MODULE 6: AUDIT PLANNING

I. Description
This module discusses on the process of audit planning.

II. Objectives
After completing the module, the students are expected to:

 State the general objective in planning an audit

 Describe the standard planning procedures
 Determine how the auditor obtains an understanding of the client and its environment
 Define analytical procedures and explain why they are important at the planning
stage of the audit
 Discuss the contents of the audit plan and the audit program
 List and explain other planning considerations
 Identify the Audit Risk model
 Know the concept of materiality

III. Duration
Start: Week 9
End: Week 9

IV. Learning Contents

A. AUDIT PLANNING

Audit planning involves developing a general audit strategy and a detailed approach for the
expected conduct of the audit. The auditor’s main objective in planning the audit is to
determine the code of the audit procedures to be performed. The auditor should plan the
audit work so that audit will be performed in an effective and efficient manner. The extent of
planning will vary according to the size of the entity, the complexity of the audit and the
auditor's experience with the entity, and knowledge of the business.

Adequate planning of the audit work is important because:

 Planning helps ensure that appropriate attention is devoted to important areas of the
audit.
 It helps identify potential problems.
 It allows the work to be completed expeditiously.
 It assists in the proper assignment and coordination of work.
 It helps ensure that the audit is conducted effectively and efficiently.

PSA 315 requires the auditor to obtain sufficient understanding of the entity and its
environment including its internal control. Such understanding involves obtaining knowledge
about the entity's:

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 1

Desiree D. Cemefrania, CPA
 a. Industry, regulatory, and other external factors, including financial reporting
framework;
b. Nature of the entity, including entity's selection and the application of accounting
policies;
c. Objectives and strategies and the related business risks that may result in a material
misstatement of the financial statements;
d. Measurement and review of the entity's performance; and
e. Internal Control

Understanding the entity and its environment

Knowledge of the client’s business and industry-how and why a client does what it does is
essential if the audit is to be carried out effectively and efficiently. The auditor should obtain
a sufficient level of knowledge of the entity's business to identify and understand the events,
transactions and practices that may have a significant effect on the financial statements. The
better the auditor understands the client's operations, the more efficient the examination is
likely to be and the greater the value to the client of the auditor's services.

If the auditor understands the operations of the client, the auditor is often able to evaluate
the reasonableness of the client's estimates. In addition, procedures can be selected with
more assurance, or perhaps uniquely applicable procedures can be designed.

Knowledge of the entity would also include understanding the entity's objectives and
strategies, and the related business risks. An auditor's understanding of business risks
encountered by the entity increases the likelihood of identifying risks of material
misstatement and helps the auditor design appropriate audit procedures. Furthermore, the
auditor should obtain understanding of entity's measurement of performance as this may
create pressures on entity that may either motivate management to act to improve the
business performance or to manipulate the financial statements.

Sources of information

1. Review of prior years' working papers

2. Tour of client's facilities
3. Discussion with people within and outside the entity
4. Reading books, periodicals, and other publications related to the client's industry
5. Reading corporate documents and financial reports

The auditor should also ensure that assistants assigned an audit engagement obtain
sufficient knowledge of the client's business and industry to enable them to carry out the
work delegated to them.

Uses of information obtained

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 2

Desiree D. Cemefrania, CPA
Knowledge of the client's business is a frame of reference within which the auditor exercises
professional judgment. Understanding the business and using this information appropriately
assists the auditor in

 assessing risks and identifying potential problems

 Planning and performing the audit effectively and efficiently
 Evaluating audit evidence as well as the reasonableness of client's representations
and estimates
 Providing better service to the client

To make effective use of knowledge about the client's business and industry, the auditor
should consider how it affects the financial statements and whether the assertions in the
financial statements are consistent with the auditor's knowledge of business.

Obtaining understanding of the client's business is a continuous and cumulative process. For
continuing engagements, the auditor should update and re-evaluate information gathered
previously, including information in the prior year's working papers.

Additional Consideration on New Engagement

A first-time audit requires more work than a repeat engagement because of the problem
associated with a verification of the opening balances of the balance sheet accounts. In this
regard, PSA 510 requires the auditor obtain sufficient appropriate audit evidence that:

 the opening balances do not contain misstatements that materially affect the current
year's financial statements;

 the prior closing balances have been correctly brought forward to the current period
or, when appropriate, have been restated; and

 appropriate, accounting policies are consistently applied or changes in accounting

policies have been properly accounted for and adequately disclosed

The auditor may be able to obtain sufficient appropriate evidence regarding opening
balances by reviewing the predecessor auditor’s working papers. In these circumstances,
the auditor would also consider the independence and professional reputation of the
predecessor auditor.

Understanding the Internal Control

Another very important step in planning an audit is to obtain an understanding of the entity’s
accounting and internal control system. The auditor should obtain an understanding of the
accounting and internal control systems sufficient to plan the audit and develop an effective
audit approach.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 3

Desiree D. Cemefrania, CPA
Developing an Overall Strategy

Once the audit has gained a sufficient understanding about the entity and its environment
including its internal control the auditor should formula an overall audit strategy for the
upcoming engagement. The best audit strategy is the approach that result in the most
efficient audit that is, an effective audit performed at the least possible cost. An audit plan
should be made regarding:

 How much evidence to accumulate

 How and where it should be done.

When developing an audit strategy, the auditor must consider carefully the appropriate levels
of materiality and audit risk.

Materiality

Materiality is defined in the financial reporting standard as: "Information is material if it's
omission or misstatement could influence the economic decision of user's taken on
the basis of the financial statements."

In designing an audit plan, PSA 320 requires the auditor should make a preliminary estimate
of materiality for use during the examination. The concept of materiality recognizes that
some matters are important for fair representation of financial statements whole other
matters are not important. Materiality may be viewed as:

 The largest amount of misstatement that the auditor could tolerate in the financial
statements, or
 The smallest aggregate amount that could misstate the financial statements.

Materiality is a matter of professional judgment and necessarily involves:

 quantitative factors (amount of the item in relation to the financial statements) and
 qualitative factors (the nature of misstatement)

Importance of materially in planning an audit

The auditor should make a preliminary estimate of materiality to determine the amount of
evidence to accumulate. There is an inverse relationship between materiality and evidence.
This means, more evidence will be required for a low peso amount of materiality than for a
high peso amount.

Uses of materiality

According to PSA 320, materiality should be considered by the auditor:

 In the planning stage, to determine the scope of audit procedures; and

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 4

Desiree D. Cemefrania, CPA
  In the completion phase of the audit, evaluate the effect of misstatements on the
financial statements.

Using Materiality Levels

The following steps may be used as a guide when using materiality levels. Step 1 and 2
are performed in the planning phase while step 3 is performed in the completion phase
of the audit.

Step 1 Determine the Overall Materiality Financial Statement Level.

The auditor should determine the amount of misstatement that could be material to the
financial statements taken as a whole. If the materiality level is set to low, auditor will be
wasting his time auditing, accounts that are not important. However, if the materiality
level is set too high, Auditor may not detect misstatements that could be material to the
readers of the financial statements. When establishing materiality levels, a financial
statement level. The auditor should consider that financial statements are interrelates
and that is, a misstatement on one financial statement usually affects the other
statement. For this reason, the auditor should consider materiality in terms of the
smallest aggregate level of misstatement that could distort any one of the financial
statements.

A common method of estimating materiality at the financial statement level is to multiply

a statement base (total assets, sales, or net income) by a certain percentage.

Step 2 Determine the tolerable misstatement-Amount Balance Level

Once the overall, materiality is established, the auditor determines materiality at the
account balance level. This is done by allocating the overall materiality to the financial
statement account balances. This allows the auditor to determine the audit procedures
that will be applied to specific accounts. The allocated materiality to an account is called
the tolerable misstatement for that account. This also known as the performance
materiality.

The professional standards do not provide specific guidelines as to the allocation should
be done. This process is highly subjective and requires the exercise of great deal of
judgment by the auditor.

Step 3 Determine the aggregate amount of uncorrected misstatements with the overall
materiality.

After performing audit procedures, the auditor will have to compare the aggregate
uncorrected misstatement with the overall materiality (preliminary estimate of materiality
or revised materiality level) to determine whether or not the financial statements are
materially misstated.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 5

Desiree D. Cemefrania, CPA
 Bases that can be used to determine materiality level

Since audit planning is often performed before year-end, annual financial statements are
usually not available. As a result, the auditor uses alternative bases to compute for the
materiality levels, such as:

 Annualized interim financial statements

 Prior years’ financial statements.
 Budgeted financial statements of the current year.

Performance Materiality

The reduced level of materiality in which the auditors used both at the financial statement
and account balance level.

AUDIT RISK

After determining the materiality levels, the auditor should design the audit to provide
reasonable assurance that the financial statements taken as a whole are free from material
misstatements. Reasonable assurance means that the auditor cannot possibly expect to
detect all material misstatement; instead, the auditor should perform audit procedures to
increase the likelihood of detecting these misstatements. The auditor should use
professional judgment to assess audit risk and to design audit procedures to ensure it is
reduced to an acceptably-low level.

When, designing substantive audit procedures the auditor should consider three main
issues:

1. What level of assurance does the auditor wish to attain that the financial statements
do not contain misstatements? As this level of assurance increases, the scope of the
auditor’s substantive tests increases.

2. How susceptible is the account to material misstatement? As the susceptibility of the

account to material misstatement increases, the scope of the auditor’ s substantive
tests also increase.

3. How effective is the client’s internal control preventing or detecting misstatements?

As the effectiveness of the client’s internal control increases, the scope of auditor’s
substantive tests decreases.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 6

Desiree D. Cemefrania, CPA
Audit Risk Model

 Audit risk refers to the risk that the auditor gives an inappropriate audit opinion on the
financial statements. This occurs because the auditor believes that the financial
statements are fairly stated when in fact the financial statements are materially misstated

Audit risk is the complement of audit assurance. If the auditor is willing to accept a 5%
audit risk, he must design the audit to have a 95% assurance or confidence level that his
opinion is correct. Because of the inherent limitations of the audit, the auditor cannot
totally eliminate the audit risk. The auditor should, therefore perform audit procedures in
order to limit his or her exposure to this risk to low level.

Thus, as the desired level of audit risk decreases, the auditor should design more
effective substantive procedures.

 Inherent risk is the susceptibility of an account balance or class of transactions to a

material misstatement assuming that there were no related internal controls. This
concept recognizes that some account balances by nature, are more susceptible to
misstatement than others.

For example, those accounts that are subject to complex calculations such as pensions
are more likely to be misstated compared to other accounts. PSA 315 requires the
auditor to assess inherent risk at the financial statement and account balance or
transaction class levels.

Factors that affect the risk of misstatement at the financial statement level include:

1. The management integrity

2. Management Characteristics (e.g. aggressive attitude toward financial reporting)
3. Operating Characteristics (e.g. profitability of the entity relative to us industry is
inadequate)
4. Industry Characteristics (e.g. the industry is experiencing a large number of business
failures)

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 7

Desiree D. Cemefrania, CPA
 Factors affecting inherent risk at the account balance level include:

1. Susceptibility of the account to theft.

2. Complexity of calculations related to account.
3. The complexity underlying transactions and other events.
4. The degree of judgment involved in determining account balances.

As the assessed level of inherent risk increases, the auditor should design more effective
substantive procedures.

 Control risk is the risk that a material misstatement that could occur in an account
balance or class of transactions will not be prevented or detected and corrected on a
timely basis by accounting and internal control systems.

Control risk is related to the effectiveness of the client’s internal control. Like inherent
risk, control risk exists independently of the audit of financial statements and is assessed
using the auditor‘s judgment. If the entity's internal control is effective, the assessed level
of control risk decreases (and vice versa).

Holding other planning considerations equal, as the assessed” level of control risk
increases, the auditor should design more effective substantive procedures.

 Detection risk is the risk that an auditor’s substantive procedure will not detect a material
misstatement. Detection risk is a function of the effectiveness of the auditor’s substantive
procedures. As the acceptable level of detection risk decreases, the assurance directly
provided from substantive tests increases. Hence, the auditor should design more
effective audit procedures in order to achieve the desired level of assurance. Unlike
Inherent and control risks, the auditor can control the level of detection risks by
performing more effective substantive procedures.

The acceptable level of detection risk as inversely related to the assessed level of both
inherent and control risks.

Steps in using the audit risk model

1. Set the desired level of Audit risk.

There are no specific guidelines for setting individual audit risk. The auditor uses his
judgment in determining the risk that he is willing to take of accepting an assertion as fairly
stated when in fact it is materially misstated. The auditor should plan the audit in such a way
that, after performing audit procedures, an opinion can be issued on the financial statements
at a low level of audit risk.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 8

Desiree D. Cemefrania, CPA
 2. Assess the Level of Inherent Risk

Every account or assertion has a built-in risk of being misstated. However, there are some
accounts that, by nature, are more likely to be misstated compared to other accounts. These
are the accounts that have high inherent risks. When assessing inherent risks for each
account, the auditor must consider specific factors related to the client that may affect the
risk. of a material misstatement for a particular account. In making this assessment, the
auditor will rely primarily on his knowledge of the client’s business and industry, and the
result of his preliminary analytical procedures.

3. Asses the level of Control Risk

Control risk is the risk that the client's internal control may not detect or prevent a material
misstatement. Assessment of control risk would involve studying and evaluating the
effectiveness of the client’s accounting and internal control systems. When assessing the
level of control risk, the auditor should recognize that some control risk will always be
present because of the Inherent limitations of the internal control. However, if the client
maintains effective internal control systems, the risk of material misstatement in the financial
statements can be minimized.

4. Determine the Acceptable Level of Detection Risk.

Based on the desired ‘audit risk level (Step 1) and the auditor’s assessment of Inherent and
control risk (Steps 2 and 3) the auditor determines the acceptable level of detection risk by
rearranging the audit risk model.

The acceptable level of detection risk can be determined as follows:

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 9

Desiree D. Cemefrania, CPA
 5. Design Substantive Tests.

Unlike inherent risk and control risk, detection risk can be increased or decreased by the
auditor by performing substantive tests. Detection risk can be looked at as the complement
of the assurance provided by substantive tests. A 10% acceptable level of detection risk
means that substantive tests must be designed to provide a 90% assurance of detecting
material misstatements. Thus, a lower acceptable level of detection risk increases the
assurance to be provided by substantive tests. To obtain greater assurance, the auditor will
have to modify the scope of his substantive tests such as:

o performing more effective substantive procedures (nature)

o performing year-end procedures (timing)
o using larger sample size (extent)

On the other hand, if the acceptable level of detection risk is high, the assurance provided by
substantive tests will decrease. As a result, the auditor could reduce the scope of his
substantive procedures like:

o performing less effective substantive procedures (nature)

o performing the tests at interim (timing)
o using smaller sample size (extent)

Relating inherent, control, and detection risk to the overall audit risk

The inherent, control, and detection risks are components of the overall audit risk. Therefore,
an increase or decrease in any of these components would cause a corresponding increase
or decrease in the overall audit risk. Of the three components, only the detection risk can be
controlled by the auditor.

Inherent and control risks are functions of management and its environment, and as such,
the auditor cannot, change the levels of inherent and control risks. The auditor can only
assess their levels. On the other hand, detection risk is a function of the auditor. Accordingly,
the level of detection risk can be controlled by the auditor by performing substantive
procedures. During an audit, the auditor performs procedures to assess the levels of
inherent and control risks. Based on the results of such assessment, the auditor determines
the acceptable level of detection risk and modifies the scope of his substantive tests.

For example, if the assessed level of inherent and control risk is high, the auditor should
minimize the level of detection risk to be able to maintain the planned overall audit risk level.
Conversely, if the assessed level of inherent and control risk is low, the auditor could accept
a high level of detection risk and still maintain the desired audit risk level.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 10

Desiree D. Cemefrania, CPA
Relationship between materiality and risk

When planning the audit, the auditor considers what would make the financial statements
materially misstated. The auditor's assessment of materiality related to specific account
helps the auditor select audit procedures that level. can be expected to reduce audit risk to
an acceptable.

There are is an inverse relationship between materiality and the level of audit risk, that is, the
higher the materiality level, the lower the audit risk and vice versa. The auditor takes the
inverse relationship between materiality and audit risk into account when determining the
nature, timing and extent of audit procedures.

For example, if, after planning for specific audit procedure, the auditor determines that the
acceptable materiality level is lower, audit risk is increased. The auditor would compensate
for this by either:

 reducing the assessed level of control risk where this is possible, and supporting the
reduced level by carrying out extended or additional tests of control, or
 reducing detection risk by modifying the nature, timing and extent of planned substantive
procedures.

Risk Assessment Procedures

Risk Assessment Procedures are the procedures performed by auditors to obtain an

understanding of the entity and its environment including its internal control and to assess
the risks of material misstatements in the financial statements.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 11

Desiree D. Cemefrania, CPA
These include:

a. Inquiries of management and others within the entity

b. Analytical procedures; and
c. Observation and inspection

Information obtained in performing these risk assessment procedures may be used by the
auditor as evidence to support assessment of risk of material misstatement. In addition, in
performing risk assessment procedures, the auditor may obtain audit evidence about the fair
presentation of financial statements or about the operating effectiveness of internal control
even though such procedures were not specifically planned as substantive tests or tests of
control.

ANALYTICAL PROCEDURES

Analytical procedures involve analysis of significant ratios and trends, including the resulting
investigation of fluctuations and relationships that are inconsistent with other relevant
information or deviate from predicted amounts. A basic premise underlying the use of
analytical procedures is that plausible relationships among data may reasonably be
expected to exist and continue in the absence of known conditions to the contrary.

PSA 520 requires the auditor to use analytical procedures in the planning and overall review
stages of the audit. In the planning stage of the audit, the application of analytical
procedures helps the auditor assess the risk of material misstatements in the financial
statements.

Steps in Applying Analytical Procedures

Analytical procedures help the auditor in identifying unusual transactions and events that
may affect the fair presentation of the financial statements. Application of analytical
procedures involves the following steps:

1. Develop expectations regarding financial statements using

 Prior years' financial statements
 Anticipated results such as budgets of forecasts
 Industry averages (Financial statements of other entities operating within the
same industry)
 Non-financial information
 Typical relationships among financial statement account balances

2. Compare the expectations with the financial statements under audit. The auditor
compares the financial statements with his expectations to identify significant
fluctuations that are inconsistent with the auditor's knowledge or that deviate from
predicted amounts.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 12

Desiree D. Cemefrania, CPA
 3. Investigate significant unexpected differences (unusual fluctuations) to determine
whether financial statements contain material misstatements. Investigation of
unusual fluctuations ordinarily, begins with inquiries of management, followed by
corroboration of management responses and applying other appropriate audit
procedures.

Uses of analytical procedures

Analytical procedures may be used for the following purposes:

 As a planning tool, to determine the nature, timing, and extent of other auditing
procedures

 As a substantive test to obtain corroborative evidence about particular assertions

related to the account balance or transaction class

 As an overall review of the financial statements in the completion phase of the audit

STAGE OF THE AUDIT

Planning the Audit To understand the client's business

To identify areas that may represent specific

task

Substantive Tests To obtain evidence to confirm (Or refute)

individual account balance

Overall Review To identify unusual fluctuations that were not

identified in the planning and testing phases
of the audit

Analytical procedures in planning an audit

Analytical procedures used in planning an audit should focus on

 Enhancing the auditor's understanding of the client's business

 Identifying areas that may represent specific risks

The auditor's understanding of the client's business enables the auditor to develop certain
expectations regarding the client's financial position and performance during the period. If
the figures reflected in the financial statements do not conform to the auditor's expectations

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 13

Desiree D. Cemefrania, CPA
questions can be raised about the reliability of the financial statements or about the accuracy
of information obtained about the entity's business.

Thus, analytical procedures performed in the planning phase of the audit are useful for
confirming or challenging the auditor's understanding of the client's business.

Substantive test

In addition, analytical procedures can be used to draw the auditor's attention to those
accounts in the financial statements that are likely to be misstated. Once the auditor has
identified the areas representing specific risks, the auditor can direct audit effort to these
accounts and plan the nature timing and extent of audit procedures.

Documenting the Audit Plan

The final step in the planning process is the documentation of the audit planning process by
preparing an overall audit plan, audit program, and time budget.

Audit Plan

An audit plan is an overview of the expected scope and conduct of the audit. The overall
audit plan sets out in broad terms the nature, timing and extent of the audit procedures to be
performed. While the audit plan varies for each client, it should be sufficiently detailed to
guide in the development of an audit program.

Audit Program

The auditor should develop and document an audit program setting out the nature, timing
and extent of planned audit procedures required to implement the overall audit plan. In
effect, audit program executes the audit strategy. It sets out in detail the audit procedures to
be performed in each segment of the audit.

The audit program serves as a set of instructions to assistants involved in the audit and as a
means to control and record the proper execution of the work. The form and content of the
audit program may vary for each particular engagement but it should always include a
detailed list of audit procedures that the auditor believes are necessary to accomplish the
audit objectives.

Time Budget

A time budget is an estimate of the time that will be spent in executing the audit procedures
listed in the audit program. This provides a basis for estimating audit fees and assists the
auditor in assessing the efficiency of the assistants.

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 14

Desiree D. Cemefrania, CPA
Changes to audit plan and program

Planning is continuous throughout the engagement because of changes in conditions or

unexpected results of audit procedures. The overall audit plan and the audit program should
be revised as necessary during the course of the audit and the reasons for significant
changes would be recorded.

V. References

 Auditing Theory by J. Salosagcol, Tiu and Hermosilla

 PSA 315 - Understanding the entity and its environment including internal control

ACCTG 109 – AUDITING AND ASSURANCE PRINCIPLES 15

Desiree D. Cemefrania, CPA