Audit_I_Ch._III
Audit_I_Ch._III
Audit_I_Ch._III
AUDIT PLANNING
The first Generally Accepted Auditing Standards of fieldwork requires adequate planning to be
made before auditing is carried out. Reasons for proper audit plan includes
To enable the auditor obtain sufficient competent evidence
To help keep audit costs reasonable
To avoid misunderstanding with the client
Obtaining sufficient competent evidence is essential if the CPA wants to minimize legal liability
and maintain a good reputation in the business community keeping costs reasonable. It helps the
firm remains competitive and thereby retains or expands its client base, assuming the firm has a
reputation for doing high-quality work. Avoiding misunderstanding with the client is important
for good client relations and for facilitating high-quality work at reasonable cost. The followings
are the elements of audit planning:
1. Preplanning
2. Obtain background information
3. Obtain information about clients legal obligation
4. Perform preliminary analytical procedures
5. Set materiality, and assess acceptable audit risk and inherent risk
6. Understand internal control and assess control risk
7. Develop overall audit plan or audit program
As shown above, there are seven major parts of Audit planning. Each of the first six parts are
intended to help the auditor develop the last part, an effective and efficient overall audit plan and
audit program.
1. Preplan the Audit: Preplanning the audit involves four things, all of which should be done
early in the audit.
A decision whether to accept a new client or continue serving an existing one
Identification of why the client needs an audit
Obtaining an understanding with the client about the terms of engagement to avoid
misunderstandings.
Select staff for engagement
Investigation of new client and reevaluation of existing ones is important to assess the integrity
of the client and to assess the acceptable financial risk it will assume. If the CPA firm decides
that acceptable risk is extremely low, it may choose not to accept the engagement. If the CPA
1
firm concludes that acceptable audit risk is low but the client is still acceptable, it is likely to
affect result and the fee proposed to the client, Audits with low acceptable audit risk will
normally result in higher audit costs, which should be reflected in higher audit fees.
Obtaining an understanding with the client is expressed by the use of engagement letter, even
though it is not required. Engagement letter is an agreement between the CPA firm and the client
for the conduct of the audit and related services. It should specify whether the auditor will
perform an audit, a review, or a compilation, plus any other service such as tax returns or
management consulting. It should also state any restriction to be provided for the audit, an
agreement on fees. The engagement letter is also a means of informing the client that the auditor
cannot guarantee that all acts of fraud will be discovered. Selection of staff for engagement
involves the assignment of appropriate staff to the engagement if the CPA firm decides to accept
the client and conduct the audit. Selection of audit staff is important to meet the first requirement
of generally accepted auditing standard and to promote audit efficiency. The first GAAS stats
“that the audit is performed by a person or persons having adequate technical training and
proficiency as an auditor”.
2. Obtain Background Information: An extensive understanding of the client business and
industry and knowledge about the company’s operation are essential for doing adequate audit.
There are three reasons for obtaining a good understanding of the clients industry. First, many
industries have unique accounting requirement that the auditor must understand to evaluate
whether the clients financial statement are in accordance with GAAP. Second, auditors can often
identify risks that may affect the auditor’s assessment of acceptable audit risk, or even whether
auditing companies in the industry is advisable.
Finally, there are inherent risks that are typically common to all clients in certain industry.
Understanding those risks aids the auditor in identifying the client’s inherent risk. Knowledge of
the clients industry can be obtained in different ways. This includes:
Discussion with previous auditor
Discussion with clients personnel
Tour the plant and office of the clients
Discussion with outside specialists.
3. Obtain Information about Client’s Legal Documents: Early knowledge of the legal
documents and records enables auditors to interpret related evidence throughout the engagement
and to make sure there is proper disclosure in the financial statement. Three closely related types
of legal documents and records should be examined early in the engagement.
2
The Corporate Charter and the Bylaws: The corporate charter is granted by the state in
which the company is incorporated and is the legal document necessary for recognizing a
corporation as a separate entity. It includes the exact name of the corporation, the date of
incorporation, the kind and amount of capital stock the corporation is authorized to issue
and the types of business activities the corporation is authorized to conduct. The bylaw
includes the rules and procedures adopted by stockholders of the corporation; they specify
such things as the fiscal year of the corporation, the frequency of stockholders meetings,
and the methods of voting for directors, and the duties and power of the corporate offices.
The Corporate Minutes: are the official records of the meetings of the boards of directors
and stockholders. They include summaries of the most important decision made by the
directors and stockholders. The auditors should read the minute to obtain information that
is relevant to perform the audit including the authorization and discussion by the board of
directors affecting inherent risk.
Contracts: clients involved in different types of contracts that are interested to the auditors.
These can include various items such as long term notes and bonds payable, stock option,
pension plane, contracts of manufactured products, contracts with vendors for future
deliveries of supplies, government contacts and leas.
4. Performing Preliminary Analytical Procedures: Analytical procedures are defined by
auditing standards as evaluations of financial information made by a study of plausible
relationships among financial and nonfinancial data involving comparisons of recorded amounts
to expectations developed by the auditor. Auditors are required to perform analytical procedures
while planning the audit to assist the auditor in determining the nature, timing and extent of
auditing procedures. Analytical procedures are required in the planning phase to assist in
determining the nature, extent, and timing of audit procedures. This helps the auditor identify
significant matters requiring special consideration later in the engagement. For example, the
calculation of inventory turnover before inventory price tests are done may indicate the need for
special care during those tests.
Analytical procedures made during the planning phase enhance the auditors understanding of the
client’s business and events occurring since the prior year’s audit. Planning analytical procedures
also help the auditor identify areas that may represent specific risks of material misstatement
warranting further attention.
The usefulness of analytical procedures as audit evidence depends significantly on the auditor
developing an expectation of what a recorded account balance or ratio should be, regardless of
3
the type of analytical procedures used. Auditors develop an expectation of an account balance or
ratio by considering information from prior periods, industry trends, client-prepared budgeted
expectations, and nonfinancial information. The auditor typically compares the client’s balances
and ratios with expected balances and ratios using one or more of the following types of
analytical procedures. In each case, auditors compare client data with:
Industry data
Similar prior-period data
Client-determined expected results
Auditor-determined expected results
Expected results using nonfinancial data
5. Audit Risk Assessment and Materiality: Audit risk represent the risk that the auditor will
conclude that financial statement are fairly stated and unqualified opinion can be issued when in
fact they are misstated. Audit risk refers to the possibility that the auditor may unknowingly fail
to appropriately modify their opinion on financial statement that is materially misstated.
Audit risks are divided in to four:
a) Inherent Risk, b) Control Risk, c) Detection Risk, d) Acceptable Audit Risk
a. Inherent Risks: is a measure of the sensitivity or susceptibility of the financial statement
account to material misstatement before considering the effectiveness of internal control,
accounting controls, policies or procedures. Internal control is ignored in setting inherent risk
because they are considered separately in audit risk assessment as control risk.
b. Control Risk: is the risk that a material misstatement will not be prevented or detected on
timely basis by the clients internal control structure. Control risk represent an assessment of
whether clients internal control structure is effective for prevention or detecting error and the
more effective the internal control, the lower the control risk
c. Detection Risk: is the audit risk that the auditor will fail to detect material misstatement with
their audit procedures. It is the possibility that audit procedures will lead them to conclude that a
material misstatement does not exist in an account, in fact such misstatement does exist.
Detection risk is a function of the procedures auditors perform for testing assertions.
d. Acceptable Audit Risk: is the measure of how willing the auditor is to accept that the
financial statement may be martially misstated after the audit is completed and unqualified
opinion has been issued. When the auditor decides on lower acceptable risk, the auditor wants to
be more certain that the financial statement will not materially misstated. Zero acceptable risk
4
would be high certainty and 100% acceptable audit risk would be complete uncertainty. The
primary way that the auditors deal with risk in planning audit evidence is through the application
of the audit risk model. The audit risk model is used primarily for planning purposes in deciding
how much evidence to accumulate in each cycle.
PDR = __AAR_
IR X CR
Where:
PDR = planned Detection risk
AAR = acceptable audit risk
IR = inherent risk
CR = control risk
Example: Assume that the auditor have assessed inherent risk for a particular assertion at 50%
and control risk at 40%. In addition, they have performed audit procedures that they believe have
a 20% risk of failing to detect a material misstatement in the assertion. Compute the acceptable
audit risk. Solution
PDR = __AAR_
IR X CR
0.20 = __AAR_
0.50 X 0.40
AAR = 0.04 = 4%
6. Understand internal control and assess control risk
Internal control is a process affected by an entity’s board of directors, management, and other
personnel that is designed to provide reasonable assurance regarding the achievement of objectives in
the following categories:
Effectiveness and efficiency of operations,
Reliability of financial reporting, and
Compliance with applicable laws and regulations.
The auditor must sufficiently understand the client’s internal controls in order to determine which
controls exist within the entity. The auditor then evaluates the internal controls in order to assess the
risk that they will not prevent or detect a material misstatement in the financial statements. This risk
(referred to as control risk) directly impacts the scope of the auditor’s work. When the auditor
assesses control risk at less than the maximum, the internal controls should be tested. The auditor’s
tests are intended to ensure that the internal controls are operating in the manner intended and
5
therefore are effective in preventing or detecting misstatements. The evidence gathered from testing
the internal controls is used to arrive at a final assessment on the level of control risk. When control
risk is assessed low, based on tests of the internal controls (referred to as tests of controls), less audit
work is required to audit the account balances (referred to as substantive tests) because the auditor
has evidence that the accounting systems are generating materially accurate financial information.
Conversely, if control risk is high, the auditor has to conduct more extensive audit work in the
account balances because the evidence about internal controls suggests that material misstatements
could occur because controls do not exist or are not operating effectively.
A system of internal control consists of policies and procedures designed to provide management
with reasonable assurance that the company achieves its objectives and goals. These policies and
procedures are often called controls, and collectively, they make up the entity’s internal control.
The auditor’s understanding of internal control is used to assess control risk for each transaction-
related audit objective. Examples are assessing the accuracy objective for sales transactions as
low and the occurrence objective as moderate. When control policies and procedures are
believed to be effectively designed, the auditor assesses control risk at a level that reflects the
relative effectiveness of those controls. To obtain sufficient appropriate evidence to support that
assessment, the auditor performs tests of controls.
Control Risk: is the risk that a material misstatement will not be prevented or detected on timely
basis by the clients internal control structure. Control risk represent an assessment of whether
clients internal control structure is effective for prevention or detecting error and the more
effective the internal control, the lower the control risk
7. Develop an Over All Audit Plan
The last step in the planning the audit is to develop an overall strategy. This involve about the
nature, extent, and timing of audit test to be conducted. In developing an overall audit plan,
auditors use five types of tests to determine whether financial statements are fairly stated.
Auditors use risk assessment procedures to assess the risk of material misstatement, represented
by the combination of inherent risk and control risk. Once the overall audit strategy has been
established, the auditor develops an audit plan. The audit plan is more detailed than the audit
strategy. In the audit plan, the auditor documents a description of (1) the nature, timing, and
extent of the planned risk assessment procedures to be used, (2) the nature, timing, and extent of
planned further audit procedures at the assertion level for each class of transactions, account
balance, and disclosure, and (3) a description of other audit procedures to be performed in order
6
to comply with auditing standards. Basically, the audit plan should consider how to conduct the
audit in an effective and efficient manner.
The audit strategy is normally documented in an audit plan and audit program containing specific
audit procedures. The audit program for most audits is designed in three parts: Test of
transactions, Analytical procedures and Test of details of balance.
Materiality and the Auditor
Materiality is an essential consideration in determining the appropriate type of report for a given
set of circumstances. So what is the concept of materiality?
The common definition of materiality as it applies to accounting and, therefore, to the audit is:
A misstatement in the financial statement can be considered material if knowledge of the
misstatement would affect a decision of a reasonable user of the statement.
In applying this definition, three gradation of materiality are used for determining the type of
opinion to issue.
Amounts are immaterial : When a misstatement in the financial statements exist, due to of the
two conditions (1) scope restricted by client or by circumstances or (2) statements are not in
accordance with GAAP, but is unlikely to affect the decisions of a reasonable user, it is
considered to be immaterial.
Amounts are material but do not overshadow the financial statement as a whole: The
second level of materiality exists when a misstatement in the financial statement would affect a
users' decision, but the overall statements are still fairly stated, and therefore, useful. For
example, knowledge of a large misstatement in permanent assets might affect a user's willingness
to loan money to a company if the assets were the collateral. A misstatement of inventory does
not mean that cash, accounts receivable, and other elements of the financial statements, or
financial statements as a whole, are materially incorrect.
Amounts are so material or so pervasive that overall fairness of statements is in question:
The highest level of materiality exists when users are likely to make incorrect decision if they
rely on the overall financial statements.
The auditor's responsibility therefore, is to determine whether financial statements are materially
misstated. If the auditor determines that there is a material misstatement, he/she will bring it to
the client's attention so a correction can be made. If the client refuses to correct the statements, a
qualified or adverse opinion must be issued, depending on how material the misstatement is.
Auditors must, therefore, have a thorough knowledge of the application of materiality.
7
Factors Affecting Materiality Judgment
Several factors affect setting a preliminary judgment about materiality for a given set of
financial statements. The most important of these are:
Materiality is a relative rather than absolute concept: A misstatement of a given magnitude
might be material for a small company, whereas, the same birr amount error could be immaterial
for a large one. Hence, it is not possible to establish any birr- value guidelines for a preliminary
judgment about materiality applicable to all audit clients.
Bases are needed for evaluating materiality: since materiality is relative, it is necessary to
have base for establishing whether misstatements are material. Net income before taxation is
normally the most important base for deciding what is material because it is regarded as a critical
item of information for users. It is also important to learn whether the misstatements could
materially affect the reasonableness of other possible base such as current assets, current
liabilities, and owners' equity.
Qualitative factors also affect materiality: certain types of misstatements are likely to be more
important to users than others, even if the birr amounts are the same. For example:
Amounts involving irregularities are usually considered more important than unintentional
errors of equal dollar amounts because irregularities reflect on the honesty and reliability of
the management or other personnel involved.
Errors that are otherwise minor may be material if there are possible consequences arising
from contractual obligations.
Errors that are otherwise immaterial may be material if they affect a trend in earnings. For
example, if reported income has increased 3 percent annually for the past five years, but
income for the current year has declined 1 percent, that change of trend may be material.
Similarly, an error that could cause a loss to be reported as a profit would be of concern.
Audit planning is a vital area of the audit process to help to:
- Determine the audit requirements
- Determine the time budget
- Assess the level of risk and materiality
- Perform the audit work at effective manner
- Acquire knowledge of the client's accounting systems, policies and internal control procedures
- Establish the expected degree of reliance to be placed on internal control
- Determine and program the nature, timing, and extent of the audit procedures to be performed
- Ensure that appropriate attention is devoted to important areas of the audit
8
- Ensure that potential problems are promptly identified
- Ensure that the work is completed expeditiously
- Utilize the assistants properly
- Co-ordinate the work done by other auditors and experts
Client acceptance Procedure
Auditing is a time-sensitive and risk-intensive business. Financial controversy and fraud has
raised the bar on auditing firm diligence. A critical step in an auditing firm establishing strong
credentials and minimizing risk is obtaining clients that are dependable, financially secure and
present a low risk for fraud. The most successful audit client acceptance procedures reduce legal
and financial risk by accepting only companies with strong operating and financial track records.
Hence the auditor should review the following points.
1. Prior Audit Review: Review the reasons why a company is looking for a new auditor. It
may be the company is performing due diligence and looking for a lower cost option for audit
reviews, or the company may be a new firm that has just increased revenues to the point where it
needs an audit. Likewise, a company may be looking for a new firm because it has run into
conflicts with prior auditors. Conflicts could include audit procedures the company did not like
or payment problems. A former auditing firm may have dropped the company for failing to
comply with audit requests or for routine late payments. As an auditing firm, you should decide
how much risk you are willing to take with a company that has an unreliable auditing past.
2. Ratings and Public Records: The financial ratings and public records of a company should
be reviewed before an audit client is accepted. Review credit reports, legal history, tax problems,
litigation records, regulatory actions, bankruptcy issues, consumer complaints and professional
liability claims. Require the company to provide business references for review. A solid review
of a company's professional and public dealings will provide good insight into the stability and
functioning of the company.
3. Reputation: Your reputation as an auditing firm is partly based off the companies you audit.
Ensure the image of your auditing firm by only accepting clients who share the same ethical and
business integrity foundation as your firm. Interview senior management and executives to gain
an understanding of their business principles. Look into the background of the key players in the
business for any criminal or legal problems and at their personal reputation in the business
community. Determine if the company pays their bills on time and honors contracts and
agreements. Avoid any client that has a long history of litigations as a defendant or as a plaintiff.
9
4. Business Structure: Review the business structure of a potential client. Look for red flags
such as overseas plants or operating facilities, high turnover in upper management and a short
operating history. Also review the company's legal counsel to see if they a have stable, well-
known legal firm, or unknown or shady representation. Review the company's physical business
presence. How long a business has stayed in the same location is an indication of stability.
5. Approval: once all the relevant procedure and information gathering takes place the
company can put forward for approval. The engagement partner will have completed a client
acceptance form and this along with any other relevant documents will be submitted to the
managing partner or whichever partner is in overall charge of accepting clients.
Engagement Letter:- Engagement letter is the letter that summarizes contractual relationship
between the auditor and the client. It defines clearly the extent of the auditors’ responsibility and
so minimizes the possibility of any misunderstanding between the client and the auditors.
Having decided to accept a client, the first step the auditor should take is to send the client an
engagement letter to set forth the terms of the type of engagement to be performed and to identify
any understandings between the auditor and client. By returning a signed copy of the letter, the client
agrees to cooperate, render assistance, and compensate the auditor. Many audit firms send
engagement letters not only to new clients but also to continuing clients for each engagement,
whether the services performed are for audit, tax, compilation, review, or some other special
engagement. An engagement letter is a written contract between an auditor and client and generally
serves as to:
- Minimize misunderstandings between the client and auditor
- Alert the client to the purpose of the engagement and the role of the external auditor
- Help to minimize legal liability for services neither contracted for nor performed
- Indicate the work to be performed by the client’s staff and client’s responsibilities. An engagement
letter should explain in nontechnical language the nature of the services to be rendered and establish
that the financial statements are the responsibility of the client.
- Indicate the scheduled dates for performance and completion of the examination, and the basis for
computing the auditor’s fee
- Provide audit staff with an understanding of the nature of the engagement.
10
11
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: