Chapter 2

Planning and Risk Assessment

Audit planning:

"Audit planning" means developing a general strategy and a detailed approach for the
expected nature, timing and extent of the audit. The auditor plans to perform the audit in an
efficient and timely manner.

An Audit plan is the specific guideline to be followed when conducting an audit. It helps the
auditor obtain sufficient appropriate evidence for the circumstances, helps keep auditcosts at
a reasonable level, and helps avoid misunderstandings with the client.

Need for Audit Planning:

The auditor plans to perform the audit in an efficient and timely manner. The form and nature
of planning is affected by,

 Size of the entity

 Complexity of the audit
 Auditor’s experience with the entity
 Knowledge of the business
 Commercial environment
 Method of processing transactions
 Reporting requirements.

Objectives of planning:

 Ensuring that appropriate attention is developed to important areas of the audit

 Ensuring that potential problems are identified
 Ensuring that the work is completed expeditiously
 Proper assignment of work to assistants
 Coordination of work done by other auditors and experts; and
 Facilitating review.

Importance /benefits/Advantages of Audit Planning:

Audit planning is addressed by ISA 300 Planning an Audit of Financial Statements.It states
that adequate planning benefits the audit of financial statements in several ways:

a. Helping the auditor to devote appropriate attention to important areas of the audit.
b. Helping the auditor to identify and resolve potential problems on a timely basis.
c. Helping the auditor to properly organise and manage the audit engagement so that it
is performed in an effective and efficient manner.
d. Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks and the proper assignment
of work to them.
 e. Facilitating the direction and supervision of engagement team members and the
review of their work.
f. Assisting, where applicable, in coordination of work done by experts.

Audit Strategy:

An audit strategy sets the direction, timing, and scope of an audit. The strategy is then used as
a guideline when developing an audit plan. The strategy document usually includes a
statement of the key decisions needed to properly plan the audit.

Contents of overall audit strategy:

 The characteristics of the engagement that defines its scope;
 Reporting objectives of the engagements to plan the timing of the audit;
 Timing of the audit;
 Nature of communications required;
 Significant factors in directing engagement team efforts;
 The results of preliminary engagement activities;
 The knowledge gained on other engagements;
 The nature, timing, and extent of resources available for the engagement.
Content of audit plans(given in the auditing standards)
Audit plans for internal audits should include the following:
• Audit identification number,
• Identification of the work unit to be audited,
• Name & title of the auditee representative for this work unit,
• Purpose and scope of the audit,
• Identity of members of the audit team,
• Date(s) on which the audit to be conducted,
• Structure of the audit, including the expected starting and finishing times of the Opening
and Closing Meetings, and any planned team meetings, and
• The planned sequence and timing of the audit activities, and identification of the
member of the audit team who will be undertaking them.

Interim Audit and Final Audit:

Interim audit:
 An interim audit involves preliminary audit work that is conducted prior to the fiscal
year-end of a client. The interim audit tasks are conducted in order to compress the period
needed to complete the final audit. Doing so benefits the client, which can issue its audited
financial statements sooner.
Procedures likely to include:
 Analytical procedures
 Test of controls
 Updating risk assessments
 Review of relevant internal audit reports
 Substantive testing(of transactions in first part of year)
Final audit:
Final audit is also called as the “Balance sheet audit” or the “Periodical audit”. Final audit
is started when the books of accounts closed at the end of the year. It is the most satisfactory
form of audit from the point of view of an auditor. In this audit there is cent percent checking
of the accounts.
Characteristics of final audit:

• In one session an auditor make only one visit.

• This type of audit can be conducted on both the large and small type of business.

• It is conducted when the accounting period ended.

• In this audit the auditor can do test checking.

• Auditor report is a prerequisite.

• It is conducted to report to shareholders.

• The audit is completed on a short period.

Procedure includes:

 Completion of tests of control and substantive tests of transactions started at interim

 Analytical procedures on financial statements
 Substantive tests of financial statements.

Preconditions for an Audit:

Preconditions for an audit means the use by management of an acceptable financial

reporting framework in the preparation of the financial report and the agreement of
management and, where appropriate, those charged with governance to the premise on which
an audit is conducted.
 Auditor should accept a new audit engagement or continue an existing audit
engagement if the “preconditions for an audit” required by ISA 210 agreeing the terms of
audit engagements are present.

ISA 210 requires the auditor to:

 Determine whether the financial reporting framework to be applied in the preparation

of the financial statements is appropriate; and

 Obtain the agreement of management that it acknowledges and understands its

responsibilities.

If the preconditions for an audit are not present, the auditor should discuss the matter with
management, and should not accept the engagement unless required to do so by law or
regulation.

Obtaining Audit Engagements:

1. The purpose of this International Standard on Auditing (ISA) is to establish standards

and provide guidance on:
a. Agreeing the terms of the engagement with the client.
b. The auditor’s response to a request by a client to change the terms of an engagement
to one that provides a lower level of assurance.
2. The auditor and the client should agree on the terms of the engagement and the agreed
terms would be recorded in an audit engagement letter.
3. This ISA is intended to assist the auditor in the preparation of engagement letters
relating to audits of financial statements.
4. The objective and scope of an audit and the auditor’s obligations are established by
law.

Engagement letters:

An audit engagement letter is in the interest of both client and the auditor that the auditor
sends an engagement letter, preferably before the commencement of the engagement, to help
in avoiding misunderstandings with respect to the engagement.

The engagement letter documents and confirms the auditor’s acceptance of the appointment,
the objective and scope of the audit, the extent of the auditor’s responsibilities to the client
and the form of any reports.

The engagement letter will be sent before the audit. It specifies:

 the nature of the contract between the audit firm and the client
 Minimises the risk of any misunderstanding of the auditor's role.
 Confirms acceptance of the engagement
 Set out terms and conditions of the engagement.
It should be reviewed every year to ensure that it is up to date but does not need to be
reissued every year unless there are changes to the terms of the engagement. The auditor must
issue a new engagement letter if the scope or context of the assignment changes after initial
appointment.

Contents of Engagement Letter:

The contents of a letter of engagement for audit services are listed in ISA 210 Agreeing the
Terms of Audit Engagements. They should include the following:

 The objective and scope of the audit;

 The responsibilities of the auditor;

 The responsibilities of management;

 The identification of an applicable financial reporting framework; and

 Reference to the expected form and content of any reports to be issued.

In addition to the above the engagement letter may also make reference to:

 The unavoidable risk that some material misstatements may go undetected due to the
inherent limitations in an audit;

 Arrangements regarding the planning and performance of the audit;

 The expectation that management will provide written representations;

 The agreement of management to make available to the auditor draft financial

statements and other information in time to complete the audit in accordance with the
proposed timetable;

 The agreement of management to inform the auditor of facts that may affect the
financial statements;

 The basis on which fees are computed and billing arrangements;

 A request for management to acknowledge receipt of the engagement letter and to

agree the terms outlined;

 Agreements concerning the involvement of auditors experts and internal auditors; and

 Restrictions to the auditor's liability.

Quality control procedure:

The international Standard on Auditing(ISA) deals with the specific responsibilities of the
auditor regarding quality control procedures for an audit of financial statements. It also
addresses, where applicable, the responsibilities of the engagement quality control reviewer.

Objectives:

The objective of the auditor is to implement quality control procedures at the engagement
level that provide the auditor with reasonable assurance that:

1. The audit complies with professional standards and applicable legal and regulatory
requirements and
2. The auditor’s report issued is appropriate in the circumstances.

Importance:

1. To ensure that its personnel comply with the professional standards applicable to its
accounting and auditing practice.
2. The purpose of the system is the same for all segments of a firm’s practice.
3. Variance in an individual’s performance and understanding of- professional
requirements or the firm’s quality control policies and procedures, therefore, the
effectiveness of the system.
4. A firms quality control system depends heavily on the proficiency of its personnel.

Elements of a firm’s system of quality control addressed in ISQC 1 comprise:

1. Leadership quality within the firm:

the firm should establish policies and procedures designed to promote an internal
culture based on recognition that quality is essential in performing engagements.
2. Relevant ethical requirements:
The firm should establish policies and procedures designed tp provide it with
reasonable assurance that the firm and its personnel comply with relevant ethical
requirements.
3. Human resource including assignment of engagement teams:
Firm to provide assurance that it has sufficient personnel with the capabilities ,
competence, and commitment to ethical principles necessary to perform its
engagements in accordance with professional standard, regulatory and legal
requirements.
4. Acceptance and continuance of client relationships and specific engagements:
To check the integrity of the principal owners, key management and those charged
with governance of the entity. Whether the firm and the engagement team can comply
with relevant ethical requirements
5. Engagement performance including conclusions, resolution of differences of opinion
and engagement quality control review(direction, supervision and performance.)
6. Monitoring including dealings with complaints and allegations

Overall objectives of the Auditor:

The objectives of the auditor can be classified into two:

A. Primary objectives of Audit: these are the basic main objectives that they are to
perform.
1. Examining the system of internal check.
2. Checking the arithmetical accuracy of books of accounts, verifying posting, costing,
balancing etc.
3. Verifying the authenticity and validity of transactions.
4. Checking the existence and value of assets and liabilities.
5. Verifying whether all the statutory requirements are fulfilled or not.
6. Proving true and fairness of operating results presented by income statement and
financial position presented by the balance sheet.

B. Subsidiary objectives of audit: these are such objectives which are set up to help in
attaining primary objective.
1. Detection and prevention of errors:
a. Errors of principle
b. Errors of omission
c. Errors of commission
d. Compensation errors.
2. Detection and prevention of fraud
a. Misappropriation of cash
b. Misappropriation of goods
c. Manipulation of accounts and falsification of accounts without and
misappropriation.
3. Under and over valuation of stock.
4. Other objectives;
a. To provide information to income tax authority.
b. To satisfy the provision of Company Act.
c. To have moral effect.

Need to conduct an Audit:

1. Ensure accountability:
It is necessary for every business to keep track of who is accountable for what, for the
purpose of demand of the information by the shareholders or any other investors.
2. Provide reliability:
The tax office, financial institutions and management can all benefit from seeing
audited financial statements.
3. Offer assurance:
A level of reasonable assurance can absolutely be obtained from a well-carried out
audit.
4. Give a complete report about the shape of the business, based on the complete record
that is maintained by the business for the purpose of reference when ever needed.
5. The power of the feedback:
 The success and failure of the business is based on the auditor’s feedback.
6. Boost credit rating and Value.
Regular and continuous auditing of financial statements is an attractive part of any
business package for lenders, creditors and investors.

Audit Risk:

Audit risk is the risk that an auditor issues an incorrect opinion on the financial statements or
a correct opinion based on an materially misstated financial statement.

Example: Failing to provide/ emphasize a significant matter in the audit report.

Model:

Audit risk = Inherent Risk x Control Risk x Detection Risk

Components of Audit Risk:

1. Inherent Risk: is a risk of a material misstatement in the financial statements arising

due to error or omission as a result of factors other than the failure of controls factors
that may cause a misstatement due to absence or lapse of controls are considered
separately in the assessment of control risk.
2. Control Risk: risk of a material misstatement in the financial statements arising due to
absence or failure in the operation of relevant controls of the entity. It is due to the
insufficient level of internal control and where the segregation of duties is not well
defined and the financial statements are prepared by those who do not have sufficient
technical knowledge.
3. Detection Risk: a risk that the auditors fail to detect a material misstatement in the
financial statements. It can be reduced by auditors by increasing the number of
sampled transactions for detailed testing.
Materiality:
A concept or convention within auditing and accounting relating to the
importance/significance of an amount, transaction, or discrepancy.The objective of
an audit of financial statements is to enable the auditor to express an opinion whether
the financial statements are prepared, in all material respects, in conformity with an
identified financial reporting framework such as Generally Accepted Accounting
Principles (GAAP).
The concept of materiality is applied by the auditor both in planning and performing
the audit and in evaluating the effect of identified misstatements on the audit and of
uncorrected misstatements, if any, on the financial statements and in forming the opinion in
the auditor’s report.

Performance Materiality:

ISA 320 defines performance materiality as:

 ‘the amount(s) set by the auditor at less than materiality for the financial statements
as a whole to reduce to an appropriately low level the probability that the aggregate of
uncorrected and undetected misstatements exceeds materiality for the financial statements as
a whole and the amount(s) set by the auditor at less than the materiality level(s) for
particular classes of transactions, account balances or disclosures.’

In other words, this refers to the amount of variation that can exist in individual
financial accounts due to errors and omissions without affecting the auditor’s opinion
regarding the objectivity of financial statements.

Performance materiality does not have to be set for all individual accounts as this can
be done for a selected set of accounts or for a particular class of accounts.

Determination of performance materiality is conducted for the purpose of assessing

audit risk.

Difference between Materiality and Performance Materiality

Basis Materiality Performance Materiality

meaning Materiality refers to the state where
financial information has the ability
to affect economic decisions of users
or the discharge of accountability by
management or those charged with
governance if some information is
misstated, omitted or not disclosed.
Scope Level of materiality is based on the
needs and expectations of the users
of financial information.
Nature Materiality is a standalone concept
Performance Materiality is the
amount of variation that can exist in
individual financial accounts due to
errors and omissions without affecting
the auditor’s opinion regarding the
objectivity of financial statements.
Level of performance materiality
depends on the assessment of audit
risk.
On the level of materiality

Materiality concept

Financial reporting frameworks often discuss the concept of materiality in the context
of the preparation and presentation of financial statements. Although financial reporting
frameworks may discuss materiality in different terms, they generally explain that:

Misstatements, including omissions, are considered to be material if they, individually

or in the aggregate, could reasonably be expected to influence the economic decisions of
users taken on the basis of the financial statements;

Judgments about materiality are made in light of surrounding circumstances, and are
affected by the size or nature of a misstatement, or a combination of both;

Three types

 Overall Materiality
 Performance Materiality
  De minimis

At the planning stage of the audit

1. The initial materiality levels are determined based on Management accounts.

2. Do the initial analytics of FSLIs based on the performance materiality.

At the Execution stage of the audit

1. Apply the performance materiality (PM) level to determine the sample size. (Here the
PM is applied and the balances are checked for the amounts over the PM amount).
2. PM is applied to each Financial Statement Line Items (FSLI) once. (Here PM may be
disaggregated proportionately within each FSLI to ease auditing).
3. Material by nature (professional judgment)

At the completion stage of the audit

1. The revised PM is used after passing all the audit entries

2. Used in performing Conclusion analytic (where current audited figures are compared
with the previous year audited figures).

DE MINIMIS LEVEL—Amount below which potential audit adjustments need not

be accumulated (“clearly trivial”). The amount established is such that any misstatements,
either individually or aggregated with other misstatements, would be inconsequential to the
financial statements.

Procedures to obtain initial understanding:

The purpose of this International Standard on Auditing (ISA) is to establish standards

and to provide guidance on obtaining an understanding of the entity and its environment,
including its internal control and assessing the risks of material misstatement in a financial
statement audit.

The auditor should obtain an understanding of the entity and its environment,
including its internal control, sufficient to identify and assess the risks of material
misstatement of the financial statements whether due to fraud or error and sufficient to design
and perform further audit procedures.

The following is an overview of the requirements of this standard:

 Risk assessment procedures and sources of information about the entity and its
environment, including its internal control.
 Understanding about the entity and its environment and including internal
control, where it requires auditor to understand specific aspects of the entity
 Assessing the risks of material misstatement
 Communicating with those charged with governance and management
 Documentation- where it establishes related documentation requirements.
Analytical procedures in planning:

Analytical procedures consists of ‘evaluation of financial information through analysis of

plausible relationship among both financial and non-financial data’.

They also encompass ‘such investigation as is necessary of identified fluctuations or

relationship that are inconsistent with other relevant information or that differ from expected
values by a significant amount’.

Purpose of analytical procedure:

1. Preliminary analytical review risk assessment.

These are performed to obtain an understanding of the business and its environment to
help assess risk of material misstatements in order to determine the nature , timing
and extent of audit procedures.
2. Substantive analytical procedures:
This procedure is used when the auditor considers that the use of analytical
procedures can be more affective or efficient that tests of details in reducing the risk
of material misstatements at the assertion level to an acceptably low level.
3. Financial analytical review:
Performed as an overall review of the financial statements at the end of the audit to
assess whether they are consistent with the auditor’s understanding of the entity.

Elements comprising distinct steps that are inherent in the process of using substantial
analytical procedures:

Step 1- Develop an independent expectation:

The auditor should have an independent expectation whenever using substantive

analytical procedures. He develops expectations by identifying plausible relationships that are
reasonably expected to exist based on his knowledge of the business, industry trends or other
accounts.

Step 2- Define a significant difference or threshold

Threshold may be defined as numerical values or percentages of the items being

tested.it is the acceptable amount of potential misstatements and therefore should not exceed
planning materiality and must be sufficiently small to enable the auditor to identify
misstatements that could be either individually or when aggregated with misstatements in
other portions of the account balances.

Step 3- Compute the difference:

The comparison of the expected value with the recorded amounts and to identify significant
differences if any.it can be done only after considering the expectations and threshold

Step 4- Investigate significant differences and draw conclusions:

 Differences indicate an increased likelihood of misstatements, the greater the degree
of precision the greater the likelihood that the difference is a misstatement. Explanations
should be sought for the full amount of the difference, not just for the part that exceeds
threshold.

Compute and interpret Key Ratios used in Analytical Procedures:

A ratio analysis is a quantitative analysis of information contained in a company’s financial

statements. Ration analysis is based on line items in financial statements like the balance
sheet, income statement and cash flow statement the ratios of one item or a combination of
items- to another item or combination are then calculated.

Ratio analysis is used to evaluate various aspects of a company’s operating and financial
performance such as its efficiency, liquidity, profitability and solvency.

Effect of Fraud and Misstatements on the Audit Strategy:

Prevention and detection of fraud is the responsibility of the management.

In order to detect fraud, the auditor must maintain an attitude of professional scepticism i.e.
to always be aware of the possibility of fraud, regardless of past experience of the client.

Once the error(unintentional or fraud(intentional) has been found by the auditor then the
auditor needs to re-assess his original risk assessment of the audit.

This will impact the audit strategy in the following ways:

 Testing may be focused on the areas in which fraud is suspected.

 The auditor may choose not to rely on the representations of management if they are
suspected of involvement in fraud.
 Materiality may be reduced.
 Evidence provided by the client may not be relied upon.
 The auditor may have to generate more 3rd party evidence.

Responsibilities of Internal Auditors for the Prevention and Detection of Fraud and
Error:

The responsibilities concerning fraud within an organisation are divided between the
executive board, the audit committee and the internal audit.

1. Firstly, the executive board has the final responsibility for implementing the
mechanisms of detecting and preventing a fraud early on. The members of the
executive board are those who should offer explanations in as of discovering certain
cases of fraud.
2. Secondly, the audit committee has the role of supervising the management of fraud
risks and actively monitoring the efforts of the executive board against fraud
committing.
 3. Third, the internal; audit represents an efficient line of defence against fraud, having a
role both in monitoring the risk as well as in fraud prevention and detection.

The role of internal auditors:

 The internal auditors must have enough knowledge in order to identify the signs of
possible fraud be attentive of the cases that involves a risk of fraud and appreciate the
necessity to further investigate the case.
 Supporting the management in establishing auditable anti-fraud mechanisms
facilitating the assessment of fraud and reputational risks at the level of an
organisation.
 Supporting the efforts to rectify deficiencies and reporting to the audit committee
 The internal audit cannot completely prevent fraud, but it can adapt its work method
and procedures to identify and correctly interpret the signs of fraud.
 The internal auditors must have a superior level of theoretical knowledge and
practical experience in order to successfully accomplish their role.
 There is a considerable need to invest in the specialization of the internal auditors by
financing course in certain fields.

Fraud risks assessment in seven stages:

1. Organising the manner how to assess fraud risks.

2. Determining the processes, organisational units and locations to be assessed, both
from perspective of the value of their transactions and balances, but also of particular
known risks.
3. Identifying possible fraud schemes and scenario.
4. Assessing the possibilities to commit fraud.
5. Assessing the degree of importance of identified fraud risks.
6. Determining the internal anti-fraud controls that exist and the degree to which these
internal controls cover fraud risks,’
7. Formulating or modifying the audit plan based on the results of assessing fraud risks.

Responsibilities of External Auditors for the Prevention and Detection of Fraud and
Error:

 The external auditor is responsible for obtaining reasonable assurance that the
financial statements, taken as a whole are free from material misstatement, whether
caused by fraud or error.
 Must recognize the possibility that a material misstatement due to fraud could occur,
regardless of the auditor’s prior experience of th client’s integrity and honesty.
 Identifying and assessing the risks of material misstatement through understanding the
entity and its environment.
 The engagement team should also obtain information for use in identifying the risk of
fraud when performing risk assessment procedures.
 auditors must identify , through enquiry, how management assess and responds to the
risk of fraud.
  The auditor must also enquire of management, internal auditors and those charged
with governance if they are aware of any actual or suspected fraudulent activity.

Audit Documentation:
Audit Documentation is one of the International Standards on Auditing. It serves to direct the
documentation of Audit working papers in order to assist the audit planning and performance
the supervision and review of the audit work and the recording of audit evidence resulting
from the audit work in order to support the auditor’s opinion.

Form And Content Of Audit Documentation:

 Size and Complexity.

 Nature of Audit.
 Identified Risk.
 Significance of the audit evidence.
 Nature and Extent of exceptions.
 Audit Methodology of Audit tools.

Audit Working Papers

The Working Papers are the matters documented by the auditor. So they are his property.
Although, the client may claim them as a record of his business matters, the auditor cannot
part with them as his conclusions are based on them and as they provide evidence of the audit
work carried out according to the basic principles.

Purpose Of Audit Working Papers

 Represent the volume of work performed.

 Minute details and aspects of the audit report.
 Valuable documentary evidence.
 Coordinate and Organize the work.
 Advice the client.
 Serve as a guide.
 Serve as a means to give training to the audit clerks.

Essentials Of Good Working Papers:

 It should be complete and contain all necessary information.

 Properly Organized and Arranged.
 Contains accurate information.
 Contains the facts.
 Facts should be readily apparent to the reader.
 Relevant details in the Working papers.
 It should be properly preserved and filed.
 Paper used should be of better quality and uniform size.
 Sufficient space for any decision taken by an auditor