Risk Assessment and Audit Plan

This document is to be used for each material account balance (balance sheet account), class of transaction (income
statement account), or disclosure that has been scoped in for audit procedures from Form 1570, Determine Material
Account balances, Classes of transactions, and Disclosure. Within this document you will assess and respond to risks
identified for the relevant material account balance, class of transaction or disclosure you are performing further audit
procedures on.

IF AN ACCOUNT BALANCE, CLASS OF TRANSACTION OR DISCLOSURE IS NOT CONSIDERED MATERIAL,

THIS RISK ASSESSMENT AND AUDIT PLAN DOCUMENT, TOGETHER WITH THE CORRESPONDING MODEL
AUDIT PROGRAM, NEED NOT BE COMPLETED, AND THEREFORE SHOULD BE DELETED FROM THE INDEX.

Perform the Risk Assessment and Audit Plan Guidance Show

We shall develop an audit plan that shall include a description of:

The nature, timing, and extent of planned risk assessment procedures
The nature, timing, and extent of planned further audit procedures at the assertion level
Other planned audit procedures that are required to be carried out so that the engagement complies with our audit
approach. [ISA 300.9] [2000.17]

We shall identify and assess the risk of material misstatement at:

The financial statement level
The assertion level for classes of transactions, account balances and disclosures to provide a basis for designing and
performing further audit procedures [ISA 315.25] [2800.01]

For this purpose, we shall:

Identify risks throughout the process of obtaining an understanding of the entity and its environment, including
relevant controls that relate to the risks, and by considering what can go wrong for the classes of transactions, account
balances, and disclosures in the financial statements
Assess the identified risks, and evaluate whether they relate more pervasively to the financial statements as a whole
and potentially affect many assertions
Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that we
intend to test
Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential
misstatement is of a magnitude that could result in a material misstatement. [ISA 315.26] [2800.02]

The risk assessment procedures shall include the following:

Inquiries of management and of others within the entity who in our judgment may have information that is likely to
assist in identifying risks of material misstatement due to fraud or error
Preliminary analytical procedures
Observation and inspection. [ISA 315.6] [G265.02]

Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to
base the audit opinion. [ISA 315.5] [G265.01]

In designing the further audit procedures to be performed, we shall:

Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each
class of transactions, account balance, and disclosure, including:
The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions,
account balance, or disclosure (i.e., the inherent risk)
Whether the risk assessment takes account of relevant controls (i.e., the control risk), thereby requiring us to obtain
audit evidence to determine whether the controls are operating effectively (i.e., we intend to rely on the operating
effectiveness of controls in determining the nature, timing and extent of substantive procedures)
Obtain more persuasive audit evidence the higher our assessment of risk. [ISA 330.7] [G275.09]

There is a risk of data loss when the material account balance, class of transaction, or disclosure is changed in the
question below.

Select the material account balance, class of transaction or disclosure:

Direct and deferred taxation

Document the considerations resulting from the partner-led discussion relating to planning the audit.

During our planning procedures, we have discussed

for all material accounts related to direct and deferre

The Planning && Scoping Resource Center

Show

The Planning && Scoping Resource Center

The Planning && Scoping Resource Center, available in Deloitte Resources, is primarily intended to support:

Effective implementation of the 2010 audit methodology changes, including illustrative guidance and example
flowcharts of risks and related
controls and audit procedures

Engagement teams in their planning and scoping activities, including a global repository of leading practices and tools

Requirements of the new group audit standard, ISA 600, Special Considerations-Audits of Group Financial
Statements (Including the Work
of Component Auditors)

To access the Planning && Scoping Resource Center, right-click and select Section Guidance.

IDENTIFY AND ASSESS RISKS AT THE ACCOUNT BALANCE, CLASS OF TRANSACTION

AND DISCLOSURE LEVEL

ANALYSIS OF THE ACCOUNT BALANCE, CLASS OF TRANSACTION OR DISCLOSURE

Consider the information gathered in planning regarding this account balance including any unusual or complex
transactions, not previously identified that may have an impact on the manner in which audit assurance is obtained.

CONSIDER FACTORS THAT MAY INCREASE THE RISK OF MISSTATEMENT

For each Material Account Balance, Class of Transaction or Disclosure, we need to consider whether factors exist that
may increase the risk of misstatement. This includes a consideration of whether there are conditions or events that
specifically increase the risk of fraud or error, as well as an assessment of the risk that fraud or error may cause the
Account Balance to contain material misstatements. We also inquire of appropriate levels of management about any
fraud or significant error that has been discovered.

Our research into the incidences of misstatement enables us to recognize factors that may increase the risk of
misstatement, and we use these factors to identify risks.

Risks identified should be entered in the risk identification table below.

The following points have been considered in assessing risk for this account balance, class of transaction or disclosure:

Whether the account balance:

1. Contains significant transactions with related parties
2. Has related deficiencies in internal control, especially those not addressed by management
3. Has changes in the related information technology environment
4. Has past misstatements, history of errors or a significant amount of adjustments at period end
5. Contains significant amount of non-routine or non-systematic transactions including intercompany transactions and
large revenue transactions at period end
6. Contains transactions that are recorded based on managements intent (e.g., debt refinancing, assets to be sold, and
classification of marketable securities)
7. Contains application of new accounting pronouncements
8. Contains accounting measurements that involve complex processes
9. Has events or transactions that involve significant measurement uncertainty, including accounting estimates
10. Has pending litigation and contingent liabilities (e.g., sales warranties, financial guarantees and environmental
remediation).
11. Contains transactions or events recording significant adjustments
12. Contains complex transactions or events for which we believe there is a high risk of error
For example, complex hedging transactions involving futures and options may indicate an increased risk in assessing
the valuation of long-term liabilities.
13. Contains transactions or events that are subject to an unusual degree of Management involvement or that produce
direct or indirect benefit to Management
14. Contains transactions or events that are outside the normal course of business for the Entity
For example, a finance lease for a major fixed asset in an entity that ordinarily purchases fixed assets.
15. Contains transactions or events that exhibit characteristics that raise concerns about the possibility of illegal
payments
16. Certain assets and liabilities may represent a risk of material Misstatement owing to their value and liquidity.
For example, if very large amounts of cash could be misappropriated and this fact is not detected on a timely basis,
we may identify a risk of material misstatement.
17. Has improper reconciliation and review between the general ledger accounts and supporting records. [Adapted from
2800.13 and .14]

Performed by:

RRT 11/24/2014

SIGNIFICANT MATTERS

Guidance

Show

Significant Matters are matters which are judged through objective analysis of the facts and circumstances to be
significant to the audit, like for example fraud, control deficiencies and non-compliance with laws or regulations.

Judging the significance of a matter requires an objective analysis of the facts and circumstances. Examples of
significant matters include:
Matters that give rise to significant risks
Results of audit procedures indicating either of the following:
o That the financial statements could be materially misstated
o A need to revise our previous assessment of the risks of material misstatement and our responses to those risks
Circumstances that cause us significant difficulty in applying necessary audit procedures
Findings that could result in a modification to the audit opinion or the inclusion of an Emphasis of Matter paragraph in
our audit report. [ISA 230.A8] [P020.15]

Significant matters and issues identified during the planning process should be captured within the risk tables below if
they give rise to risks. Otherwise, they should be documented in Form 1810, Audit Planning Memorandum.

IDENTIFIED RISKS

Document in the table below the risks and significant risks identified for the material account balance, class of
transaction or disclosure.

Irrespective of the assessed risks of material misstatement, we shall design and perform substantive procedures for
each material class of transactions, account balance, and disclosure. [ISA 330.18] [G085.01] If no risks are identified,
revisit the conclusions reached in Form 1570, Determine Material Classes of Transactions, Account Balances and
Disclosures, to ensure the class of transactions, account balance, or disclosure is material. If there are no risks
identified, enter No risks below to be able to document procedures to be performed.

Identify risks for the material account balance, class of transaction, or disclosure
Tax provision is misstated because:
- Some non-taxable revenue has been incorrectly classified as taxable or was included at an incorrect amount.
- Some tax deductible expenses have been incorrectly classified as non-tax deductible or were included at an incorrect amount.
- Some non-tax deductible expenses have been incorrectly classified as tax deductible or were included at an incorrect amount.

- Some taxable revenue has been incorrectly classified as nontaxable or was included at an incorrect amount.

Tax provision is misstated becauseadditional tax assessed by the Ministry of Tax (whether paid or not) has not been recorded or has
Transactions with a deferred income tax impact are not considered when calculating deferred tax balances.
Deferred tax calculations, or supporting schedules/information, include mathematical errors.

With respect to each identified risk, we shall:

1) Evaluate whether the information obtained from the risk assessment procedures and related activities performed
indicates that there is one or more risks of material misstatement due to fraud.
2) Determine whether any of the risks identified are, in our judgment, a significant risk. In exercising this judgment, we
shall exclude the effects of identified controls related to the risk. [Adapted from 2810.01]

Guidance

Show

Fraud Risk Factors

While fraud risk factors may not necessarily indicate the existence of fraud, they have often been present in
circumstances where fraud has occurred and therefore may indicate risks of material misstatement due to fraud.
[Adapted from G525.01]

See Topic G525 in the Deloitte Audit Approach Manual for additional guidance related to fraud risk factors.

Significant Risks

As part of our risk assessment, we shall determine whether any of the risks identified are, in our judgment, a significant
risk. In exercising this judgment, we shall exclude the effects of identified controls related to the risk. [Adapted from
2810.01]

In exercising judgment as to which risks are significant risks, we shall consider at least the following:
Whether the risk is a risk of fraud
Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires
specific attention
The complexity of transactions
Whether the risk involves significant transactions with related parties

 The degree of subjectivity in the measurement of financial information related to the risk, especially those
measurements involving a wide range of measurement uncertainty
Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that
otherwise appear to be unusual. [ISA 315.28] [2810.02]

Accounting Estimates

We shall determine whether, in our judgment, any of those accounting estimates that have been identified as having high
estimation uncertainty give rise to significant risks. [ISA 540.11] [5820.04]

Related Party Relationships and Transactions

In determining whether risks associated with related party relationships and transactions are significant risks, give
consideration to the following:
Significant related party transactions outside the entitys normal course of business shall be treated as giving rise to
significant risks. [Adapted from G390.01]
Fraud risk factors identified when performing the risk assessment procedures and related activities in connection with
related parties (including circumstances relating to the existence of a related party with dominant influence) [ISA 550.19]
[Adapted from G390.02]

Management Override of Controls

Management is in a unique position to perpetrate fraud because of managements ability to manipulate accounting
records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating
effectively. Although the level of risk of management override of controls will vary from entity to entity, the risk is
nevertheless present in all entities. Due to the unpredictable way in which such override could occur, it is a risk of
material misstatement due to fraud and thus a significant risk. [ISA 240.31] [G535.01]

There is a risk of data loss when the classification of the risk is changed within the table below.

Risks Identified

Risk of material
misstatement due to
fraud?

Classification of risk

(Y/N)

Tax provision is misstated because:

- Some non-taxable revenue has been incorrectly classified as taxable or was
included at an incorrect amount.
- Some tax deductible expenses have been incorrectly classified as non-tax
deductible or were included at an incorrect amount.

No

Risk

- Some non-tax deductible expenses have been incorrectly classified as tax

deductible or were included at an incorrect amount.
- Some taxable revenue has been incorrectly classified as nontaxable or was
included at an incorrect amount.
Tax provision is misstated becauseadditional tax assessed by the Ministry of No
Tax (whether paid or not) has not been recorded or has been recorded at an
incorrect amount.

Risk

Transactions with a deferred income tax impact are not considered when
calculating deferred tax balances.

No

Risk

Deferred tax calculations, or supporting schedules/information, include

mathematical errors.

No

Risk

Assess the risk of material misstatement at the assertion level for the account balance, class of transaction, or
disclosure

Assess the risk at the assertion level for the account balance, class of transaction or disclosure so as to provide a basis
for performing further audit procedures.

Note that all assertions related to the same identified risk should be entered on the same cell.

Risks Identified

Risk of material misstatement Classification of risk

due to fraud?

Re

Tax provision is misstated because:

No

As

Risk

- Some non-taxable revenue has been incorrectly classified as taxable or

was included at an incorrect amount.

Ex

Va

- Some tax deductible expenses have been incorrectly classified as nontax deductible or were included at an incorrect amount.
- Some non-tax deductible expenses have been incorrectly classified as
tax deductible or were included at an incorrect amount.

Ex

- Some taxable revenue has been incorrectly classified as nontaxable or

was included at an incorrect amount.

Oc

Ac
Tax provision is misstated becauseadditional tax assessed by the Ministry No
of Tax (whether paid or not) has not been recorded or has been recorded
at an incorrect amount.

Risk

As

Va

Co

Rig

Ex

Oc

Ac

Co
Transactions with a deferred income tax impact are not considered when No
calculating deferred tax balances.

Risk

As

Co

Ex

Co
Deferred tax calculations, or supporting schedules/information, include
mathematical errors.

No

Risk

As

Va

Ex

Ac

Assertions

Show

The definition of the following assertions can be found in Form 0020 Assertions or in Topic G285 of the Deloitte Audit
Approach Manual.

Classes of transactions and events:

Occurrence
Completeness
Accuracy
Cutoff
Classification

Account balances:

Existence
Rights and obligations

Completeness
Valuation and allocation

Presentation and disclosure:

Occurrence and rights and obligations

Completeness
Classification and understandability
Accuracy and valuation

Consider which assertions would be applicable to the account balance, classes of transaction, or disclosure and review
the table above to determine whether your risk assessment is complete. Additional risks and assertions can be added as
needed to the tables above. If certain assertions have been determined to not be relevant, consider documenting the
basis for that assessment below.

The assertions subjected for testing for every account is

identified risk(s) which is associated with an account bala
The identified risk(s) related to the account balance and/
necessarily cover all assertions. Hence only the applicab
the identified risk was subjected for testing that will addre

CONTROL AND SUBSTANTIVE PROCEDURES PLAN TO ADDRESS RISKS IDENTIFIED

We should design control and substantive procedures to address the risks identified related to each relevant assertion
for the account balance, class of transaction or disclosure. Such substantive procedures should depend on (1) whether
we have identified a significant risk and (2) whether we plan to rely on controls.

If this account has been identified as relying on information that is produced by a service organization, please consider
the results listed below when planning your controls and substantive testing procedures.

Name(s) and Location of Service Organization(s) Description of portion(s) of the Business Process and Plan to test D&&I
Information Systems performed by this Service
Organization

RISKS

Evaluation o

In the section below, we will document our planned controls and substantive testing procedures to address the identified
risks related to account balances, classes of transactions, and disclosures, other than the significant risks addressed
above.

Note: The tables below will be summarized in the relevant Model Audit Program (5X30) for control and substantive
testing procedures.

Controls Testing Plan

Risk Controls Testing Plan Guidance

Show

We shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating
effectiveness of relevant controls if:
Our assessment of risks of material misstatement at the assertion level includes an expectation that the controls are
operating effectively (i.e., we intend to rely on the operating effectiveness of controls in determining the nature, timing
and extent of substantive procedures); or
Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level. [ISA 330.8]
[4100.01]

In designing and performing tests of controls, we shall obtain more persuasive audit evidence the greater the reliance we
place on the effectiveness of a control. [ISA 330.9] [4100.07]

With respect to some risks, we may judge that it is not possible or practicable to obtain sufficient appropriate audit
evidence only from substantive procedures. Such risks may relate to the inaccurate or incomplete recording of routine
and significant classes of transactions or account balances, the characteristics of which often permit highly automated
processing with little or no manual intervention. In such cases, the entitys controls over such risks are relevant to the
audit and we shall obtain an understanding of them. [ISA 315.30] [G280.01]

Risks Identified

Relevant Assertion

Tax provision is misstated because:

Asset/Liability:

- Some non-taxable revenue has been incorrectly classified as taxable or was included at an
incorrect amount.

Existence

- Some tax deductible expenses have been incorrectly classified as non-tax deductible or were

Valuation and allocation

included at an incorrect amount.

- Some non-tax deductible expenses have been incorrectly classified as tax deductible or were
included at an incorrect amount.
- Some taxable revenue has been incorrectly classified as nontaxable or was included at an
incorrect amount.

Expense:
Occurence
Accuracy

Tax provision is misstated becauseadditional tax assessed by the Ministry of Tax (whether paid or Asset/Liability:
not) has not been recorded or has been recorded at an incorrect amount.
Valuation and allocation
Completeness
Rights and obligation

Expense:
Occurence
Accuracy
Completeness
Transactions with a deferred income tax impact are not considered when calculating deferred tax Asset/Liability:
balances.
Completeness

Expense:
Completeness
Deferred tax calculations, or supporting schedules/information, include mathematical errors.

Asset/Liability:
Valuation and allocation

Expense:
Accuracy

Reliance on Audit Evidence about Operating Effectiveness obtained in Previous Audits

In determining whether it is appropriate to use audit evidence about the operating effectiveness of controls obtained in
previous audits and, if so, the length of the time period that may elapse before retesting a control, we shall consider the
following:
The effectiveness of other elements of internal control, including the control environment, the entitys monitoring of
controls, and the entitys risk assessment process

 The risks arising from the characteristics of the control, including whether it is manual or automated
The effectiveness of general IT- controls
The effectiveness of the control and its application by the entity, including the nature and extent of deviations in the
application of the control noted in previous audits, and whether there have been personnel changes that significantly
affect the application of the control
Whether the lack of a change in a particular control poses a risk due to changing circumstances
The risks of material misstatement and the extent of reliance on the control. [ISA 330.13] [4100.11]

If we plan to use audit evidence from a previous audit about the operating effectiveness of specific controls, we shall
establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in
those controls have occurred subsequent to the previous audit. We shall obtain this evidence by performing inquiry
combined with observation or inspection, to confirm the understanding of those specific controls, and:
If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, we shall
test the controls in the current audit.
If there have not been such changes, we shall test the controls at least once in every third audit and shall test some
controls each audit to avoid the possibility of testing all the controls on which we intend to rely in a single audit period
with no testing of controls in the subsequent two audit periods. [ISA 330.14] [4100.14]

Accounting Estimates

In responding to an assessed risk of material misstatement related to accounting estimates, we may determine it
appropriate to test the operating effectiveness of the controls over how management made the accounting estimate,
together with appropriate substantive procedures.

Rollforward Procedures

If we obtain audit evidence about the operating effectiveness of controls during an interim period, we shall:
Obtain audit evidence about significant changes to those controls subsequent to the interim period
Determine the additional audit evidence to be obtained for the remaining period. [ISA 330.12] [G720.02]

Automated Controls

An automated control can be expected to function consistently unless the program (including the tables, files, or other
permanent data used by the program) is changed. Once we determine that an automated control is functioning as
intended, which could be done at the time the control is initially implemented or at some other date, we may consider
performing tests to determine that the control continues to function effectively. Such tests might include determining that:
Changes to the program are not made without being subject to the appropriate program change controls
The authorized version of the program is used for processing transactions

 Other relevant general controls are effective. [ISA 330.A29][4200.25]

Audit Evidence about the accuracy and completeness of Information produced by the entity obtained through
testing of automated controls

When using information produced by the entity we shall evaluate whether the information is sufficiently reliable for our
purposes, including as necessary in the circumstances:
Obtaining audit evidence about the accuracy and completeness of the information
Evaluating whether the information is sufficiently precise and detailed for our purposes [ISA 500.9] [G510.11].

In some circumstances, we may conclude that high-level Controls are not dependent on information produced by the
entity.

For example, a high-level Control might be that the Controller reviews the biweekly payroll expense for all 40 salaried
employees, using a system-generated report. The Controller bases his review of the payroll expense on his prior
knowledge of the biweekly expense, his knowledge of the changes in the number and composition of the workforce, his
experience with the budgeting process relating to salary expense, and his knowledge of salary adjustments and bonuses
that have occurred during the period. In this case, the Controllers expectation of the biweekly payroll expense is
developed without using the system-generated report, and consequently, we might conclude that it is not necessary to
perform procedures to test the accuracy and completeness of the system-generated report in order to test the
effectiveness of this Control. [2460.23]

Substantive Procedures

Substantive Testing Plan Guidance

Show

We shall incorporate the following considerations in the design of substantive procedures:

The nature, timing, and extent of substantive procedures are based on and are responsive to the assessed risks of
material misstatement due to fraud and error at the assertion level. [ISA 330.6 and ISA 240.30] [Adapted from G275.02]
Audit procedures should be appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit
evidence. [ISA 500.6] [Adapted from G260.01]

Rollforward Procedures

If substantive procedures are performed at an interim date, we shall cover the remaining period by performing:
Substantive procedures, combined with tests of controls for the intervening period, or
If we determine that it is sufficient, further substantive procedures only
that provide a reasonable basis for extending the audit conclusions from the interim date to the period end. [ISA 330.22]
[G720.05]

Accounting Estimates

Based on the assessed risks of material misstatement, we shall determine:

Whether management has appropriately applied the requirements of the applicable financial reporting framework
relevant to the accounting estimate
Whether the methods for making the accounting estimates are appropriate and have been applied consistently, and
whether changes, if any, in accounting estimates or in the method for making them from the prior period are appropriate
in the circumstances. [ISA 540.12] [5830.1]

In responding to the assessed risks of material misstatement we shall undertake one or more of the following, taking
account of the nature of the accounting estimate:
Determine whether events occurring up to the date of our audit report provide audit evidence regarding the
accounting estimate [5840]
Test how management made the accounting estimate and the data on which it is based. In doing so, we shall evaluate
the appropriateness of the method of measurement and the reasonableness of assumptions used by management
[5850]
Test the operating effectiveness of the controls over how management made the accounting estimate, together with
appropriate substantive procedures (5860)
Develop a point estimate or a range to evaluate managements point estimate [5870] [ISA 540.13] [Adapted from
5830.09]

Consider whether specialized skills or knowledge in relation to one or more aspects of the accounting estimates are
required in order to obtain sufficient appropriate audit evidence. [ISA 540.14] [Adapted from 5830.12]

Risk of Management Override of Controls

Irrespective of our assessment of the risks of management override of controls, we shall design and perform audit
procedures to:
Review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent
a risk of material misstatement due to fraud. In performing this review, we shall:

o Evaluate whether the judgments and decisions made by management in making the accounting estimates included
in the financial statements, even if they are individually reasonable, indicate a possible bias on the part of the entitys
management that may represent a risk of material misstatement due to fraud. If so, we shall reevaluate the accounting
estimates taken as a whole
o Perform a retrospective review of management judgments and assumptions related to significant accounting
estimates reflected in the financial statements of the prior year.
For significant transactions that are outside the normal course of business for the entity, or that otherwise appear to
be unusual given our understanding of the entity and its environment and other information obtained during the audit, we
shall evaluate whether the business rationale (or the lack thereof) of the transactions suggests that they may have been
entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets. [ISA 240.32] [Excerpt
from G535.03]

We shall determine whether, in order to respond to the identified risks of management override of controls, we need to
perform other audit procedures in addition to those outlined above (i.e., when there are specific additional risks of
management override that are not covered as part of the procedures performed to address the requirements in
G535.03). [ISA 240.33] [G535.12]

Related Party Transactions

For identified significant related party transactions outside the entitys normal course of business, we shall:
Inspect the underlying contracts or agreements, if any, and evaluate whether:
The business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage
in fraudulent financial reporting or to conceal misappropriation of assets
The terms of the transactions are consistent with managements explanations
The transactions have been appropriately accounted for and disclosed in accordance with the applicable financial
reporting framework
Obtain audit evidence that the transactions have been appropriately authorized and approved. [ISA 550.23] [G395.11]

If management has made an assertion in the financial statements to the effect that a related party transaction was
conducted on terms equivalent to those prevailing in an arms length transaction, we shall obtain sufficient appropriate
audit evidence about the assertion. [ISA 550.24] [G395.15]

Instructions

Document our planned substantive responses to risks, which should include the nature, timing, and extent of the
procedures to be performed, giving consideration to the following:
If the planned procedure will rely on information produced by the entity (IPE) and we will be obtaining audit evidence
about the accuracy and completeness of the IPE through testing of automated control procedures select Yes for Audit
Evidence about the accuracy and completeness of IPE obtained through testing of automated controls. This information
will flow to Form 158X-IT, Audit Plan for Information Systems, where our planned procedures for the related Application
Systems and IT Environment should be documented. If we are obtaining audit evidence about the accuracy and

completeness of IPE through substantive procedures or manual controls then select No and document the planned
testing of IPE (including the name of the report) within the substantive testing or control procedures tables (as
appropriate).
If the planned procedure does not rely on IPE then select No for audit evidence about the accuracy and
completeness of the IPE through testing of automated controls.
If the results of our D&&I or OE of the Information Systems as documented at Form 158x-IT, Audit Plan for Information
Systems, impacts the extent of any substantive or control testing of the accuracy and completeness of IPE. For example,
if we substantively test a report produced by an Application System which is found to have a significant deficiency in
controls, we may need to modify the nature, timing or extent of our testing of that report.
If our response to risks includes procedures to be performed at interim, the planned procedures should describe both
the interim and rollforward procedures.
The planned control reliance strategy should be considered when determining the extent of testing.

Examples of substantive procedures can be inserted in the table by using the Insert from database function.

Identified risks for which we do not plan to rely on controls

Risks Identified

Relevant Assertion

Plan to rely on prior Plan

period controls
curr
testing
(Y/N

Tax provision is misstated because:

Asset/Liability:

No

No

No

No

- Some non-taxable revenue has been incorrectly classified as Existence

taxable or was included at an incorrect amount.
Valuation and
- Some tax deductible expenses have been incorrectly
allocation
classified as non-tax deductible or were included at an
incorrect amount.
- Some non-tax deductible expenses have been incorrectly
classified as tax deductible or were included at an incorrect
amount.
- Some taxable revenue has been incorrectly classified as
nontaxable or was included at an incorrect amount.

Expense:
Occurence
Accuracy

Tax provision is misstated becauseadditional tax assessed by Asset/Liability:

the Ministry of Tax (whether paid or not) has not been recorded
Valuation and
or has been recorded at an incorrect amount.
allocation
Completeness
Rights and
obligation

Expense:
Occurence
Accuracy
Completeness
Transactions with a deferred income tax impact are not
considered when calculating deferred tax balances.

Asset/Liability:

No

No

No

No

Completeness

Expense:
Completeness

Deferred tax calculations, or supporting schedules/information, Asset/Liability:

include mathematical errors.
Valuation and
allocation

Expense:
Accuracy

For SAS Use Only

Significant risks with no IT involvement

Significant Risks Identified

Relevant Assertion

Automated

Audit Evidence
about the
accuracy and
completeness of
IPE obtained
through testing of
automated
controls

Risks with no IT involvement

Risks Identified

Relevant Assertion

Auto-

Audit Evidence
about the
accuracy and

mated

completeness of
IPE obtained
through testing of
automated
controls

Non-IT Substantive Procedures (Significant Risks)

Significant Risks Identified

Relevant Assertion

Plan to test OE in current

period

Non-IT Substantive Procedures (Risks) - CRS

Risks Identified

Relevant Assertion

Plan to test OE in
current period

Description of planned substantive testing procedur

Risks Identified

Relevant Assertion

Plan to test OE in
current period

Description of planned substantive testing procedur

Tax provision is misstated because:

Asset/Liability:

No

Taxation 01

- Some non-taxable revenue has been incorrectly

classified as taxable or was included at an incorrect
amount.

Existence

Non-IT Substantive Procedures (Risks) - No CRS

- Some tax deductible expenses have been incorrectly

classified as non-tax deductible or were included at an
incorrect amount.

1. Obtain the tax calculation as prepared by the clie

computed as per Income Tax Laws of Oman. Check

Valuation and
allocation

2. Check also whether the any tax assessments are

3. Trace that the amounts (allowable/disallowed exp

- Some non-tax deductible expenses have been
incorrectly classified as tax deductible or were included
at an incorrect amount.
- Some taxable revenue has been incorrectly classified
as nontaxable or was included at an incorrect amount.

3. Reperform the computations and compare with c

Expense:
Occurence
Accuracy

Tax provision is misstated becauseadditional tax

assessed by the Ministry of Tax (whether paid or not)
has not been recorded or has been recorded at an
incorrect amount.

Asset/Liability:
Valuation and
allocation
Completeness
Rights and
obligation

No

Taxation 01

1. Obtain the tax calculation as prepared by the clie

computed as per Income Tax Laws of Oman. Check

2. Check also whether the any tax assessments are

3. Tace that the amounts (allowable/disallowed expe

3. Reperform the computations and compare with c

Expense:
Occurence
Accuracy
Completeness
Transactions with a deferred income tax impact are not
considered when calculating deferred tax balances.

Asset/Liability:

No

Taxation 01

Completeness

1. Obtain the tax calculation as prepared by the clie

computed as per Income Tax Laws of Oman. Check

2. Check also whether the any tax assessments are

Expense:

3. Tace that the amounts (allowable/disallowed expe

Completeness
Deferred tax calculations, or supporting
schedules/information, include mathematical errors.

Asset/Liability:
Valuation and
allocation

3. Reperform the computations and compare with c

No

Taxation 01

1. Obtain the tax calculation as prepared by the clie

computed as per Income Tax Laws of Oman. Check

2. Check also whether the any tax assessments are

Expense:

3. Tace that the amounts (allowable/disallowed expe

Accuracy

3. Reperform the computations and compare with c