F8

Chapter 3
Pre- Acceptance, Planning and
Risk assessment
Objectives of an Audit
To obtain reasonable assurance about whether the
f/s as a whole are free from material misstatements
whether due to fraud or error, thereby enabling the
auditor to express an opinion on whether the f/s are
prepared, in all material respects in accordance with
an applicable financial reporting framework

To report on the financial statements and

communicate as required by the ISAs in accordance
with the auditor’s findings.
At the overall level of the firm what can be done to
ensure a strong quality control environment

Appoint a quality control partner, to ensure quality is considered at

the highest level.
• Have documented processes for staff to follow.
• Ensure all staff are trained in these processes.
Pre-acceptance, PlanningandRiskAssessment
• Have strict recruitment policies to recruit the best people.
• Ensure appraisal processes recognise quality (and the lack of it).
• Ensure overall environment is one where quality is rewarded, and
poor quality is punished.
• Ensure careful selection of assignment teams, based on skills,
experience, overall workload etc.
• Have a cold review process where a selection of completed
assignments are checked to help future work be performed better.
What measures should be taken on each assignment to
ensure quality?
Several measures should be taken on each assignment to ensure
quality:
• Pre-appointment checks should be carried out on all clients. Do we
know their industry, their business? Do we have the right resources
and experience to carry out the assignment?
• All work should be suitably:
– Directed: All team members should be briefed and informed of
their responsibilities, the risks, and the timetable.
– Supervised: More senior members of the audit team should keep
track of the work of more junior members to ensure they are doing
the right thing and meeting deadlines
– Reviewed: Review responsibilities should be allocated so that,
the work of a team member is reviewed by someone more senior.
•
What measures should be taken on each assignment to
ensure quality?- Cont’d
• There should be suitable consultation with others, where
matters are unclear.
• There should be a hot review (before the work is finished) of
any assignment where the audit risk is higher.
• Careful thought should go into deciding which member of the
team should perform and review each task, and the best time for
that task to be performed. Work should be delegated based upon
skills and experience.
• All work to be suitably planned and documented.
• There should be careful procedures on
acceptance/continuance of client relationships.
Audit Planning- ISA 300
Why?
Planning helps the auditor to:
Devote appropriate attention to important areas of the audit
Identify and resolve potential problems on a timely basis
Properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner
Identify audit risks
Select engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks and the
proper assignment of work to them
Direct and supervise engagement team members and to review their
work
Co-ordinate the work done by auditors of components and experts
Audit Strategy
For each audit client, an appropriate strategy needs to be considered. The strategy
covers the scope, timing and direction of the audit. More specifically it will:
• Identify the characteristics of the engagement that define its scope. For example,
the client’s activities (and any changes to these activities since the previous year);
• Ascertain the reporting objectives of the engagement (such as key reporting
dates) to plan the timing of the audit and the nature of the communications
required (for example, the reporting framework);
• Consider the factors that, in the auditor’s professional judgement, are significant
in directing the engagement team’s efforts. For example, initial assessments of
materiality and identification of risk areas;
• Consider the results of preliminary engagement activities and, where applicable,
whether knowledge gained on other engagements performed by the engagement
partner for the entity is relevant;
• Ascertain the nature, timing and extent of resources necessary to perform the
engagement.
Detailed Audit Plan

The audit plan is derived from the audit strategy and includes:
A more detailed description of the client including:
Economic factors and industry conditions
Financial performance
Key changes in the business

A description of key accounting policies and internal control systems

( consideration of client’s own internal audit department)
A more detailed materiality assessment
Results of preliminary analytical procedures on the draft financial statements
Likely audit approach ( controls or substantive) on each area of the f/s
Detailed description of the high risk areas
Specific audit testing ( eg, whether experts will be needed)
Timing of specific procedures ( eg. Stock taking)
Details of staffing, a budget and a timetable
Understanding the Audit Client-ISA 315- Identifying the
Risks of Material Misstatement Through Understanding
the Entity and its Environment
What do you need to know?
Industry, regulatory and other external factors…. Economy,
competition, availability of finance, laws and regulations

Nature of the entity……Products and services, customers and

suppliers, accounting policies

Objectives, strategies and risks….new products and services,

expansion plans

Internal Control …..control environment, control activities, monitoring of

controls

Financial performance….key ratios and statistics, forecasts and

budgets, trends
Importance of Risk Assessment
Audit Risk-The risk that the auditors give the wrong opinion in the f/s.

It is important for auditor to identify the areas of the f/s that at greatest
risk of misstatement for the following reasons:
To ensure that attention is focused early on the areas most likely to
cause material misstatements
A thorough risk assessment will also help the auditor to fully understand
the entity which is vital for an effective audit
Assessing risks will result in a more efficient audit. The team will only
focus time and effort on key areas as opposed to balances or
transactions that are immaterial or unlikely to contain errors
Assessing risks early also ensures that the most appropriate team is
selected with more experienced staff allocated to higher risk audits and
high risk balances
Risk Assessment Procedures
In order to gain the understanding of the client and assess the
potential risk to the f/s ISA 315 requires auditors to use the
following risk assessment procedures:

 Enquiries of management and others within the entity

 Observation and Inspection
 Analytical procedures

This will include:

Speaking to client staff
Reviewing prior year f/s
Reviewing information from external sources such as trade
journals
Observing the client’s operations, premises and facilities
Audit Risk
Audit risk is the risk that the auditors give the wrong
opinion on the f/s- This occurs if auditors sign off that
the f/s as true and fair when in fact they are materially
misstated in some way
When adopting the audit risk based approach to
planning auditors try to identify areas of the f/s that
are at greatest risk misstatement and devote
appropriate attention to these areas. If risk is ignored
and auditors give the wrong opinion then they can be
held liable for their negligence
The Audit Risk Model
Audit Risk= Inherent Risk X Control risk X Detection Risk

Inherent risk describes something about the nature of the business or its transactions that
make it particularly susceptible to material misstatements
Examples of inherent risks
Non disclosure of going concern issues ( heavy debt financing, cash flow
problems, changes in laws and regulations that impacts the company’s
ability to trade
Potential manipulation ( profit related bonus schemes or the reliance of
external finance provider on the audited accounts which may provide
incentive to management to manipulate the numbers to achieve the
bonus targets
Key Balances Examples such as provisions
( judgmental and difficult to get right) intangible assets
( difficult to value, potential impairment), foreign
exchange
Control Risk
Control risk is the risk that a company’s controls fail to prevent
or detect material fraud or errors (either because they don’t
exist, they are designed badly or they do not operate properly)
The combination of inherent risk and control risk is known as
financial statement risk

Detection Risk
Detection risk is all down to the auditors and is the risk that the
auditor’s procedures fail to detect a material misstatement due
to such factors as:
-choosing an unrepresentative sample to test ( sampling risk)
-human error
-lack of training
-inexperience
Audit Risk Model
Four components of the Audit Risk
Model:

Audit Risk= Inherent Risk X Control Risk

X Detection Risk
Using the Audit Risk Model
Auditors assess F/s risk by:
Assessing inherent risk
Assessing control risk
-Do the controls look good in theory
-Are they actually operating properly
(Control Tests)
If the f/s risk is HIGH then the auditor needs
to keep dectection risk low by increasing the
quantity of substantive tests, sample sizes
sending a more experienced audit team etc,.
Auditor’s Responses to Assessed
Risks
Once audit risks have been identified the auditor needs to respond to
these risks. This will include taking steps such as:
Designing audit procedures ( tests of controls and substantive tests) to
address the risk areas
Reminding the audit team of the need to maintain professional
scepticism
Assignment more experienced staff or those will special skills or using
experts
Providing more supervision
Making general changes to the nature extent and timing of the audit
procedures. ( eg. Performing substantive procedures at the period end
instead of at an interim date or modifying the nature of the audit
procedures to obtain more persuasive audit evidence
Types of Fraud
Two types of Fraud relevant to the auditor:

Misstatements due to fraudulent financial

reporting (deliberate misstatement of
amounts/disclosures in the financial statements)

• Misstatements due to misappropriation of

assets (theft of company assets)
Management versus Auditor
Responsibilities for Detecting Fraud-ISA
240

the primary responsibility for the prevention and

detection of fraud lies with management and those
charged with governance.

the external auditor’s responsibility in accordance

with ISAs is to obtain reasonable assurance that the
financial statements are free from material
misstatement, whether caused by fraud or error
Auditor’s Responsibility for Fraud

Professional scepticism

Discussion amongst the audit team

Risk assessment procedures

- Making enquiries.
-Obtaining an understanding of the role of those charged with
governance and how they monitor the risk of fraud within the company.
-Evaluating unusual or unexpected relationships within the company’s
financial and non-financial information
-Evaluating fraud risk factors
Auditor’s Responses to High Risk
of Frauds
If the risk of misstatement due to fraud is deemed to be high, the
auditor must take steps to address this during the conduct of the audit.
This will possibly include:
• Assigning more people to the audit team with specialised skill and
knowledge
• Increased corroboration of management explanations and
representations
• Incorporating an element of unpredictability in selecting the nature,
timing and extent of audit procedures
• Paying close attention to higher risk areas of the financial statements
such as estimates, journals posted around the period end and
transactions that are outside the normal course of business.
Auditor’s Responsibility for
Reporting Fraud
• Report as soon as possible to the management of the company and
those charged with governance.

Some cases, the auditor may have a statutory duty to report fraudulent
behaviour to a third party such as a regulator. However the auditor
should take legal advice before doing so to ensure that the professional
duty of client confidentiality is not being breached.
Auditor’s Responsibility with Regards
to Laws and Regulations
Auditor needs to be aware of those situations that could materiality affect
the f/s. If the auditor finds a material breach they have the following
responsibilities:
• Report the breach to management.
• If the breach involves management, report to the highest level possible (eg the
Audit Committee).
• If the breach involves the highest level possible, the auditor may need to take
legal advice. There might be a public interest to disclose breaches but the concept
of ‘public interest’ is not defined and legal advice is essential.
• Consider the effect of the breach on the accuracy of the financial statements –
the company may need to provide for a fine and failure to do so could result in a
qualified audit report.
• If the breach is severe, consider the effect on the company’s going concern
status.
Analytical Procedures
Analytical procedures compares numbers, ratios or non-
financial information in order to identify trends or unexpected
relationships which may indicate the existence of errors

Types include comparison of:

Year on year
To budget or forecast
To predictions made by the auditor
To industry information
Different Stages for Using
Analytical Procedures
3 stages:

Planning ( to identify areas of risk of

material misstatement)
When gathering information ( to help
substantiate balances)
At completion ( A final check on the f/s)
Use of Ratios During Analytical
Procedures
Six key ratios:
1. Gross Margin Profit

Gross Profit X 100 =%

Revenue

2. Return on Capital (ROCE)

Profit Before Interest and Tax

Debt + Equity
Use of Ratios During Analytical
Procedures
3) Stock Days ( Inventory Days)

Inventory X 365=number of days

Cost of Sales

4) Debtor Days ( trade receivables collection period)

Trade Receivables X 365=number of days

Revenue
Use of Ratios During Analytical
Procedures
5) Creditor Days ( trade creditors payment period)

Trade Payables X 365 = number of days

Cost of Sales

6) Gearing

Debt
Equity
Materiality
A misstatement is material if it could be
reasonably expected to influence the
decisions of the users of the f/s

Different bases to consider:

½-1% of revenue
1-2% of total assets
5 -10 % of PBT (profit before tax)
Overall Materiality Versus
Performance Materiality
Overall Materiality- Materiality needs to be
determined for the f/s as a hole during the planning
stage

Performance Materiality-Performance materiality is

an amount ( or amounts) less than the overall
materiality designed to ensure that the total identified
but uncorrected misstatements and the total
unidentified misstatements will be less than overall
materiality at the end of the audit.
Identified Misstatements
The auditor should request that
management correct all identified
misstatements whether material or not
for the following two reasons:
Ensuring that underlying company
books and records are accurate
Ensuring that these misstatements
cannot be carried forward to future f/s
( where they become material)
Importance of Working Papers(W/Ps)

It is essential that the entire audit process be documented in the

w/ps

Benefits of w/ps:
The documents show that the audit work has been done properly and
provide written evidence of the reasons for the auditor’s conclusions
should the audit opinion be called into question at a later date ( eg.
court)
They assist the engagement team in planning the audit
They enable senior staff to supervise and review the work of junior staff
They enable the engagement team to be accountable for its work
They enable the conduct of quality control reviews and external
inspections.
Content of W/Ps
Every W/P should include:
Accounting Year End
Prepared by
Date
Subject
Aim of Work
Work done
Results
Conclusions of the work
Reviewed By
Date of Review
Current Audit File
Included in the current audit file is:

a planning section
Sections for each area of the f/s showing
what work was done
a completion section showing the final tasks
carried out at the end of the audit including
-a schedule of [points for manager and partner
attention
-a schedule of points for next year’s audit
Permanent Audit Files
Some information that will be of continuing
use to the audit year after year is contained in
the permanent file such as:
the engagement letter
Organizational charts showing group
structure and key employees
System flow charts
Company articles and memorandum
Long-term agreements (loan agreements,
finance lease agreements)