement (error) appear to exist, and the nature of the risk 
2. when an error should be considered material, and when it may be ignored 
3. what aspects of the audit will be the most difficult to plan because of the high risk of
misstatement.
The auditor should consider: 
1. assessments of inherent risks and control risks, and the identification of significant audit areas
2. setting materiality levels 
3. the possibility of material misstatements, including those arising because of fraud (rather than unintentional
error)
4.  the identification of complex accounting areas, particularly those involving accounting estimates. (Areas of
accounting where the estimates used will be more difficult to audit.)

The auditor will then focus his work on balances in the financial statements where he
considers there is a material risk of misstatement. High risk/material items will be
audited in detail, but low risk/immaterial items will receive less attention.
 Approaches

1. Audit risk approach

2. Substantive approach
3. System approach
This audit risk approach was developed in the 1980s. Previous approaches
included the following:

1. The substantive approach whereby every item in the financial

statements is tested and vouched to supporting documents. This
approach is still sometimes used for small entities where internal
controls are weak and there are few transactions. It may be more
efficient to just test everything (especially if the auditor is also providing
accountancy services, where he will see all of the supporting documents
in any case).
 
2. The systems approach which was developed to avoid over-auditing.
Under this method the underlying accounting systems were tested with
less emphasis on the testing of individual transactions and balances.
However, this approach could still lead to over-auditing as systems
covering low- risk/immaterial areas were also tested.

Most firms now use a mixture of the audit risk approach and a systems-
based approach.
 2.4 Materiality:
“Information is material if its omission or misstatement could influence the
economic decisions of users taken on the basis of the financial statements.”
AUDITORS ENTITLED TO ASSUME THAT USERS:
1. have a reasonable knowledge of business and are willing to study the information in
the financial statements diligently

2. understand that financial statements are prepared and audited to levels of materiality

3. recognize the uncertainties inherent in certain amounts in the financial statements

(such as provisions)
4. make reasonable economic decisions based on the information in the financial
statements.
 Examples of Planning
Analytical Procedures
Selected Ratios Client Industry
Short-term debt-paying ability:
Current ratio 3.86 5.20
Liquidity activity ratio:
Inventory turnover 3.36 5.20
Ability to meet long-term obligations:
Debt to equity 1.73 2.51
Profitability ratio:
Profit margin 0.05 0.07
 Compare Client and Industry
Data
Client Industry
2009 2008 2009 2008
Inventory turnover 3.4 3.5 3.9 3.4
Gross margin 26.3% 26.4% 27.3% 26.2%
 Compare Client Data with
Similar Prior Period Data
2009 2008
(000) % of (000) % of
Prelim. Net sales Prelim. Net sales

Net sales $143,086 100.0 $131,226 100.0

Cost of goods sold 103,241 72.1 94,876 72.3
Gross profit $ 39,845 27.9 $ 36,350 27.7
Selling expense 14,810 10.3 12,899 9.8
Administrative expense 17,665 12.4 16,757 12.8
Other 1,689 1.2 2,035 1.6
Earnings before taxes $ 5,681 4.0 $ 4,659 3.5
Income taxes 1,747 1.2 1,465 1.1
Net income $ 3,934 2.8 $ 3,194 2.4
Common Financial Ratios
 Short-term debt-paying ability

 Liquidity activity ratios

 Ability to meet long-term debt obligations

 Profitability ratios
 Profitability Ratios
Earnings Net income
=
per share Average common shares outstanding

Gross profit (Net sales – Cost of goods sold)

=
percent Net sales

Operating income
Profit margin =
Net sales
 3. Audit risk
3.1 Risk based audit approach
3.2 Response to assessed risk
1. At the financial statement level these “responses” are overall ones, which
may include:
2. emphasizing to the audit team the need to maintain an attitude of
professional skepticism 
3. assigning more experienced staff or increased supervision of staff
4. the use of experts
5. changing the nature, timing and extent of audit procedures (for example,
performing more substantive procedures at the final rather than at the interim
audit, or obtaining more “persuasive” audit evidence).
 The assessment of the risks at this level and therefore the auditor’s response is very much
affected by the auditor’s assessment of the control environment. An effective control
environment will be likely to increase the auditor’s confidence in controls in all areas and
allow him to carry out more procedures at the interim audit and to carry out less tests of
detail. Both of these terms are considered in later chapters.

In summary, the auditor is required to:

1. assess the risks involved in the audit
2. plan the audit work so that any material misstatements are identified and corrected if
necessary.
 
This should then ensure that a ‘true and fair view’ is presented by the financial statements.
Control risk  

Detection risk  
PRACTICE QUESTIONS
ACTIVITY
THANKS