Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

Audit Planning and Risk Assessment

Chapter 6
Audit Planning and Risk Assessment
Learning Objectives
1. Learn the steps of the planning process for an integrated audit.
2. Become familiar with the components that impact the audit strategy and
audit plan.
3. Understand the relationship of risk assessment, materiality, and planning.
4. Define the Fraud Triangle and recognize fraud risk factors.
5. Identify triggers for reevaluating the audit strategy and audit plan.
6. Summarize important information that is documented as part of audit
planning.
7. Identify changes that can be made to audit approaches for higher risk
areas.
8. Explain different types of audit activities and their purposes.
Overview of the Planning and Risk Assessment Process
Exhibit 6-1
One Engagement
 Planning for an integrated audit must achieve the
objectives of both audits – opinion on the financial
statements and opinion on ICFR
 Auditor needs sufficient evidence to
 Assess risk
 Address ICFR effectiveness
For an ICFR opinion in a financial statement audit
For decision on how much to rely on ICFR in a financial
statement audit


 Address fairness of the financial statements
Overview of Planning
 Audit planning is a continuous process; the audit
plan may need to be adjusted as new information is
obtained
 Risk assessment is integrated throughout, including
assessing fraud risk
 Steps in planning
 Establishing the audit strategy
 Planning the audit resources
 Develop the audit plan
 Communication on planning
Overall Audit Strategy
 Big picture of the audit; auditors can do this before
they do audit procedures based on
 Experience in and knowledge of the industry
 Information gained through client acceptance process
 Previous audit engagements, such as quarterly reviews
 Components of the audit strategy
 Scope of the engagement
 Timing
 Materiality and risk
 Fraud risk
Audit Strategy: Scope of the Engagement
 What are deliverables for this particular
client?
 How much and what type of work does the
auditor need to do?
 When and where does the work need to be
done?
 How should the work be scaled to fit the size,
environment and complexity of the audit client?
Audit Strategy: Scope of the Engagement
Client attributes that affect scope:
 Accounting presentation
 Is the presentation US GAAP, IFRS, GASB, statutory based, other?
 Entity structure
 Is it public or privately owned? Is it a parent or subsidiary? Does it have multiple
locations, and if so what is the materiality at the other locations?
 Information technology
 Complexity of the system? Entity level and application controls?
 Client outsourcing
 How important are outsourced services? How will audit address the service provider?
 Work of others
 How will this affect the nature, timing and extent of audit procedures?
 First year vs. continuing audits
Audit Strategy: Timing
 Client events that create audit deadlines
 Key dates for communication with management, Audit
Committee and Board of Directors
 SEC deadlines for filing quarterly and annually
 Date at which other auditors will supply or need audit
reports
 Requirements of other regulators
 Are audit resources (human resources) available in
the right combinations at the right times?
Audit Strategy: Materiality and Risk
 Materiality
 …the magnitude of an omission or misstatement of
accounting information that, in the light of
surrounding circumstances, makes it probably that
the judgment of a reasonable person relying on the
information would have been changed or
influenced by the omission or misstatements
Audit Strategy: Materiality and Risk
 Auditors assess materiality based on whether the
issue would influence the economic decisions of users
with certain qualifications
 Appropriate knowledge
 Willingness to study the financial statements
 Understand the concept of materiality
 Understand measurement issues like estimates and
judgments
 Will make appropriate economic decisions using the
financial statements
Audit Strategy: Materiality and Risk
Top Down Approach
 What amount is material at the financial statement level?
 What accounts and disclosures are significant to the financial statements?
 What assertions are relevant to the significant accounts and disclosures?
 What could go wrong to cause a material misstatement or omission related
to each relevant assertion in each significant account or disclosure?
 Is there a control in place that is intended to prevent that event (the risk)
from occurring or that will detect it on a timely basis? If yes, is the control
designed sufficiently well that (if it operates effectively) it will prevent or
detect the risk? If yes, does the control operate well enough (effectively) to
prevent or detect the risk?
 Are there any material misstatements or omissions in any significant accounts
or disclosures?
Audit Strategy: Materiality and Risk
 Materiality includes both quantitative and qualitative
aspects; something might not be material from a quantitative
perspective but have qualitative characteristics that make it
material regardless of amount. Management fraud is an
example of something that is material regardless of amount.
 Significant risks are risks in the business that are important
enough to require special audit consideration. When auditing
a non-public company that does not require an ICFR opinion
the auditor may not choose to rely on internal controls when
planning tests of balances. Even in that situation, the auditor
must identify and assess the impact of significant risks.
Audit Strategy: Materiality and Risk
 Materiality
 Set at financial statement level and at account balance
level
 Planning concepts of materiality:



Tolerable misstatement (for account balances)
Tolerable rate of error (for ICFR)
Qualitative materiality
 Auditor judgment
 Benchmarks or rule of thumb, or quantitative analysis to
set planning materiality
Audit Strategy: Materiality and Risk
 The auditor decides what tolerable misstatement is for an
account balance and tolerable rate of error is for a control.
 The auditor conducts the planned audit procedures to test the
account balance. In general, if the conclusion is that the account
balance misstatement is less than the tolerable misstatement
the auditor accepts the account balance.
 If a control is effectively designed, the auditor conducts the
planned audit procedures to test the operating effectiveness of
the control. In general, if the conclusion is that the control’s
failure rate is less than the tolerable rate of error, then the
auditor concludes that the control is effective.
Audit Strategy: Fraud Risk
 Preliminary assessment of fraud risk during
planning; brainstorming session
 Responsibility to maintain professional skepticism
 Fraud Triangle: incentive, opportunity,
rationalization
 Auditor specifically tests the operating effectiveness
of anti-fraud controls
 Audit planning also includes client’s risk of illegal
acts that could materially impact the financial
statements
Audit Strategy: Fraud Risk
 Anti-fraud controls include those:
 Over significant, unusual transactions particularly late




or unusual journal entries
Over journal entries and adjustments made in the
period-end financial reporting process
Over related party transactions
Related to significant management estimates
That mitigate incentives for, and pressures on
management to falsify or inappropriately manage
financial results
Audit Strategy
 Recent significant developments
 Recurring engagement: events since the last audit
 New engagement: events since the client was accepted
 Can be internal events or external developments
 Auditor spends more time on these issues
 Sources of information for the audit strategy
 Client acceptance and continuance activities
 Understanding the client’s system
 Other engagements for the client
 Planning meeting and planning memorandum
Planning the Audit Resources
 Assignments of the audit team
 Timing of audit work
 High-risk areas
 Engagement budget
Audit Resources: Assignments
 The work must be planned and any assistants must be properly
supervised; required by auditing standards and quality control
standards
 Supervision includes instruction and review
 The firm should match jobs to individuals based on difficulty
and complexity of the job and experience and expertise of
the individual
 How much time of people at which levels does the audit
require?
 Sometimes there is a trade-off – a person with greater skills can
perform the task faster and better, will require less instruction and
the review will be easier
Audit Resources: Timing
 Terms
 Interim procedures, interim date
 Busy season
 Timing of procedures in audit plan is for best effectiveness and efficiency.
 Interim work helps
 Discover problems earlier so the client can fix them or the auditor can
plan to spend more time on them during year end work
 When the client does not retain records or not in the original format
 Some work must be done at or after year end
 ICFR audit work on the client’s year end financial reporting process
 Agreeing financial statements to the accounting records
 Examining adjustments made when preparing the financial statements
Audit Resources: Timing
 Roll forward audit procedures
 When procedures performed at an interim date have
to be carried forward through fiscal year end
 Applies to ICFR work for financial statement and
ICFR audits
 Does a control that was tested at an interim date
continue to operate in the same way (either good or
bad) through the end of the year?
 Applies to financial statement audit work
 Reconcile an account balance tested at an interim date
with the year end account balance
Audit Resources: High Risk Areas
 Based on risk assessment procedures
 More audit effort is directed toward high risk areas
 e.g., more tests, more experienced staff, specialists
 Specialist: a person or firm possessing special skill or knowledge in a
particular field other than accounting or auditing
 Can work for client, CPA firm or may be an outsider
 Audit evaluates qualifications and work of specialist before using it
 If specialist’s work is unreasonable, auditor does more work
 Examples: actuaries, appraisers, engineers, environmental consultants,
geologists, lawyers
 A professional particularly knowledgeable about IT may be needed
 Computer system is pervasive and critical to operations; is new, recently
changed, complex; uses emerging technology; used for e-commerce
Audit Resources: High Risk Areas
 IT expert’s potential contributions to the audit
 Determining the effect of IT on the audit
 Understanding the IT controls
 Designing and performing tests of IT controls
 Designing and performing IT-related or IT-based
substantive procedures
Audit Resources: Engagement Budget
 Audit planning includes preparing a preliminary time budget
 Detailed by areas of the audit
 Indicates anticipated time of professionals at various experience levels
for each area
 Purposes and uses of a time budget
 Planning engagements
 Evaluating staff
 Managing the firm
 Audit professionals track and report time spent on the engagement
 Firm can compare budget with actual outcomes
 Budgeted to actual is used for billing, evaluating staff performance and
bidding on future engagements
Develop the Audit Plan
 Nature, timing and extent of audit
procedures
 Top down approach
 Different types of audit procedures
Audit Plan: Nature, Timing and Extent
 First the auditor has to know:
 Management assertions (which requires knowing which
accounts are important), materiality, risk, timing driven by
client specifics
 Terms are used a lot; meaning is simple:
 Nature is type of test, control or substantive, and which
specific audit procedures is to be performed
 Timing is when it is to be performed; considerations are
having audit resources available, evidence availability,
being able to test the period for which evidence is needed
 Extent is quantity of testing to be performed
Audit Plan: Nature, Timing and Extent
 Nature: Tests of controls
 For ICFR audit, the auditor must test controls
 For financial statement audit, auditor tests those controls that are to be relied
upon – for entire period of planned reliance
 If a significant account, type of transaction, or disclosure is susceptible to material
misstatement, the auditor defines what causes that susceptibility. If a control exists
that is effectively designed to prevent or detect the event that will cause the
account or disclosure to be materially misstated, the auditor plans how to test the
controls operating effectiveness.
 Nature: Substantive Procedures
 Purpose is straightforward, tests are planned to detect material misstatements that
exist in the financial statements
 Nature: Types of procedures to obtain audit evidence
 Inspection, observation, inquiry, external confirmation, recalculation,
reperformance, analytical procedures
Audit Plan: Nature, Timing and Extent
 Extent: If test are properly designed for the audit
issue being evaluated, the assumption is that more
testing provides more evidence.
 Extent considerations includes sampling decisions
 Discussed more in later chapters
 Properly designed sampling approaches can
provide sufficient evidence to permit the auditor to
draw valid conclusions without examining all the
transactions
Audit Plan: Top Down Approach
 How to plan substantive audit steps…identify,
assess and decide upon:
 Significant accounts, transactions or disclosures
 Relevant assertions for them
 Risks of material misstatement related to those
assertions
 Substantive audit procedures to address those possible
material misstatements
Audit Plan: Top Down Approach
 How to plan control audit steps…identify, assess
and decide upon:
 Significant accounts, transactions or disclosures
 Relevant assertions for them
 Risks of material misstatement related to those
assertions
 Causes of the risks
 Controls that address the causes of the risks
 Tests of the controls
Audit Plan: Types of Audit Procedures
 Audit evidence: an accumulation of activities, documents and
information that persuades the auditor to have reasonable
assurance that management’s assertions are appropriate.
 AS 5, to test controls:
 Inquiries, inspection of documents, observation,
reperformance
 Walkthrough is the term for tracing a transaction through
initiation, authorization, processing and recording.
 Walkthroughs are used to understand the system and assess
design effectiveness
Audit Plan: Types of Audit Procedures
 Audit procedures for a financial statement audit
include those listed by AS 5 for controls, and more:
 Inspection of records, documents, tangible assets
 Observation
 Inquiry
 External confirmation
 Recalculation
 Reperformance
 Analytical procedures
Communication on Planning
 After initial audit planning, auditor may meet with
management
 Auditor may provide an overview of the plan for
the audit
 Auditor provides general information about scope
and timing, but not a level of detail that would
compromise the audit’s effectiveness
Overview of Planning
Exhibit 6-9
Appendix A: Using the Work of Others
Other Independent Auditors vs. “Others”
 Sometimes more than one independent auditor
works on an audit
 Auditor who does the most is called the principle
auditor
 Principle auditor must decide whether it was sufficiently
involved in the work of the other firm to take
responsibility for the conclusions on that work
 Impacts the audit report
 “Work of others” guidance does not address the
principal auditor – other auditors situation
Deciding to Rely on the Work of Others
 In deciding whether to rely on the work of others in
planning and executing the audit, the auditor must
evaluate
 The individual who performed the work
Competence
objectivity


 The subject matter or target of the work performed
Materiality
Risk associated with controls
Subjectivity of the evaluations in the procedures



Effect on the Independent Auditor’s Work
 The auditor will be very careful in deciding whether to use the
work of others that has been done on the control environment
since that work has such a big impact on other decisions in the
audit.
 When a account, disclosure or control is associated with
greater risk (including because of materiality) the auditor
performs more work personally and relies less on the work of
others.
 The work of others may cause the auditor to change the
nature, timing and extent of audit procedures; can result in
either more or less audit attention to a particular area.
Effect on the Independent Auditor’s Work
 The auditor relies less on the work of others if more judgment
is required to determine whether a misstatement is important
or a control is performing effectively.
 The auditor does more work personally on controls over
period-end financial reporting because problems in this
process present significant risk of misstatement to the financial
statements.
 Accounts that incorporate important estimates or judgments
made by management require more personal work by the
auditor and less use of the work of others; e.g., revenue
recognition, collectibility of receivables, appropriate
accounting for derivatives.
Effect on the Independent Auditor’s Work
 If an account is susceptible to management override the
auditor relies less on the work of others.
 Some accounts may have a low enough risk of material
misstatement that the auditor may choose to rely on the work
of others rather than performing procedures; possibilities are
existence of cash, prepaid assets and fixed asset additions.
 High risk and judgment needs can cause the auditor to perform
more audit work in addition to that performed by others;
examples are
 Valuations requiring significant estimates
 Related party transactions, contingencies, uncertainties, subsequent
events
Evaluating and Testing Other’s Work
 Auditor must decide how much evaluation and testing to do on
the work of others; professional judgment
 How much will the work of others affect audit decisions?
 How competent and objective is the other person?
 What were the accounts and controls the other person
worked on?
 Procedures to test work of others
 Examine some of the controls, transactions or balances that
others examined and compare results
 Examine controls, transactions or balances similar to the ones
examined by others and compare results
Audit Impact of Work of Others
 The auditor can consider the work of others in planning and
performing audit procedures; can either increase or decrease
audit work because of the work of others and results
 Others can actually provide direct assistance on the audit;
auditor must:
 Assess competence and objectivity
 Supervise, review, evaluate, and test work
 Inform works on responsibilities, objectives of procedures,
important accounting and auditing matters, need to report
significant findings to the auditor
Copyright
“Copyright © 2011 John Wiley & Sons, Inc. All rights reserved.
Reproduction or translation of this work beyond that permitted
in Section 117 of the 1976 United States Copyright Act without
the express written permission of the copyright owner is
unlawful. Request for further information should be addressed
to the Permissions Department, John Wiley & Sons, Inc. The
purchaser may make back-up copies for his/her own use only and
not for distribution or resale. The Publisher assumes no
responsibility for errors, omissions, or damages, caused by the
use of these programs or from the use of the information
contained herein.”
Related documents
Marketing Plan Rubric
Marketing Plan Rubric
As the 2nd largest business support solutions (BSS) provider, CSG
As the 2nd largest business support solutions (BSS) provider, CSG
Evolution of an Automated Internal Audit Management System
Evolution of an Automated Internal Audit Management System
Internal Auditor Job Description
Internal Auditor Job Description
Audit Poster - BSG Colonoscopy Audit
Audit Poster - BSG Colonoscopy Audit
system audit - Study Channel
system audit - Study Channel
Senior Financial and Operational Auditor
Senior Financial and Operational Auditor
Download