1 - Audit Planning
1 - Audit Planning
1 - Audit Planning
1. Roles of planning
Adequate planning benefits the audit of financial statements in several ways, including the following:
➢ Helping the auditor to devote appropriate attention to important areas of the audit
➢ Helping the auditor identify and resolve potential problems on a timely basis
➢ Helping the auditor properly organize and manage the audit engagement so that it is performed in
an effective and efficient manner
➢ Assisting in the selection of engagement team members with appropriate levels of capabilities
and competence to respond to anticipated risks, and the proper assignment of work to them
➢ Facilitating the direction and supervision of engagement team members and the review of their
work
➢ Assisting, where applicable, in coordination of work done by auditors of components and experts
Moreover, the auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.
5. Documentation
The auditor shall document:
a. The overall audit strategy;
b. The audit plan; and
c. Any significant changes made during the audit engagement to the overall audit strategy or the audit
plan, and the reasons for such changes.
To establish an overall audit strategy, which guides the development of the audit plan, the auditor needs
to perform procedures which will enable him or her to (1) obtain an understanding of the entity and its
environment; and (2) identify and assess risk of material misstatements. These procedures are known as
risk assessment procedures (RAPS).
Risks of material misstatement identified and assessed by the auditor include both those due to error and
those due to fraud.
The auditor's risk identification and assessment process is iterative and dynamic. The auditor's
understanding of the entity and its environment, the applicable financial reporting framework, and the
entity's system of internal control are interdependent with concepts within the requirements to identify and
assess the risks of material misstatement. In obtaining the understanding, initial expectations of risks may
be developed, which may be further refined as the auditor progresses through the risk identification and
assessment process.
In addition, the auditor is required to revise the risk assessments, and modify further overall responses
and further audit procedures, based on audit evidence obtained from performing further audit procedures
or if new information is obtained.
The auditor is required to design and implement overall responses to address the assessed risks of
material misstatement at the financial statement level. The auditor's assessment of the risks of material
misstatement at the financial statement level, and the auditor's overall responses, is affected by the
auditor's understanding of the control environment. Also, the auditor is required to design and perform
further audit procedures whose nature, timing and extent are based on and are responsive to the
assessed risks of material misstatement at the assertion level.
Inherent risk is higher for some assertions and related classes of transactions, account balances
and disclosures than for others. The degree to which inherent risk varies is referred to as the
'spectrum of inherent risk.'
➢ Control risk is described as the risk that a misstatement that could occur in an assertion about a
class of transaction, account balance or disclosure and that could be material, either individually
or when aggregated with other misstatements, will not be prevented, or detected and corrected,
on a timely basis by the entity's system of internal control.
AUDIT PROCEDURES
1. Obtain an understanding of the entity and its environment, including its internal control
Risk Assessment Procedures and Related Activities
The auditor shall design and perform risk assessment procedures to obtain audit evidence that provides
an appropriate basis for:
a. The identification and assessment of risks of material misstatement, whether due to fraud or
error, at the financial statement and assertion levels; and
b. The design of further audit procedures.
Professional skepticism
Professional skepticism is necessary for the critical assessment of audit evidence gathered when
performing the risk assessment procedures, and assists the auditor in remaining alert to audit evidence
that is not biased towards corroborating the existence of risks or that may be contradictory to the
existence of risks.
Professional skepticism is an attitude that is applied by the auditor when making professional judgments
that then provides the basis for the auditor's actions. The auditor applies professional judgment in
determining when the auditor has audit evidence that provides an appropriate basis for risk assessment.
Designing and performing risk assessment procedures to obtain audit evidence to support the
identification and assessment of the risks of material misstatement in an unbiased manner may assist the
auditor in identifying potentially contradictory information, which may assist the auditor in exercising
professional skepticism in identifying and assessing the risks of material misstatement.
Regardless of the source of information, the auditor considers the relevance and reliability of the
information to be used as audit evidence.
Scalability
The nature and extent of risk assessment procedures will vary based on the nature and circumstances of
the entity (e.g., the formality of the entity's policies and procedures, and processes and systems). The
auditor uses professional judgment to determine the nature and extent of the risk assessment procedures
to be performed to meet the requirements of the standards.
Although the extent to which an entity's policies and procedures, and processes and systems are
formalized may vary, the auditor is still required to obtain the understanding.
The nature and extent of risk assessment procedures to be performed the first time an engagement is
undertaken may be more extensive than procedures for a recurring engagement. In subsequent periods,
the auditor may focus on changes that have occurred since the preceding period.
Specific procedures
a. Inquiry
Inquiries during planning stage
Much of the information obtained by the auditor's inquiries is obtained from management and those
responsible for financial reporting. However, the auditor may also obtain information, or a different
perspective in identifying risks of material misstatement, through inquiries of others within the entity and
other employees with different levels of authority. For example:
❖ those charged with governance
❖ internal audit personnel
❖ employees involved in initiating, processing or recording complex or unusual transactions
❖ in-house legal counsel
❖ marketing or sales personnel
b. Observation
Auditor aims to obtain an understanding of the entity thru observation of entity's:
❖ processes used in processing information to be reported; and
❖ activities and operations.
c. Inspection
Inspection during planning stage
The auditor can obtain an understanding of the entity through the following inspection activities during
planning:
❖ Review of prior year's working papers and prior year's financial statements
❖ Review of reports prepared by the entity's management (such as quarterly management reports
and interim financial statements) and those charged with governance (such as minutes of board
of directors' meetings)
❖ Review of documents (such as business plans and strategies), records, and internal control
manuals
❖ Reading articles, books, periodicals, and other publications related to the entity's industry
❖ Visits to the entity's premises and plant facilities
d. Analytical procedures
A basic premise underlying the application of analytical procedures is that plausible relationships among
data may reasonably be expected to exist and continue in the absence of known conditions to the
contrary.
When the auditor intends to use information obtained from the auditor's previous experience with the
entity and from audit procedures performed in previous audits, the auditor shall evaluate whether such
information remains relevant and reliable as audit evidence for the current audit.
When there are engagement team members not involved in the engagement team discussion, the
engagement partner shall determine which matters are to be communicated to those members.
2. Consider materiality
Definition
Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements. Materiality depends on the size of the item or error judged
in the particular circumstances of its omission or misstatement.
The concept of materiality recognizes that some matters, but not all, are important for fair presentation of
the financial statements in conformity with PFRS.
Uses of materiality
Accordingly, materiality should be considered by the auditor in the following phases:
a. Planning phase
➔ To identify and assess the risks of material misstatement;
➔ To determine the nature, timing and extent of further audit procedures
b. Completion phase
➔ To evaluate the effect of uncorrected misstatements, if any, on the financial statements and in
forming the opinion in the auditor's report
Determination of materiality
The auditor's determination of materiality is a matter of professional judgment, and is affected by the
auditor's perception of the financial information needs of users of the financial statements.
Using professional judgment, an auditor is required to determine the following three different levels of
materiality.
In determining the specific materiality, the auditor normally considers the following factors:
✓ laws and regulations (e.g. related party transactions)
✓ financial reporting framework
✓key industry disclosures of the entity
✓ particular aspects of the entity's business
✓ understanding of the view of those charged with governance and management
C. Performance materiality
➢ the amount or amounts set by the auditor at less than materiality for the financial statements as a
whole to reduce to an appropriately low level the probability that the aggregate of uncorrected
and undetected misstatements exceed materiality for the financial statements as a whole
➢ also refers to the amount or amounts set by the auditor at less than the materiality level or levels
for particular classes of transactions, account balances or disclosures
➢ calculated as a certain percentage of overall materiality in order to capture any uncorrected
misstatements, the total amount of which may exceed overall materiality
➢ used in scoping of financial statement line items to be tested by the auditor and ensures that
significant accounts in the financial statements are covered by audit testing
In determining performance materiality, an understanding of the following factors may affect the
auditor's judgment such as:
✓.nature of the entity's business and transactions
✓ risk assessment procedures
✓ nature and extent of misstatements identified in previous audits
AUDIT RISK
Definition
Audit risk is the risk that the auditor gives an inappropriate audit opinion when the financial statements are
materially misstated.
These components may be expressed in a formula which shows how they will comprise the audit risk:
or
The auditor's understanding of the entity and its environment, and the applicable financial reporting
framework, also informs how the auditor plans and performs further audit procedures, for example, when:
➔ Developing expectations for use when performing analytical procedures;
➔ Designing and performing further audit procedures to obtain sufficient appropriate audit evidence;
and
➔ Evaluating the sufficiency and appropriateness of audit evidence obtained (e.g., relating to
assumptions or management's oral and written representations).
The auditor shall perform risk assessment procedures to obtain an understanding of:
a. The following aspects of the entity and its environment:
i. The entity's organizational structure, ownership and governance, and its business model,
including the extent to which the business model integrates the use of IT;
ii. Industry, regulatory and other external factors; and
iii. The measures used, internally and externally, to assess the entity's financial performance;
b. The applicable financial reporting framework, and the entity's accounting policies and the reasons for
any changes thereto; and
c. How inherent risk factors affect susceptibility of assertions to misstatement and the degree to which
they do so, in the preparation of the financial statements in accordance with the applicable financial
reporting framework, based on the understanding obtained in (a) and (b).
The auditor shall evaluate whether the entity's accounting policies are appropriate and consistent with the
applicable financial reporting framework.
Scalability
The nature and extent of the required understanding is a matter of the auditor's professional judgment
and varies from entity to entity based on the nature and circumstances of the entity, including:
➔ The size and complexity of the entity, including its IT environment;
➔ The auditor's previous experience with the entity;
➔ The nature of the entity's systems and processes, including whether they are formalized or not;
and
➔ The nature and form of the entity's documentation.
The auditor's risk assessment procedures to obtain the required understanding may be less extensive in
audits of less complex entities and more extensive for entities that are more complex. The depth of the
understanding that is required by the auditor is expected to be less than that possessed by management
in managing the entity.
Some financial reporting frameworks allow smaller entities to provide simpler and less detailed
disclosures in the financial statements. However, this does not relieve the auditor of the responsibility to
obtain an understanding of the entity and its environment and the applicable financial reporting framework
as it applies to the entity.
The entity's use of IT and the nature and extent of changes in the IT environment may also affect the
specialized skills that are needed to assist with obtaining the required understanding.
For identified risks of material misstatement at the financial statement level, the auditor shall assess the
risks and:
i. Determine whether such risks affect the assessment of risks at the assertion level; and
ii. Evaluate the nature and extent of their pervasive effect on the financial statements.
Assessing the inherent risk of identified risks of material misstatement also assists the auditor in
determining significant risks. The auditor determines significant risks because specific responses to
significant risks are required in accordance with the standards.
Inherent risk factors influence the auditor's assessment of the likelihood and magnitude of misstatement
for the identified risks of material misstatement at the assertion level. The greater the degree to which a
class of transactions, account balance or disclosure is susceptible to material misstatement, the higher
the inherent risk assessment is likely to be. Considering the degree to which inherent risk factors affect
the susceptibility of an assertion to misstatement assists the auditor in appropriately assessing inherent
risk for risks of material misstatement at the assertion level and in designing a more precise response to
such a risk.
In assessing inherent risk, the auditor uses professional judgment in determining the significance of the
combination of the likelihood and magnitude of a misstatement.
The auditor uses the significance of the combination of the likelihood and magnitude of a possible
misstatement in determining where on the spectrum of inherent risk (i.e., the range) inherent risk is
assessed. The higher the combination of likelihood and magnitude, the higher the assessment of inherent
risk; the lower the combination of likelihood and magnitude, the lower the assessment of inherent risk.
The assessed inherent risk relating to a particular risk of material misstatement at the assertion level
represents a judgment within a range, from lower to higher, on the spectrum of inherent risk. The
judgment about where in the range inherent risk is assessed may vary based on the nature, size and
complexity of the entity, and takes into account the assessed likelihood and magnitude of the
misstatement and inherent risk factors.
For a risk to be assessed as higher on the spectrum of inherent risk, it does not mean that both the
magnitude and likelihood need to be assessed as high. Rather, it is the intersection of the magnitude and
likelihood of the material misstatement on the spectrum of inherent risk that will determine whether the
assessed inherent risk is higher or lower on the spectrum of inherent risk. A higher inherent risk
assessment may also arise from different combinations of likelihood and magnitude, for example a higher
inherent risk assessment could result from a lower likelihood but a very high magnitude.
The auditor may first identify those assessed risks of material misstatement that have been assessed
higher on the spectrum of inherent risk to form the basis for considering which risks may be close to the
upper end. Being close to the upper end of the spectrum of inherent risk will differ from entity to entity,
and will not necessarily be the same for an entity period on period. It may depend on the nature and
circumstances of the entity for which the risk is being assessed.
The determination of which of the assessed risks of material misstatement are close to the upper end of
the spectrum of inherent risk, and are therefore significant risks, is a matter of professional judgment,
unless the risk is of a type specified to be treated as a significant risk in accordance with the requirements
of another ISA. ISA 240 provides further requirements and guidance in relation to the identification and
assessment of the risks of material misstatement due to fraud.
The auditor also takes into the account the relative effects of inherent risk factors when assessing
inherent risk. The lower the effect of inherent risk factors, the lower the assessed risk is likely to be. Risks
of material misstatement that may be assessed as having higher inherent risk and may therefore be
determined to be a significant risk, may arise from matters such as the following:
➔ Transactions for which there are multiple acceptable accounting treatments such that subjectivity
is involved.
➔ Accounting estimates that have high estimation uncertainty or complex models.
➔ Complexity in data collection and processing to support account balances.
➔ Account balances or quantitative disclosures that involve complex calculations.
➔ Accounting principles that may be subject to differing interpretation.
➔ Changes in the entity's business that involve changes in accounting, for example, mergers and
acquisitions
CONTROL RISK ASSESSMENT PROCESS (See Category 2 Internal Control Consideration Handout)
5. Identify detection risk to determine the nature, timing and extent of further audit procedures
Definition
As defined previously, detection risk is the risk that the auditor's substantive procedures will not detect a
misstatement that exists in an account balance or class of transactions that could be material, individually
or when aggregated with misstatements in other balances or classes.
Lower DR Higher DR
Nature More effective procedures may be applied Less effective procedures may be applied
Extent Larger sample size will be tested Smaller sample size will be tested
➢ Engagement budgeting, including considering the appropriate amount of time to set aside for
areas where there may be higher risks of material misstatement.
Important note:
➢ When establishing the overall audit strategy, the auditor aims to create a strategy or approach
that will result in an effective and efficient audit. Thus, appropriate levels of materiality and audit
risk must be considered carefully.
Audit program
The form and content of the audit program may vary for each particular engagement but would generally
contain the following:
❖ The audit objectives for each area;
❖ The nature, timing, and extent of audit procedures required to implement the overall audit plan;
and
❖ A time budget in which hours are budgeted for the various audit areas or procedures.
When using the work of an auditor's expert, the following shall be considered by the auditor
➢ Selecting an expert
➢ Obtaining an understanding of the field of expertise of the expert
➢ Considering the nature, timing and extent of audit procedures
1. Perform procedures regarding the acceptance of the client relationship and the specific audit
engagement; and
2. Where there has been a change of auditors, communicate with the previous auditor in
compliance with relevant ethical requirements.
Consultation.
When an audit is carried out entirely by an audit engagement partner, who may be a sole practitioner, it
may be desirable to consult with other suitably-experienced auditors or the auditor's professional body.
"Success isn't always about greatness. It's about consistency. Consistent hard work leads to
success. Greatness will come." - DWAYNE JOHNSON
---END---