You are on page 1of 15

AUDITING THEORY AUDIT PLA NNING

Red Sir ug

Audit Planning:

Audit planning involves establishing the overall audit strategy for the engagement and developing an audit plan, in or der to reduce audit risk to an acceptably low level
Objective of the auditor in planning the audit: So that the audit will be performed in an effective manner Who are involved in planning the audit: Engagement partner and other key members of the engagement team (because of their experience and insight to enhance the effectiveness and efficiency of the planning process) Benefits/Importance of adequate audit planning: Appropriate attention is devoted to important areas of the audit Potential problems are identified and resolved on a timely basis The audit is per formed in an effective and efficient manner The audit engagement is properly or ganized, staffed and managed The audit is completed expeditiously Assists in the selection of engagement team members with appropriate levels of capabilities and competence to respond to anticipated risks Assists in the proper assignment of work or proper utilization of assistants Facilitates the direction and supervision and the review of work Assists in coordination of w ork done by auditors of components and experts Proper utilization of experience gained from previous years engagements and other assignments Nature of Planning: Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit engagement. In other wor ds, planning is a continuous function that last throughout the audit. Factors that affect the nature and extent of audit planning: The nature and extent of planning activities will vary according to the following factors: a. The size and complexity of the entity big companies and companies with more complex operations require more audit planning time b. Changes in circumstances that occur dur ing the audit engagement for example, expansion of operation because of diversification c. The auditors previous exper ience with and understanding of the entity more work is required to obtain information regarding a new client than for an existing client Initial audit requires more audit time because the auditor has no previous knowledge or is unfamiliar with the clients business, industry and inter nal control which need to be carefully studied. Recurring audit requires lesser audit time because of auditors previous knowledge of the entity and its industr y Whether the audit is initial or recurring, the purpose and objective of audit planning are the same. It is the nature and extent of audit planning that varies. For example, in case of initial audit the auditor may need to expand the planning activities because he does not ordinarily have the previous experience with the entity that is considered when planning recurring audit engagements. Additional considerations in initial audit engagements are necessary such as the need for the auditor to review the predecessors working papers and to perform audit procedures regarding opening balances. d. The composit ion and size of the audit team Planning stage of audit the time before fieldwor k starts, w hen the a uditor is gathering information about the client and its environment and designing overall audit strategy and audit plan Effect of t iming of appoint ment of auditor on audit planning: The earlier the auditor is appointed, the more efficient the audit pla n and performance can be. Thus, early appointment of the auditor allows the auditor to plan a more efficient audit. It is acceptable for an auditor to accept an audit engagement near or after year-end. However, the auditor should consider whether late appointment will pose limitations on the audit that may lead to a qualified opinion or a disclaimer of opinion, and should discuss such concerns with the client. PLA NNING ACTIVITIES FOR THE A UDIT ENGA GEMENT:

AT Audit Planning

Red Sirug

Page 1

In order to reduce audit r isk to an acceptably low level (Note 3), the auditor shall: 1. Establish an overall audit strategy that sets the scope, timing and direction for the audit, and that guides the development of the more detailed audit plan (Note 1) 2. Develop an audit plan that addresses the various matters identified in the overall audit strategy Audit plan includes a description of: a. The nature, timing and extent of planned risk assessment procedures ( Note 2) b. The nature, timing and extent of planned further audit procedures (at the assertion level) to be performed during testing stage Further audit procedures include: (1) Tests of controls tests of the operating effectiveness of internal contr ol (2) Substantive tests/procedures include tests of details and analytical procedures c. Other planned audit procedures (that are required to be carried out to comply with PSAs) AUDIT PLA NNING ALSO INVOLVES: 1. Modifying (updat ing) the overall audit strategy and the audit plan as necessary during the course of the audit Revision is necessary because of: Unexpected events Changes in conditions Audit evidence obtained from the results of audit procedures The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete and or sequential pr ocesses, but are closely inter-related since changes in one may result in consequential changes to the other. 2. Planning the nature, t iming and extent of direction, superv ision of the engagement team members and the review of their wor k The nature, timing and extent of direction, super vision of audit engagement team members and review of their wor k depend on the following factors: a. Size and complexity of the entity Audits of small entities requires lesser (or even no) direction, supervision, and review of the wor k of assistants b. Area of audit Difficult aspects of audit demand increased direction, supervision, and a more detailed review of wor k of assistants. c. Risks of material misstatement As the assessed risk of material misstatement increases, a given area of the audit, the auditor or dinarily increases the extent and timeliness of direction, supervision and review d. Capabilities and competence of personnel performing the audit work. Other planning considerat ions: The auditor should consider the wor k of experts and other independent auditors a. Consider ing the wor k of an expert An expert is a person or firm possessing special skill, knowledge and experience in a particular field or discipline other than accounting and auditing. Examples of work of experts include: Valuation of certain assets (such as precious stones, w orks of arts, real estate, plant and machiner y) Valuation of financial instruments Actuarial valuation Determination of quantities or physical condition of assets such as minerals stored in stockpiles, underground mineral and petroleum reser ves, and the remaining useful life of plant and machiner y Measurement of % of completion on contracts in pr ogress Legal opinions concerning interpretations of statute and regulations and contracts such as legal documents or legal title to property When determining the need for an expert, the auditor would consider: a. The materiality of the financial statement item being considered b. The risk of misstatement c. The quality and quantity of other audit evidence available b. Consider ing the wor k of other independent auditors applicable w hen a component of the entity is to be audited by other independent auditor Discussing planned audit procedures with client management: Discussion is allowed to facilitate the conduct and management of the audit engagement (for example, to coordinate some of the planned audit procedures with the work of the clients personnel)

3.

AT Audit Planning

Red Sirug

Page 2

Discussion should not compromise the effectiveness of the audit (audit pr ocedures should not be too predictable) Audit engagement team discussions : The members of the engagement team should discuss the susceptibility of the entitys financial statements to material misstatements. Communication between audit team members is necessary at all stages of the engagement to ensure all matters are appropriately considered. The objective of audit team discussions is to: Share insights based on their knowledge of the entity; Exchange information about business risks; Gain a better understanding of the potential for material misstatements (especially for the audit areas assigned to them); Consider the susceptibility of the entitys financial statements to material misstatement due to fraud; Consider application of the applicable financial reporting framewor k to the entitys facts and circumstances; and Understand how the results of the audit procedures performed may affect other aspects of the audit including the decisions about the nature, timing, and extent of further audit procedures. Members of the engagement team have an ongoing responsibility to discuss: Their understanding of the entity to be audited; The business risks to w hich the entity is subject; Application of the applicable financial reporting framewor k; and The susceptibility of the financial statements to material misstatements, including fraud.

4.

Developing the audit program: The auditor should prepare an audit program. An audit program is a listing of audit procedures (tests of controls and/or substantive tests) that the auditor will perform to gather sufficient appropriate evidence. It sets out in detail the nature, timing and extent of planned audit procedures required to implement the overall audit plan. It is a set of instr uctions to assistants involved in the audit and as a means to control and record the proper execution of work It provides a proof that the audit was adequately planned It is a basic tool used by the auditor to control the audit work and review the progress of the audit. The form and content of audit program may var y for each particular engagement. The auditor may use standard audit programs or audit completion checklists but should appropriately tailor to suit the circumstances on particular engagement. An audit program at the beginning of the audit process is temporary because a complete audit pr ogram for an engagement generally should be developed after evaluation of internal control. Time budget an estimate of time that will be spent in executing audit procedures listed in the audit program that provides a basis for estimating audit fees and assists the auditor in assessing the efficiency of the assistants The auditor should document the planning activ ities: Documentation of the following serves as a record/evidence of the pr oper planning and performance of the audit procedures: a. The overall audit strategy documentation or recor d of the key decisions b. The audit plan (including the audit program) documentation of the planned nature, timing and extent of audit procedures c. Record of: Any significant changes made to the overall audit strategy and the audit plan during the audit Resulting changes to the planned nature, timing and extent of audit procedures Final overall audit strategy and audit plan Appropriate response to the significant changes occurring during the audit The following shall also be documented: a. Discussion among the engagement team b. Key elements of the understanding of the entity, its environment, including internal control c. The identified and assessed risks of material misstatements d. The risks identified, and related contr ols about w hich the auditor has obtaine d an understanding

5.

AT Audit Planning

Red Sirug

Page 3

Note 1: Establishing the overall audit strategy involves: a. Identifying the characteristics of the engagement that define its scope Examples: Financial reporting framewor k (Ex. PFRS) Industry specific reporting requirements (Reports required by industr y regulators) Expected coverage of the audit (Ex. Locations and number of components of the entity to be included in the audit) Nature of the control relationships between a parent and its components (this affects how the group is to consolidated) Extent to which components are audited by other auditors Nature of business segments to be audited (this may require the need for specialized knowledge) Reporting currency to be used (may involve foreign currency translation) The need for a statutory audit of standalone financial statements in addition to an audit for consolidation purposes Availability of the wor k of internal auditors and the extent of the auditors reliance on such work (Note 1.1) The entitys use of service organizations Expected use of audit evidence obtained in previous audits (in case of recurring audit) , for example, audit evidence related to risk assessment procedures and tests of controls The effect of information technology (IT) on the audit procedures Coordination of audit work with reviews of interim financial information Availability of client personnel and data Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required Examples: Deadlines or timetable for interim and final reporting Organization of meeting with the management to discuss the nature, timing and extent of the audit w ork Discussion with management regarding the expected type and timing of repor ts to be issued and other communications, both oral and written, including the auditors report, management letter and communications to those charged with governance Discussion with management regar ding the expected communication and status of audit work throughout the engagement Communication with auditors of components Expected nature and timing of communications among engagement team members Any other expected communications with third par ties Considering the factors that are significant in directing the engagement teams efforts Examples: Determining the appropriate materiality levels (Note 1.2) Preliminary identification of areas where there may be higher risks of material misstatement (Note 1.3) The impact of assessed risk of material misstatement at the overall financial statement level on direction, supervision and review The manner in which professional skepticism is emphasized to engagement team members Management commitment to a sound internal control Volume of transactions, w hich may determine whether it is more efficient for the auditor to rely on internal control Importance attached to internal control throughout the entity to the successful operation of the business Significant business developments affecting the entity (such as changes in information technology, changes in key management, acquisitions, mergers and divestments) Significant industr y developments (such as changes in industry regulations and new reporting requirements) Significant changes in financial reporting framework (such as changes in accounting standards) Other significant relevant developments (such as changes in the legal environment affecting the entity) Considering the results of preliminar y engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement par tner for the entity is relevant, and Examples: Results of previous audit regarding evaluation of internal control, identified weaknesses and action taken to address them

b.

c.

d.

AT Audit Planning

Red Sirug

Page 4

e.

The discussion of matters that may affect the audit with firm personnel responsible f or performing other services to the entity

Ascertaining the nature, timing and extent of resources necessar y to perform the engagement. Examples: Selection of the engagement team Assignment of audit work to team members (experienced team members are assigned to areas where there may be higher risks of material misstatement Engagement budgeting (more audit time is set aside for areas w here there may be higher risks of material misstatement)

Benefits of developing the overall audit strategy: Establishing the overall audit strategy assists the auditor in determining the following: a. The resources to deploy for specific audit areas For example: Use of experienced team members for high risk areas Involvement of experts on complex matters b. The amount of resources to allocate to specific audit areas For example: Number of team members assigned to observe the inventory count at material locations Extent of review of other auditors wor k in the case of group audits Audit budget in hours to allocate to high risk areas c. When these resources are to be deployed Is it at an interim audit stage or at key cut-off dates? d. How such resources are managed, directed and superv ised When to hold team briefing and debriefing meetings How engagement partner and manager reviews are expected to take place (for example, on-site or off-site) Whether to complete engagement quality control reviews Note 1.1 Consider ing the wor k of internal audit ing/ auditors The external auditor should consider the work of internal auditing in order to minimize audit costs. The auditor should obtain a sufficient understanding of the inter nal audit function because the work performed by internal auditors may be a factor in determining the nature, timing, and extent of external auditors procedures. Internal auditing can affect the scope of the external auditors audit of financial statements by decreasing the auditors need to perform detailed tests. The tasks that could be delegated to the internal audit staff include preparation of schedules. The auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by any use made of internal auditing. Considering the wor k of inter nal auditing involves two important phases: 1. Making a preliminar y assessment of internal auditing important criteria in assessment of internal auditors: a. Technical competence personal qualifications and experience as inter nal auditors b. Objectivity / organizational status organizational level to which the internal auditor report the results of his wor k c. Due professional care proper planning, super vision and documentation of inter nal auditors work d. Scope of function nature and extent of inter nal auditing assignments performed 2. Evaluating and testing the wor k of internal auditing Note 1.2 Deter mining the appropr iate materiality levels The auditor shall determine materiality and performance materiality when planning the audit. Concept of mater iality: Materiality is the amount (threshold or cut-off point) at which judgment of informed decisio n makers based on the financial statement may be altered (changed or influenced). An item or information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. In determining appropriate level of materiality, the auditor uses professional judgment using his perception of the needs of reasonable users of the financial statements. Uses of mater iality in planning the audit: a. To determine the nature, timing and extent of risk assessment procedures b. To identify and assess risk of material misstatement, and

AT Audit Planning

Red Sirug

Page 5

c.

To determine the nature, timing and extent of further audit procedures

Consider ing mater iality throughout the audit: 1. Planning stage a. To identify and assess risks of material misstatements b. To determine the nature, timing and extent of fur ther audit procedures 2. Test ing stage (materiality levels set during audit planning are simply updated/revised if necessary) 3. Complet ion stage c. To evaluate the effect of uncorrected misstatements, if any, on the financial statements and in forming the opinion in the auditors report Documentation on materiality: Documentation should include the amounts and the factors considered in their determination: a. Materiality level for the financial statements as a whole b. Materiality level or levels for a particular classes of transactions, account balances or disclosures, if applicable c. Performance materiality d. Any revision of materiality levels (a to c) as the audit progresses Qualitative and quantitative cons iderations: Materiality should address qualitative and quantitative considerations. In some cases, misstatements of relatively small amounts could have a material effect on the financial statements. For example, an illegal payment of an otherwise imma terial amount or failure to comply with a regulator y requirement may be material if there is a reasonable possibility of such payment or failure leading to a material contingent liability, a material loss of assets, or a material loss of revenue. Inverse relationship bet ween materiality and audit procedures/evidence: More evidence will be required for a low peso amount of materiality than for a high peso amount. The lower the tolerable misstatement, the more extensive the required audit procedures. Materiality levels: a. Materiality at financial statement as a whole it is the smallest aggregate level that could misstate/distor t any of the financial statements Also known as materiality threshold or planning materiality or overall materiality Overall ma teriality is usually expressed as a % of a chosen benchmar k (such as profit before tax, total revenues, gross profit, total expenses, total equity or net asset value). Profit from continuing operations is often used as benchmark for profit-oriented entities except when the profit fr om continuing operations is volatile. Relevant financial data as source of benchmarks: Prior periods financial statements Annualized interim financial statements Period-to-date financial statements Budgeted financial statements of the current year

b.

Materiality at assertion level materiality level for individual or particular class of transactions, account balance, or disclosure where appropriate; this is also know n as tolerable misstatement Tolerable misstatement refers to allocated materiality to affected accounts (usually
statement of financial position accounts because they are fewer) Account balance an individual line item in the financial statements, such as cash and cash equivalents, loans and receivable, etc. Class of transactions type of transaction processed by the clients accounting system, such as sales transactions and purchasing transactions Allocation may be done judgmentally or using formal quantitative approaches. Materiality at this level are lesser than the overall materiality level but could reasonably be expected to influence the economic decisions of financial statement users.

c.

Performance materiality amount or amounts set by the auditor:


At less than materiality for the financial statements as a whole At less than materiality level or levels for particular classes of transactions, account balances or disclosures Purpose of perfor mance materiality: It provides margin to reduce the possibility of undetected misstatements because: a. It reduces to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds the

AT Audit Planning

Red Sirug

Page 6

b.

materiality level for the financial statements as a w hole It reduces to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the par ticular class of transactions, account balance or disclosure exceeds the materiality level for that particular class of transactions, account balance or disclosure

Note 1.3 Preliminary identification of areas where there may be higher r isks of material misstatement a. Risks of material misstatements may be greater for significant non-routine transactions which involve: Greater management inter vention to specify the accounting treatment Greater manual inter vention for data collection and processing Complex calculations or accounting principles b. Risk of material misstatements may be greater for significant judgmental matters such as: Accounting estimates Revenue recognition may be subject to differing interpretation Required j udgment may be subjective or complex or require assumptions about the effects of future events (for example, j udgment about fair value) c. Significant risk of relating to risk of material misstatement due to fraud d. There are areas where special audit consideration may be necessar y, for example: Existence of related par ties and related party transactions Related party transaction a transfer of resources, ser vices or obligations between related par ties, regardless of whether a price is charged The auditor shall inquire of management regarding: a. The identity of the entitys related parties (relationships and transactions), including changes from the prior period; b. The nature of the relationships between the entity and these related parties; and c. Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions. Managements use of going concern assumption (financial statements are prepared based on going concern assumption but there is a significant doubt as to the continued existence of the entity) the auditor shall assess the appropriateness of managements use of going concern assumption

Note 2:

Risk assessment procedures are audit procedures whose purposes include:


a. b. c. d. e. To obtain understanding of the entity and its environment, including the entitys inter nal control (Note 2.1) To identify risks of material misstatements, whether due to fraud or error, at the financial statement and assertion levels (Note 2.2) To assess risks of material misstatement (Note 2.3) To provide a basis for the identification and assessment of risks of material misstatements To provide a basis for designing and implementing responses to the assessed risks of material misstatement

Risk assessment procedures include ( Note 2.4): 1. Inquir y of management and other firm personnel 2. Analytical procedures 3. Observation and inquiry Note 2.1 Required understanding of the entity and its env ironment, including internal control: 1. Understanding of the env ironment external factors: a. Relevant industrys factors the industry in which the entity operates may give rise to specific risks of material misstatements arising from the nature of the business or the degree of regulation Examples of industr y factors: Industry conditions such as the competitive environment, supplier and customer relationships and technological developments Specific examples of industr y factors: Market and competition (including demand, capacity, and price competition) Cyclical or seasonal activity Product technology relating to the entitys products Energy supply and cost b. Regulatory factors include the regulatory environment Accounting principles and industr y specific practices Regulatory framework for a regulated industry

AT Audit Planning

Red Sirug

Page 7

2.

Laws/legislations or regulations that significantly affect the entitys operations, including direct supervisor y activities Taxation Legal and political environment Government policies currently affecting the conduct of the entitys business Environmental requirements affecting the industr y and the entity c. Applicable financial reporting framework d. Other external factors affecting the ent ity such as general economic conditions, interest rates and availability of financing, and inflation or currency revaluation Entity internal factors: a. Nature of the ent ity: An understanding of the nature of an entity enables the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements. Factors to consider include: Entitys operations Ownership and governance str uctures Types of investments that the entity is making and plans to make Entity structure (locations, subsidiaries, etc.) complex structures may give rise to risks of material misstatement How the entity is financed How related party transactions are identified and accounted for b. Entitys select ion and application of account ing policies consider whether accounting policies are: Appropriate for the entitys business Consistent with the applicable financial reporting framework, and Used in the relevant industr y c. Entitys object ives and strategies, and those related business risks that may result in risks of mater ial misstatement of the financial statements 1. Objectives relate to entitys mission, vision or values statement 2. Strategies pertain to operational approaches by which management intends to achieve its objectives 3. Business risks risks of inability to achieve the objectives The term business risk is broader than the risks of material misstatement in the financial statements. Not all business risks give rise to risk of material misstatement. An understanding of business risks increases the likelihood of identifying the risks of material misstatement. However, the auditor does not have a responsibility to identify or assess all business risks. d. Measurement and rev iew of the ent itys financial perfor mance Performance measures, w hether external or internal, create pressures on the entity that may motivate management to take action to improve the business performance or to manipulate/misstate the financial statements. e. Internal control The auditor shall obtain an understanding of internal control relevant to the audit. Internal control is designed, implemented and maintained to address identified business risks that threaten the achievement of any of the entitys objectives that concern: 1. The reliability of the entitys financial reporting; 2. The effectiveness and efficiency of its operations; and 3. Its compliance with applicable laws and regulations. An understanding of internal control assists the auditor in identifying types of potential misstatements and factors that affect the risks of material misstatement, and in designing the nature, timing, and extent of further audit procedures.

Note 2.2 Identify the r isks of mater ial misstatement: Identify risks of material misstatement (inherent risk and control risk) based on understanding the entity and its environment, including the entitys relevant internal control . The auditor shall provide reasonable assurance of detecting material misstatements, w hether arising from errors or fraud.

Risk of material misstatement (RMM) the risk that the financial statements contain a
material misstatement. Components of RMM: The risks of material missta tement are a combination of inherent risk and control risk: 1. Inherent risk the susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, assuming there are no related contr ols to mitigate such risks Inherent r isk may also be described as follows: The concept of inherent r isk recognizes that the risk of misstatement is greater for

AT Audit Planning

Red Sirug

Page 8

some asser tions than for others. Inherent risk is the risk that financial statements are likely to be materially misstated. Examples of inherent risk: Cash is more susceptible to theft than an inventor y of coal Complex calculations are more likely to be misstated than simple calculations Estimation transactions, especially if they involve accounting es timates that are subject to significant measurement uncertainty High value inventory (could be easily stolen, thus, there would be an inherent risk relating to the existence assertion) 2. Contr ol r isk the risk that a material misstatement, either individually or when aggregated with other misstatements, that could occur will not be pr evented or detected and corrected on a timely basis by the entitys internal control Contr ol risk is a function of the effectiveness of the entitys inter nal contr ol. Contr ol risk is the type of r isk that the management has the most contr ol over in the short term. Some control risk will always exist because of the inherent limitations of any internal control system.

Risk of material misstatement (inher ent risk and control risk) cannot be eliminated or controlled by the auditor because these are entitys risks that exist independently of the audit of financial statements. Causes of misst atements of the financial statements: 1. Errors refer to mistakes or unintentional misstatements or omissions of amounts or disclosures in the financial statements. Examples: Mistakes in gathering or processing data from which FS are prepared Incorrect accounting estimate arising from oversight or misinterpretation of facts Mistake in applying accounting principles 2. Fraud intentional misstatements or omissions of amounts or disclosures in the financial statements The term fraud refers to an intentional act by one or more individuals among management, those charged with governance, employees or third parties, involving the use of deception to obtain an unjust or illegal advantage. The factor that distinguishes fraud from error is whether the underlying action is intentional or unintentional. Two types of Fraud: a. Fraudulent financial report ing (or management fraud) intentional misstatements committed by members of management or those charged with governance or oversight to render financial statements misleading to deceive users of the financial statements The most serious types of fraud usually involve management. This results from the fact that management is primarily responsible for the design and implementation of internal control in the first place. Fraudulent financial reporting may be accomplished by: Manipulation, falsification, or alteration of accounting records or related supporting documents Misrepresentation in, or intentional omission from, the FS of events/transactions or other significant information Intentional misapplication of accounting principles Examples of techniques used by management are: Recording fictitious journal entries Using inappropriate assumptions in accounting estimate Untimely recognition in the FS of events and transactions Concealing, or not disclosing, facts that could affect the amounts recorded in the FS Manipulation of financial statements occurs when a higher or lower level of earnings is reported than that which actually occurred. It could also take the form of omissions (failure to disclose certain matters) or false statements in the notes and/or other disclosures. The motive may be to raise finances, reach a bonus threshold, inflate the value of the business

AT Audit Planning

Red Sirug

Page 9

or simply minimize taxes. b. Misappropr iation of assets (employee fraud or defalcation) theft of assets and is often perpetrated by non-management employees. Examples: Misappropriating collections on accounts receivable Stealing inventor y Colluding with a competitor by disclosing technological data in return for payment Payments to fictitious employees or vendors Using the entitys assets as collateral for a personal loan

The most popular ways to manipulate financial statements involves journal entries and accounting estimates because if manipulation is discovered management can easily deny involvement. A bias in estimates can be attributed to excessive conservatism or optimism. An unsuppor ted journal entry, if discovered, can be characterized as a simple mistake. This differs from strategies such as falsified records that, if discovered by the auditor, would be quite difficult for management to deny. Fraud Risk Factors:

Fraud risk factors conditions that could heighten an auditors concern about risk of material misstatements because they provide clues or red flags to the existence of fraud 1. Incent ives/pressures reasons to commit fraud. A pressure is often generated by immediate needs (such as having significant personal debts or meeting an analysts or banks expectations for profit) that are difficult to share with others. Examples: Management is under pressure to reduce ear nings to minimize taxes Management is under pressure to inflate earnings to secure bank financing Meeting analysts or banks expectations for profit Inflating the purchase price of the business Meeting the threshold for a performance bonus Having significant personal debts or poor credit Trying to cover financial losses Being greedy or involved in gambling, dr ugs, and/or affairs Being under undue peer or family pressure to succeed Living beyond ones means
Other situations or characteristics, not necessarily financial in nature, include: Enjoying the challenge of beating the system Fearing personal loss of pride, position or status such as when a company is doing poorly Being dissatisfied with a job or wanting revenge against an employer Being emotionally unstable Some of these pressures can easily be identified (such as performance incentive plans). Others are more difficult to identify (such as family or peer pressure, living beyond ones means or having a gambling problem). 2. Opportunity (whether perceived or real) Opportunity pertains to an individuals perception that he can commit fraud and that it will not be detected. Potential perpetrators who think they might be detected and charged with a criminal offense would not likely to commit fraud. A poor cor porate culture and a lack of adequate internal control procedures can often create the confidence that a fraud could go undetected. Oppor tunity often emanates from: Poor corporate culture Where a person feels they can take advantage of the trust placed in him or her Knowledge of specific control weakness Attitudes/rationalizat ions fraud involves some rationalization to commit fraud or the belief that a crime has not been committed. For example: Some individuals possess an attitude or character to knowingly and intentionally commit a dishonest act Being dissatisfied with pay Feeling underappreciated (such as not getting an expected promotion)

3.

Degree of assurance between detection of material fraud and material errors: 1. Fraud is harder to detect than errors: Reasons: a. Fraud may involve sophisticated and carefully or ganized schemes designed to conceal

AT Audit Planning

Red Sirug

Page 10

b. 2.

it. Fraud may be accompanied by collusion.

Management fraud vs. employee fraud the risk of not detecting a material misstatement resulting from management fraud is greater than for employee fraud Reasons: Management has the most oppor tunity to commit fraud, while employees need to exploit weakness in internal contr ol in order to commit fraud. Management has the ability to override or bypass an existing effective inter nal control. Management can influence the preparation and presentation of financial statements.

Condit ions and events that may indicate risks of material misstatement: The following are examples of conditions and events that may indicate t he existence of risks of material misstatement. The examples provided cover a broad range of conditions and events; however, not all conditions and events are relevant to ever y audit engagement and the list of examples is not necessarily complete. Operations in regions that are economically unstable, for example, countries with significant currency devaluation or highly inflationary economies. Operations exposed to volatile mar kets, for example, futures trading. Operations that are subject to high degree of complex regulation. Going concern and liquidity issues including loss of significant customers. Constraints on the availability of capital and credit. Changes in the industry in which the entity operates. Changes in the supply chain. Developing or offering new products or services, or moving into new lines of business. Expanding into new locations. Changes in the entity such as large acquisitions or reorganizations or other unusual events. Entities or business segments likely to be sold. Existence of complex alliances and joint ventures. Use of off- balance-sheet finance, special- purpose entities, and other complex financing arrangements. Significant transactions with related par ties. Lack of personnel with appropriate accounting and financial repor ting skills. Changes in key personnel including depar ture of key executives. Weaknesses in internal control, especially those not addressed by management. Inconsistencies between the entitys IT strategy and its business strategies. Changes in the IT environment. Installation of significant new IT systems related to financial reporting. Inquiries into the entitys operations or financial results by regulatory or government bodies. Past misstatements, histor y of errors or a significant amount of adj ustments at period end. Significant amount of non-routine or non-systematic transactions including intercompany transactions and large revenue transactions at period end. Transactions that are recorded based on managements intent, for example, debt refinancing, assets to be sold and classification of marketable securities. Application of new accounting pronouncements. Accounting measurements that involve complex processes. Events or transactions that involve significant measurement uncertainty, including accounting estimates. Pending litigation and contingent liabilities, for example, sales warranties, financial guarantees and environmental remediation Consider ing compliance with laws and regulat ions: Non-compliance refers to acts of omission or commission by the entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or regulations. The auditor should consider compliance with laws and regulations since noncompliance by the entity with laws and regulations may materially affect the financial statements. However, an audit cannot be expected to detect noncompliance with all laws and regulations. Noncompliance is sometimes described as violations of law or regulations or illegal acts. Common examples of non-compliance: Violation of tax laws and environmental laws Occupational safety and health Inside trading of securities Result of non-compliance with laws and regulations: Fines/penalties Damages

AT Audit Planning

Red Sirug

Page 11

Threat of expropriation of assets Enforced discontinuation of operations Litigation Auditors responsibility in detecting non-compliance is limited to material direct-effect noncompliance or illegal act. ( Reason: Generally, the further removed non-compliance is from the events and transactions that are ordinarily reflected in financial statements, the less likely the auditor is to become aware of or to recognize non-compliance. Responsibility for the compliance with laws and regulations rests with management. This responsibility includes prevention and detection (and correction) of noncompliance with laws and regulations. Indicat ions that noncompliance may have occurred: The entity is under investigation by government departments Payment of fines or penalties. Payments for unspecified services or loans to consultants, related parties, employees or gover nment employees. Sales commissions or agent's fees that appear excessive in relation to those ordinarily paid by the entity or in its industry or to the services actually received. Purchasing at prices significantly above or below market price. Unusual payments in cash, purchases in the form of cashiers' checks payable to bearer or transfers to numbered bank accounts. Unusual transactions with companies registered in tax havens. Payments for goods or services made other than to the country from which the goods or services originated. Payments without proper exchange control documentation. Existence of an accounting system with inadequate audit trail or sufficient evidence. Unauthorized transactions or improperly recor ded transactions Media comment Note 2.3 Assess the identified risks of material misstatement: Factors to consider whether a risk is significant: Whether the risk is a risk of fraud Whether the risk is related to recent significant economic accounting or other developments and, therefore, requires specific attention Complexity of transactions Whether the risk involves significant transactions with related parties The degree of subjectivity in the measurement of financial information related to the risk, especially those involving uncer tainty Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual

Significant risk an identified and assessed risk of material misstatement that, in the auditors
judgment, requires special audit consideration Significant risks often relate to: a. Non-routine transactions unusual (in size or nature) and infrequent transactions b. Judgmental matters such as those involving accounting estimates for which there is significant measurement uncertainty Note 2.4 Risk assessment procedures include: 1. Inquires of management and others within the ent ity that is likely to assist the auditor in identifying r isk of material misstatement due to fraud or error For example, inquiries of management, audit committee, board of directors, internal auditors, inhouse legal counsel, and other client personnel Analytical procedures Analytical procedures evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data Purpose of preliminary analytical procedures: a. To identify areas that may represent specific risks such as the existence of unusual transactions or events, and amounts, ratios, and trends that may assist the auditor in identifying risks of material misstatements that the auditor may need to investigate further

2.

AT Audit Planning

Red Sirug

Page 12

b.

To enhance the auditors understanding of the entitys business and transactions to help plan the nature, timing, and extent of substantive auditing procedures that will be used to gather audit evidence Analytical procedures performed during audit planning is know n as preliminary analytical

procedures

Analytical procedures involve: a. Analysis of significant ratios and trends or the study of plausible relationships among both financial and non-financial data b. Investigation of fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts by: Inquiries of management Corroboration of management responses, and Applying other appropriate audit procedures Basic premise under lying the use of analytical procedures: The basic premise underlying the use of analytical procedures is that plausible relationships among data may reasonably expected to exist and continue (predictable) in the absence of known conditions to the contrary. T he relationship among data should be both: a. Plausible there is a clear cause and effect relationship among data b. Predictable reasonably expected to exist and continue in the absence of known conditions to the contrary Generalizat ions in assessing the predictability of the accounts: Income statements accounts are more predictable than balance sheet accounts. Accounts that are not subject to management discretion are generally predictable. Relationships in a stable environment are more predictable that those in a dynamic or unstable environment. Main purpose of analytical procedures: To assess the overall reasonableness of account balances and transactions Specific purpose/focus/objective of analytical procedures in the three stages of audit: 1. In the planning stage performed as risk assessment procedures (required/mandator y) to obtain an understanding of the entity and its environment Objective/purpose/focus during planning stage: To enhance the auditors understanding of the entitys business and transactions to help plan the nature, timing, and extent of substantive auditing procedures that will be used to gather audit evidence. To identify areas that may represent specific risks (such as unusual transactions and events or abnormal/significant fluctuations in amounts, ratios, or trends) that the auditor may need to investigate further 2. In testing stage as substantive procedures when their application is, based on the auditors judgment, more effective and efficient than test of details (not required) Objective/purpose/focus during testing stage: To obtain audit evidence to confirm individual account balances 3. In the overall review or complet ion stage As an overall review of the financial statements (required) Objective/purpose/focus: To identify a previously unrecognized risk of material misstatement (unusual fluctuations that were not identified in the planning and testing phases of the audit) To confirm conclusions reached with respect to the fairness of the financial statements

3.

Observation and inspection these include: Observation of entity activities and operations Inspection of documents (such as business plans and strategies, recor ds, and inter nal control manuals) Inspection of repor ts prepared by management (such as quar terly management reports) and those charged with governance (such as minutes of board of directors meetings) Visit or tour of entitys premise/facilities

Note 3 Reducing audit risk to an acceptably low level To reduce audit risk to acceptably low level the auditor shall: a. Assess the risks of material misstatement (inherent and control risk); and b. Limit detection risk. This may be achieved by performing procedures that respond to the assessed risks of material misstatement at the financial statements, class of transactions, account balance and assertion levels.

AT Audit Planning

Red Sirug

Page 13

Steps in assessing Audit Risk: 1. Set the desired level of Audit Risk Audit r isk the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated; it is the risk that the auditor may unknowingly fail to modify appropriately the opinion on financial statements that are materially misstated 2. Assess the level of Inher ent Risk (such as low, medium, or high) for example, low level if likelihood of misstatement is low Inherent risk the susceptibility of an asser tion to a misstatement that could be material, either individually or w hen aggregated with other misstatements, assuming ther e are no related contr ols to mitigate such r isks Sources of assessment include knowledge of entity and its envir onment and preliminar y analytical procedur es. Assess the level of Control Risk (such as low, medium, or high) for example, low control risk if inter nal contr ol is effective, or high control risk if inter nal control is not effective Contr ol r isk the risk that a mater ial misstatement, either individually or w hen aggregated with other misstatements, that could occur w ill not be prevented or detected a nd corrected on a timely basis by the entitys inter nal contr ol Sources of assessment include knowledge of inter nal contr ol and obser vation and inspection Combined assessment: The auditor usually makes combined assessment of inherent and control risks. assessment of inherent risk and contr ol risk is high, the auditor should: Place mor e emphasis on obtaining exter nal evidence Reduce r eliance on inter nal evidence Design more effective substantive pr ocedures 4.

3.

If the combined

Determine the acceptable level o f detection risk: The acceptable level of detection risk depends on the assessed level of inherent and control risk (inverse relationship) Detection risk the risk that the auditor will not detect such a material misstatement that exists/occurs in an assertion Detection risk is a function of the effectiveness of an auditing procedure and its application by the auditor Detection risk is significantly affected by the nature, timing, and extent of the auditors substantive procedures Detection risk is a complement of assurance pr ovided by substantive tests (for example, a 10% detection risk means a 90% assurance of detecting material misstatement) Detection risk can be increased or decreased by the auditor by performing substantive tests but can never be reduced to zero because of the inherent limitations in the procedures carried out, the human judgments required, and the nature of the evidence examined. The auditor uses the Audit Risk Model: Audit Risk = Inherent risk x Control risk x Detection risk

Acceptable level of Detect ion risk =


5.

Audit risk Inherent r isk x Contr ol risk

Design audit substantive tests Auditors reaction to level of detection risk: a. Lower acceptable level of detect ion r isk higher assur ance are to be provided by substantive tes ts by changing any or combination of the following: Nature performing mor e effective substantive procedur es Timing performing substantive pr ocedures at year-end rather than at interim dates (decreases detection risk by reducing the risk for the period subsequent to the performance of those tests) Extent increasing the extent of substantive tests by using lar ger sample size b. Higher acceptable level of detect ion r isk low assurance are to be provided by substantive tests by changing any or combination o f the following: Nature performing less effective substantive pr ocedures Timing performing substantive pr ocedures at interim dates Extent decreasing the extent of substantive tests using smaller sample size In summary, the auditor performs audit procedures to assess the risks of material misstatement and seeks to limit detection risk by perfor ming further audit procedures based on that assessment.

AT Audit Planning

Red Sirug

Page 14

Summary of relat ionships among audit r isk components: The acceptable level of detection risk for a given level of audit risk bears an inverse relationship to the risks of material misstatement at the assertion level. T herefore: Risk of material misstatement (inherent risk and contr ol risk), detection risk that can be accepted, and vice ver sa. Audit risk and detection risk move in the same direction: Audit risk, detection risk, and vice versa The relationship between the risks can also be expressed mathematically in the following formula: Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk Inherent risk and contr ol risk are independent variables while detection risk is a dependent var iable. All the components of audit risk cannot be eliminated by the auditor due to the follow ing reasons: a. Inherent risk some accounts are susceptible to a material misstatement or the risk of such misstatement is greater for some accounts than for others b. Contr ol risk due to inher ent limitations of inter nal control system c. Detection risk Use of testing/sampling Use of auditors judgment Even when the auditor conducts 100% examination because audit evidence is persuasive rather than conclusive in nature The components of audit risk that can or cannot be controlled by the auditor: a. Inherent risk and control risk cannot be contr olled because these are entitys risk and exist independently of the audit b. Detection risk can be dir ectly controlled (increased or decr eased) by the auditor because detection r isk relates to the auditor s procedur es and can be altered by adj usting the natur e, timing, and extent of substantive procedur es The relat ionship between materiality and audit r isk: There is an inverse relationship between materiality and the level of audit risk materiality level, audit risk and vice versa. Materiality is directly related to the acceptable level of detection risk. It would lead to most audit work if both audit risk and materiality levels are low.

AT Audit Planning

Red Sirug

Page 15

You might also like