Chapter 13

Overall Audit Plan

and Audit Program

13 - 1
 Presentation Outline

I. Application of Audit Testing

II. Selecting Tests to Perform
III. Design of the Audit Program
IV. A Summary of the Audit Process

13 - 2
 I. Application of Audit Testing

A. Tests of Controls
B. Testing for Monetary Misstatement
C. Reduction of Risk
D. Audit Assurance at Different Levels of
Internal Control Effectiveness
E. Simultaneous Testing of Controls and
Substantive Testing of Transactions
F. Timing of Audit Testing

13 - 3
 A. Tests of Controls

Audit procedures to test the operating effectiveness of

control policies and procedures in support of a
reduced assessed control risk. Some examples
include:
Matching of vendor invoices against a purchase order
and receiving report before approving invoice for
payment.
Examination of employee time cards for approval of
overtime.
13 - 4
 B. Testing for Monetary Misstatement
Tests of Details of
Balances
Substantive Tests of
Testing for monetary
Transactions
misstatements to determine if the
Testing for monetary
following 9 balance-related audit
misstatements to determine
objectives have been met:
if the following 6 transaction-
Existence
related audit objectives
Completeness
have been met:
Accuracy
Existence
Classification
Completeness
Cutoff
Accuracy
Detail tie-in
Classification
Realizable value
Timing
Rights and obligations
Posting and Summarization
Presentation and disclosure
13 - 5
 C. Reduction of Risk
Control Risk
Procedures to gain an
understanding of internal
control
Tests of controls
Once the auditor obtains an
initial understanding of
controls, tests of controls must
be performed to obtain
evidence regarding the
effectiveness of controls.
Stronger controls will allow
the auditor to assess control
risk below the maximum.
Detection Risk
Substantive tests of
transactions
Analytical procedures
Tests of details of
balances
The more evidence an
auditor collects from the
above procedures, the
lower the detection risk.
Detection risk must be
lower when control risk
is higher. 13 - 6
 D. Audit Assurance at Different Levels of Internal
Control Effectiveness

Acceptable C3
assurance AUDIT ASSURANCE
Audit assurance
C2 from control risk
Audit assessment and
assurance tests of control
C1
from
substantive
tests
No
assurance A C B
INTERNAL CONTROL EFFECTIVENESS
Weak control Strong control
Reliance on controls: C3 None, C2 Some, C1 Maximum
13 - 7
 E. Simultaneous Testing of Controls and
Substantive Testing of Transactions

The determination of control risk affects the type of

procedures and sample size for the substantive testing of
transactions.
For purposes of convenience, the testing of controls and
substantive testing of transactions will often occur
simultaneously.
In such situations the auditor will make an assumption
about the results of tests of controls. If the testing of
controls indicates that internal control is worst than
expected, substantive testing of transactions will have to
be modified accordingly.
13 - 8
 F. Timing of Audit Testing

Auditors frequently consider it desirable to perform audit

tests prior to year end. Certain procedures may be
performed at an interim time (prior to clients year end) :
Update depreciation schedules
Examine new loan agreements
Vouch transactions
Analyze changes in clients accounting system
Review board of director minutes
If strong internal controls exist the auditor may also:
Observe physical inventories
Confirm account balances
13 - 9
 II. Selecting Tests to Perform

A. The Cost of Testing

B. Appropriate Evidence for Audit Testing
C. Risk and Testing in the Audit Process

13 - 10
A. The Cost of Testing

Going from the most to least

costly, the types of tests
are:
Tests of details of balances
Substantive tests of
transactions
Tests of controls
Procedures to obtain an
understanding of internal
controls
Analytical procedures

13 - 11
 B. Appropriate Evidence for Audit Testing

Type of Evidence

Reperformance
Documentation
Confirmation
Examination

performance
Observation
Inquiries of
the client

Analytic
Physical
Type of Test
Procedures for internal control
Tests of controls
Substantive tests of transactions
Analytical procedures
Tests of details of balances
13 - 12
 C. Risk and Testing in the Audit Process
Substantive Testing of
Transactions
In some situations it may be more
efficient to assess control risk at
a higher level and reduce or
eliminate tests of controls. This
depends on cost of testing
controls versus the additional
substantive testing that would
result from a higher control risk.
Tests of Details of
Balances
If tolerable misstatement is
low, and inherent risk
and control risk are
high, planned tests of
details of balances must
be high.
13 - 13
 III. Design of the Audit Program

Most audits design an audit program in the

following three parts:
A. Tests of Controls and Substantive Tests of
Transactions
B. Analytical Procedures
C. Tests of Details of Balances

13 - 14
 A. Tests of Controls and Substantive Tests of Transactions
A four-step approach when the auditor plans to reduce
assessed control risk below the maximum:
Transaction related audit objectives are applied to the class
of transactions being tested, such as sales.
Key controls that should reduce control risk for each
transaction-related audit objective are identified.
For all internal controls used to reduce the initial assessment
of control risk below the maximum (key controls),
appropriate tests of controls are developed.
Design appropriate substantive tests of transactions,
considering weaknesses in internal control and expected
results of tests of controls (allows for simultaneous tests of
controls and substantive testing).
Note: If control risk is assessed at 1.0, only substantive tests of
transactions will be used in this part of the audit program. 13 - 15
 B. Analytical Procedures

Analytical procedures may be performed during 3 different stages of

the audit:
In the planning stage to help the auditor understand the clients
business and determine other evidence needed to satisfy
acceptable audit risk.
During the audit, especially during substantive testing.
Near the end of the audit as a final test of reasonableness. 13 - 16
 C. Tests of Details of Balances

If the results of tests of

controls, substantive
tests of transactions, and
analytical procedures
are not consistent with
the predictions, tests of
details of balances will
need to be changed as
the audit progresses.
Figure 13-6 on page 388 illustrates the testing methodology
using Accounts Receivable 13 - 17
13 - 18
 Summary of the Audit Process - Phase I (Planning)
Accept client and perform initial planning.

Understand the clients business and industry.

Assess clients business risk.

Perform preliminary analytical procedures.

Set materiality and assess acceptable audit risk

and inherent risk.

Understand internal control and assess control risk.

Develop overall audit plan and audit program.

Summary of the Audit Process - Phase II (Begin Field Work)
From
Phase I

Plan to reduce assessed No

level of control risk?

Yes
Perform tests of controls.
Perform substantive tests of transactions.

Assess likelihood of misstatements in

financial statements. 13 - 20
Summary of the Audit Process Phase III (End of Fieldwork)

From
Phase II

Likelihood of Misstatement
in Financial Statements
Low Medium High or
unknown

Perform analytical procedures.

Perform tests of key items.

Perform additional tests of details of balances.

13 - 21
Summary of the Audit Process Phase IV (Wrap-Up)
From
Phase III

Review for contingent liabilities.

Review for subsequent events.

Accumulate final evidence.
Evaluate results.
Issue audit report.

Communicate with audit

committee and management. 13 - 22