AUDIT PLANNING AND RISK ASSESSMENT

Contents
Planning an audit: ISA 300 Understanding the business and materiality: ISAs 250, 315,and 320 Audit risk and sampling: ISAs 330 and 530 Fraud: ISA 240 Internal audit and review planning

Planning an audit: ISA 300

The purpose of an audit plan Professional skepticism Introduction to ISA 300 Contents of the overall audit strategy and the audit plan

The purpose of an audit plan

The objective is the production of an audit report containing an opinion on the information subject to audit. An audit plan should be prepared as a means of achieving the objective efficiently and effectively.

Content of an audit plan

Preparing an audit plan is the first stage in the conduct of an audit engagement. The plan sets out answers to three main questions (the 3Ws):

Who will perform the audit work? (Staffing) When will the work be done? (Timing) What work is to be done? (The scope of the audit)

Risk assessment and the audit plan

To prepare a suitable audit plan, the auditor needs to have an in-depth knowledge and understanding of:
the entity to be audited the environment in which the entity operates

The auditor needs this knowledge and understanding in order to assess the risk attached to the audit.

Risk assessment and the audit plan

Risk assessment is a key feature of the audit planning process and the assessment of risk in the audit will affect:
the amount of audit work performed in general, and the areas on which the auditor will focus his attention.

Professional skepticism
ISA 200 requires that when planning and performing an audit, the auditor should adopt an attitude of professional skepticism. They should view what they are told with a questioning attitude, and consider whether it appears reasonable and whether it conflicts with any other evidence.

Introduction to ISA 300

The objective of the auditor, per ISA 300 Planning and audit of financial statements is to plan the audit work so that the audit will be performed in an effective manner. Adequate planning benefits the audit by:

Helping the auditor to devote appropriate attention to important areas of the audit Helping the auditor to identify and resolve potential problems

Introduction to ISA 300

Adequate planning benefits the audit by:

Helping the auditor organize and manage the audit engagement so that it is performed in an effective and efficient manner Assisting in the selection of staff with appropriate experience and the proper assignment of work to them Allowing for the direction and supervision of staff and review of their work

Introduction to ISA 300

ISA 300 requires the auditor to:

Involve the whole engagement team in planning the audit Establish an understanding of the terms of the engagement as required by ISA 210 Establish an overall strategy for the audit that sets the scope, timing and direction of the audit and that guides the development of the audit plan

Introduction to ISA 300

ISA 300 requires the auditor to:

Develop an audit plan which includes a description of the nature, timing and extent of planned risk assessment procedures and planned further audit procedures Document the overall audit strategy and the audit plan, including any significant changes made during the audit.

Contents of the overall audit strategy and the audit plan

The overall audit strategy sets the scope, timing and direction of the audit and guides the development of the more detailed audit plan. The overall audit strategy will allow to decide on the nature, extent and timing of resources needed to perform the engagement.

Contents of the overall audit strategy and the audit plan

Most large audits will be split into two phases

Interim audit (taking place perhaps two-thirds of the way through the year) Final audit (balance of the work and testing of statement of financial position items)

The audit plan

The audit plan will set out:

The procedures to be used in order to assess the risk assessment in the entitys accounting records/financial statements, and Planned further audit procedures for each material audit area.
The audit procedures to be performed by audit team members will be those needed in order to obtain sufficient appropriate audit evidence and reduce audit risk to an acceptably low level.

Understanding the business and materiality: ISAs 250, 315 and 320
Understanding the entity and its environment Understanding the accounting and internal control systems Risk and materiality

Understanding the entity and its environment

The industry in which the entity operates The nature and competence of its management The entitys internal control Its current financial performance Reporting requirements and deadlines Any recent development

Understanding the accounting and internal control systems

The auditor should try to reach a judgment about how strong (or weak) the internal controls are, in order to make a decision about the amount of testing that should be carried out in the audit. He should consider:
His previous knowledge of the client company Any recent changes Any known problems in the internal controls of the client The effect of any new auditing or accounting requirements

Risk and materiality

The auditor is required by ISA 35 to identify and assess the risks of material misstatement at both the financial statement and assertion levels. The financial statement level refers to risks which are pervasive to the financial statements as a whole and which potentially affect many assertions

Risk and materiality

Example (Financial statement level): Management have a tendency to override internal controls--- this would affect all areas of the accounting systems.

Risk and materiality

The assertion level refers to the specific objectives of the financial statement, for example, that all liabilities have been recorded and that recorded assets exist The auditor should consider:

Assessments of inherent risks and control risks, and the identification of significant audit areas

Risk and materiality

The auditor should consider:

Setting materiality levels The possibility of material misstatements, including those arising because of fraud The identification of complex accounting areas, particularly those involving accounting estimates

Risk and materiality

The auditor will focus his work on balances in financial statements where he considers there is a material risk of misstatement. High risk /material items will be audited in detail. Low risk/ immaterial items will receive less attention

Risk and materiality

The audit risk approach was developed in the 1980s. Previous approaches included the following:

Substantive approach (every item in the financial statements is tested and vouched to supporting documents) System approach (underlying accounting systems were tested with less emphasis on the testing of individual transactions and bal.)

Materiality and audit planning

ISA 320 Audit Materiality states that auditors should consider materiality at two stages of the audit:
At the planning stage, when the auditor evaluates the nature, timing and extent of the planned audit procedures. At the reporting stage, when the auditor evaluates the effects of misstatements that have been discovered by the audit.

Materiality and audit planning

Materiality levels
Based on quantitative factors, and expressed as a percentage of revenue, profit or asset values, such as 1% of revenue or 5% of post-tax profit. Example: The materiality level for inventory valuation may be set at 5% of post-tax profit. If the auditor finds, as a result of audit tests, that his estimate of inventory differs from the clients measurement by an amount that is more than 5% of post-tax profit, the error would be considered material.