Audit chp 5

Planning, understanding the entity and evaluating business risk

Understand client starts with >> Client acceptance and continuance

• APES 320 and ASQC 1 (ISQC1) require an audit firm, as part of its quality control, to establish policies for:

– investigating potential clients & acceptance of an engagement

– periodically reviewing continuance of clients.

• important as audit firm want to

– avoid association with client whose management lacks integrity

– avoid au-client relationship lack independence

Steps in accepting an audit

Obtain new client > obtain ethical clearance from previous au’ > evaluate integrity of mgmt. > evaluate
independence > assess technical competence to perform au’ > decide to accept > prepare engagement letter >
evaluate exiting client on an ongoing basis

Obtaining clients

• Advertising, publicity and solicitation are permitted provided they are not false, misleading, deceptive or
otherwise reflect adversely on the profession. Au should not

• make exaggerated claims for services offered, qualification/experience

• Make disparaging references/unsubstantial comparison to others work

• Falsely advertise/ mislead potential client

• Can approach client personally/ through mail to make known of services offered, follow up communication
terminate if client request, or else considered harassment

• Competing for prospective clients through tenders is quite common

• Tendering: calling by au client for competitive bids for au appointments

• Subject au to undue pressure becos of cost of au examination, ability to conduct necessary au

procedure, impact of low balling, whr firm bid unreasonably low fee to win the tender

• Au should be aware of increased au risk & hidden costs associated with chg of client as result of
tendering process, eg.loss of au continuity & extensive knowledge of client biz & personnel

• Tender that au firm submit must reflect prof skills, knowledge & responsibility req for au work

• Tendering also leds in audit efficiency, as au have to implement more efficient au tech

• Q and independence key selection criteria in tendering procedure

• Auditors should be careful of audit clients that are opinion shopping

• Audit client inviting another firm of acc to offer a second opinion on a disagreement the client’s
management has with the au over a proposed acc treatment

Acceptance and continuance evaluation procedures

• Procedures carried out before accepting a new client/ continuing with an existing client include:

– Obtaining & reviewing available financial information regarding client

– Making inquiries of third parties such as clients’ solicitors & bankers concerning client integrity
Audit chp 5
Planning, understanding the entity and evaluating business risk

– Communicating with previous auditor

– Evaluating the firm’s independence & ability to serve the client, including technical skills and
knowledge of industry and personnel; and

– Ensuring accepting engagement will not violate the Code of Ethics.

Communication with previous auditor

• ensure interests of shareholders, the incoming auditor and existing auditor are protected.

• allows the existing auditor to advise the prospective auditor of any professional matters they should be
aware of before accepting the engagement.

• APES 110 requires that:

– The nominated incoming auditor should request the client’s permission to communicate with
previous auditor

– If client refuses permission, normally decline nomination

– If permission granted, the nominated auditor asks the previous auditor in writing for all information
necessary to decide whether nomination be accepted. (in absent of client permission, previous au
should not volunteer the infor, but if does provide infor, should be provided honestly &
unambiguously)

– If proposed au unable communicate with previous au, try to obtain infor abt possible threat by other
means, eg. Enquiries of 3rd parties/background investigation on senior mgmt. & those in chrg with
the governance of prospective client)

Engagement letters

= letter that doc & confirms the au acceptance of appointment, obj & scope of audit, extent of au
responsibilities to the entity & form of any report

• Form & content of au engagement letter vary for each client

• After accepting appointment, ASA 210/ISA 210 requires auditor and entity to agree on terms of engagement.

• Engagement letters are from the auditor to the client that document the arrangements and confirm the
auditor’s acceptance of the appointment, and should include:

– Objectives and scope of audit

– Responsibility of management for financial report

– Form of any reports

– An explanation of the extent to which an audit can be relied upon to detect material misstatement

– Auditor’s right of unrestricted access to records, documents and other information necessary to
complete audit.

– Other matters that could be included are:

• Specification of the schedules to be prepared by client

• Arrangement concerning involvement of another au, expert or internal au

• Method & frequency of billings of fees

Audit chp 5
Planning, understanding the entity and evaluating business risk

Audit planning
• Audit planning standard is ASA 300 (ISA 300).

• Adequate audit planning involves obtaining an understanding of entity’s biz operations & risks, and
developing an overall au strategy and a detailed au plan/au program.

• It assists the auditor to:

– Devote appropriate attention to important areas of the audit

– Identify and resolve potential problems on a timely basis

– Organise and manage the audit engagement efficiently and effectively

– Select a capable and competent engagement team

– Direct and supervise engagement team members and review their work

– Coordinate work to be done by auditors of components and experts.

The nature of audit planning

• The planning stage is a very important stage of the audit, and has two aspects:

1. Audit strategy: sets scope, direction and timing of audit, and guides the more detailed audit
plan/program.

• Help ensure that imp and potential risk areas of au are given appropriate attention,
and that prob are identified & dealt with

2. Audit plan and audit program: sets nature, timing and extent of audit procedures.

Major steps in the audit process

• In every audit of a FR there are seven identifiable stages.

1. Understanding the entity and its environment

2. Understanding internal controls

3. Assessing risks of material misstatement

4. Developing responses to assessed risks

5. Performing tests of controls

6. Performing substantive procedures

7. Completion and review.

Overall timing of engagement

The three phases of the audit – planning, interim and final – are normally related to the major stages.

• The first four stages outlined on the prior slide constitute the planning phase of the audit.

• The evidence gathering phase, performing tests of controls and substantive procedures can be performed at
either the interim phase (before year end) or final phase, at or after year end.
Audit chp 5
Planning, understanding the entity and evaluating business risk

• Tests of control may undertake on interim basis, whr controls hv not chged, testing from previous
period may be used

• Interim work permit au firm allocate staff efficiently amg clients, and enables au to identify potential
acc/au prob early so cn be resolved with client on timely basis

• Tests of transactions undertaken for substantive purposes may be either interim/final work

• Substantive tests performed at/ near bal data, no adv to do them on an interim basis, eg.count of
assest

• Other substantive test done as close to completion of engagement as possible, depend on evidence
collected in earlier steps in au, eg. Completion & review procedure always as final work

• Some substantive tests (e.g. counting inventory) are usually best done at balance date; others are
best done close to engagement completion, as they depend on evidence collected in earlier steps.

Understanding the entity and its environment

• As specified by ASA/ISA 315.11, planning requires the auditor to gain an understanding of the entity & its
environment. This knowledge includes:

– Industry, eco conditions, chg in tech, competitive conditions & related regulations that affect entity’s
operation

• If govn regulation imp factor in recognition of revenue/expenses, investigate the admin of

regulation

– Nature of the entity including operations, ownership and governance structure, and way entity is
structured

– Entity’s selection & application of accounting policies

– Objectives, strategies, related business risks

– Measurement & review of financial performance

Audit chp 5
Planning, understanding the entity and evaluating business risk

 Knowledge of the entity’s business

• ASA/ISA 315.A1 point out that auditor’s knowledge of entity can help to:

– Assess risk and identify problems

– Determine materiality

– Consider appropriateness of accounting policies and disclosures

– Identify areas requiring special audit consideration

– Develop expectations for use when performing analytical procedures

– Design audit procedures in response to assessed risks of material misstatement

– Evaluate audit evidence.

ASA/ISA 315.A5-16 identifies a number of methods of obtaining knowledge of the entity= risk assessment
procedures that include:

– Considering previous experience with entity and industry

– Discussion with senior people within the entity

– Discussion with internal auditors within the entity

– Discussion with other auditors and advisers

– Discussion with knowledgeable people such as industry economists, industry regulators, suppliers,
cus, competitors

– Reading of industry publication

– Visit entity’s premises

– Review doc produced by entity

– Review of significant legislation and regulations

– Performance of analytical procedures

Business risk

• Business risk can be defined as:

– Risk that an entity’s business objectives will not be achieved as a result of external & internal forces
brought to bear on an entity and, risk associated with the entity’s profitability and survival.

– Risk identification & assessment: understand entity> identify risk> assess risk> respond to risks

Assessing business risk

• The auditor uses entity & industry information to identify business risks that may have an effect on the
audit.

• Au assess specific biz risk that entity faces in achieving strategies to determine if they could result in a mat
misstated FR

• The assessment of client business risk is an input into the auditor’s assessment of the risk of material
misstatement in the financial report.
Audit chp 5
Planning, understanding the entity and evaluating business risk

• Client bis risk affects inherent & control risk, and therefore the nature, timing and extent of au work through
the req level of detection risk

• Most biz risk have financial consequences that affect FR, not all biz risk result in risks of mat misstatement,
biz risk broader than risk of mat misstatement, but includes it

• Members of the audit engagement team should discuss the susceptibility of the entity’s financial report to
material misstatement.

• Techniques for assessing business risk include strategic mgmt. tech: SWOT analysis, PEST analysis, value
chain analysis, non-financial perf measurement, although no req to do so.

Significant risk

= an identified risk of mat misstatement that in au judgement, req special au attention

-assed b/o inherent risk

-Attached to item in FR for which the risk of mat misstatement is highest & req more au time & effort. Not all risk of
mat misstatement are significant risks, rather, significant risks are part of total risk of mat misstatement.

Auditor response to assessed risks at FR level & at assertion level (reduce risk to acceptably low level)

• An auditor should determine overall responses to assessed risks at the FR level, and perform audit
procedures at the assertion level.

• Responses at the financial report level include:

– Assigning more experienced staff

– Using experts

– Providing more supervision

– Incorporating unpredictability into selection of further audit procedures.

Performing further audit procedures at the assertion level

- Req au assessment of identified risk provide basis for deigning & performing further au procedure (may be
test of control/ substantive test)
- In designing further audit procedures an auditor must consider:

• Significance of the risk

• Likelihood of misstatement occurring

• Nature of the specific controls used by the entity

• Whether auditor expects to obtain evidence to determine if entity’s controls are effective in preventing, or
detecting and correcting, material misstatement (planned control risk < HIGH).

Developing an overall audit strategy

• An important aspect of audit planning process is obtaining knowledge of client’s business & its business risk,
and through that understanding making judgements in relation to areas of audit risk & materiality.

• Interrelationship between materiality, audit risk & what constitutes sufficient appropriate audit evidence
impacts on auditor’s strategy.

• Audit strategies can range from a lower assessed level of control risk approach to a predominantly
substantive approach.
Audit chp 5
Planning, understanding the entity and evaluating business risk

Range of audit strategies

Lower assessed level of control risk <-> Predominantly substantive approach

Audit strategy may be anywhere along this continuum 连续区

Lower assessed level of control risk approach

• If internal control is well designed and expected to be highly effective, adopt this approach.

• However, this approach only be adopted whr it is expected that the cost of more extensive procedure
necessary to obtain req understanding of internal control & test control will be more than offset by reduced
costs from performing less extensive substantive procedure.

• audit strategy will be as follow:

– Low/ medium assessed level of control risks (CR)

– Extensive understanding of relevant parts of internal control

– Extensive tests of control (TOC)

– Reduced level of substantive audit procedures, based on planned acceptable level of detection risk
being high or medium.

Predominantly substantive approach

• If the auditor believes adequate controls do not exist/ might be ineffective or testing controls are not cost
effective, the audit strategy will be to:

– Use a planned assessed level of control risk of high

– Plan to obtain a minimum understanding of internal control

– Plan no tests of control (TOC)

– Plan extensive substantive audit procedures based on planned acceptable level of detection risk of
low or medium.

• This approach might also be adopted when au expects that the cost of procedures necessary to obtain an
extensive understanding of the internal control & test controls so as to enable a lower level of control risk >
cost of performing extensive substantive procedures.

Preparing detailed audit plan and audit program

• An audit plan, documented in the Audit Planning Memorandum, includes:

– significant accounting & auditing issues, identified during the audit planning stage, to be resolved
during the audit testing and finalisation stages.

– the audit strategy (i.e. lower assessed level of control risk approach to a predominantly substantive
approach)

• An audit program is a detailed list of audit procedures that need to be applied to a particular balance or class
of transactions to implement the audit strategy.

Purpose of detailed audit programs

• Audit programs should provide:

– Evidence of proper planning of work

Audit chp 5
Planning, understanding the entity and evaluating business risk

• Allow review of proposed scope of au be4 work performed when still hv time modify
procedures

– Guidance to inexperienced staff

• Lays down specific au procedures, provide instruction to assistants

– Evidence of work performed

• Staff member sign/ initials each step in program upon completing work

– A means of controlling time spent on the engagement

• Show estimated time req to complete each au step, hv provision of recording actual time
taken

– Evidence of consideration of internal control in relation to proposed audit procedures.

• Include brief summary of imp internal control act relevant to area to be tested so au
evaluate work undertaken in terms of strength n weakness of internal control

 Au program tentative, b/o assumptions abt entity acc procedure & internal control, may revise if conditions
are not as anticipated1

Contents of audit program

• An audit program will outline the following characteristics of audit procedures:

– Nature — particular audit procedures to use & particular items to which a procedure will be applied.

– Extent — number of items to which procedures will be applied, and number of different tests to be
performed.

– Timing — appropriate time to perform the procedure.

Exhibit 5.3 Example of audit program for accounts payable

Audit chp 5
Planning, understanding the entity and evaluating business risk

Assigning and scheduling audit staff

• Activities include:

– Coordinating assistance of entity personnel in data preparation

– Determining the extent of involvement, if any, of experts, specialists and internal auditors

– Establishing and co-ordinating staffing requirements.

• In the audit of a complex entity the auditor may require the assistance of:

– specialists within the auditor’s own firm

– experts within or serving the client’s organisation, including internal auditors

– independent experts, eg.consulting actuaries

• Establishing and coordinating staff involves the selection of competent people, preparing a time budget and
work schedule and supervising the staff.

Analytical procedures

• Analytical procedures involve the use of ratios, trend analysis and operating statistics for comparison with
internal & external data.

• Analytical procedures can be used in all 3 stages of the audit, i.e.

1. In planning stage – to identify risk areas to focus on (Chapter 6)

2. In testing stage – as a substantive procedure (Chapter 9)

3. In completion stage – as a final review of the audited accounts (Chapter 11)

• At this stage we concentrate on the use of analytical procedures in planning the audit.

Analytical procedures at the planning stage

• The risk analysis approach requires analytical procedures to be used during the planning stage of the audit as
part of risk assessment procedures.

• Allows the auditor to understand the business and identify areas of potential risk, thereby assisting in the
determination of the nature, timing and extent of audit procedures.

• Also gives au knowledge of biz & a base against which to compare subsequent evaluations of reasonableness
of FR

• Step in perform analytical procedures at planning stage

Design analytical procedure>evaluate data reliability>develop result expectation> perform analytical

procedure> evaluate result>adjust au plan for identified risks

Analytical procedures used in planning the audit (type of analytical procedure)

Simple procedures:

• Simple comparisons

• Ratio analysis

• Common-size statements

• Trend statements
Audit chp 5
Planning, understanding the entity and evaluating business risk

• Time series analysis

More complex procedures:

• Time series modelling

• Regression analysis

• Financial modelling

Analytical procedures most commonly used in planning

• Comparison of current balances in the financial report with balances of previous periods and budgeted
amounts (simple comparisons) to identify acc bal that have chg significantly

• Computation of ratios and percentage relationships for comparison with previous years, budgets and
industry averages (ratio analysis).

• Significant variations from expectations indicate areas requiring investigation.

Ratio analysis

• At the planning stage the auditor is undertaking ratio analysis on unaudited financial information, thus any
ratios not in accordance with the auditor’s expectations will indicate areas requiring significant audit
attention.

• Mat misstatement may not significantly affect certain ratios, esp activity ratio. Au nid to be careful not to
evaluate ratio in isolation, ratio may be favorable cos component unfavorable ( if acc receivable turnover
ratio & inv turnover ratio small, negative trend may indicate debtors getting older and some inv become
obsolete, both positively affect current ratio, if au only calculate current ratio, incorrect conclusion)

• These ratios may be compared to:

– Industry data

 Average ratios in industries listed on the ASX

(may not be comparable if entity differs from industry norms in regard to biz, acc method &
geographical influences0

– Internal data

 Previous years

 Budgets

 Forecasts

 Segment or division data (if entity cn disaggregate financial infor into geo/operating
segments, unusual figures help isolate specific areas that should receive au attention)

Ratios commonly used at the planning stage

1. Short-term liquidity ratio

- ability to meet current obligation (declining trend, hard meet current obligation, going concern prob)

 Current ratio (current assets to current liabilities)

High ratio, ability to pay current obligation, if current assets include old debtor & obsolete inv, ratio distorted,
declining trend, short of working capital
Audit chp 5
Planning, understanding the entity and evaluating business risk

 Quick asset ratio (liquid assets to current liabilities)

Include only liquid asset

cash, marketable security, net acc receivables included

inv & prepaid item not included

>1, liquid asset sufficient meet cash req for paying current liability

 Operating cash flow ratio (cash flow from operations to current liabilities).

Ability cover current liability with cash from operations

Use CF measure ST Liquidity, provide a longer-term measure of ability to meet CL.

CF small/-ve, entity nid alternative sources of cash eg. Borrow/ sell asset meet obligations

2. Activity Ratio

How efficient asset managed

Only ratios related to AR & inv discussed here

 Receivables turnover (net credit sales to average accounts receivable),

days in receivables (365/ receivable turnover)

How many time AR turnover in a year

If term of trade net 30 days, au expects that if mgmt. do good job managing receivables, value of ratio 30 days/less.

If days of outstanding 60 days, suspect acc bal contains mat amt of bad debts

Declining trend in actual collection period raise doubts on sys of credit control & adequacy of prov of doubtful debts
hence valuation of AR

 Inventory turnover (cost of goods sold to average inventory),

 days in inv (365/inv turnover)

how long turn inv to cash

Frequency inv consumed in a yr, high ratio, better the entity is at liquidating inv

Declining trend, suspect inv contains obsolete/ slow moving goods, doubt valuation of inv, test for the obsolete/
slow moving inv, may indicate working capital being tied up and reduce liquidity

Also risk unecessary cost incurred for storage space

If high inv turnover, concern, check that inv levels have not been reduced to such dangerously low levels that not
possible to meet delivery dates/ increase sale turnover

3. Profitability

success/ failure at generating profit for given period

 Gross profit ratio and net profit ratio (gross profit or net profit to net sales)

Significantly differ from previous yrs, may contain errors, fail to record sales/ omit goods from ending inv, less than
previous years,

 Return on total assets (net profit b4 int & tax to total assets)
Audit chp 5
Planning, understanding the entity and evaluating business risk

Measures entity profitability after all exp considered, significant fluctuation indicate mistaken exist in selling,
general, admin expense acc

 Return on shareholders’ equity (net profit after int & tax to ordinary shareholders’ equity).

Indicate return earn on resources invested by both shareholders & creditors

If inconsistent with other profitability ratio, consider whether add work on fixed assest

4. Solvency

Ability to continue as going concern

 Debt equity ratio (long- and short-term debt to shareholders’ equity)

What portion of capital come from debt,

low ratio, less debt pressure. If large, too highly leveraged, not able meet debt obligations

 Times interest earned (net profit b4 int &tax to annual interest expense)

Ability of current operations to pay int that is due on entity debt obligation

More times int earned, better entity ability to service int on LT debts

Reliability of data used in analytical procedures

• Auditor must consider whether data needed are easily available and their reliability.

• Principles of data reliability:

1. Data from an independent source outside the entity are generally more reliable than internal data.

2. Data from a system with effective internal controls are more reliable than data from a poorly controlled
system.

3. Data audited in the previous year or in the current audit are more reliable than unaudited data. (unaudit
data use at planning stage, audited use at completion stage)

4. Data from a variety of sources that corroborate each other are more reliable than data from only one
source.

5. Data from the department within the entity that is responsible for the amount being audited are generally
less reliable than data from another department.

Plausibility, predictability and precision of analytical relationships

1. Relationships in a stable environment are more predictable than relationships in a changing environment.

2. Direct relationships are more predictable than indirect relationships.

3. Disaggregated relationships show clearer relationships than combined or aggregated relationships.

4. Relationships involving income statement amounts tend to be more predictable than relationships involving
only balance sheet accounts (amounts at a point in time).

5. Relationships involving transactions subject to management discretion are less predictable than those not
subject to such discretion.
Audit chp 5
Planning, understanding the entity and evaluating business risk

Examination of significant fluctuations

• Each significant fluctuation (deviation from expected amount) must be investigated.

• An auditor must also be alert to the possibility that an absence of expected fluctuation might require
investigation.

• Deviations from an expected amount should be discussed with management.

• Reasonableness of explanations provided by management should be considered.

• An auditor might have to consider impact of fluctuations on audit program and other audit tests.

Biz risk EG

 Competitor enters
Biz risk: loss of sales, difficult sell existing stock which may be written off/sell at lower price, loss of profit
Risk of mat misstatement: inv may be written off/ written down, may be valued at more than Net realisable value
since may not be able to sell abv cost/ may not be able to sell at all, increase au risk with the valuation of inv, affect
valuation of plant produce such goods, affect ability of biz continue as going concern

 Majority of cus relationship held by one exe

Biz risk: potential loss key cus if exe leaves
Risk of mat misstatement: no financial impact at the moment, no risk of mat misstatement, could hv financial impact
in future if exe leaves

 Major cus in eco recession,

Biz risk: receivable may not be able to be collected at normal rate
Risk of mat misstatement: increase au risk associated with valuation of receivables, as allowance for doubtful debt
may increase, going concern implication due to shrinking cus base & the impact on CF

 Increase cus complaints on quality of product

Biz risk: may necessitate more rework & warranty claims, loss reputation reduces chance of success
Risk of mat misstatement: au risk increase in relation to possible understatement of warranty exp & accruals, affect
valuation of inv & overall variability of entity

 Offer 12 mth int-free finance to cus, to expand sales, introduce initiative of not running credit checks on
finance contract less than 1000, contract of such increases tenfold
Biz risk: marketing no-credit-check finance attract poor quality borrower
FR implication: impact on collectability of receivables, overstate finance receivables
AU: increase work on doubtful debts to address increased risk with regard to valuation & allocation assertion for
finance receivable

 Intense pressure of downturn of industry, increase competitor from oversea, hard meet loan covenant, but
revenue increase 15%
Assessment of fluctuation: fluctuation not reasonable as revenue would be expected to decrease
Risk: significant risk overstatement of revenue, as large fluctuation, unexpected mgmt. incentive manipulates sales
Audit: verify explanation from mgmt., if not satisfactory, increase testing of key revenue assertions at risk, which are
occurrence & cut off.
Audit chp 5
Planning, understanding the entity and evaluating business risk