Audit Planning


Audit planning tools used to guide and
direct audit work are classified as
 preliminary risk assessment,
 preliminary materiality decisions,
 preliminary analytical procedures, and
 audit programs
The Audit Risk Model

Audit risk is the probability that an
auditor will give an inappropriate
opinion on financial statements. The
auditing profession has no official
standard for an acceptable level of
overall audit risk, except that it should
be “acceptably low.”
The Audit Risk Model (Client)

Inherent risk is the probability that material
misstatements have occurred in transactions
entering the accounting system used to prepare
financial statements.

Control risk is the probability that the client's
internal control system will fail to detect material
misstatements. Control risk should not be
assessed so low that complete reliance is on
controls and no other audit work is performed.
The Audit Risk Model
(Auditor)

Detection risk is the probability that
audit procedures will fail to produce
evidence of material misstatements.

Detection risk is realized when
substantive procedures fail to detect
material misstatements.

Substantive procedures include
 audit of the details of transactions or
balances, and
 analytical procedures.
The Audit Risk Model

Audit risk can be expressed in the
following model which assumes the
elements to be independent:
 Audit risk (AR) = Inherent risk (IR) x
Control risk (CR) x Detection risk
(DR).
The Audit Risk Model

DR = (Detection risk)

AR (Audit risk)

(IR x CR) (Inherent risk x
Control risk)
Preliminary Assessment of
Planning Materiality


Materiality is considered to be the
largest amount of uncorrected dollar
misstatement that could exist in
published financial statements, yet still
be fairly presented in conformity with
GAAP (i.e., not misleading).
Planning Materiality

Some of the common factors auditors
use in making judgment are
 absolute size,
 relative size,
 nature of the item or issue,
 circumstances,
 uncertainty, and
 cumulative effects.
Assignment of Materiality

Bottoms-up approach—judging
materiality amounts in each account
separately, then combining them to
determine the overall effect.

Top-down approach—judging an
overall material amount for the
financial statements and then
allocating it to particular accounts.
Planning Materiality


The concept of materiality is used by
auditors as a guide
 to planning the audit program,
 to evaluation of the evidence, and
 for making decisions about the audit
report.
Preliminary Analytical
Procedures

Analytical procedures must be applied
in the beginning stages of each audit.

Preliminary analytical procedures are
primarily attention directing.
 Preliminary Analytical
Procedures

Five general types of procedures for analysis of
current year account balance are as follows:
 Compare to balances for one or more comparable
periods.
 Compare to anticipated results (budget and
forecasts).
 Evaluate relationships to other current-year
balances for conformity with predictable patterns.
 Compare with similar industry information.
 Study relationships with relevant non–financial
information.
 Planning Memorandum


It provides a summary of the preliminary
analytical procedures and the materiality
assessment with specific directions about the
effect on the audit.

It is used to prepare an audit program.

An audit program is a specification of
procedures that auditors use to guide the work
of inherent and control risk assessment and to
obtain sufficient competent evidence that
serves as a basis for the audit report.
 Audit Programs

An internal control program contains
procedures to obtain an understanding of the
client's business and management's control
structure, and for assessing the inherent and
control risk.

A balance-audit program contains substantive
procedures for gathering direct evidence about
the five assertions about dollar amounts in the
account balances
Internal Control Evaluation: Assessing
Control Risk


The Second Standard of Field Work
 A sufficient understanding of the internal control structure
is to be obtained to plan the audit and to determine the
nature, timing, and extent of tests to be performed.
 How will the auditor's understanding of the internal
control structure influence the nature, timing, and extent
of audit tests?
 The Audit Risk Model (Assessment of Control Risk)
AR = IR x CR x DR
Competence of Evidential Matter (AU326.19b.):
The more effective the internal control structure, the more
assurance it provides about the reliability of the
accounting data and financial statements.
 The COSO Report
 In 1992, the Committee of Sponsoring Organizations of
the Treadway Commission (COSO) produced a report
titled Internal Control—Integrated Framework.
 Definition. The COSO report defines internal control as a
process designed to provide reasonable assurance that
objectives are achieved in three areas.
 Effectiveness and efficiency of operations.
 Reliability of financial reporting.
 Compliance with applicable laws and regulations.
 Fundamental Concepts.

The COSO report identifies four fundamental
concepts.
 Internal control is a process to achieve objectives.
 People establish objectives, implement controls,
and operate controls.
 Internal control provides reasonable assurance,
not absolute assurance, that control objectives will
be achieved.
 Internal control is designed to achieve objectives,
as described above.
Internal Control
Components.

Control environment

Risk assessment

Control activities

Control monitoring

Control information and
communication
Management versus Auditor
Responsibility

Management is responsible for establishing and
maintaining components of the entity's internal
control.

External and internal auditors are responsible
for evaluating existing internal controls and
assessing the related control risk.
General Categories of Internal Control Errors,
Irregularities, and Misstatements


Invalid transactions are recorded (validity).

Valid transactions are omitted from the accounts
(completeness).

Unauthorized transactions are executed and recorded
(authorization).

Transaction amounts are inaccurate (accuracy).

Transactions are classified in the wrong accounts
(classification).

Transaction accounting and posting is incorrect
(accounting/posting).
Transactions are recorded in the wrong period (proper
period).
 Internal Control Deficiencies

Reportable Conditions
 Reportable conditions represent significant deficiencies in
the design or operation of the internal controls that could
adversely affect the organization's ability to record, process,
summarize, and report financial data in the financial
statements. (AU32)

Material Weaknesses.
 A material weakness in internal control, which is a more
serious reportable condition, is a condition in which internal
controls do not adequately lower the risk level of material
errors in the financial statements and may not be found on a
timely basis by employees of the entity. (AU325)
 The Auditor’s
Evaluation Process
 Understand a client's financial
reporting controls.
 Document the understanding.
 Assess the control risk.
 Use the control risk assessment to plan
remaining audit work.
 Control Objectives

Validity. Ensure that recorded transactions are the ones that should
have been recorded.

Completeness. Ensure that valid transactions are not omitted entirely
from the accounting records.

Authorization. Ensure that transactions are approved before they are
recorded.

Accuracy. Ensure that dollar amounts are figured correctly.

Classification. Ensure that transactions are recorded in the right
accounts.

Accounting and Posting. Ensure that the accounting process for a
transaction is completely performed and in conformity with GAAP.

Proper period. Ensure that transactions are accounted for in the period
in which they occur.
General Control Activities

Capable personnel.

Segregation of responsibilities.

Authorization to execute transactions,

Recording transactions,

Custody of assets involved in the
transactions, and

Periodic reconciliation of existing assets
to recorded amounts.

Controlled access.

Periodic comparison.
Segregation of Technical Responsibilities
and Application Controls

Phases of a Control Evaluation
 Phase 1: Understanding the Internal Control.
 Phase 1: Documentation of the Control Structure
Elements.
 Phase 2: Assess the Control Risk (Preliminary).
 Phase 3: Perform Test of Controls Audit Procedures.
 Tests of control procedures are performed.
 Direction of the test.
 Phase 4: Assess the Control Risk.
Control Evaluation and
Cost/Benefit


Revenue and
Collection Cycle
Revenue and Collection Cycle:
Typical Activities

Receiving and processing service
requests.

Delivering services to agencies and the
public.

Billing entities or agencies and
accounting for accounts receivable.

Collecting and depositing cash
received from all sources.

Reconciling bank statements.
Cash Receipts and Cash Balances

Authorization:
Approving adjustments or cancellation of indebtednes

Custody:
Control and custody of the physical cash.

Recording:
Accountants who record cash receipts and credit
individual accounts should not handle the cash.

Periodic Reconciliation:
Bank accounts should be reconciled carefully.
Audit Evidence in Management
Reports and Data Files

Receipts received but not posted to Master File.
Contains payment transactions started but not
completed.

Fine and Fee structure.
File of fees mandated by the State, County or
Judicial Order.

Receipt Detail File.
Contains detailed receipt entries.
Audit Evidence in Management
Reports and Data Files

Receipts Analysis Reports.
 Various receipt analyses, for example, by
fee type or by section, division or
department.

Accounts Receivable Aged Trial Balance
(each office should have one if they are due
funds).
List of balances owed by individual or
agency including aging information.
Control Risk Assessment

General Control Considerations.
Proper segregation of responsibilities for
authorization, custody, recording and
reconciliation.

Persons who handle cash should be insured
under a fidelity bond.

Provide for detail error-checking activities.

Information about the control system can be
gathered by an internal control questionnaire, a
“walk-through” or a “sample of one.”
Detail Test of Controls
Audit Procedures
 The general control objectives
(validity, completeness,
authorization, accuracy,
classification, accounting and
posting, and proper period
recording) must be related to the
revenue cycle activities.
Detail Test of Controls Audit
Procedures

Detail tests of control procedures include
 identification of the data population from which
a sample will be selected for audit, and
 the action to be taken to produce relevant
evidence (the action involves vouching, tracing,
observing, scanning, and recalculation).

Test of controls audit procedures can be used
to audit the accounting transactions in two
directions:
 Completeness
 Validity.
 Control Risk
Assessment (completed)

 Summary: Control Risk Assessment

and the Audit Risk Model
AR = IR x CR x DR
Substantive Testing

Existence/Occurrence

Completeness

Valuation

Rights/Obligations

Presentation and Disclosure

Confirmations
Confirmation of Cash and
Receivable Balances


Auditors use a standard bank
confirmation form approved by
AICPA, ABA, and BAI.
Confirmation of Accounts
and Notes Receivable


Positive confirmation

Negative confirmation
 Confirmation
Evidence Issues

Assertions

Negative v. Positive

Respondent

Facsimile responses (faxes)

Alternative Procedures
 Bank Reconciliations

Accounts Receivable Lapping
 Lapping is the process whereby an employee takes
receipts and attempts to cover up by using later
receipts to credit accounts of customers from which
receipts were taken.

Check Kiting
 Check kiting is the practice of building up apparent
balances in one bank account based on uncollected
checks drawn against similar accounts in other
banks.
Bank Reconciliations

 Proof of Cash
The “proof of cash” is a reconciliation in
which the bank balance, the bank report
of cash deposited, and the bank report of
cash paid are all reconciled to the client's
general ledger.