Chapter 6

Planning the Audit; Linking

Audit Procedures to Risk

Lecturer : Yusuf Hussein Mohamed

What is Aidit Planning

Developing a general strategy and
detailed approach for the expected
nature, timing, and extent of the
examination

Planning Defined
International Standards on Auditing
(ISA) 300, 'Planning', states, The
auditor should plan the audit work
so that the audit will be performed
in an effective manner. Planning
means developing a general
strategy and a detailed approach
for the expected nature, timing
and extent of the audit.

Why Planning?
Planning for financial (attest) audits helps to develop
an audit approach that will ensure that sufficient
appropriate evidence is gathered to support the audit
opinion in the most cost-effective manner, i.e. in an
economic, efficient and effective way and in a timely
manner.
The Audit Plan should be documented and kept as a
part of audit working papers.
The planning process encompasses several steps and it
should be carefully noted that the steps are all interrelated and not considered as ends in themselves.

Basis for audit planning

Audit planning should be based on a thorough
understanding of the auditee entity and its operations
and the knowledge should be used to:
determining the materiality i.e. the
magnitude of
misstatements which might reasonably influence the users
of the C&AG's certificate on the financial statements;
identifying those factors that might lead to an increased risk
of material misstatement or irregularity.
risks are first identified at the entity level and then to pinpoint them
in terms of their effect on particular account areas and audit
objectives;

preparing an audit approach which focuses on testing of the

specific risk factors while providing an acceptable level of
assurance across the financial statements as a whole.

What are the main

reasons for audit
planning?

What are the main

reasons for audit
planning?

- to enable the auditor to obtain sufficient appropriate evidence

What are the main

reasons for audit
planning?
- to enable the
auditor to obtain sufficient appropriate evidence
- to help keep audit costs reasonable

What are the main

reasons for audit
planning?
- to enable the
auditor to obtain sufficient appropriate evidence
- to help keep audit costs reasonable
- to avoid misunderstandings with the
client

Key Audit Planning

Decisions
Materiality
Acceptable Audit Risk
Inherent risk, control risk and
detection risk
Nature, timing and extent of audit
evidence
What kind?
How much?
When?

STEPS Audit Planning

Decide whether
to accept the
prospective client
Prepare the
engagement letter

6-11

Obtain knowledge
of clients business
and environment
Assess risks of
material misstatement,
including fraud risk

Make preliminary
arrangements with
the client
Prepare the
audit plan,
preliminary
program, and
time budget

The table below lists the four major parts and the
related activities in audit planning.
Phases of the audit

Activities

a.Accept client and perform initial audit planning 1.Send an engagement letter to the client
7.Identify whether any experts are required for
the engagement
9. Determine the likely users of the financial
statements
b.Understand the client's business and industry

2.Tour the client's plant and offices

5. Identify potential related parties that may
require disclosure
6.Review the company's constitution
8. Review accounting principles unique to the
client's industry

c.Assess client business risk

4. Review management risk, managemenent

controls and procedures.

d.Perform preliminary analytical procedures

3.Compare key ratios for the company with those

of industry competitors.

Planning Process
1.
2.
3.
4.
5.

Understanding the Entity

Determination of Materiality Levels
Assessment of Risk
Controls Testing and Evaluation
Determination of the Sampling
Frame
6. Deciding on the Audit Approach and
procedures
7. Drawing of the Audit plan
8. Communication of the Plan to the
Auditee

1. Understanding the
Entity
To study, analyse, record and comprehend
Operations and organisation
Financial reporting requirements
Regularity and legal framework
Parliamentary and legislative interest
Public interest
Accounting processes and formations

e.g DDOs, PAOs, Treasuries, Works & Forest Divisions for

Government Accounts etc.

Computer involvement
Control environment
Analytical review
Account areas

2. Determination of
Materiality
Materiality is the Tolerable Error Level
One essential step in planning is to determine
materiality by value, nature and context
Materiality should take into account the concerns of
the users of audit certificate
The reasons and bases on which the materiality is
calculated should be documented.
At the planning stage, the audit team is concerned
primarily with materiality by value.
Planning materiality may be set at a lower level
than Reporting materiality

3. Assessment of Risk
Purpose of risk assessment
to identify the factors that lead to
an increased risk of misstatement
or irregularity
to identify the controls which
mitigate those risks
Types of Risk
Entity risks
Account area risks

Assessment of Risk
(Contd.)
The audit team should use understanding of the entity and its
operations to identify specific risk factors taking into account
factors relevant at both the entity level and to specific areas as
well as the audit objectives.
The audit approach of CAG seeks to reduce to an acceptable
level the risk that audit work will not detect material error or
irregularity.
Decisions on the nature, extent and direction of audit tests
depend upon assessment of the risk of material error or
irregularity (inherent risk) and the risk that the entitys controls
will not detect such errors or irregularities in a timely manner
(control risk).

Entity risks

Entity Risks are risks that identified from top

down review of entities that may affect a number
of different account areas
Entity Risks are to be measured in the context of :

Overall control environment

External pressures on the entity
Experience and competence of staff
Reliability of accounting systems
Stability of the entity

Account area risks

Account area risks are the risks identified from more
detailed review of each account area and that may arise
as a result of particular characteristics of the associated
transaction streams.
Account area risks mainly arise from:
Transactions governed by complex regulations
Services and programmes delivered through third parties
Payments and receipts made on the basis of claims or
declarations rather than in exchange for goods and services
Transactions not in the normal course of business or
operations
Transactions recording estimates
Multiple sources of funds

4. Controls Testing and

Evaluation
After identifying specific risk factors, the
next step is to identify controls which
effectively mitigate those risk factors.
Audit should identify specific risk factors
that increase the risk of material
misstatement and relate them to account
areas and objectives.

5. Determination of the Sampling

Frame
For each objective in each account area, the
auditor should select methods for collecting audit
evidence and a suitable sampling method.
For testing the completeness of say either income
or expenditure sampling may not be appropriate.
In such a case careful application of analytical
procedures in combination with other audit
procedures can provide a better result.

6. Deciding on the Audit Approach and

Audit Procedures
Audit approach should focus on specific risk
factors while providing an acceptable level
of assurance across the financial statements
as a whole.
The audit approach chosen will:
reflect understanding of the auditee entity and
its business;
take account of audit judgement on Planning
materiality; and
respond to the specific risk factors identified in
the course of risk assessment.

7. Drawing of the Audit

plan
An Audit Plan in the form of Audit
Planning Memorandum detailing
the results of all the processes
discussed so far is then prepared.
This documents all the processes
and analyses through which the
final plan has been drawn.

8. Communication with
auditee
The audit planning memorandum is
then communicated by the audit
team
to
the
auditee.
Their
suggestion may be taken before
execution of the plan.

Sources of Information

6-25

Inquiries of management
Industry Accounting and Auditing Guides
Industry Risk Alerts
Government publications
Prior company annual reports and SEC filings
Prior tax returns
Electronic sources
Tour of plant and offices
Analytical procedures

Developing an Overall Audit

Strategy
Planning materiality
Assessing inherent risks, including
fraud risks
Preliminary assessment of control
risk

6-26

Assessing Fraud Risks

Two types
Fraudulent financial reporting (management
fraud)
Misappropriation of assets (defalcations)

Procedures to assess fraud risks

Discussion among engagement team
Inquiries of management and other
personnel
Planning analytical procedures
Considering fraud risk factors

6-27

Incentives
Opportunity
Attitude

Assessing Fraud Risks

Identifying Fraud Risks
Considerations in identifying fraud
risks
Type
Significance
Likelihood that it will result in a
material misstatement
Pervasiveness

6-28

Responding to Fraud Risks

Overall response

Professional skepticism and audit evidence

Assigning personnel and supervision
Accounting principles
Predictability of auditing procedures

Alterations in audit procedures

More reliable evidence
Shifting timing to year end
Increasing sample sizes

Response to the possibility of management override

Examining journal entries
Review accounting estimates for biases
Evaluating the business rationale for significant unusual
transactions

6-29

Consideration of Fraud
Throughout the Audit
Evaluating the results of audit
tests
Discovery of fraud
Communication to appropriate level
of management
If fraud involves senior management
or material misstatement
communicate to audit committee
6-30

Objectives of Substantive
Programs for Asset Accounts
Establish the existence of assets
Establish that the company has rights
to the assets
Establish the completeness of
recorded assets
Determine the appropriate valuation
of the assets
Determine the appropriate financial
statement presentation and
disclosure of the assets
6-31

Transactions Affecting Accounts

Receivable

6-32

Indirect Verification of Income

Statement Accounts

6-33

6-34

Direction of Audit Testing

6-35

Relations
hips
among
Audit
Objectiv
es, Risks
of
Material
Misstate
ment,
and
Audit
Procedur
es

6-36

The Audit Process

Obtain an understanding of the client and its
environment, including internal control
Identify and assess inherent risks of material
misstatement, including fraud risks
Determine the planned assessed level of control
risk and design additional tests of controls and
planned substantive tests
Perform additional tests of controls
Reassess control risk and modify planned
substantive tests
Perform substantive tests and complete the audit
Form an opinion and issue the audit report
6-37