1 - Audit Planning

Download as pdf or txt
Download as pdf or txt
You are on page 1of 15

1 | AUDIT PLANNING

PLANNING AN AUDIT OF FINANCIAL STATEMENTS


PSA 330 further provides that the objective of the auditor is to plan the audit so that it will be performed in
an effective manner.

1. Roles of planning
Adequate planning benefits the audit of financial statements in several ways, including the following:
➢ Helping the auditor to devote appropriate attention to important areas of the audit
➢ Helping the auditor identify and resolve potential problems on a timely basis
➢ Helping the auditor properly organize and manage the audit engagement so that it is performed in
an effective and efficient manner
➢ Assisting in the selection of engagement team members with appropriate levels of capabilities
and competence to respond to anticipated risks, and the proper assignment of work to them
➢ Facilitating the direction and supervision of engagement team members and the review of their
work
➢ Assisting, where applicable, in coordination of work done by auditors of components and experts

2. Factors affecting the nature and extent of planning activities


The nature and extent of planning activities will vary according to the
a. Size and complexity of the entity
b. The key engagement team members' previous experience with the entity
c. Changes in circumstances that occur during the audit engagement.
d. Timing of the appointment of the independent auditor.

3. Planning as a phase of and audit


Planning is not a discrete phase of an audit, but rather a continual and iterative process that often
begins shortly after (or in connection with) the completion of the previous audit and continues until the
completion of the current audit engagement.

4. Outputs of Audit Planning


Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit ent plan. With this, the following are the main outputs of audit planning:
a. Overall audit strategy which sets the scope, timing and direction of the audit, and that guides
the development of the audit plan.
b. Audit plan which shall include a description of
i. the nature, timing and extent of the following audit procedures
➢ planned risk assessment procedures
➢ further audit procedures at the assertion level
ii. other planned audit procedures that are required to be carried out so that the
engagement complies with PSAs.

Moreover, the auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.

5. Documentation
The auditor shall document:
a. The overall audit strategy;
b. The audit plan; and
c. Any significant changes made during the audit engagement to the overall audit strategy or the audit
plan, and the reasons for such changes.

MAJOR AUDIT PLANNING ACTIVITIES

A. IDENTIFYING AND ASSESSING RISK OF MATERIAL MISSTATEMENTS THROUGH


UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 1


1 | AUDIT PLANNING

To establish an overall audit strategy, which guides the development of the audit plan, the auditor needs
to perform procedures which will enable him or her to (1) obtain an understanding of the entity and its
environment; and (2) identify and assess risk of material misstatements. These procedures are known as
risk assessment procedures (RAPS).

Risk assessment procedures


Definition
As defined in PSA 315, risk assessment procedures are audit procedures performed to obtain an
understanding of the entity and its environment, including the entity's internal control, to identify and
assess the risks of material misstatement, whether due to fraud or error, at the financial statement and
assertion levels.

Identifying and assessment of risk of material misstatement


Objective of the auditor
The objective of the auditor is to identify and assess the risks of material misstatement, whether due to
fraud or error, at the financial statement and assertion levels thereby providing a basis for designing and
implementing responses to the assessed risks of material misstatement.

Identification and assessment


Risks of material misstatement are assessed at the assertion level in order to determine the nature, timing
and extent of further audit procedures necessary to obtain sufficient appropriate audit evidence. For the
identified risks of material misstatement at the assertion level, a separate assessment of inherent risk
and control risk is required.

Risks of material misstatement identified and assessed by the auditor include both those due to error and
those due to fraud.

The auditor's risk identification and assessment process is iterative and dynamic. The auditor's
understanding of the entity and its environment, the applicable financial reporting framework, and the
entity's system of internal control are interdependent with concepts within the requirements to identify and
assess the risks of material misstatement. In obtaining the understanding, initial expectations of risks may
be developed, which may be further refined as the auditor progresses through the risk identification and
assessment process.

In addition, the auditor is required to revise the risk assessments, and modify further overall responses
and further audit procedures, based on audit evidence obtained from performing further audit procedures
or if new information is obtained.

The auditor is required to design and implement overall responses to address the assessed risks of
material misstatement at the financial statement level. The auditor's assessment of the risks of material
misstatement at the financial statement level, and the auditor's overall responses, is affected by the
auditor's understanding of the control environment. Also, the auditor is required to design and perform
further audit procedures whose nature, timing and extent are based on and are responsive to the
assessed risks of material misstatement at the assertion level.

Components of risk of material misstatement


Risks at the financial statement level relate pervasively to the financial statements as a whole and
potentially affect many assertions. Risks of material misstatement at the assertion level consist of two
components, inherent and control risk:
➢ Inherent risk is described as the susceptibility of an assertion about a class of transaction,
account balance or disclosure to a misstatement that could be material, either individually or
when aggregated with other misstatements, before consideration of any related controls.

Inherent risk is higher for some assertions and related classes of transactions, account balances
and disclosures than for others. The degree to which inherent risk varies is referred to as the
'spectrum of inherent risk.'

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 2


1 | AUDIT PLANNING

➢ Control risk is described as the risk that a misstatement that could occur in an assertion about a
class of transaction, account balance or disclosure and that could be material, either individually
or when aggregated with other misstatements, will not be prevented, or detected and corrected,
on a timely basis by the entity's system of internal control.

AUDIT PROCEDURES
1. Obtain an understanding of the entity and its environment, including its internal control
Risk Assessment Procedures and Related Activities
The auditor shall design and perform risk assessment procedures to obtain audit evidence that provides
an appropriate basis for:
a. The identification and assessment of risks of material misstatement, whether due to fraud or
error, at the financial statement and assertion levels; and
b. The design of further audit procedures.

Professional skepticism
Professional skepticism is necessary for the critical assessment of audit evidence gathered when
performing the risk assessment procedures, and assists the auditor in remaining alert to audit evidence
that is not biased towards corroborating the existence of risks or that may be contradictory to the
existence of risks.

Professional skepticism is an attitude that is applied by the auditor when making professional judgments
that then provides the basis for the auditor's actions. The auditor applies professional judgment in
determining when the auditor has audit evidence that provides an appropriate basis for risk assessment.

The application of professional skepticism by the auditor may include:


✓ Questioning contradictory information and the reliability of documents;
✓ Considering responses to inquiries and other information obtained from management and those
charged with governance;
✓ Being alert to conditions that may indicate possible misstatement due to fraud or error; and
✓ Considering whether audit evidence obtained supports the auditor's identification and assessment of
the risks of material misstatement in light of the entity's nature and circumstances.

Obtaining Audit Evidence in an Unbiased Manner Is Important


The auditor shall design and perform risk assessment procedures in a manner that is not biased towards
obtaining audit evidence that may be corroborative or towards excluding audit evidence that may be
contradictory.

Designing and performing risk assessment procedures to obtain audit evidence to support the
identification and assessment of the risks of material misstatement in an unbiased manner may assist the
auditor in identifying potentially contradictory information, which may assist the auditor in exercising
professional skepticism in identifying and assessing the risks of material misstatement.

Sources of Audit Evidence


Designing and performing risk assessment procedures to obtain audit evidence in an unbiased manner
may involve obtaining evidence from multiple sources within and outside the entity. However, the auditor
is not required to perform an exhaustive search to identify all possible sources of audit evidence. In
addition to information from other sources, sources of information for risk assessment procedures may
include:
➔ Interactions with management, those charged with governance, and other key entity personnel,
such as internal auditors.
➔ Certain external parties such as regulators, whether obtained directly or indirectly.
➔ Publicly available information about the entity, for example entity-issued press releases, materials
for analysts or investor group meetings, analysts' reports or information about trading activity.

Regardless of the source of information, the auditor considers the relevance and reliability of the
information to be used as audit evidence.

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 3


1 | AUDIT PLANNING

Scalability
The nature and extent of risk assessment procedures will vary based on the nature and circumstances of
the entity (e.g., the formality of the entity's policies and procedures, and processes and systems). The
auditor uses professional judgment to determine the nature and extent of the risk assessment procedures
to be performed to meet the requirements of the standards.

Although the extent to which an entity's policies and procedures, and processes and systems are
formalized may vary, the auditor is still required to obtain the understanding.

The nature and extent of risk assessment procedures to be performed the first time an engagement is
undertaken may be more extensive than procedures for a recurring engagement. In subsequent periods,
the auditor may focus on changes that have occurred since the preceding period.

Specific procedures
a. Inquiry
Inquiries during planning stage
Much of the information obtained by the auditor's inquiries is obtained from management and those
responsible for financial reporting. However, the auditor may also obtain information, or a different
perspective in identifying risks of material misstatement, through inquiries of others within the entity and
other employees with different levels of authority. For example:
❖ those charged with governance
❖ internal audit personnel
❖ employees involved in initiating, processing or recording complex or unusual transactions
❖ in-house legal counsel
❖ marketing or sales personnel
b. Observation
Auditor aims to obtain an understanding of the entity thru observation of entity's:
❖ processes used in processing information to be reported; and
❖ activities and operations.
c. Inspection
Inspection during planning stage
The auditor can obtain an understanding of the entity through the following inspection activities during
planning:
❖ Review of prior year's working papers and prior year's financial statements
❖ Review of reports prepared by the entity's management (such as quarterly management reports
and interim financial statements) and those charged with governance (such as minutes of board
of directors' meetings)
❖ Review of documents (such as business plans and strategies), records, and internal control
manuals
❖ Reading articles, books, periodicals, and other publications related to the entity's industry
❖ Visits to the entity's premises and plant facilities
d. Analytical procedures
A basic premise underlying the application of analytical procedures is that plausible relationships among
data may reasonably be expected to exist and continue in the absence of known conditions to the
contrary.

Uses of analytical procedures


Below is a summary of phases where analytical procedures may be applied.
PHASE OBJECTIVE

Planning ● To enhance the understanding of the business


● To identify areas that may represent specific risks relevant to
the audit
● To determine the nature, timing and extent of FAPS

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 4


1 | AUDIT PLANNING

Substantive Test ● To evaluate the reasonableness of financial information


● To obtain corroborative evidence relating to a particular
assertion
● To detect material misstatement

Overall review ● To identify unusual or unexpected account balances that were


not previously identified in planning and substantive testing
● To assist in determining whether or not the auditor has the
ability to issue the report

Analytical procedures during planning stage


Analytical procedures may help identify the existence of unusual transactions or events, and amounts,
ratios, and trends that might indicate matters that have audit implications. Unusual or unexpected
relationships that are identified may assist the auditor in identifying risks of material misstatement,
especially risks of material misstatement due to fraud.

Procedures when applying analytical procedures


1. Develop expectations regarding financial statements using (PAA RIN)
★ Prior year's financial statements
★ Annualized interim financial statements
★ Anticipated results such as budgets, forecasts or projections
★ Typical Relationships among financial statements account balances
★ Industry averages
★ Non-financial information
2. Compare expectations with the items presented in the financial statements
3. Define and investigate significant differences

Information from Other Sources


In obtaining audit evidence, the auditor shall consider information from:
a) The auditor's procedures regarding acceptance or continuance of the client relationship or the
audit engagement; and
b) When applicable, other engagements performed by the engagement partner for the entity.

When the auditor intends to use information obtained from the auditor's previous experience with the
entity and from audit procedures performed in previous audits, the auditor shall evaluate whether such
information remains relevant and reliable as audit evidence for the current audit.

Engagement Team Discussion


The engagement partner and other key engagement team members shall discuss the application of the
applicable financial reporting framework and the susceptibility of the entity's financial statements to
material misstatement.

When there are engagement team members not involved in the engagement team discussion, the
engagement partner shall determine which matters are to be communicated to those members.

2. Consider materiality
Definition
Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements. Materiality depends on the size of the item or error judged
in the particular circumstances of its omission or misstatement.

The concept of materiality recognizes that some matters, but not all, are important for fair presentation of
the financial statements in conformity with PFRS.

Materiality in the Context of an Audit

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 5


1 | AUDIT PLANNING

Materiality generally explains that:


➢ Misstatements, including omissions, are considered to be material if they, individually or in the
aggregate, could reasonably be expected to influence the economic decisions of users taken
on the basis of the financial statements;
➢ Judgments about materiality are made in light of surrounding circumstances, and are affected by
the size or nature of a misstatement, or a combination of both; and
➢ Judgments about matters that are material to users of the financial statements are based on a
consideration of the common financial information needs of users as a group. The possible
effect of misstatements on specific individual users, whose needs may vary widely, is not
considered.

Uses of materiality
Accordingly, materiality should be considered by the auditor in the following phases:
a. Planning phase
➔ To identify and assess the risks of material misstatement;
➔ To determine the nature, timing and extent of further audit procedures
b. Completion phase
➔ To evaluate the effect of uncorrected misstatements, if any, on the financial statements and in
forming the opinion in the auditor's report

Determination of materiality
The auditor's determination of materiality is a matter of professional judgment, and is affected by the
auditor's perception of the financial information needs of users of the financial statements.

Using professional judgment, an auditor is required to determine the following three different levels of
materiality.

A. Materiality for the financial statements as a whole


➢ the materiality determined at the overall financial statement level
➢ represented by the smallest aggregate amount of misstatement applicable to all financial
statements
➢ it helps the auditor determine whether the proposed audit adjustments are significant or not
➢ if the audit adjustments exceed this level, the auditor may need to adjust the financial statements

B. Materiality applied to specific classes of transactions, account balance or disclosures


➢ is the amount set by the auditor for particular classes of transactions, account balances or
disclosures for which misstatements,
➢ though lower than overall materiality, it could reasonably be expected to influence the economic
decisions of users of the financial statements

In determining the specific materiality, the auditor normally considers the following factors:
✓ laws and regulations (e.g. related party transactions)
✓ financial reporting framework
✓key industry disclosures of the entity
✓ particular aspects of the entity's business
✓ understanding of the view of those charged with governance and management

C. Performance materiality
➢ the amount or amounts set by the auditor at less than materiality for the financial statements as a
whole to reduce to an appropriately low level the probability that the aggregate of uncorrected
and undetected misstatements exceed materiality for the financial statements as a whole
➢ also refers to the amount or amounts set by the auditor at less than the materiality level or levels
for particular classes of transactions, account balances or disclosures
➢ calculated as a certain percentage of overall materiality in order to capture any uncorrected
misstatements, the total amount of which may exceed overall materiality

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 6


1 | AUDIT PLANNING

➢ used in scoping of financial statement line items to be tested by the auditor and ensures that
significant accounts in the financial statements are covered by audit testing

In determining performance materiality, an understanding of the following factors may affect the
auditor's judgment such as:
✓.nature of the entity's business and transactions
✓ risk assessment procedures
✓ nature and extent of misstatements identified in previous audits

AUDIT RISK
Definition
Audit risk is the risk that the auditor gives an inappropriate audit opinion when the financial statements are
materially misstated.

Components of Audit risk


a. Risk of material misstatement
Risk of material misstatement is the possibility that material misstatements exist on the financial
statements prepared and presented by the entity. Items contributing to this risk include inherent risk and
control risk (see definitions above).
b. Risk of not Detecting the Misstatement (more popularly known as detection risk)
Detection Risk is the risk that the auditor's substantive procedures will not detect a misstatement that
exists in an account balance or class of transactions that could be material, individually or when
aggregated with misstatements in other balances or classes.

These components may be expressed in a formula which shows how they will comprise the audit risk:

AUDIT RISK = Risk of material misstatement x Risk of non-detection

or

AUDIT RISK = Inherent risk x Control risk x Detection risk

3. Identifying and Assessing the Risks of Material Misstatement


Using the understanding of the entity and its environment, including its internal control, obtained by the
auditor, the auditor identifies and assesses risk of material misstatement at
✓ financial statements level; and
✓ assertion level for classes of transactions, account balances, and disclosures.

Effects of assessment to auditor's procedures


Since the objective of the auditor when auditing financial statements is to provide reasonable assurance
that the financial statements are free from material misstatements, a higher risk of material
misstatements will require the auditor to perform more effective and extensive audit procedures.

INHERENT RISK ASSESSMENT PROCESS


A. Understand the entity and its environment and the applicable financial reporting framework.
The auditor's understanding of the entity and its environment, and the applicable financial reporting
framework, assists the auditor in understanding the events and conditions that are relevant to the entity,
and in identifying how inherent risk factors affect the susceptibility of assertions to misstatement in the
preparation of the financial statements, in accordance with the applicable financial reporting framework,
and the degree to which they do so. Such information establishes a frame of reference within which the
auditor identifies and assesses risks of material misstatement.

The auditor's understanding of the entity and its environment, and the applicable financial reporting
framework, also informs how the auditor plans and performs further audit procedures, for example, when:
➔ Developing expectations for use when performing analytical procedures;

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 7


1 | AUDIT PLANNING

➔ Designing and performing further audit procedures to obtain sufficient appropriate audit evidence;
and
➔ Evaluating the sufficiency and appropriateness of audit evidence obtained (e.g., relating to
assumptions or management's oral and written representations).

The auditor shall perform risk assessment procedures to obtain an understanding of:
a. The following aspects of the entity and its environment:
i. The entity's organizational structure, ownership and governance, and its business model,
including the extent to which the business model integrates the use of IT;
ii. Industry, regulatory and other external factors; and
iii. The measures used, internally and externally, to assess the entity's financial performance;
b. The applicable financial reporting framework, and the entity's accounting policies and the reasons for
any changes thereto; and
c. How inherent risk factors affect susceptibility of assertions to misstatement and the degree to which
they do so, in the preparation of the financial statements in accordance with the applicable financial
reporting framework, based on the understanding obtained in (a) and (b).

The auditor shall evaluate whether the entity's accounting policies are appropriate and consistent with the
applicable financial reporting framework.

Scalability
The nature and extent of the required understanding is a matter of the auditor's professional judgment
and varies from entity to entity based on the nature and circumstances of the entity, including:
➔ The size and complexity of the entity, including its IT environment;
➔ The auditor's previous experience with the entity;
➔ The nature of the entity's systems and processes, including whether they are formalized or not;
and
➔ The nature and form of the entity's documentation.

The auditor's risk assessment procedures to obtain the required understanding may be less extensive in
audits of less complex entities and more extensive for entities that are more complex. The depth of the
understanding that is required by the auditor is expected to be less than that possessed by management
in managing the entity.

Some financial reporting frameworks allow smaller entities to provide simpler and less detailed
disclosures in the financial statements. However, this does not relieve the auditor of the responsibility to
obtain an understanding of the entity and its environment and the applicable financial reporting framework
as it applies to the entity.

The entity's use of IT and the nature and extent of changes in the IT environment may also affect the
specialized skills that are needed to assist with obtaining the required understanding.

B. Identify significant classes of transactions, account balances, and disclosures; relevant


assertions
The auditor shall determine the relevant assertions and the related significant classes of transactions,
account balances and disclosures.

Significant class of transactions, account balance or disclosure is a class of transactions, account


balance or disclosure for which there are one or more relevant assertions. On the other hand, relevant
assertion is an assertion about a class of transactions, account balance or disclosure is relevant when it
has an identified risk of material misstatement. The determination of whether an assertion is a relevant
assertion is made before consideration of any related controls (i.e., the inherent risk).

Identified risk of material misstatement


a. Assessing risks of material misstatement at the financial statement level

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 8


1 | AUDIT PLANNING

For identified risks of material misstatement at the financial statement level, the auditor shall assess the
risks and:
i. Determine whether such risks affect the assessment of risks at the assertion level; and
ii. Evaluate the nature and extent of their pervasive effect on the financial statements.

b. Assessing risks of material misstatement at the assertion level


Assessing Inherent Risk
For identified risks of material misstatement at the assertion level, the auditor shall assess inherent risk by
assessing the likelihood and magnitude of misstatement. In doing so, the auditor shall take into account
how, and the degree to which:
i. Inherent risk factors affect the susceptibility of relevant assertions to misstatement; and
ii. The risks of material misstatement at the financial statement level affect the assessment of
inherent risk for risks of material misstatement at the assertion level.

Likelihood and magnitude of misstatement


The auditor assesses the likelihood and magnitude of misstatement for identified risks of material
misstatement because the significance of the combination of the likelihood of a misstatement occurring
and the magnitude of the potential misstatement were the misstatement to occur determines where on
the spectrum of inherent risk the identified risk is assessed, which informs the auditor's design of
further audit procedures to address the risk.

Assessing the inherent risk of identified risks of material misstatement also assists the auditor in
determining significant risks. The auditor determines significant risks because specific responses to
significant risks are required in accordance with the standards.

Inherent risk factors


Inherent risk factors pertain to characteristics of events or conditions that affect susceptibility to
misstatement, whether due to fraud or error, of an assertion about a class of transactions, account
balance or disclosure, before consideration of controls.

Such factors may be qualitative or quantitative, and include


✓ Complexity
✓ Subjectivity
✓ Change
✓ Uncertainty
✓ Susceptibility to misstatement due to management bias or other fraud risk factors insofar as
they affect inherent risk

Inherent risk factors influence the auditor's assessment of the likelihood and magnitude of misstatement
for the identified risks of material misstatement at the assertion level. The greater the degree to which a
class of transactions, account balance or disclosure is susceptible to material misstatement, the higher
the inherent risk assessment is likely to be. Considering the degree to which inherent risk factors affect
the susceptibility of an assertion to misstatement assists the auditor in appropriately assessing inherent
risk for risks of material misstatement at the assertion level and in designing a more precise response to
such a risk.

C. Spectrum of inherent risk


The degree to which inherent risk varies, is referred to as the "spectrum of inherent risk" - consider
likelihood and magnitude of material misstatement to determine whether where on the spectrum the risk
lies.

In assessing inherent risk, the auditor uses professional judgment in determining the significance of the
combination of the likelihood and magnitude of a misstatement.

The auditor uses the significance of the combination of the likelihood and magnitude of a possible
misstatement in determining where on the spectrum of inherent risk (i.e., the range) inherent risk is

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 9


1 | AUDIT PLANNING

assessed. The higher the combination of likelihood and magnitude, the higher the assessment of inherent
risk; the lower the combination of likelihood and magnitude, the lower the assessment of inherent risk.

The assessed inherent risk relating to a particular risk of material misstatement at the assertion level
represents a judgment within a range, from lower to higher, on the spectrum of inherent risk. The
judgment about where in the range inherent risk is assessed may vary based on the nature, size and
complexity of the entity, and takes into account the assessed likelihood and magnitude of the
misstatement and inherent risk factors.

For a risk to be assessed as higher on the spectrum of inherent risk, it does not mean that both the
magnitude and likelihood need to be assessed as high. Rather, it is the intersection of the magnitude and
likelihood of the material misstatement on the spectrum of inherent risk that will determine whether the
assessed inherent risk is higher or lower on the spectrum of inherent risk. A higher inherent risk
assessment may also arise from different combinations of likelihood and magnitude, for example a higher
inherent risk assessment could result from a lower likelihood but a very high magnitude.

D. Identify significant risks


The auditor shall determine whether any of the assessed risks of material misstatement are significant
risks.

Significant risk refers to an identified risk of material misstatement:


i. For which the assessment of inherent risk is close to the upper end of the spectrum of inherent
risk due to the degree to which inherent risk factors affect the combination of the likelihood of a
misstatement occurring and the magnitude of the potential misstatement should that
misstatement occur; or
ii. That is to be treated as a significant risk in accordance with the requirements of other ISAs.

Determination of significant risk


The determination of significant risks allows for the auditor to focus more attention on those risks that are
on the upper end of the spectrum of inherent risk, through the performance of certain required responses,
including:
● Controls that address significant risks are required to be identified with a requirement to evaluate
whether the control has been designed effectively and implemented.
● Controls that address significant risks are required to be tested in the current period (when the
auditor intends to rely on the operating effectiveness of such controls) and substantive
procedures are to be planned and performed that are specifically responsive to the identified
significant risk.
● To obtain more persuasive audit evidence the higher the auditor's assessment of risk.
● To communicate with those charged with governance the significant risks identified by the auditor.
● To take into account significant risks when determining those matters that required significant
auditor attention, which are matters that may be key audit matters.
● Timely review of audit documentation by the engagement partner at the appropriate stages during
the audit allows significant matters, including significant risks, to be resolved on a timely basis to
the engagement partner's satisfaction on or before the date of the auditor's report.
● For audit of group financial statements, more involvement by the group engagement partner if the
significant risk relates to a component in a group audit and for the group engagement team to
direct the work required at the component by the component auditor.

The auditor may first identify those assessed risks of material misstatement that have been assessed
higher on the spectrum of inherent risk to form the basis for considering which risks may be close to the
upper end. Being close to the upper end of the spectrum of inherent risk will differ from entity to entity,
and will not necessarily be the same for an entity period on period. It may depend on the nature and
circumstances of the entity for which the risk is being assessed.

The determination of which of the assessed risks of material misstatement are close to the upper end of
the spectrum of inherent risk, and are therefore significant risks, is a matter of professional judgment,

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 10


1 | AUDIT PLANNING

unless the risk is of a type specified to be treated as a significant risk in accordance with the requirements
of another ISA. ISA 240 provides further requirements and guidance in relation to the identification and
assessment of the risks of material misstatement due to fraud.

The auditor also takes into the account the relative effects of inherent risk factors when assessing
inherent risk. The lower the effect of inherent risk factors, the lower the assessed risk is likely to be. Risks
of material misstatement that may be assessed as having higher inherent risk and may therefore be
determined to be a significant risk, may arise from matters such as the following:
➔ Transactions for which there are multiple acceptable accounting treatments such that subjectivity
is involved.
➔ Accounting estimates that have high estimation uncertainty or complex models.
➔ Complexity in data collection and processing to support account balances.
➔ Account balances or quantitative disclosures that involve complex calculations.
➔ Accounting principles that may be subject to differing interpretation.
➔ Changes in the entity's business that involve changes in accounting, for example, mergers and
acquisitions

CONTROL RISK ASSESSMENT PROCESS (See Category 2 Internal Control Consideration Handout)

ASSESSMENT OF RISK OF MATERIAL MISSTATEMENT (Inherent risk x Control risk)

4. Determine the acceptable level of audit risk


The determination of acceptable level of audit risk is a matter of professional judgment to be made by
the auditor. When making that judgment, the auditor considers the level of assurance to be provided by
his or report and the extent of reliance to be placed by users to his or her work.

5. Identify detection risk to determine the nature, timing and extent of further audit procedures
Definition
As defined previously, detection risk is the risk that the auditor's substantive procedures will not detect a
misstatement that exists in an account balance or class of transactions that could be material, individually
or when aggregated with misstatements in other balances or classes.

Determination of detection risk


Detection risk may be determined by rearranging the formula for audit risk:

AUDIT RISK = Inherent risk x Control risk x Detection risk

DETECTION RISK = Audit Risk / (Inherent risk x Control risk)

Use of assessed level of detection risk


From the assessed level of detection risk, the auditor will then design substantive procedures. The
following table summarizes the effects of detection risk to auditor's procedures.

Lower DR Higher DR

Nature More effective procedures may be applied Less effective procedures may be applied

Timing Procedures will be performed closer or Procedures will be performed at interim or


nearer to year-end several dates

Extent Larger sample size will be tested Smaller sample size will be tested

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 11


1 | AUDIT PLANNING

Materiality in relation to audit risk


There is an inverse relationship between materiality and the level of audit risk, that is, the higher the
Top materiality level, the lower the audit risk and vice versa.

B. ESTABLISHING THE OVERALL AUDIT STRATEGY


In establishing the overall audit strategy, the auditor shall:
➢ Identify the characteristics of the engagement that define its scope such as
1. the financial reporting framework used;
2. industry-specific reporting requirements; and
3. the locations of the components of the entity.
➢ Ascertain the reporting objectives of the engagement to plan the timing of the audit and the
nature of the communications required such as
1. deadlines for interim and final reporting; and
2. key dates for expected communications with management and those charged with
governance.
➢ Consider the factors that, in the auditor's professional judgment, are significant in directing the
engagement team's efforts such as
1. determination of appropriate materiality levels;
2. preliminary identification of areas where there may be higher risks of material
misstatement;
3. preliminary identification of material components and account balances;
4. evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness
of internal control; and
5. identification of recent significant entity-specific, industry, financial reporting or other
relevant developments.
➢ Considers the results of preliminary engagement activities and, where practicable, whether
knowledge (experience) gained on other engagements performed by the engagement partner for
the entity is relevant.
➢ Ascertain the nature, timing and extent of resources necessary to perform the engagement.

Considerations in Establishing the Overall Audit Strategy


Characteristics of the Engagement
➢ The financial reporting framework on which the financial information to be audited has been
prepared, including any need for reconciliations to another financial reporting framework.
➢ Industry-specific reporting requirements such as reports mandated by industry regulators.
➢ The expected audit coverage, including the number and locations of components to be included.
➢ The nature of the control relationships between a parent and its components that determine how
the group is to be consolidated.
➢ The extent to which components are audited by other auditors.
➢ The nature of the business segments to be audited, including the need for specialized knowledge.
➢ The reporting currency to be used, including any need for currency translation for the financial
information audited.
➢ The need for a statutory audit of standalone financial statements in addition to an audit for
consolidation purposes.
➢ The availability of the work of internal auditors and the extent of the auditor's potential reliance on
such work.
➢ The entity's use of service organizations and how the auditor may obtain evidence concerning the
design or operation of controls performed by them.
➢ The expected use of audit evidence obtained in previous audits, for example, audit evidence
related to risk assessment procedures and tests of controls.
➢ The effect of information technology on the audit procedures, including the availability of data and
the expected use of computer-assisted audit techniques.
➢ The coordination of the expected coverage and timing of the audit work with any reviews of
interim financial information and the effect on the audit of the information obtained during such
reviews.
➢ The availability of client personnel and data.

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 12


1 | AUDIT PLANNING

Reporting Objectives, Timing of the Audit, and Nature of Communications


➢ The entity's timetable for reporting, such as at interim and final stages.
➢ The organization of meetings with management and those charged with governance to discuss
the nature, timing and extent of the audit work.
➢ The discussion with management and those charged with governance regarding the expected
type and timing of reports to be issued and other communications, both written and oral, including
the auditor's report, management letters and communications to those charged with governance.
➢ The discussion with management regarding the expected communications on the status of audit
work throughout the engagement.
➢ Communication with auditors of components regarding the expected types and timing of reports
to be issued and other communications in connection with the audit of components.
➢ The expected nature and timing of communications among engagement team members,
including the nature and timing of team meetings and timing of the review of work performed.
➢ Whether there are any other expected communications with third parties, including any statutory
or contractual reporting responsibilities arising from the audit.

Significant Factors, Preliminary Engagement Activities, and Knowledge Gained on Other


Engagements
➢ The determination of appropriate materiality levels, including:
1. Setting materiality for planning purposes.
2. Setting and communicating materiality for auditors of components.
3. Reconsidering materiality as audit procedures are performed during the course of the
audit.
4. Preliminary identification of material components and account balances.
➢ Preliminary identification of areas where there may be a higher risk of material misstatement.
➢ The impact of the assessed risk of material misstatement at the overall financial statement level
on direction, supervision and review.
➢ The manner in which the auditor emphasizes to engagement team members the need to maintain
a questioning mind and to exercise professional skepticism in gathering and evaluating audit
evidence.
➢ Results of previous audits that involved evaluating the operating effectiveness of internal control,
including the nature of identified weaknesses and action taken to address them.
➢ The discussion of matters that may affect the audit with firm personnel responsible for performing
other services to the entity.
➢ Evidence of management's commitment to the design, implementation and maintenance of sound
internal control, including evidence of appropriate documentation of such internal control.
➢ Volume of transactions, which may determine whether it is more efficient for the auditor to rely on
internal control.
➢ Importance attached to internal control throughout the entity to the successful operation of the
business.
➢ Significant business developments affecting the entity, including changes in information
technology and business processes, changes in key management, and acquisitions, mergers and
divestments.
➢ Significant industry developments such as changes in industry regulations and new reporting
requirements.
➢ Significant changes in the financial reporting framework, such as changes in accounting
standards.
➢ Other significant relevant developments, such as changes in the legal environment affecting the
entity.

Nature, Timing and Extent of Resources


➢ The selection of the engagement team (including, where necessary, the engagement quality
control reviewer) and the assignment of audit work to the team members, including the
assignment of appropriately experienced team members to areas where there may be higher
risks of material misstatement.

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 13


1 | AUDIT PLANNING

➢ Engagement budgeting, including considering the appropriate amount of time to set aside for
areas where there may be higher risks of material misstatement.

Important note:
➢ When establishing the overall audit strategy, the auditor aims to create a strategy or approach
that will result in an effective and efficient audit. Thus, appropriate levels of materiality and audit
risk must be considered carefully.

C. DEVELOPING AN AUDIT PLAN


Audit plan
The audit plan is more detailed than the overall audit strategy in that it includes the nature, timing and
extent of audit procedures to be performed by engagement team members. An audit plan shall include a
description of the
❖ nature, timing and extent of the risk assessment procedures;
❖ further audit procedures; and
❖ other planned audit procedures that are required to be carried out so that the engagement
complies with PSAs.

Audit program
The form and content of the audit program may vary for each particular engagement but would generally
contain the following:
❖ The audit objectives for each area;
❖ The nature, timing, and extent of audit procedures required to implement the overall audit plan;
and
❖ A time budget in which hours are budgeted for the various audit areas or procedures.

The audit program shall serve as a:


● Set of instructions to assistants involved in the audit; and
● Means to control and record the proper execution of the work.

Communication during planning phase


The auditor may decide to discuss elements of planning with the entity's management to facilitate the
conduct and management of the audit engagement (for example, to coordinate some of the planned audit
procedures with the work of the entity's personnel).

D. DIRECTION, SUPERVISION, AND REVIEW


The auditor shall plan the nature, timing and extent of direction and supervision of engagement team
members and the review of their work.

E. OTHER PLANNING CONSIDERATIONS


1. Determining the need of an auditor's expert
An auditor's expert is an individual or organization possessing expertise in a field other than
accounting or auditing, whose work in that field is used by the auditor to assist the auditor in obtaining
sufficient appropriate audit evidence. An auditor's expert may be either an auditor's internal expert (who is
a partner or staff, including temporary staff, of the auditor's firm or a network firm), or an auditor's external
expert.

When using the work of an auditor's expert, the following shall be considered by the auditor
➢ Selecting an expert
➢ Obtaining an understanding of the field of expertise of the expert
➢ Considering the nature, timing and extent of audit procedures

2. Additional considerations in initial audit engagements


Preliminary engagement activities
The auditor shall perform the following activities prior to starting an initial audit:

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 14


1 | AUDIT PLANNING

1. Perform procedures regarding the acceptance of the client relationship and the specific audit
engagement; and
2. Where there has been a change of auditors, communicate with the previous auditor in
compliance with relevant ethical requirements.

Establishing overall audit strategy and audit plan


For initial audits, additional matters the auditor may consider in establishing the overall audit strategy and
audit plan include the following:
➢ Unless prohibited by law or regulation, arrangements to be made with the previous auditor (for
example: to review the predecessor auditor's working papers).
➢ Any major issues (including the application of accounting principles or of auditing and reporting
standards) discussed with management in connection with the initial selection as auditor, the
communication of these matters to those charged with governance and how these matters affect
the overall audit strategy and audit plan.
➢ The audit procedures necessary to obtain sufficient appropriate audit evidence regarding opening
balances.
➢ Other procedures required by the firm's system of quality control for initial audit engagements (for
example, the firm's system of quality control may require the involvement of another partner or
senior individual to review the overall audit strategy prior to commencing significant audit
procedures or to review reports prior to their issuance).

3. Considerations specific to smaller entities


Less complex or time-consuming planning activities
Establishing the overall audit strategy and plan for the audit of a small entity need not be a complex or
time- consuming exercise; it varies according to the size of the entity, the complexity of the audit, and the
size of the engagement team.

Consultation.
When an audit is carried out entirely by an audit engagement partner, who may be a sole practitioner, it
may be desirable to consult with other suitably-experienced auditors or the auditor's professional body.

"Success isn't always about greatness. It's about consistency. Consistent hard work leads to
success. Greatness will come." - DWAYNE JOHNSON
---END---

AUDITING & ASSURANCE: CONCEPTS & APPLICATIONS 2 (M-AAC2) 15

You might also like