Class Synopsis -03 & 04

Prepared by: Abdullah-Al-Mamun, FCA

Process of Assurance: Planning the Assignment

Audit Strategy

The formulation of the general strategy for the audit, which sets the scope, timing and
direction of the audit and guides the development of the audit plan.

Audit Plan

An audit plan is more detailed than the strategy and sets out the nature, timing and extent
of audit procedures (including risk assessment procedures) to be performed by the engagement
team in order to obtain sufficient appropriate audit evidence.

Benefits of Audit Planning

An audit plan shows how the overall audit strategy will be implemented. Audits are planned to:
 Ensure appropriate attention is devoted to important areas of the audit.
 Identify potential problems and resolve them on a timely basis.
 Ensure that the audit is properly organized and managed.
 Assign work to engagement team members properly.
 Facilitate direction and supervision of engagement team members.
 Facilitate review of work.

Approach to Planning

A structured approach to planning will include:

Step 1: Ensuring that ethical requirements continue to be met
Step 2: Ensuring the terms of the engagement are understood
Step 3: Establishing the overall audit strategy
 Determining the relevant characteristics of the engagement, such as the
reporting framework used as this will set the scope for the engagement
and understanding the entity and its environment.
 Discovering key dates for reporting and other communication.
 Determining materiality, preliminary risk assessment, whether internal
controls are to be tested.
 Consideration of when work is to be carried out, for example, before or
after the year end.
 Consideration of ‘team members’ available, their skills and how and when
they are to be used, for example, particular skills for high risk areas. In
addition, appropriate levels of staff are required to facilitate direction,
supervision and review of more junior team members’ work.

1
Step 4: Developing an audit plan including risk assessment procedures, audit tests
and any other procedures necessary to comply with ISAs.
 The auditor should develop an audit plan for the audit in order to reduce
audit risk to an acceptably low level. The audit plan and any significant
changes to it during the audit must be documented.

Key Contents of an Overall Audit strategy

 Understanding the Entity’s Environment

 General economic factors and industry conditions.
 Important characteristics of the client: (a) business, (b) principal business
strategies, (c) financial performance, (d) reporting requirements,
including changes since the previous audit.
 The general level of competence of management.

 Understanding the accounting and internal control systems

 The accounting policies adopted by the entity and changes in those policies.
 The effect of new accounting or auditing pronouncements.
 The auditor’s cumulative knowledge of the accounting and internal control
systems and the relative emphasis expected to be placed on different types
of test.

 Risk and Materiality

 The expected assessment of risks of fraud or error and identification of
significant audit areas.
 The setting of materiality for audit planning purposes.
 The possibility of material misstatements, including the experience of
past periods or frauds.
 The identification of complex accounting areas including those involving
estimates.

 Consequent nature, timing and extent of procedures

 Possible change of emphasis on specific audit areas.
 The effect of information technology on the audit.

 Co-ordination, direction, supervision and review

 The number of locations.
 Staffing requirements.
 Need to attend client premises for inventory count or other year-end
procedures.

 Other Matters
 The possibility that the going concern basis may be subject to question.
 Conditions requiring special attention.
 The terms of the engagement and any statutory responsibilities.
 The nature and timing of reports or other communication with the entity
that are expected under the engagement.

2
Understanding the Entity and its Environment

The auditor should obtain the understanding of the entity and its environment, including
its internal control, sufficient to identify and assess the risks of material
misstatements of the financial statements whether due to fraud or error and sufficient
to design and perform further audit procedures. The auditor shall obtain an understanding
of the following:
a) Relevant industry, regulatory and other external factors including the
applicable financial reporting framework.
b) The nature of the entity, including:
i. its operation;
ii. its ownership and governance structures;
iii. the types of investments that the entity is making and plans to make,
including investments in special purpose entities; and
iv. the way that the entity is structured and how it is financed to enable
the auditor to understand the classes of transactions, account
balances and disclosures to be expected in the financial statements.
c) The entity’s selection and application of accounting policies, including
reasons for changes thereto. The auditor shall evaluate whether the entity’s
accounting policies are appropriate for its business and consistent with
the applicable financial reporting framework and accounting policies
used in the relevant industry.
d) The entity’s objectives and strategies and those related business risks that
may result in risks of material misstatement.
e) The measurement and review of the entity’s financial performance.

Professional Skepticism

Professional Skepticism means an attitude of the auditor that includes a questioning mind,
being alert to conditions which may indicate possible misstatement due to fraud or
error, and a critical assessment of audit evidence.

Professional skepticism includes being alert to, for example:

 Audit evidence that contradicts other audit evidence obtained.
 Information that brings into question the reliability of documents and responses
to inquiries to be used as audit evidence.
 Conditions that may indicate possible fraud.

Maintaining Professional skepticism throughout the audit is necessary if the auditor is, for
example, to reduce the risks of:
 Overlooking unusual transactions.
 Over generalizing when drawing conclusions from audit observations.
 Using inappropriate assumptions in determining the nature, timing and extent
of the audit procedures and evaluating the results thereof.

Professional skepticism does not mean that auditors should disbelieve everything they are
told; however, they must have a questioning attitude.

3
Analytical Procedures

Analytical procedures mean evaluations of financial information made by a study of plausible

relationships among both financial and non-financial data. Analytical procedures also
encompass the investigation of identified fluctuations and relationships that are
inconsistent with other relevant information or deviate significantly from predicted
amounts.

The ISA 520 states that analytical procedures include:

 The consideration of comparison with:

 Comparable information for prior periods.
 Anticipated results of the entity, such as budgets or forecasts, or
expectations of the auditor, such as an estimation of depreciation.
 Similar industry information, such as a comparison of the entity’s ratio of
sales to accounts receivable with industry averages or with other
entities of comparable size in the same industry.

 Consideration of relationships between:

 Elements of financial information that would be expected to conform to a
predictable pattern based on the entity’s experience, such as the
relationship of gross profit to sales.
 Financial information and relevant non-financial information, such as the
relationship of payroll costs to number of employees.

A variety of methods can be used to perform analytical procedures, ranging from simple
comparison to complex analysis using statistics. The choice of procedures is a matter for
auditor’s professional judgment.

Materiality

Materiality is an expression of the relative significance or importance of a particular

matter in the context of financial statements as a whole. IASB Conceptual Framework for
Financial Reporting states that a matter is material if its omission or misstatement would
reasonably influence the economic decisions of users taken on the basis of the
financial statements. Materiality depends on the size of the error in the context of its
omission or misstatement.

ISA 320 states that the materiality should be considered by the auditor when:
 Identifying and assessing the risks of material misstatement;
 Determining the nature, timing and extent of audit procedures; and
 Evaluating the effect of uncorrected misstatements.

Materiality considerations during audit planning are extremely important. The assessment
of materiality at this stage should be based on the most recent and reliable financial
information and will help to determine an effective and efficient audit approach.
Materiality assessment will help the auditors to decide:
 How many and what items to examine

4
  Whether to use sampling techniques
 What level of error is likely to lead to an auditor to say the financial statements do
not give a true and fair view.

Note that the auditors will often calculate a range of values, and then take an average or
weighed average of all the figures produced as the preliminary materiality level.
However, different firms have different methods to calculate materiality level and the
following is just one of the available approaches.

Value Percentage
Profit before tax 5–10%
Revenue 0.5-1%
Total assets 1 – 2%

However, bear in mind that materiality has qualitative, as well as quantitative, aspects.
For example, transactions relating to directors are considered material by nature regardless of
their value.

We must not simply think of materiality as being a percentage of items in the financial
statements.

The Relationship between Materiality and Audit Risk

There is an inverse relationship between materiality and the level of audit risk, that is
the higher the materiality level, the lower the audit risk and vice versa. The auditor
takes the inverse relationship between materiality and audit risk into account when determining
the nature, timing and extent of audit procedures.

Review of Materiality

The level of materiality must be reviewed constantly as the audit progresses and changes
may be required because:
 Draft financial statements are altered (due to material misstatement and so on)
and therefore overall materiality changes.
 External factors may cause changes in risk estimates.
 Such changes are caused by misstatements found during testing.

Risk Assessment

The auditors usually adopt a risk based approach to auditing. In the risk-based approach,
auditors analyze the risks associated with the client’s business, transactions and systems
which could lead to misstatements in the financial statements, and direct their testing to
risky areas. They are therefore not concerned with individual routine transactions, although
they will still be concerned with material, non-routine transductions.

5
Audit Risk

The risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated. Audit risk is a function of the risks of material
misstatement and detection risk.

Risk of Material Misstatements in the Financial Statements

Inherent Risk

The susceptibility of an assertion about a class of transaction, account balance or disclosure

to a misstatement that could be material, either individually or when aggregated with
other misstatements, before consideration of any related controls.

Inherent risk is the risk that items will be misstated due to characteristics of those items.
Example of issues that might increase inherent risk is:
 Balance is or includes an estimate
 Balance is important in the account
 Financial statements are liable to misstatement because:
 Company is in trouble
 Company is seeking to raise finance
 Other motivation for directors to misstate the figures (such as profit targets
or profit related bonuses)
 Financial statements contain balances with complex financial accounting
requirements or a choice of treatment.

The auditors must use their professional judgment and all available knowledge to assess
inherent risk. If no such information or knowledge is available then the inherent risk is high.

Inherent risk is affected by the nature of the entity; for example, the industry it is in and the
regulations it falls under and also the nature of the strategies it adopts.

Control Risk

The risk that a misstatement that could occur in an assertion about a class of transaction,
account balance or disclosure and that could be material, either individually or when
aggregated with other misstatements, will not be prevented, or detected and corrected,
on a timely basis by the entity’s internal control.

In other words this is the risk that a material misstatement would not be prevented,
detected or corrected by the accounting and internal control systems.

Risk that the Auditor will not detect a Material Misstatement in the Financial
Statements

Detection Risk

The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low
level will not detect a misstatement that exists and that could be material, either
individually or when aggregated with other misstatements.

6
This is the component of audit risk that the auditors have a degree of control over,
because, if risk is too high to be tolerated, the auditors can carry out more work to reduce
this aspect of audit risk, and therefore audit risk as a whole.

Auditors will want their overall audit risk to be at an acceptable level, or it will not be worth
them carrying out the audit. In other words, if the chance of them giving an inappropriate
opinion and being sued is high, it might be better not to do the audit at all.

The auditors will obviously consider how risky a new client is during the acceptance
process, and may decide not to go ahead with the relationships. However, they will also
consider audit risk for each individual audit and will seek to manage the risk.

It is not in the auditors’ power to affect inherent or control risk. As they are risks
integral to the client, the auditor cannot change the level of these risks.

The auditor therefore manages overall audit risks by manipulating detection risk, the
only element of audit risk the auditor has control over. This is because, the more audit
work the auditors carry out, the lower detection risk becomes, although it can never be
entirely eliminated due to the inherent limitations of an audit.

Identifying and Assessing the Risk

ISA 315 says that the auditor shall identify and assess the risks of material misstatement at:

a) The financial statement level; and

b) The assertion level for classes of transactions, account balances and disclosures.

The auditor is required to take the following steps:

Step 1: Identify risks throughout the process of obtaining an understanding of the entity
and its environment.

Step 2: Assess the identified risks and relate them to what can go wrong at the assertion level.

Step 3: Consider whether the risks are of a magnitude that could result in a material
misstatement.

Step 4: Consider the likelihood of the risks causing a material misstatement.

Significant Risks

Some risks may be significant risks, which require special audit consideration. ISA 315
sets out the following factors which indicate that a risk might be a significant risk:

Some risks may be significant risks, which require special audit consideration. When the
auditor is identifying and assessing risks, they must consider whether any of the risks identified
are significant risks. When the auditor identifies a significant risk, they must evaluate the
design and implementation of the entity’s controls in that area.

7
ISA 315 sets out the following factors which indicate that a risk may be a significant risk:

 Risk of fraud
 Related to recent significant economic, accounting or other development
 The complexity of the transaction
 It is a significant transaction with a related party
 The degree of subjectivity in the financial information
 It is an unusual transaction

Routine, non-complex transactions are less likely to give rise to significant risk than unusual
transactions or matters of directors’ judgment. This is because unusual transactions are
likely to have more:

 Management intervention
 Manual intervention
 Complex accounting principles or calculations
 Opportunity for control procedures not to be followed

The ISA notes that although it is less likely that the entity will have controls for non-routine
risks, there may still be some. After all, management will still need to respond to these risks
in some way. The auditor should understand whether there are controls such as:

 Review of assumptions by senior management or experts

 Documented processes for estimations
 Approval by those charged with governance

An example of a control for a non-routine risk might be that where the entity receives notice of
a significant lawsuit, it takes advice from legal counsel and considers the effect on the financial
statements.