Add to collection(s) Add to saved
  1. No category
Uploaded by Aliza Mae de Guzman

AT-06-AUDIT-PLANNING

advertisement 
AT 06: AUDIT PLANNING
Outputs of Audit Planning
Planning an Audit of Financial Statements
PSA 330 further provides that the objective of the
auditor is to plan the audit so that it will be
performed in an effective manner.
Planning an audit involves establishing the overall
audit strategy for the engagement and developing
an audit plan. With this, the following are the main
outputs of audit planning:
Roles of Planning
a.
Adequate planning benefits the audit of financial
statements in several ways, including the
following:
b.
●
●
●
●
●
Helping the auditor to devote appropriate
attention to important areas of the audit.
Helping the auditor identify and resolve
potential problems on a timely basis.
Helping the auditor properly organize and
manage the audit engagement so that it is
performed in an effective and efficient
manner.
Assisting in the selection of engagement
team members with appropriate levels of
capabilities and competence to respond to
anticipated risks, and the proper
assignment of work to them.
Facilitating the direction and supervision
of engagement team members and the
review of their work. Assisting, where
applicable, in coordination of work done
by auditors of components and experts.
Factors Affecting the Nature and Extent of
Planning Activities
The nature and extent of planning activities will
vary according to the:
a.
b.
c.
d.
Size and complexity of the entity.
The key engagement team member’s
previous experience with the entity.
Changes in circumstances that occur
during the audit engagement.
Timing of the appointment of the
independent auditor.
Planning as a phase of and audit
Planning is not a discrete phase of audit, but rather
a continual and iterative process that often begins
shortly after (or in connection with) the
completion of the previous audit and continues
until the completion of the current audit
engagement.
Overall audit strategy which sets the
scope, timing and direction of the audit,
and that guides the development of the
audit plan.
Audit plan which shall include a
description of:
i.
The nature, timing and extent of
the following audit procedures.
■ Planned risk assessment
procedures.
■ Further audit procedures
at the assertion level.
ii.
Other planned audit procedures
that are required to be carried out
so that the engagement complies
with the PSAs.
Moreover, the auditor shall update and change the
overall audit strategy and the audit plan as
necessary during the course of the audit.
Documentation
The auditor shall document:
a.
b.
c.
The overall audit strategy.
The audit plan.
Any significant changes made during the
audit engagement to the overall audit
strategy of the audit plan, and the reasons
for such changes.
Major Audit Planning Activities
Identifying the Risk of Material Misstatements
Through Understanding the Entity and Its
Environment
To establish an overall audit strategy, which guides
the development of the audit plan, the auditor
needs to perform procedures which will enable
him or her to (1) obtain an understanding of an
entity and its environment; and (2) identify and
assess risk of material misstatements. These
procedures are known as risk assessment
procedures (RAPs).
Risk Assessment Procedures
As defined in PSA 315, risk assessment procedures
are audit procedures performed to obtain an
understanding of an entity and its environment,
including the entity’s internal control, to identify
and assess the risks of material misstatement,
whether due to fraud or error, at the financial
statement and assertion levels.
Identification and Assessment of Risks of
Material Misstatement
Objective of the Auditor
The objective of the auditor is to identify and assess
the risks of material misstatement, whether due to
fraud or error, at the financial statement and
assertion levels thereby providing a basis for
designing and implementing responses to the
assessed risks of material misstatement.
The auditor is required to design and implement
overall responses to address the assessed risks of
material misstatement at the financial statement
level. The auditor’s assessment of the risks of
material misstatement at the financial statement
level, and the auditor’s overall responses, is
affected by the auditor’s understanding of the
control environment. Also, the auditor is required
to design and perform further audit procedures
whose nature, timing and extent are based on and
are responsive to the assessed risks of material
misstatement at the assertion level.
Components of Risk of Material Misstatement
Risks at the financial statement level relate
pervasively to the financial statements as a whole
and potentially affect many assertions. Risks of
material misstatement at the assertion level
consist of two components, inherent and control
risk:
Identification and Assessment
●
Risks of material misstatement are assessed at the
assertion level in order to determine the nature,
timing and extent of further audit procedures
necessary to obtain sufficient appropriate audit
evidence. For the identified risks of material
misstatement at the assertion level, a separate
assessment of inherent risk and control risk is
required.
Inherent risk is higher for some assertions
and related classes of transactions,
account balances and disclosures than for
others. The degree to which inherent risk
varies is referred to as the ‘spectrum of
inherent risk.’
Risks of material misstatement identified and
assessed by the auditor include both those due to
error and those due to fraud.
The auditor’s risk identification and assessment
process is iterative and dynamic. The auditor’s
understanding of the entity and its environment,
the applicable financial reporting framework, and
the entity’s system of internal control are
interdependent with concepts within the
requirements to identify and assess the risks of
material misstatement. In obtaining the
understanding, initial expectations of risks may be
developed, which may be further refined as the
auditor progresses through the risk identification
and assessment process.
Inherent risk is described as the
susceptibility of an assertion about a class
of transaction, account balance or
disclosure to a misstatement that could be
material, either individually or when
aggregated with other misstatements,
before consideration of any related
controls.
●
Control risk is described as the risk that a
misstatement that could occur in an
assertion about a class of transaction,
account balance or disclosure and that
could be material, either individually or
when
aggregated
with
other
misstatements, will not be prevented, or
detected and corrected, on a timely basis
by the entity’s system of internal control.
AUDIT PROCEDURES
In addition, the auditor is required to revise the
risk assessments, and modify further overall
responses and further audit procedures, based on
audit evidence obtained from performing further
audit procedures or if new information is obtained.
Obtain an understanding of the entity and its
environment, including its internal control
be corroborative or towards excluding audit
evidence that may be contradictory.
Risk Assessment Procedures and Related
Activities
The auditor shall design and perform risk
assessment procedures to obtain audit evidence
that provides an appropriate basis for:
1. The identification and assessment of risks
of material misstatement, whether due to
fraud or error, at the financial statement
and assertion levels; and
2. The design of further audit procedures.
Designing and performing risk assessment
procedures to obtain audit evidence to support the
identification and assessment of the risks of
material misstatement in an unbiased manner may
assist the auditor in identifying potentially
contradictory information, which may assist the
auditor in exercising professional skepticism in
identifying and assessing the risks of material
misstatement.
Professional skepticism
Professional skepticism is necessary for the critical
assessment of audit evidence gathered when
performing the risk assessment procedures, and
assists the auditor in remaining alert to audit
evidence that is not biased towards corroborating
the existence of risks or that may be contradictory
to the existence of risks.
Professional skepticism is an attitude that is
applied by the auditor when making professional
judgments that then provides the basis for the
auditor’s actions. The auditor applies professional
judgment in determining when the auditor has
audit evidence that provides an appropriate basis
for risk assessment.
The application of professional skepticism by the
auditor may include:
● Questioning contradictory information
and the reliability of documents;
● Considering responses to inquiries and
other
information
obtained
from
management and those charged with
governance;
● Being alert to conditions that may indicate
possible misstatement due to fraud or
error; and
● Considering whether audit evidence
obtained
supports
the
auditor’s
identification and assessment of the risks
of material misstatement in light of the
entity’s nature and circumstances.
Obtaining Audit Evidence in an Unbiased
Manner Is Important
The auditor shall design and perform risk
assessment procedures in a manner that is not
biased towards obtaining audit evidence that may
Sources of Audit Evidence
Designing and performing risk assessment
procedures to obtain audit evidence in an unbiased
manner may involve obtaining evidence from
multiple sources within and outside the entity.
However, the auditor is not required to perform an
exhaustive search to identify all possible sources of
audit evidence. In addition to information from
other sources, sources of information for risk
assessment procedures may include:
● Interactions with management, those
charged with governance, and other key
entity personnel, such as internal auditors.
● Certain external parties such as regulators,
whether obtained directly or indirectly.
● Publicly available information about the
entity, for example entity-issued press
releases, materials for analysts or investor
group meetings, analysts’ reports or
information about trading activity.
Regardless of the source of information, the auditor
considers the relevance and reliability of the
information to be used as audit evidence.
Scalability
The nature and extent of risk assessment
procedures will vary based on the nature and
circumstances of the entity (e.g., the formality of
the entity’s policies and procedures, and processes
and systems). The auditor uses professional
judgment to determine the nature and extent of the
risk assessment procedures to be performed to
meet the requirements of the standards.
Although the extent to which an entity’s policies
and procedures, and processes and systems are
formalized may vary, the auditor is still required to
obtain the understanding.
The nature and extent of risk assessment
procedures to be performed the first time an
engagement is undertaken may be more extensive
than procedures for a recurring engagement. In
subsequent periods, the auditor may focus on
changes that have occurred since the preceding
period.
○
○
Specific procedures
a.
Inquiry
○
Inquiries
during
planning
stage
Much of the information obtained by the
auditor’s inquiries is obtained from
management and those responsible for
financial reporting. However, the auditor
may also obtain information, or a different
perspective in identifying risks of material
misstatement, through inquiries of others
within the entity and other employees
with different levels of authority.
d.
governance (such as minutes of
board of directors’ meetings)
Review of documents (such as
business plans and strategies),
records, and internal control
manuals
Reading
articles,
books,
periodicals,
and
other
publications related to the entity’s
industry
Visits to the entity’s premises and
plant
facilities
Analytical procedures
A basic premise underlying the application
of analytical procedures is that plausible
relationships among data may reasonably
be expected to exist and continue in the
absence of known conditions to the
contrary.
Uses of analytical procedures
For
example:
○
○
○
○
○
b.
those charged with governance
internal audit personnel
employees involved in initiating,
processing or recording complex
or unusual transactions
in-house legal counsel
marketing or sales personnel
Phase
Objective
Planning
• To enhance the understanding of the
business
• To identify areas that may represent
specific risks relevant to the audit
• To determine the nature, timing and
extent of FAPs
Substanti
ve tests
• To evaluate the reasonableness of
financial information
•
To obtain corroborative evidence
relating to a particular assertion
• To detect material misstatement
Overall
review
•
To identify unusual or unexpected
account balances that were not previously
identified in planning and substantive
testing
• To assist in determining whether or not
the auditor’s has the ability to issue the
report
Observation
Auditor aims to obtain an understanding
of the entity thru observation of entity’s:
•
processes used in processing
information to be reported; and
•
activities
and
operations.
c.
Below is a summary of phases where analytical
procedures may be applied.
Inspection
Inspection
during
planning
stage
The auditor can obtain an understanding
of the entity through the following
inspection activities during planning:
○ Review of prior year’s working
papers and prior year’s financial
statements
○ Review of reports prepared by the
entity’s management (such as
quarterly management reports
and interim financial statements)
and
those
charged
with
Analytical procedures during planning stage
Analytical procedures may help identify the
Require
d?
existence of unusual transactions or events, and
amounts, ratios, and trends that might indicate
matters that have audit implications. Unusual or
unexpected relationships that are identified may
assist the auditor in identifying risks of material
misstatement, especially risks of material
misstatement due to fraud.
Procedures when applying analytical procedures
1.
2.
3.
Develop expectations regarding financial
statements using (PAA RIN)
○ Prior year’s financial statements
○ Annualized
interim financial
statements
○ Anticipated results such as
budgets, forecasts or projections
○ Typical Relationships among
financial statements account
balances
○ Industry averages
○ Non-financial information
Compare expectations with the items
presented in the financial statements
Define
and
investigate
significant
differences
When there are engagement team members not
involved in the engagement team discussion, the
engagement partner shall determine which
matters are to be communicated to those members.
Consider materiality
Definition
Information is material if its omission or
misstatement could influence the economic
decisions of users taken on the basis of the financial
statements. Materiality depends on the size of the
item or error judged in the particular
circumstances of its omission or misstatement.
The concept of materiality recognizes that some
matters, but not all, are important for fair
presentation of the financial statements in
conformity with PFRS.
Materiality in the Context of an Audit
Materiality generally explains that:
●
Information from Other Sources
In obtaining audit evidence, the auditor shall
consider information from:
1. The auditor’s procedures regarding
acceptance or continuance of the client
relationship or the audit engagement; and
2. When applicable, other engagements
performed by the engagement partner for
the entity.
When the auditor intends to use information
obtained from the auditor’s previous experience
with the entity and from audit procedures
performed in previous audits, the auditor shall
evaluate whether such information remains
relevant and reliable as audit evidence for the
current audit.
●
●
Misstatements, including omissions, are
considered to be material if they,
individually or in the aggregate, could
reasonably be expected to influence the
economic decisions of users taken on the
basis of the financial statements;
Judgments about materiality are made in
light of surrounding circumstances, and
are affected by the size or nature of a
misstatement, or a combination of both;
and
Judgments about matters that are material
to users of the financial statements are
based on a consideration of the common
financial information needs of users as a
group.
The
possible
effect
of
misstatements on specific individual
users, whose needs may vary widely, is not
considered.
Uses of materiality
Engagement Team Discussion
The engagement partner and other key
engagement team members shall discuss the
application of the applicable financial reporting
framework and the susceptibility of the entity’s
financial statements to material misstatement.
Accordingly, materiality should be considered by
the auditor in the following phases:
a. Planning phase
● To identify and assess the risks of material
misstatement;
● To determine the nature, timing and
extent of further audit procedures
b. Completion phase
●
To evaluate the effect of uncorrected
misstatements, if any, on the financial
statements and in forming the opinion in
the auditor’s report.
Determination of materiality
business
✓understanding of the view of those
charged
with
governance
and
management
C. Performance materiality
●
The auditor’s determination of materiality is a
matter of professional judgment, and is affected by
the auditor’s perception of the financial
information needs of users of the financial
statements.
Using professional judgment, auditor is required to
determine the following three different levels of
materiality.
A. Materiality for the financial statements as a
whole
●
●
●
●
the materiality determined at the overall
financial statement level
represented by the smallest aggregate
amount of misstatement applicable to all
financial statements
it helps the auditor determine whether the
proposed
audit
adjustments
are
significant or not
if the audit adjustments exceed this level,
the auditor may need to adjust the
financial statements
●
●
●
B. Materiality applied to specific classes of
transactions, account balance or disclosures
●
●
is the amount set by the auditor for
particular classes of transactions, account
balances or disclosures for which
misstatements,
though lower than overall materiality, it
could reasonably be expected to influence
the economic decisions of users of the
financial
statements
In determining the specific materiality, the
auditor normally considers the following
factors:
✓laws and regulations (e.g. related party
transactions)
✓financial
reporting
framework
✓key industry disclosures of the entity
✓particular aspects of the entity’s
the amount or amounts set by the auditor
at less than materiality for the financial
statements as a whole to reduce to an
appropriately low level the probability
that the aggregate of uncorrected and
undetected
misstatements
exceeds
materiality for the financial statements as
a whole
also refers to the amount or amounts set
by the auditor at less than the materiality
level or levels for particular classes of
transactions,
account
balances
or
disclosures
calculated as a certain percentage of
overall materiality in order to capture any
uncorrected misstatements, the total
amount of which may exceed overall
materiality
used in scoping of financial statement line
items to be tested by the auditor and
ensures that significant accounts in the
financial statements are covered by audit
testing
In determining performance materiality,
an understanding of the following factors
may affect the auditor’s judgment such as:
○ nature of the entity’s business and
transactions
○ risk assessment procedures
○ nature
and
extent
of
misstatements
identified
in
previous audits
Audit Risk
Definition
Audit risk is the risk that the auditor gives an
inappropriate audit opinion when the financial
statements
are
materially
misstated.
Components of Audit risk
a.
Risk
of
material
misstatement
Risk of material misstatement is the
possibility that material misstatements
exist on the financial statements prepared
and presented by the entity. Items
contributing to this risk include inherent
risk and control risk (see definitions
above).
○
b.
c.
Risk of not Detecting the Misstatement
(more popularly known as detection risk)
○ Detection Risk is the risk that the
auditor’s substantive procedures
will not detect a misstatement
that exists in an account balance
or class of transactions that could
be material, individually or when
aggregated with misstatements in
other balances or classes.
These components may be expressed in a
formula which shows how they will
comprise the audit risk:
AUDIT RISK = Risk of material misstatement x
Risk of non-detection
OR
AUDIT RISK = Inherent risk x Control risk x
Detection risk
INHERENT RISK ASSESSMENT PROCESS
A. Understand the entity and its environment
and the applicable financial reporting
framework.
The auditor’s understanding of the entity and its
environment, and the applicable financial
reporting framework, assists the auditor in
understanding the events and conditions that are
relevant to the entity, and in identifying how
inherent risk factors affect the susceptibility of
assertions to misstatement in the preparation of
the financial statements, in accordance with the
applicable financial reporting framework, and the
degree to which they do so. Such information
establishes a frame of reference within which the
auditor identifies and assesses risks of material
misstatement.
The auditor’s understanding of the entity and its
environment, and the applicable financial
reporting framework, also informs how the auditor
plans and performs further audit procedures, for
example, when:
●
Identifying and Assessing the Risks of Material
Misstatement
●
Using the understanding of the entity and its
environment, including its internal control,
obtained by the auditor, the auditor identifies and
assesses risk of material misstatement at
● financial statements level; and
● assertion level for classes of transactions,
account balances, and disclosures.
●
Effects of assessment to auditor’s
procedures
Since the objective of the auditor when
auditing financial statements is to provide
reasonable assurance that the financial
statements are free from material
misstatements, a higher risk of material
misstatements will require the auditor to
perform more effective and extensive
audit procedures.
Developing expectations for use when
performing analytical procedures;
Designing and performing further audit
procedures
to
obtain
sufficient
appropriate audit evidence; and
Evaluating
the
sufficiency
and
appropriateness of audit evidence
obtained (e.g., relating to assumptions or
management’s
oral
and
written
representations).
The auditor shall perform risk assessment
procedures to obtain an understanding of:
1.
The following aspects of the entity and its
environment:
1. The
entity’s
organizational
structure,
ownership
and
governance, and its business
model, including the extent to
which the business model
integrates the use of IT;
2. Industry, regulatory and other
external
factors;
and
3.
The measures used, internally
and externally, to assess the
entity’s financial performance;
2.
3.
The applicable financial reporting
framework, and the entity’s accounting
policies and the reasons for any changes
thereto; and
How inherent risk factors affect
susceptibility
of
assertions
to
misstatement and the degree to which
they do so, in the preparation of the
financial statements in accordance with
the
applicable
financial
reporting
framework, based on the understanding
obtained in (a) and (b).
The auditor shall evaluate whether the entity’s
accounting policies are appropriate and consistent
with the applicable financial reporting framework.
Scalability
The nature and extent of the required
understanding is a matter of the auditor’s
professional judgment and varies from entity to
entity based on the nature and circumstances of the
entity, including:
●
●
●
●
The size and complexity of the entity,
including its IT environment;
The auditor’s previous experience with
the entity;
The nature of the entity’s systems and
processes, including whether they are
formalized or not; and
The nature and form of the entity’s
documentation.
The auditor’s risk assessment procedures to obtain
the required understanding may be less extensive
in audits of less complex entities and more
extensive for entities that are more complex. The
depth of the understanding that is required by the
auditor is expected to be less than that possessed
by management in managing the entity.
Some financial reporting frameworks allow
smaller entities to provide simpler and less
detailed disclosures in the financial statements.
However, this does not relieve the auditor of the
responsibility to obtain an understanding of the
entity and its environment and the applicable
financial reporting framework as it applies to the
entity.
The entity’s use of IT and the nature and extent of
changes in the IT environment may also affect the
specialized skills that are needed to assist with
obtaining the required understanding.
B. Identify significant classes of transactions,
account balances, and disclosures; relevant
assertions
The auditor shall determine the relevant assertions
and the related significant classes of transactions,
account balances and disclosures.
Significant class of transactions, account balance or
disclosure is a class of transactions, account
balance or disclosure for which there is one or
more relevant assertions. On the other hand,
relevant assertion is an assertion about a class of
transactions, account balance or disclosure is
relevant when it has an identified risk of material
misstatement. The determination of whether an
assertion is a relevant assertion is made before
consideration of any related controls (i.e., the
inherent risk).
Identified risk of material misstatement
1.
Assessing
risks
misstatement
at
statement
of
the
material
financial
level
For identified risks of material
misstatement at the financial statement
level, the auditor shall assess the risks and:
1. Determine whether such risks
affect the assessment of risks at
the assertion level; and
2. Evaluate the nature and extent of
their pervasive effect on the
financial statements.
2.
Assessing
risks
of
material
misstatement at the assertion level
Assessing
Inherent
Risk
For identified risks of material
misstatement at the assertion level, the
auditor shall assess inherent risk by
assessing the likelihood and magnitude of
misstatement. In doing so, the auditor
shall take into account how, and the
degree to which:
1. Inherent risk factors affect the
susceptibility
of
relevant
assertions to misstatement; and
The
risks
of
material
misstatement at the financial
statement level affect the
assessment of inherent risk for
risks of material misstatement at
the assertion level.
Likelihood and magnitude of misstatement
2.
The auditor assesses the likelihood and magnitude
of misstatement for identified risks of material
misstatement because the significance of the
combination of the likelihood of a misstatement
occurring and the magnitude of the potential
misstatement were the misstatement to occur
determines where on the spectrum of inherent risk
the identified risk is assessed, which informs the
auditor’s design of further audit procedures to
address
the
risk.
Assessing the inherent risk of identified risks of
material misstatement also assists the auditor in
determining significant risks. The auditor
determines significant risks because specific
responses to significant risks are required in
accordance
with
the
standards.
Inherent risk factors
Inherent risk factors pertain to characteristics of
events or conditions that affect susceptibility to
misstatement, whether due to fraud or error, of an
assertion about a class of transactions, account
balance or disclosure, before consideration of
controls.
Such factors may be qualitative or quantitative, and
include
● Complexity
● Subjectivity
● Change
● Uncertainty
● Susceptibility to misstatement due to
management bias or other fraud risk
factors insofar as they affect inherent risk
Inherent risk factors influence the auditor’s
assessment of the likelihood and magnitude of
misstatement for the identified risks of material
misstatement at the assertion level. The greater the
degree to which a class of transactions, account
balance or disclosure is susceptible to material
misstatement, the higher the inherent risk
assessment is likely to be. Considering the degree
to which inherent risk factors affect the
susceptibility of an assertion to misstatement
assists the auditor in appropriately assessing
inherent risk for risks of material misstatement at
the assertion level and in designing a more precise
response to such a risk.
3.
Spectrum
of
inherent
risk
The degree to which inherent risk varies,
is referred to as the “spectrum of inherent
risk” – consider likelihood and magnitude
of material misstatement to determine
whether where on the spectrum the risk
lies.
In assessing inherent risk, the auditor uses
professional judgment in determining the
significance of the combination of the
likelihood
and
magnitude
of
a
misstatement.
The auditor uses the significance of the
combination of the likelihood and
magnitude of a possible misstatement in
determining where on the spectrum of
inherent risk (i.e., the range) inherent risk
is assessed. The higher the combination of
likelihood and magnitude, the higher the
assessment of inherent risk; the lower the
combination of likelihood and magnitude,
the lower the assessment of inherent risk.
The assessed inherent risk relating to a
particular risk of material misstatement at
the assertion level represents a judgment
within a range, from lower to higher, on
the spectrum of inherent risk. The
judgment about where in the range
inherent risk is assessed may vary based
on the nature, size and complexity of the
entity, and takes into account the assessed
likelihood and magnitude of the
misstatement and inherent risk factors.
For a risk to be assessed as higher on the
spectrum of inherent risk, it does not mean
that both the magnitude and likelihood
need to be assessed as high. Rather, it is
the intersection of the magnitude and
likelihood of the material misstatement on
the spectrum of inherent risk that will
determine whether the assessed inherent
risk is higher or lower on the spectrum of
inherent risk. A higher inherent risk
assessment may also arise from different
combinations of likelihood and magnitude,
4.
for example a higher inherent risk
assessment could result from a lower
likelihood but a very high magnitude.
○
Identify
○
significant
risks
The auditor shall determine whether any
of the assessed risks of material
misstatement are significant risks.
Significant risk refers to an identified
risk of material misstatement:
1.
2.
Determination
For which the assessment of
inherent risk is close to the upper
end of the spectrum of inherent
risk due to the degree to which
inherent risk factors affect the
combination of the likelihood of a
misstatement occurring and the
magnitude of the potential
misstatement
should
that
misstatement occur; or
That is to be treated as a
significant risk in accordance with
the requirements of other ISAs.
of
significant
risk
The determination of significant risks allows for
the auditor to focus more attention on those risks
that are on the upper end of the spectrum of
inherent risk, through the performance of certain
required responses, including:
○
○
○
Controls that address significant
risks are required to be identified
with a requirement to evaluate
whether the control has been
designed
effectively
and
implemented.
Controls that address significant
risks are required to be tested in
the current period (when the
auditor intends to rely on the
operating effectiveness of such
controls)
and
substantive
procedures are to be planned and
performed that are specifically
responsive to the identified
significant risk.
To obtain more persuasive audit
evidence the higher the auditor’s
assessment of risk.
○
○
To communicate with those
charged with governance the
significant risks identified by the
auditor.
To take into account significant
risks when determining those
matters that required significant
auditor attention, which are
matters that may be key audit
matters.
Timely
review
of
audit
documentation
by
the
engagement partner at the
appropriate stages during the
audit allows significant matters,
including significant risks, to be
resolved on a timely basis to the
engagement partner’s satisfaction
on or before the date of the
auditor’s report.
For audit of group financial
statements, more involvement by
the group engagement partner if
the significant risk relates to a
component in a group audit and
for the group engagement team to
direct the work required at the
component by the component
auditor.
The auditor may first identify those assessed risks
of material misstatement that have been assessed
higher on the spectrum of inherent risk to form the
basis for considering which risks may be close to
the upper end. Being close to the upper end of the
spectrum of inherent risk will differ from entity to
entity, and will not necessarily be the same for an
entity period on period. It may depend on the
nature and circumstances of the entity for which
the
risk
is
being
assessed.
The determination of which of the assessed risks of
material misstatement are close to the upper end
of the spectrum of inherent risk, and are therefore
significant risks, is a matter of professional
judgment, unless the risk is of a type specified to be
treated as a significant risk in accordance with the
requirements of another ISA. ISA 240 provides
further requirements and guidance in relation to
the identification and assessment of the risks of
material
misstatement
due
to
fraud.
The auditor also takes into the account the relative
effects of inherent risk factors when assessing
inherent risk. The lower the effect of inherent risk
factors, the lower the assessed risk is likely to be.
Detection risk may be determined by rearranging
Risks of material misstatement that may be
the formula for audit risk:
assessed as having higher inherent risk and may
AUDIT RISK = Inherent risk x Control risk x Detection risk
therefore be determined to be a significant risk,
DETECTION RISK = Audit Risk / (Inherent risk x Control risk)
may arise from matters such as the following:
○ Transactions for which there are
multiple acceptable accounting
treatments such that subjectivity
is involved.
Use of assessed level of detection risk
○ Accounting estimates that have
From the assessed level of detection risk, the
high estimation uncertainty or
auditor will then design substantive procedures.
complex models.
○ Complexity in data collection and
The following table summarizes the effects of
processing to support account
detection risk to auditor’s procedures.
balances.
Lower DR
Higher DR
○ Account balances or quantitative
disclosures that involve complex
calculations.
Natu More effective procedures Less effective procedures
○ Accounting principles that may be
re
may be applied
may be applied
subject to differing interpretation.
○ Changes in the entity’s business
that
involve
changes
in
Timi Procedures
will
be Procedures
will
be
accounting, for example, mergers
ng
performed closer or nearer performed at interim or
and acquisitions.
to year-end
several dates
CONTROL RISK ASSESSMENT PROCESS (See
Exte Larger sample size will be Smaller sample size will
Category 7)
nt
tested
be tested
ASSESSMENT OF RISK OF MATERIAL
MISSTATEMENT (Inherent risk x Control risk)
Materiality in relation to audit risk
4. Determine the acceptable level of audit risk
The determination of acceptable level of audit risk
is a matter of professional judgment to be made by
the auditor. When making that judgment, the
auditor considers the level of assurance to be
provided by his or report and the extent of reliance
to be placed by users to his or her work.
5. Identify detection risk to determine the
nature, timing and extent of further audit
procedures
Definition
As defined previously, detection risk is the risk that
the auditor’s substantive procedures will not
detect a misstatement that exists in an account
balance or class of transactions that could be
material, individually or when aggregated with
misstatements in other balances or classes.
Determination of detection risk
There is an inverse relationship between
materiality and the level of audit risk, that is, the
higher the materiality level, the lower the audit risk
and vice versa.
B. ESTABLISHING
STRATEGY
THE
OVERALL
AUDIT
In establishing the overall audit strategy, the
auditor shall:
● Identify the characteristics of the
engagement that define its scope such as
1. the financial reporting framework
used;
2. industry-specific
reporting
requirements; and
3. the locations of the components of
the entity.
● Ascertain the reporting objectives of the
engagement to plan the timing of the audit
and the nature of the communications
required such as
deadlines for interim and final
reporting; and
2. key
dates
for
expected
communications
with
management and those charged
with governance.
Consider the factors that, in the auditor’s
professional judgment, are significant in
directing the engagement team’s efforts
such as
1. determination of appropriate
materiality levels;
2. preliminary
identification of
areas where there may be higher
risks of material misstatement;
3. preliminary
identification of
material components and account
balances;
4. evaluation of whether the auditor
may plan to obtain evidence
regarding the effectiveness of
internal control; and
5. identification of recent significant
entity-specific, industry, financial
reporting or other relevant
developments.
Considers the results of preliminary
engagement activities and, where
practicable,
whether
knowledge
(experience)
gained
on
other
engagements
performed
by
the
engagement partner for the entity is
relevant.
Ascertain the nature, timing and extent of
resources necessary to perform the
engagement.
1.
●
●
●
Considerations in Establishing the Overall
Audit Strategy
●
●
●
●
●
●
●
●
●
●
Reporting Objectives, Timing of the Audit, and
Nature of Communications
Characteristics of the Engagement
●
●
●
●
●
The financial reporting framework on
which the financial information to be
audited has been prepared, including any
need for reconciliations to another
financial reporting framework.
Industry-specific reporting requirements
such as reports mandated by industry
regulators.
The expected audit coverage, including the
number and locations of components to be
included.
The nature of the control relationships
between a parent and its components that
determine how the group is to be
consolidated.
The extent to which components are
audited by other auditors.
The nature of the business segments to be
audited, including the need for specialized
knowledge.
The reporting currency to be used,
including any need for currency
translation for the financial information
audited.
The need for a statutory audit of
standalone financial statements in
addition to an audit for consolidation
purposes.
The availability of the work of internal
auditors and the extent of the auditor’s
potential reliance on such work.
The entity’s use of service organizations
and how the auditor may obtain evidence
concerning the design or operation of
controls performed by them.
The expected use of audit evidence
obtained in previous audits, for example,
audit evidence related to risk assessment
procedures and tests of controls.
The effect of information technology on
the audit procedures, including the
availability of data and the expected use of
computer-assisted audit techniques.
The coordination of the expected coverage
and timing of the audit work with any
reviews of interim financial information
and the effect on the audit of the
information obtained during such reviews.
The availability of client personnel and
data.
●
●
The entity's timetable for reporting, such
as at interim and final stages.
The organization of meetings with
management and those charged with
governance to discuss the nature, timing
and extent of the audit work.
The discussion with management and
those charged with governance regarding
the expected type and timing of reports to
be issued and other communications, both
written and oral, including the auditor's
report,
management
letters
and
communications to those charged with
governance.
The discussion with management
regarding the expected communications
on the status of audit work throughout the
engagement.
Communication
with
auditors
of
components regarding the expected types
and timing of reports to be issued and
other communications in connection with
the audit of components.
The expected nature and timing of
communications among engagement team
members, including the nature and timing
of team meetings and timing of the review
of work performed.
Whether there are any other expected
communications with third parties,
including any statutory or contractual
reporting responsibilities arising from the
audit.
●
Significant Factors, Preliminary Engagement
Activities, and Knowledge Gained on Other
Engagements
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
The determination of appropriate
materiality levels, including:
1. Setting materiality for planning
purposes.
2. Setting
and
communicating
materiality for auditors of
components.
3. Reconsidering materiality as
audit procedures are performed
during the course of the audit.
4. Preliminary
identification of
material components and account
balances.
Preliminary identification of areas where
there may be a higher risk of material
misstatement.
The impact of the assessed risk of material
misstatement at the overall financial
statement level on direction, supervision
and review.
The manner in which the auditor
emphasizes to engagement team members
the need to maintain a questioning mind
and to exercise professional skepticism in
gathering and evaluating audit evidence.
Results of previous audits that involved
evaluating the operating effectiveness of
internal control, including the nature of
identified weaknesses and action taken to
address them.
●
The discussion of matters that may affect
the audit with firm personnel responsible
for performing other services to the entity.
Evidence of management's commitment to
the
design,
implementation
and
maintenance of sound internal control,
including evidence of appropriate
documentation of such internal control.
Volume of transactions, which may
determine whether it is more efficient for
the auditor to rely on internal control.
Importance attached to internal control
throughout the entity to the successful
operation of the business.
Significant
business
developments
affecting the entity, including changes in
information technology and business
processes, changes in key management,
and
acquisitions,
mergers
and
divestments.
Significant industry developments such as
changes in industry regulations and new
reporting requirements.
Significant changes in the financial
reporting framework, such as changes in
accounting standards.
Other significant relevant developments,
such as changes in the legal environment
affecting the entity.
Nature, Timing and Extent of Resources
●
●
The selection of the engagement team
(including,
where
necessary,
the
engagement quality control reviewer) and
the assignment of audit work to the team
members, including the assignment of
appropriately experienced team members
to areas where there may be higher risks
of material misstatement.
Engagement
budgeting,
including
considering the appropriate amount of
time to set aside for areas where there may
be higher risks of material misstatement.
Important note:
● When establishing the overall audit
strategy, the auditor aims to create a
strategy or approach that will result to an
effective and efficient audit. Thus,
appropriate levels of materiality and audit
risk must be considered carefully.
C. DEVELOPING AN AUDIT PLAN
Audit plan
whose work in that field is used by the
auditor to assist the auditor in obtaining
sufficient appropriate audit evidence. An
auditor’s expert may be either an auditor’s
internal expert (who is a partner or staff,
including temporary staff, of the auditor’s
firm or a network firm), or an auditor’s
external
expert.
The audit plan is more detailed than the overall
audit strategy in that it includes the nature, timing
and extent of audit procedures to be performed by
engagement team members. An audit plan shall
include a description of the
● nature, timing and extent of the risk
assessment procedures;
● further audit procedures; and
● other planned audit procedures that are
required to be carried out so that the
engagement complies with PSAs.
When using the work of an auditor’s
expert, the following shall be considered
by the auditor
○ Selecting an expert
○ Obtaining an understanding of the
field of expertise of the expert
○ Considering the nature, timing
and extent of audit procedures
Audit program
The form and content of the audit program may
vary for each particular engagement but would
generally contain the following:
● The audit objectives for each area;
● The nature, timing, and extent of audit
procedures required to implement the
overall audit plan; and
● A time budget in which hours are
budgeted for the various audit areas or
procedures.
The audit program shall serve as a:
● Set of instructions to assistants involved in
the audit; and
● Means to control and record the proper
execution of the work.
2.
Preliminary
D. DIRECTION, SUPERVISION, AND REVIEW
For initial audits, additional matters the auditor
may consider in establishing the overall audit
strategy and audit plan include the following:
●
1.
Determining the need of an auditor’s
expert
An auditor’s expert is an individual or
organization possessing expertise in a
field other than accounting or auditing,
activities
Establishing overall audit strategy and audit
plan
The auditor shall plan the nature, timing and extent
of direction and supervision of engagement team
members and the review of their work.
E. OTHER PLANNING CONSIDERATIONS
engagement
The auditor shall perform the following
activities prior to starting an initial audit:
1. Perform procedures regarding
the acceptance of the client
relationship and the specific audit
engagement; and
2. Where there has been a change of
auditors, communicate with the
previous auditor in compliance
with
relevant
ethical
requirements.
Communication during planning phase
The auditor may decide to discuss elements of
planning with the entity’s management to facilitate
the conduct and management of the audit
engagement (for example, to coordinate some of
the planned audit procedures with the work of the
entity's personnel).
Additional considerations in initial audit
engagements
●
Unless prohibited by law or regulation,
arrangements to be made with the
previous auditor (for example: to review
the predecessor auditor’s working
papers).
Any major issues (including the
application of accounting principles or of
auditing and reporting standards)
discussed with management in connection
with the initial selection as auditor, the
communication of these matters to those
charged with governance and how these
●
●
3.
matters affect the overall audit strategy
and audit plan.
The audit procedures necessary to obtain
sufficient appropriate audit evidence
regarding opening balances.
Other procedures required by the firm’s
system of quality control for initial audit
engagements (for example, the firm’s
system of quality control may require the
involvement of another partner or senior
individual to review the overall audit
strategy prior to commencing significant
audit procedures or to review reports
prior to their issuance).
Considerations
entities
Less complex
planning
specific
or
to
smaller
time-consuming
activities
Establishing the overall audit strategy and
plan for the audit of a small entity need not
be a complex or time-consuming exercise;
it varies according to the size of the entity,
the complexity of the audit, and the size of
the
engagement
team.
Consultation
When an audit is carried out entirely by an
audit engagement partner, who may be a
sole practitioner, it may be desirable to
consult with other suitably-experienced
auditors or the auditor’s professional
body.
Related documents
RISKMOD
RISKMOD
1&4
1&4
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Download
advertisement