Unit II

2.1.1 The overall audit strategy is a comprehensive plan that outlines the scope, approach, timing, and resources
required to conduct an audit. This strategy serves as a foundation for the audit process and helps guide the audit team
in efficiently and effectively performing the audit.

Key Elements of an Overall Audit Strategy:

1. Objective and Scope of the Audit:

o Define the purpose of the audit (e.g., financial statement audit, compliance audit, internal controls
audit).
o Specify the boundaries and extent of the audit (e.g., which financial statements, business units, or
processes will be included).
2. Audit Approach:
o Risk-Based Approach: Focuses on areas with the highest risk of material misstatement or non-
compliance.
o Substantive or Controls-Based Approach: Determines whether the audit will primarily focus on
substantive testing (e.g., transactions, balances) or internal controls (e.g., procedures and systems).
o Integrated Approach: Combines both substantive and control testing.
3. Audit Risk Assessment:
o Evaluate the risks of material misstatement in the financial statements, considering factors like
inherent risk, control risk, and detection risk.
o Assess risks at both the financial statement level and the assertion level for specific transactions or
balances.
o Consider the nature of the entity (industry, environment, size, complexity), and any significant
changes (e.g., mergers, new regulations).
4. Resources and Staffing:
o Determine the appropriate mix of skills, expertise, and experience required for the audit team.
o Assign responsibilities based on team members' strengths, knowledge of the business, and experience
with similar audits.
5. Timing and Phasing of the Audit:
o Establish the timing for fieldwork, testing, and reporting. This includes the start and end dates of the
audit and any deadlines for interim reviews or final reports.
o Plan for the timing of key audit procedures (e.g., interim testing, year-end testing).
6. Materiality:
o Set an appropriate materiality threshold for the audit, which defines the level at which misstatements
in financial statements are considered significant.
o Materiality is generally based on a percentage of key financial figures (e.g., total assets, revenue, or
profit).
7. Audit Team Coordination:
o Develop a clear communication plan among the audit team, the client, and other stakeholders.
o Set up regular progress meetings and ensure team members are aligned with the overall audit
objectives.
8. Use of Experts and Specialists:
o Determine whether the use of specialists or experts (e.g., tax advisors, actuaries, IT specialists) is
necessary to address specific risks or complex areas.
o Ensure the qualifications and independence of any third-party experts are evaluated.
9. Documentation and Reporting:
o Establish protocols for documenting audit procedures, findings, and conclusions.
 Define the format and timing for interim and final audit reports, including the auditor’s opinion and
o
any recommendations.
10. Communication with Management and Those Charged with Governance:

 Plan for communication with management regarding audit findings, potential issues, and requests for
information.
 Schedule meetings with those charged with governance (e.g., audit committee) to discuss the audit’s progress,
any significant risks, or issues identified during the audit.

Conclusion:

An overall audit strategy provides a structured approach to an audit, ensuring that all critical areas are addressed and
that resources are used efficiently. It helps auditors tailor their work to the unique characteristics of the entity being
audited and the risks they face, ensuring a thorough and effective audit process.

2.1.2 The establishment of an overall audit strategy is a critical part of the audit planning process. It provides the
foundation for how the audit will be conducted, focusing on key factors such as the audit's objectives, scope, timing,
resources, and risk assessment. The strategy serves to ensure that the audit is efficient, effective, and aligned with the
specific circumstances of the entity being audited.

Steps in the Establishment of the Overall Audit Strategy:

1. Understanding the Entity and its Environment

o Entity's Business and Industry: Gain an understanding of the client's business model, industry
trends, economic environment, and regulatory landscape. This context will influence the audit
strategy, as it helps identify unique risks.
o Internal Control Systems: Evaluate the client’s internal control systems to understand their design
and operational effectiveness. A well-designed control system may reduce audit risk, while ineffective
controls may increase the level of audit procedures required.
o Previous Audit Results: Review the findings and conclusions from prior audits, including any areas
of concern, weaknesses, or changes in the business or operations since the last audit.
2. Defining the Audit Objectives and Scope
o Audit Objectives: Clearly define the primary objectives of the audit (e.g., providing assurance on the
accuracy and fairness of financial statements, compliance with laws and regulations, internal control
effectiveness).
o Scope of the Audit: Determine the boundaries of the audit, such as:
 Which financial statements or elements (e.g., balance sheet, income statement, cash flow
statement) will be audited.
 Which periods or cycles (e.g., quarterly, annually) the audit will cover.
 Specific areas of focus based on identified risks (e.g., revenue recognition, asset valuations).
3. Risk Assessment
o Inherent Risk: Evaluate the susceptibility of the entity's financial statements to material misstatement,
assuming no internal controls are in place. This includes considering business complexity, external
factors (e.g., economic conditions), and areas where management estimates or judgment plays a
significant role.
o Control Risk: Assess the risk that the entity's internal controls will fail to prevent or detect material
misstatements. If the entity has strong internal controls, control risk may be lower.
o Detection Risk: Estimate the risk that the audit procedures will not detect a material misstatement,
given the inherent and control risks. The detection risk is managed by adjusting the nature, timing, and
extent of audit procedures.
 o Consideration of Fraud Risk: Identify areas where the risk of fraud may exist (e.g., related party
transactions, revenue recognition) and tailor the audit procedures accordingly.
4. Materiality
o Determine Materiality Threshold: Set the materiality level, which guides decisions about what
misstatements or omissions in the financial statements would influence the economic decisions of
users. Materiality is usually based on a percentage of key financial figures such as total assets,
revenue, or profit.
o Performance Materiality: Often set lower than overall materiality to allow for a margin of error in
testing, particularly where multiple areas are being tested (e.g., accounts payable, receivables).
o Consideration of Specific Materiality: The auditor may set different materiality levels for specific
areas (e.g., smaller thresholds for areas with more risk).
5. Audit Approach
o Substantive Procedures vs. Test of Controls: Decide on the nature of the audit approach:
 Substantive Testing: Testing individual transactions, balances, or disclosures to verify their
accuracy and completeness.
 Control Testing: Testing the design and operating effectiveness of internal controls to
determine whether they prevent or detect material misstatements.
 Combined Approach: Often a combination of both, especially for complex organizations or
areas where control risks are higher.
6. Timing of the Audit
o Fieldwork Schedule: Determine the timing of key audit procedures, including interim and year-end
testing. For example, it might be necessary to perform some audit procedures before the year-end date
(e.g., revenue recognition), while others are done after the year-end (e.g., testing balances).
o Critical Dates and Deadlines: Establish the key dates (e.g., client’s financial year-end) and deadlines
(e.g., for the final audit report, issuance of the auditor’s opinion).
o Audit Phases: Break the audit into phases, such as planning, interim testing, year-end procedures, and
reporting.
7. Resources and Staffing
o Personnel Requirements: Determine the necessary skills, expertise, and experience required for the
audit team. This includes deciding on the number of team members, their roles, and any specialists
(e.g., IT auditors, tax experts) needed for certain areas.
o Allocation of Resources: Plan for how time and resources will be allocated based on areas of higher
risk, complexity, or significance to the financial statements.
8. Use of Technology and Audit Tools
o Data Analytics and Audit Software: Consider the use of automated tools and data analytics to
enhance audit efficiency, especially for testing large volumes of transactions or identifying patterns
and anomalies.
o Sampling Methods: Determine whether statistical or non-statistical sampling will be used, and how to
ensure representative testing in areas with high volume or complexity.
9. Communication and Coordination
o Internal Team Communication: Ensure clear communication among audit team members regarding
roles, responsibilities, and the audit approach.
o Client Communication: Develop a communication plan with the client for information requests,
meetings, and updates on audit progress.
o Coordination with Governance: Schedule regular meetings with the audit committee or those
charged with governance to discuss audit progress, significant findings, and risks.
10. Documentation of the Audit Strategy
o Audit Plan: Document the overall audit strategy and audit plan, which includes a summary of risk
assessments, audit approach, planned procedures, and resources. This is typically reviewed and
approved by senior audit leadership.
 o Changes to the Strategy: As the audit progresses, the strategy may be revised in response to new
information or risks identified during the audit process.

Conclusion

The establishment of the overall audit strategy is a dynamic and iterative process that involves a thorough
understanding of the client, its business risks, the scope of the audit, and the required resources. It is crucial to
establish a clear, structured audit plan that addresses identified risks, ensures an efficient allocation of resources, and
provides a solid foundation for conducting detailed audit procedures.

2.2 Audit Planning

An audit plan is a detailed, structured document that outlines the approach, scope, and execution of an audit
engagement. The goal of an audit plan is to ensure the audit is thorough, efficient, and effective, addressing all
relevant risks and providing a basis for forming the audit opinion.

2.2.1 Effective Audit Plan

1. Objectives of the Audit

o Clearly define the overall objectives of the audit engagement. This may include providing an opinion
on the financial statements, evaluating internal controls, or assessing compliance with regulations.
o Example: "The objective of this audit is to obtain sufficient and appropriate evidence to form an
opinion on whether the financial statements present a true and fair view in accordance with the
relevant accounting framework (e.g., IFRS, GAAP)."
2. Understanding of the Entity and Its Environment
o A thorough understanding of the entity being audited is fundamental to planning the audit. This
includes:
 The business model, key operations, and industry risks.
 The entity's internal control systems, governance structure, and key financial reporting
processes.
 The legal and regulatory environment.
o Example: "The entity operates in a highly regulated environment with significant foreign exchange
risk and has complex revenue recognition policies."
3. Risk Assessment
o Identify and assess the risks of material misstatement in the financial statements, both at the financial
statement level and at the assertion level (e.g., for individual transactions, account balances, or
disclosures).
o Inherent Risk: Evaluate areas that are inherently risky due to complexity, judgment, or external
factors (e.g., revenue recognition, estimates, related party transactions).
o Control Risk: Assess the effectiveness of internal controls in mitigating risks.
o Detection Risk: Adjust the nature, timing, and extent of audit procedures to address detection risk,
given the assessed inherent and control risks.
o Example: "Due to the complex nature of the revenue recognition in the technology division, this area
will be a focus of our audit procedures."
4. Audit Scope and Areas of Focus
o Define the scope of the audit, including:
 Which areas of the financial statements will be covered.
 Which specific risks or issues will be prioritized.
 Whether any specific procedures will be applied to areas of higher risk or complexity.
 o Example: "The audit will cover the full set of financial statements for the year ending December 31,
2024, with a focus on testing revenue recognition, goodwill impairment, and compliance with new tax
regulations."
5. Audit Approach
o Substantive Testing: Procedures designed to detect material misstatements directly by testing
transactions, balances, and disclosures.
 Example: "We will perform substantive testing on revenue transactions and receivables,
including confirmation with major customers."
o Test of Controls: Procedures designed to evaluate the effectiveness of internal controls over financial
reporting.
 Example: "We will test the design and operational effectiveness of controls over financial
reporting, particularly in areas related to cash disbursements and payroll."
o Combination Approach: A mix of both approaches, often used when control risk is moderate or high.
 Example: "We will rely on substantive testing for the majority of the audit but also perform
tests of controls related to IT systems, as we noted significant reliance on automated controls."
6. Materiality
o Define the overall materiality threshold for the audit, as well as performance materiality for specific
areas or accounts. Materiality helps auditors determine which misstatements, if any, are significant
enough to affect the audit opinion.
o Example: "The overall materiality level for the audit will be 5% of pre-tax income, with performance
materiality set at 75% of overall materiality."
7. Audit Procedures and Testing
o Identify specific audit procedures to be used for each identified area of risk or audit focus. This
includes:
 Substantive procedures (e.g., inspection, observation, re-performance, confirmation, analytical
procedures).
 Tests of controls (e.g., walkthroughs, inquiry, inspection of documents, observation).
o Example: "We will perform analytical procedures on the expense accounts, followed by detailed
substantive testing of payroll transactions for unusual fluctuations."
8. Timing of the Audit
o Set the overall timeline for the audit, specifying the timing of interim and year-end fieldwork, as well
as key deadlines for reporting and submission of the audit opinion.
o Identify any key milestones for the audit team, such as completing initial risk assessments, fieldwork,
and draft reports.
o Example: "Interim testing of inventory controls will begin in early February 2024, and year-end
fieldwork will commence on March 1, 2024, with the final audit report due by April 15, 2024."
9. Resources and Staffing
o Define the resources required for the audit, including the number of team members, their roles, and the
expertise needed (e.g., industry specialists, IT auditors, tax advisors).
o Identify any specific training or guidance needed for audit team members.
o Example: "The audit team will consist of a manager, two seniors, and three staff auditors. An IT
specialist will be involved for testing the client's new ERP system."
10. Coordination with the Client
o Develop a communication plan for interacting with management and those charged with governance
(e.g., the audit committee or board of directors). This should include:
 Regular updates on audit progress.
 Discussion of key risks or issues identified.
 Requests for information, documentation, and access to key personnel.
o Example: "Regular meetings will be scheduled with management every two weeks to discuss progress,
with a final meeting planned for April to review the draft financial statements and findings."
11. Documentation of Audit Plan
 o Document the audit plan in detail, ensuring that it covers the scope, objectives, risks, resources, and
procedures. This serves as a reference for the audit team and provides a record of planning decisions
made.
o Example: "The audit plan, including risk assessments and audit procedures, will be documented and
reviewed by the audit manager and partner prior to the start of fieldwork."
12. Engagement Team and Leadership Involvement
o Clearly define the roles and responsibilities of each audit team member. This includes setting
expectations for the team’s interaction with the client and ensuring alignment with the overall audit
strategy.
o Example: "The audit partner will oversee the overall audit strategy and be the main point of contact
with the audit committee, while the audit manager will supervise day-to-day fieldwork and coordinate
with client personnel."

2.2.2 Audit planning is an essential step in the audit process that provides a structured framework for conducting the
audit efficiently and effectively. It involves identifying risks, determining the scope of the audit, selecting appropriate
audit procedures, and allocating resources. Well-developed audit planning ensures that the audit meets its objectives
and is conducted within a reasonable timeframe and budget. Below are the key benefits of audit planning:

1. Improved Efficiency

 Streamlined Audit Process: A well-structured audit plan enables auditors to focus on high-risk areas and
allocate resources effectively. By identifying key areas of concern upfront, auditors can avoid unnecessary
procedures and concentrate on critical audit tasks.
 Time Management: By clearly defining the scope, objectives, and timeline of the audit, planning helps
ensure that the audit is completed on time. It also helps in setting milestones and deadlines, allowing the audit
team to track progress.

2. Enhanced Effectiveness

 Focus on High-Risk Areas: Planning allows auditors to assess and prioritize areas with higher inherent risks,
such as complex transactions, significant estimates, or areas susceptible to fraud. This targeted approach
increases the likelihood of detecting material misstatements.
 Tailored Audit Procedures: The audit plan helps determine the most effective and efficient audit procedures
based on the identified risks and the client's circumstances. This allows auditors to address the audit's
objectives more effectively and with the appropriate level of scrutiny.

3. Better Resource Allocation

 Optimal Use of Personnel: Audit planning ensures that the right team members with the appropriate skills
are assigned to specific areas of the audit. For example, specialists (e.g., IT auditors, tax advisors) can be
brought in for specific tasks, ensuring the right expertise is applied where needed.
 Efficient Budgeting: By setting a clear plan for how the audit will be executed, it is easier to estimate the
time and resources required. This helps in controlling audit costs and ensuring the engagement stays within
budget.

4. Reduced Risk of Oversight

 Comprehensive Coverage: A thorough audit plan ensures that all critical areas are covered and that no
material risks are overlooked. It helps identify key audit areas, including complex transactions, estimates, and
controls that may be prone to errors or fraud.
  Identification of Control Weaknesses: The audit plan typically includes procedures for evaluating the
effectiveness of internal controls. By planning for these procedures early, auditors can identify and address
control weaknesses, which may reduce the risk of misstatements or fraud.

5. Improved Communication

 Clear Expectations: The audit plan clearly defines the objectives, scope, and timeline, which helps align the
expectations of both the audit team and the client. This transparency improves coordination and reduces
misunderstandings between the auditors and the client.
 Stakeholder Involvement: Effective audit planning includes communication with management and those
charged with governance, ensuring they are aware of the audit process, any challenges, and potential issues. It
helps manage their expectations and enhances trust in the audit process.

6. Compliance and Regulatory Adherence

 Meeting Legal and Regulatory Requirements: Planning helps auditors ensure that they are aware of and
comply with relevant accounting standards (e.g., IFRS, GAAP), audit standards (e.g., ISA, PCAOB), and
other legal or regulatory requirements. This is particularly important in highly regulated industries.
 Documentation of Audit Strategy: Proper planning ensures that all audit decisions, assessments, and
procedures are documented, which can be critical for compliance, especially in cases of regulatory scrutiny or
legal disputes.

7. Increased Audit Quality

 Thorough Risk Assessment: A well-structured audit plan starts with a detailed risk assessment, ensuring that
the audit is comprehensive and focuses on areas with the highest risk of material misstatement. This improves
the overall quality of the audit and the reliability of the audit opinion.
 Reduced Errors and Omissions: By planning in advance, the audit team can anticipate potential challenges,
such as the availability of documents or time constraints, reducing the risk of errors or omissions in the audit
process.

8. Greater Control Over the Audit Process

 Effective Supervision and Monitoring: With a detailed audit plan in place, senior auditors and managers can
monitor the progress of the audit more effectively. They can track if the audit is progressing as planned, and if
adjustments are needed, they can identify potential issues early.
 Adaptability: Audit plans are flexible and can be adjusted based on new risks, challenges, or findings that
emerge during the audit. The planning phase helps establish a framework for handling such changes without
losing sight of the audit objectives.

9. Enhanced Client Relationships

 Proactive Communication: Proper planning helps auditors communicate with clients proactively. For
example, auditors can set expectations regarding the timeline, document requests, and the nature of the audit
work. This can reduce client concerns and build trust.
 Reduction in Surprises: A comprehensive audit plan helps minimize the likelihood of surprises for both the
audit team and the client. For example, if there are potential issues with the financial statements or internal
controls, these can be discussed early on, allowing time for resolution before the final report is issued.

10. Improved Ability to Identify Fraud

  Fraud Risk Assessment: The audit plan includes identifying and assessing the risk of fraud, which enables
auditors to tailor their approach and testing to areas more susceptible to fraud. Planning for fraud detection
helps prevent fraudulent activities from going undetected and ensures the auditor's opinion remains reliable.
 Focused Procedures on High-Risk Areas: Through effective planning, auditors can determine which areas
are more likely to be exposed to fraud (e.g., revenue recognition, related party transactions, management
override of controls) and allocate more resources to investigating these areas.

11. Optimized Timing and Coordination

 Efficient Use of Time: With a clear audit plan, auditors can avoid delays caused by last-minute adjustments
or missing information. The plan outlines when key tasks should be completed, allowing for better
coordination between team members and client staff.
 Seamless Coordination Between Teams: For larger audits, where multiple teams may be involved (e.g., tax
experts, IT auditors, and financial auditors), having a clear audit plan ensures that there is no overlap or
missed work, and everyone understands their roles and responsibilities.

12. Facilitates Reporting

 Clear Structure for Reporting: The audit plan helps guide the auditor's focus towards areas that will be
discussed in the final audit report, ensuring that the audit report is comprehensive and well-structured.
 Early Identification of Issues: By addressing key risks and areas of concern early in the audit process, the
audit team can identify any significant issues sooner, providing ample time to address them before finalizing
the audit report.

Conclusion

The benefits of audit planning are far-reaching and contribute significantly to the efficiency, effectiveness, and
quality of the audit process. A well-executed audit plan not only ensures compliance with auditing standards and
regulatory requirements but also enhances communication with clients, reduces audit risks, and provides the auditors
with a clear path for achieving the audit objectives. By focusing resources on high-risk areas, improving coordination
among the audit team, and optimizing timing, audit planning leads to a more controlled, cost-effective, and accurate
audit engagement.

2.3 An audit programme is a detailed, systematic plan that outlines the specific audit procedures and steps to be
performed during an audit engagement. It serves as a guide for auditors to ensure they execute the audit plan
effectively, ensuring that all necessary areas are covered, risks are addressed, and sufficient evidence is gathered to
form an audit opinion.

Audit Programme:

1. Objective of the Audit:

o Clearly states the purpose of the audit and the key areas to focus on, such as testing financial statement
assertions, evaluating the effectiveness of internal controls, or assessing compliance with regulatory
requirements.

2. Audit Scope:
o Defines the specific areas of the financial statements to be audited (e.g., revenue, inventory,
receivables, liabilities, etc.).
o It may also include details on the scope of audit testing on internal controls or compliance with laws
and regulations.
3. Audit Procedures:
o Nature of Procedures: Describes the type of audit tests to be conducted, such as substantive tests or
tests of controls.
 Substantive Testing: Includes testing transactions, account balances, or disclosures to verify
their accuracy and completeness.
 Test of Controls: Includes testing the design and operational effectiveness of internal controls.
o Detailed Steps: Each audit procedure should have clear instructions on what the auditor needs to do,
how to perform it, and the expected outcomes.

4. Timing of Procedures:
o Defines when specific audit procedures should be performed, which could be at an interim stage
(before year-end) or at year-end (final testing).
o It will specify deadlines for fieldwork, interim testing, and reporting.

5. Responsibility Assignment:
o Specifies which members of the audit team are responsible for carrying out each audit procedure. This
is important for task delegation and ensures proper accountability.
o Example: "Test of controls over the revenue cycle will be performed by the senior auditor, while
substantive testing of accounts receivable will be handled by the staff auditor."

6. Resources Needed:
o Indicates any additional resources required to perform specific audit procedures. This may include
specialists (e.g., IT auditors, tax experts), tools, or software needed for certain areas (e.g., data
analytics tools).

7. Audit Evidence:
o Describes the type of evidence to be collected during the audit procedures (e.g., documentation,
physical inspection, third-party confirmations, analytical review).
o It also specifies the quality of evidence needed, such as reliability and relevance, to support the
auditor’s conclusions.

8. Audit Assertions:
o Lists the management assertions that need to be tested for each financial statement area. Common
assertions include:
 Existence/Occurrence: Assets, liabilities, and transactions exist and have occurred.
 Completeness: All transactions and balances that should be included are recorded.
 Accuracy: Transactions and balances are recorded at the correct amounts.
 Valuation and Allocation: Assets and liabilities are valued appropriately.
 Rights and Obligations: The entity has the rights to assets and the obligations for liabilities.
 Presentation and Disclosure: Transactions are properly presented and disclosed in accordance
with applicable accounting standards.

9. Sampling Approach:
o If sampling is used, the programme specifies the sampling methodology (e.g., random, judgmental)
and the sample size. It also includes guidelines on evaluating sample results and addressing any
deviations found.

10. Expected Outcomes and Evaluation:

o Specifies the criteria for evaluating the results of the audit tests. This includes how to assess the
sufficiency and appropriateness of audit evidence and how to determine whether the results of testing
indicate a misstatement or control weakness.
 o Example: "If more than 5% of the sample items show discrepancies, further testing will be required."

11. Documentation and Reporting:

o Specifies how audit findings should be documented, and which forms or templates should be used.
This includes:
 Workpapers and evidence collected.
 Conclusions drawn from testing and how they support the final audit opinion.
 Any issues or concerns that need to be communicated to management or those charged with
governance.

Conclusion:

An audit programme is an essential tool for ensuring that the audit process is organized, comprehensive, and
effective. By providing clear instructions, procedures, and a structured approach, it helps the audit team gather
sufficient and appropriate evidence to form an audit opinion. It is a key component of audit planning and a necessary
document for maintaining the quality and consistency of audit engagements.