Audit Planning

* Discuss why adequate audit planning is

essential
* Describe the activities involved in audit
planning
* Describe the analytical procedures
* Describe the factors to be considered before
accepting an audit engagement
* Describe the importance and principal contents
of engagement letter
*Planning an audit involves
establishing the overall
audit strategy for the
engagement and
developing an audit plan
Adequate planning benefits the audit of financial statements in several ways,
including the following:

Helping the auditor to devote appropriate attention to important areas of the

audit.
Helping the auditor identify and resolve potential problems on a timely basis.
Helping the auditor properly organize and manage the audit engagement so
that it is performed in an effective and efficient manner.
 Assisting in the selection of engagement team members with appropriate
levels of capabilities and competence to respond to anticipated risks, and the
proper assignment of work to them.
 Facilitating the direction and supervision of engagement team members and
the review of their work.
Assisting, where applicable, in coordination of work done by auditors of
components and experts.

4
Stage 1 of Audit Process

The auditor shall undertake the following activities at the beginning

of the current audit engagement:

(a) Performing procedures required by ISA 220 regarding the

continuance of the client relationship and the specific audit
engagement

(b) Evaluating compliance with relevant ethical requirements,

including independence, in accordance with ISA 220; and

(c) Establishing an understanding of the terms of the engagement, as

required by ISA 210
*The engagement partner shall be
satisfied that appropriate procedures
regarding the acceptance and
continuance of client relationships
and audit engagements have been
followed, and shall determine that
conclusions reached in this regard
are appropriate.
ISQC 1 requires the firm to obtain information considered necessary
in the circumstances before accepting an engagement with a new
client, and deciding whether to continue an existing engagement,
such as the following:
a) The integrity of the principal owners, key management and those
charged with governance of the entity;
b) Whether the engagement team is competent to perform the
audit engagement and has the necessary capabilities, including time
and resources;
c) Whether the firm and the engagement team can comply with
relevant ethical requirements; and

7
 Integrity assessment

For continuing client

* Periodic evaluation of existing client to ensure acceptable audit
risk to kept low
For prospective client
- The proposed successor auditor should make certain inquiries of
the predecessor auditor before accepting the engagement
- The proposed auditor should inquiries from predecessor any
professional reason or other reason for change of auditor
- Where prospective client refuses to permit the predecessor
auditor to respond, the proposed auditor should have
reservations about accepting the client.
- Auditor can review the entity’s bankers as well as other
members of business community

8
• Consideration of whether the firm has the competence,
capabilities, and resources to undertake a new engagement from a
new or an existing client involves reviewing the specific
requirements of the engagement and the existing partner and staff
profiles at all relevant levels, and including whether:

Firm personnel have knowledge of relevant industries or subject

matters
Firm personnel have experience with relevant regulatory or
reporting
requirements, or the ability to gain the necessary skills and
knowledge effectively
The firm has sufficient personnel with the necessary competence
and capabilities
Experts are available, if needed;
Individuals meeting the criteria and eligibility requirements to
perform engagement quality control review are available, where
applicable; and
The firm is able to complete the engagement within the reporting
deadline.
* Auditor should identify circumstances and relationships
that may create threat to independence.
* If there is exist threat to independence which are
significant , the firm should apply appropriate
safeguards to eliminate or reduce such threat to
acceptable level.
* The firm shall establish policies and procedures
designed to provide it with reasonable assurance that
the firm, its personnel and, where applicable, others
subject to independence requirements (including
network firm personnel) maintain independence where
required by relevant ethical requirements
* If situation where no safeguards are available to
reduce the threat to acceptable level , the firm should
eliminate the activities that create threat. If that is
not possible , firm should decline to accept the audit
engagement.
* As a final step in the acceptance phase, in compliance with
auditing standards and good professional practice, it is
important to confirm the terms of each engagement in an
engagement letter (Refer to ISA 210 Terms of Audit Engagements for
details of an engagement letter)
* Purpose of Engagement Letter - To formalize the
arrangement reached between the auditor and client. It
serves as a contract that outlines the responsibility of both
parties to prevent any misunderstanding between the two
parties.

11
Content of an audit engagement letter or other suitable
form of written agreement and shall include
*(a) The objective and scope of the audit of the financial
statements;
*(b) The responsibilities of the auditor;
*(c) The responsibilities of management;
*(d) Identification of the applicable financial reporting
framework for the
*preparation of the financial statements; and
*(e) Reference to the expected form and content of any
reports to be issued by the auditor and a statement that
there may be circumstances in which a report may differ
from its expected form and content.
* The agreement of management to make available to the
auditor draft financial statements and any accompanying
other information in time to allow the auditor to complete
the audit in accordance with the proposed timetable.
* The agreement of management to inform the auditor of facts
that may affect the financial statements, of which
management may become aware during the period from the
date of the auditor’s report to the date the financial
statements are issued.
* The basis on which fees are computed and any billing
arrangements.
* A request for management to acknowledge receipt of the
audit engagement letter and to agree to the terms of the
engagement outlined therein.
The auditor shall obtain an understanding of the following:

(a) Relevant industry, regulatory, and other external factors including the
applicable financial reporting framework.
(b) The nature of the entity, including:
(i) its operations;
(ii) its ownership and governance structures;
(iii) the types of investments that the entity is making and plans to
make, including investments in special-purpose entities; and
(iv) the way that the entity is structured and how it is financed,
to enable the auditor to understand the classes of transactions, account
balances, and disclosures to be expected in the financial statements.

(c) The entity’s selection and application of accounting policies, including

the reasons for changes thereto. The auditor shall evaluate whether the
entity’s accounting policies are appropriate for its business and
consistent with the applicable financial reporting framework and
accounting policies used in the relevant industry.
(d) The entity’s objectives and strategies, and those related business risks that may
result in risks of material misstatement.
(e) The measurement and review of the entity’s financial performance.
*Materiality and Audit risks are major
concept that affect the scope of audit.
*When planning the audit, the auditor
considers what would make the financial
statements materially misstated
*The auditor uses his knowledge about the
entity environment as a basis for
identifying and assessing the risk of
material misstatement in the financial
statement
* Risk is a fundamental concept that underlies the audit
process

* Audit Risk =Inherent Risk X Control Risk X Detection Risk

* Audit risk is the risk that the auditor gives an inappropriate

audit opinion when the financial statement is materially
misstated
* ISA 200 required the auditor to perform the audit to reduce
the audit risk to a sufficiently low level that in the auditor
professional judgment, appropriate to express an opinion
of financial statement
* Audit risk can be zero?
Auditor can limit the audit risk by exercising control through
careful acceptance and retention of client and control of
acceptable audit risk

The assessment of risks is a matter of professional judgment,

rather than a matter capable of precise measurement. ISA
does not provide specific quantitative guidance

Audit risk is a technical term related to the process of

auditing; it does not refer to the auditor’s business risks
such as loss from litigation, adverse publicity, or other
events arising in connection with the audit of financial
statements.
17
Inherent risk
* Susceptibility of an assertion to material misstatements,
assuming no related internal control
* Inherent risk is higher for some assertions and related classes of
transactions, account balances, and disclosures than for others.
For example, it may be higher for complex calculations or for
accounts consisting of amounts derived from accounting
estimates that are subject to significant estimation uncertainty.
* External circumstances giving rise to business risks may also
influence inherent risk. For example, technological
developments might make a particular product obsolete,
thereby causing inventory to be more susceptible to
overstatement

18
Control risk
* Risk that material misstatement will not be prevented , or
detected and corrected on timely basis by entity internal
control.
* This risk is the function of effectiveness of design and
operation of internal control.
* Auditor may set the control risk as maximum level in the
belief that it is more efficient to conduct extensive
substantive procedures
* Auditor may set control risk as maximum because it
determine the internal control is not effective

19
Detection risk
* Is the risk that audit substantive procedures will not detect any
material misstatements that exist in account balance and class
of transaction
* Detection risk is a function of the effectiveness of substantive
procedures and their application by an auditor
* Detection risk relate to the scope of audit( Nature, extent and
timing) of audit procedure
* Unlike inherent and control risk, the actual level of detection
risk is controllable by the auditor through variation in the
nature, timing and extent of audit procedures

20
* Detection risk results from 2 types of risks uncertainties namely:
* Sampling risk-arises because in many instances auditor does not
perform 100% test.
* Non-Sampling risk-occurs because the auditor used an
inappropriate audit procedures, failed to detect a misstatement
when applying an appropriate audit procedures.
* Non sampling risk can be reduced to negligible level through adequate
planning, proper assignment of staff, supervision and review
* Detection risk is controllable by auditor
* Detection risk have inverse relationship with risk of material
misstatement ( Inherent risk & control risk)
* Auditor assessment of risk is matter of professional judgment
* If auditor assess the achieved audit risk is less than or equal to
planned audit risk, unqualified report is issued
* Otherwise, auditor will conduct additional audit work and
qualify the audit report
* Audit Risk is used as an audit planning tool
* 3 steps are involved in the auditor’s use of the
audit risk model at the account balance or class
of transaction level:
1) Setting a planned level of audit risk
2) Assessing inherent risk and control risk
3) Solving the audit risk equation for acceptable
level of detection risk
* Having Determined
* Audit Risk
* Inherent Risk
* Control Risk

* Detection Risk is just a balancing figures

* DR = AR/ (IR X CR)
Auditor may use qualitative term to implement audit risk
model
ISA 320/ MFRS101
* (ISA 320 para 2) - Misstatements, including omissions, are
considered to be material if they, individually or in the aggregate,
could reasonably be expected to influence the economic decisions
of users taken on the basis of the financial statements
* Materiality is defined as the magnitude of an omission or
misstatement of accounting information that, in light of the
surrounding circumstances, makes it probable that the judgment
of a reasonable person relying on the information would have been
changed or influenced by the omission or misstatement.
* Omissions or misstatements of items are material if they could,
individually or collectively, influence the economic decisions that
users make on the basis of the financial statements.
* Materiality depends on the size and nature of the omission or
misstatement judged in the surrounding circumstances. The size
or nature of the item, or a combination of both, could be the
determining factor
ISA 320 para 4 - The auditor’s determination of materiality is a matter
of professional judgment, and is affected by the auditor’s perception
of the financial information needs of users of the financial statements.
In this context, it is reasonable for the auditor to assume that users:
*(a) Have a reasonable knowledge of business and economic activities
and accounting and a willingness to study the information in the
financial
*statements with reasonable diligence;
*(b) Understand that financial statements are prepared, presented
and audited to levels of materiality;
*(c) Recognize the uncertainties inherent in the measurement of
amounts based on the use of estimates, judgment and the
consideration of future events; and
*(d) Make reasonable economic decisions on the basis of the
information in the financial statements

26
 Materiality
 In designing the audit plan, the auditor will establish an acceptable
materiality level so as to detect quantitatively material
misstatements.

 In that planning, materiality is established and implemented using

quantitative approach.

 The qualitative aspect of the small amount must also be considered

 The circumstances related to some misstatements may cause the

auditor to evaluate them as material even if they are below
materiality. Although it is not practicable to design audit procedures
to detect misstatements that could be material solely because of
their nature, the auditor considers not only the size but also the
nature of uncorrected misstatements, and the particular
circumstances of their occurrence, when evaluating their effect on
the financial statements.
* Professional standard provide little guidance on
how to access what is material to a reasonable
user. Why?
* Audit firm developed own policies and
procedures
* Step 1 - Establish preliminary judgment about
materiality
* Step 2 - Determine tolerable misstatement
* Step 3 - Establish likely misstatement and
compare to the preliminary judgment about
materiality
* In designing the audit plan, the auditor will establish an acceptable
materiality level ( preliminary judgment on materiality/ planning
materiality) so as to detect quantitatively material misstatements.
* By quantifying the estimate about materiality, audit team are able to
plan the scope of audit and evaluate the result of audit procedures
* Preliminary judgment of materiality is maximum amount by which the
auditor believes the financial statements could be misstated and still
not affect the decision of reasonable user
* Materiality is relative concept and not an absolute concept
* A percentage is often applied to a chosen benchmark (base) as a
starting point in determining materiality for the financial statements
as a whole.
* Examples of benchmarks that may be appropriate, depending on the
circumstances of the entity, include categories of reported income
such as profit before tax, total revenue, gross profit and total
expenses, total equity or net asset value.
* Tolerable misstatement is the amount of planning materiality
that is allocated to account balances or class of transaction
* Purpose: to plan the scope of audit procedures for account
balance and class of transaction
* Qualitative factor may need to consider
* Common computational benchmark in practice:
2 to 15% of account
50 to 75% of planning materiality
Combine tolerable misstatement > planning materiality. Why?
Materiality for the financial statements as a whole (and, if applicable,
the materiality level or levels for particular classes of transactions,
account balances or disclosures) may need to be revised as a result of a
change in circumstances that occurred during the audit (for example, a
decision to dispose of a major part of the entity’s business), new
information, or a change in the auditor’s understanding of the entity and
its operations as a result of performing further audit procedures.
For example, if during the audit it appears as though actual financial
results are likely to be substantially different from the anticipated
period-end financial results that were used initially to determine
materiality for the financial statements as a whole, the auditor revises
that materiality.
Auditor aggregate the misstatement from each account balances and
class of transaction. This referred to as likely misstatement
Compare likely misstatement to preliminary judgment of misstatement
Likely misstatement< preliminary judgment of misstatement
 F/S true and fair, issue unqualified audit report
Likely misstatement> preliminary judgment of misstatement
 propose adjustment, client refuse, issue qualified or adverse opinion
* Quantitative materiality provides a threshold
or cut off point rather than being a primary
qualitative characteristic which information
must have if it is to be useful.
* There is an inverse relationship between
Materiality & level of Audit Risk
* Eg: M AR
Auditor need to CR or DR
*The auditor shall establish an overall
audit strategy that sets the scope,
timing and direction of the audit,
and that guides the development of
the audit plan
* In establishing the overall audit strategy, the auditor shall:
* (a) Identify the characteristics of the engagement that define its
scope;
* (b) Ascertain the reporting objectives of the engagement to plan
the timing of the audit and the nature of the communications
required;
* (c) Consider the factors that, in the auditor’s professional
judgment, are significant in directing the engagement team’s
efforts;
* (d) Consider the results of preliminary engagement activities and,
where applicable, whether knowledge gained on other
engagements performed by the engagement partner for the entity
is relevant; and
* (e) Ascertain the nature, timing and extent of resources necessary
to perform the engagement
 The entity’s timetable for reporting, such as at interim and final
stages.
 The organization of meetings with management and those charged
with governance to discuss the nature, timing and extent of the audit
work.
 The discussion with management and those charged with
governance regarding the expected type and timing of reports to be
issued and other communications, both written and oral, including the
auditor’s report, management letters and communications to those
charged with governance.
 Communication with auditors of components regarding the expected
types and timing of reports to be issued and other communications in
connection with the audit of components.
 The expected nature and timing of communications among
engagement team members, including the nature and timing of team
meetings and timing of the review of work performed.
 Preliminary identification of areas where there may be a higher risk
of material misstatement.
 The impact of the assessed risk of material misstatement at the
overall financial statement level on direction, supervision and
review
 Results of previous audits that involved evaluating the operating
effectiveness of internal control, including the nature of identified
deficiencies and action taken to address them.
 The discussion of matters that may affect the audit with firm
personnel responsible for performing other services to the entity
 • Significant industry developments such as changes in industry
regulations and new reporting requirements
* The auditor shall develop an audit plan that shall include a description
of:
(a) The nature, timing and extent of planned risk assessment procedures, as
determined under ISA 315
(b) The nature, timing and extent of planned further audit procedures at the
assertion level, as determined under ISA 330
(c) Other planned audit procedures that are required to be carried out so
that the engagement complies with ISAs.

* Planning is not a discrete phase of an audit, but rather a continual and

iterative process. During the course of audit, information may come
to the audit attention that differ significantly from information
available when auditor initially planned the audit procedure. Auditor
need re-evaluate and change the overall audit strategy and audit plan
*Staff requirements and Use of Experts
*Understand the applicable law and regulations
*Identify Related Parties
*Going Concern
*Using the work of internal auditing
*Set up audit strategy and audit plan
*Review audit strategy with audit committee
*Consider other value added services
Staff Requirement
*Staff requirements-factors that should be considered in determining
staffing requirements include engagement size, complexity, level of risk,
special technical expertise, personnel availability and timing of the work
performed.
*Expert( ISA620) Auditor’s expert – An individual or organization possessing
expertise in a field other than accounting or auditing, whose work in that
field is used by the auditor to assist the auditor in obtaining sufficient
appropriate audit evidence.
*Under ISA 620 the auditor should assess the professional competence and
objectivity of the expert.
*Professional competence relates to the nature and level of expertise of the
auditor’s expert. It may refer to professional qualification of the expert
* Objectivity relates to the possible effects that bias, conflict of interest, or
the influence of others may have on the professional or business judgment of
the auditor’s expert.
* The auditor should recognize that non-compliance of laws and regulations by client entity may
materially affect the financial statements and he should obtain a general understanding of the
legal and regulatory framework applicable to the client entity
* ISA 250 provides guidance on the auditor’s responsibility regarding laws and regulation
applicable to the client entity.
* Auditor should primarily concerned with the following types of law and regulations:
* The provisions of those laws and regulations generally recognized to have a direct effect on
the determination of material amounts and disclosures in the financial statements such as
tax and pension laws and regulations
* legal regulation that affect operating aspects of the business, to an entity’s ability to
continue its business
* Non compliance of which can result in financial consequences such as fines and litigation
#If the auditor becomes aware of information concerning an instance of noncompliance or
suspected non-compliance with laws and regulations, the auditor shall obtain:
* (a) An understanding of the nature of the act and the circumstances in which it
has occurred; and
* (b) Further information to evaluate the possible effect on the financial
statements.
* If the auditor suspects there may be non-compliance, the auditor shall discuss the matter
with management
Circumstances that may indicate a possible non-
compliance include the following:
* Investigation by a government agency, enforcement
proceeding, or payment of unusual fines or penalties.
* Violations of laws or regulations cited in reports of
examinations by regulatory agencies.
* Large payments for unspecified services to consultants,
affiliates, or employees.
* Sales commissions or agents' fees that appear
excessive.
* Unauthorised transactions, improperly recorded
transactions, or transactions not recorded in a
complete or timely manner.
* Unexplained payments to government officials.
* Failure to file tax returns or pay government duties
* It is important that the auditor attempt to identify all
related parties during the planning phase of the audit so that
the auditor will be alert for the related party transactions
during the course of the audit.
* Frequently, transaction between entity and related parties
may not be at fair values (not at arm’s length transaction)
* Related Parties (MFRS 124)
* (a) A person or a close member of that person’s family is related
to a reporting entity if that person:
* (i) has control or joint control over the reporting entity;
* (ii) has significant influence over the reporting entity; or
* (iii) is a member of the key management personnel of the
* reporting entity or of a parent of the reporting entity.
* As part of the risk assessment procedures and related activities that
ISA 315 and ISA 240 require the auditor to perform during the audit,
the auditor shall perform the audit procedures and related activities
to obtain information relevant to identifying the risks of material
misstatement associated with related party relationships and
transactions( Understanding the entity related party relationship and
transaction)

Procedure to identify related party relationship and transaction

* In the process, auditor shall inquire of the management regarding
(a) The identity of the entity’s related parties, including changes
from the prior period
* (b) The nature of the relationships between the entity and these
related parties; and
* (c) Whether the entity entered into any transactions with these
related parties during the period and, if so, the type and purpose of
the transactions
Procedure to understanding the internal control relate to related party
relationship and transaction

The auditor shall inquire of management and others within the entity, and
perform other risk assessment procedures to obtain an understanding of
the controls that management has established to:

(a) Identify, account for, and disclose related party relationships and
transactions in accordance with the applicable financial reporting
framework
(b) Authorize and approve significant transactions and arrangements with
related parties; and
(c) Authorize and approve significant transactions and arrangements
outside the normal course of business.
Inspection of document and record
*During the audit, the auditor shall remain alert, when inspecting records or
documents, for arrangements or other information that may indicate the
existence of related party relationships or transactions that management has not
previously identified or disclosed to the auditor
*In particular, the auditor shall inspect the following for indications of the
existence of related party relationships or transactions that management has not
previously identified or disclosed to the auditor:
*(a) Bank and legal confirmations obtained as part of the auditor’s procedures;
*(b) Minutes of meetings of shareholders and of those charged with governance;
*(c) Such other records or documents as the auditor considers necessary in the
circumstances of the entity
During the audit, the auditor may inspect records or documents that may
provide information about related party relationships and transactions, for
example
*Third-party confirmations obtained by the auditor (in addition to bank and
*legal confirmations).
*Entity income tax returns.
* Information supplied by the entity to regulatory authorities.
*Shareholder registers to identify the entity’s principal shareholders.
*Statements of conflicts of interest from management and those charged with
governance.
* Records of the entity’s investments and those of its pension plans.
*Contracts and agreements with key management or those charged with
governance.
*Significant contracts and agreements not in the entity’s ordinary course of
business.
* When performing risk assessment procedures as required by ISA 315,
the auditor shall consider whether there are events or conditions
that may cast significant doubt on the entity’s ability to continue as
a going concern.
* In so doing, the auditor shall determine whether management has
already performed a preliminary assessment of the entity’s ability
to continue as a going concern
* If yes, the auditor shall discuss the assessment with management
and determine whether management has identified events or
conditions that, individually or collectively, may cast significant
doubt on the entity’s ability to continue as a going concern and, if
so, management’s plans to address them? How about if no?
* The auditor shall remain alert throughout the audit for audit
evidence of events or conditions that may cast significant doubt on
the entity’s ability to continue as a going concern.
* Going concern issue are consider during planning and completion
stage
Events or Conditions That May Cast Doubt about Going Concern
Assumption:
Financial
• Net liability or net current liability position.
• Fixed-term borrowings approaching maturity without realistic prospects
of renewal or repayment; or excessive reliance on short-term
borrowings to finance long-term assets.
• Indications of withdrawal of financial support by creditors.
Operating
Management intentions to liquidate the entity or to cease operations.
• Loss of key management without replacement.
• Loss of a major market, key customer(s), franchise, license, or
principal supplier(s).
Other
Non-compliance with capital or other
statutory requirements.
Pending legal or regulatory proceedings
against the entity that may, if successful,
result in claims that the entity is unlikely
to be able to satisfy.
Changes in law or regulation or government
policy expected to adversely affect the
entity.
The external auditor shall determine whether the work of the internal audit function can
be used for purposes of the audit by evaluating the following:
i. The extent to which the internal audit function’s organizational status and relevant
policies and procedures support the objectivity of the internal auditors
ii. The level of competence of the internal audit function; and
iii. Whether the internal audit function applies a systematic and disciplined
approach, including quality control.

Factors that may affect the external auditor’s determination of whether the internal
audit function applies a systematic and disciplined approach:
i. The existence, adequacy and use of documented internal audit procedures or
guidance covering such areas as risk assessments, work programs, documentation and
reporting, the nature and extent of which is commensurate with the size and
circumstances of an entity.
ii. Whether the internal audit function has appropriate quality control policies and
procedures, for example, such as those policies and procedures in ISQC that would be
applicable to an internal audit function
* Audit plan is more detailed description than audit strategy and
consist of nature, extent and timing of audit procedure and
rationale of their application
* Audit plan is procedure carried out to implement overall audit
strategy
Audit testing hierarchy referred to the overall decision approach
Audit testing hierarchy start with test of control and substantive
analytical procedures rather than substantive test of detail
Why?
This is because this approach is more efficient and more effective

More effective- auditor’s understanding and test of control will influence the
scope of substantive procedures and will enhance the ability of the auditor to
focus on areas where misstatement is more likely to be found. The more
effective the control, the less extensive substantive procedure and vice versa

More efficient-test of control and substantive analytical procedure are less costly
to perform than substantial audit procedures. Test of control and substantive
analytical procedure provide assurance on many assertion than substantive test
of detail

However, irrespective of the approach selected, the auditor designs and performs
substantive procedures for each material class of transactions, account
balance, and disclosure.
* Auditor should review nature and scope of audit plan with audit
committee
* Audit committee is a subcommittee from the BOD
* The primary objective of an audit committee is to assist the
BOD in fulfilling its responsibilities relating to accounting and
reporting practices of the company and enhance Corporate
Governance
* An effective audit committee is important in enhancing the
independence of the external and internal auditors by providing
a direct channel of communication between top management
and auditors
* All public listed companies are required by the Bursa Malaysia
Listing Requirements. S15.10 to set up the audit committee

* For companies that are not listed in Bursa Malaysia, they are
required under Malaysia Code of Corporate Governance
(a) Review the audit plan with the external auditor
(b) Review with the external auditor evaluation of the system of
internal controls
(c) Review with the external auditor on audit report
(d) Review the assistance given by the employees of the company to
the external auditor
(e) Review the adequacy of the scope, functions, competency and
resources of the internal audit functions
(f) Review the internal audit programme, processes, the results of the
internal audit programme, processes or investigation undertaken on
the recommendations of the internal audit functio
(g) Review the quarterly results and year end financial statements,
before the approval by the board of directors
(h) Recommend the nomination of a person as external auditor
Audit Sampling
*Sampling: examining less than 100% of items
in a population
*Population: all items within a class of
transactions
*Sampling plan: procedures to test a sample
*Attributes sampling: tests rate of deviation
from a prescribed control procedure
*Variables sampling: tests whether recorded
account balances are fairly stated

GBW 8th ed., Ch. 9 57

 Risk that auditor may unknowingly fail to modify opinion
on materially misstated financial statements
2 parts
* Risk that errors will occur: uncontrollable
* Inherent risk & control risk
* Risk that material errors will not be detected:
controllable
* Detection risk

GBW 8th ed., Ch. 9 58

 * Sampling risk
* Risk that sample may contain disproportionately
more/less error than exists in population
* Nonsampling risk
* Aspects of audit risk not attributable to sampling
such as human error

GBW 8th ed., Ch. 9 59

 * Apply the laws of probability to
* Design efficient sample
* Measure sufficiency of sample
* Evaluate sample results
* Measures sampling risk quantitatively

GBW 8th ed., Ch. 9 60

 * Relies exclusively on judgment to
* Determine sample size
* Evaluate sample results
Cannot measure sampling risk quantitatively

GBW 8th ed., Ch. 9 61

 * Choice based on relative costs & benefits
* Independent of audit procedures

GBW 8th ed., Ch. 9 62

 * Choice between statistical & nonstatistical
sampling based on
* Costs
* Effectiveness
* Need for quantitative estimate of sampling risk

GBW 8th ed., Ch. 9 63

 Used when
* No apparent need to quantify sampling risk
Cost of statistical sampling exceeds benefits
* Cost to select sampling units exceeds benefits

GBW 8th ed., Ch. 9 64

 * Requires
* Degree audit assurance
* Substantial, moderate, little
* Assurance factor
* Estimated tolerable error

GBW 8th ed., Ch. 9 65