Module #05: Audit Planning
Audit Planning
The standard that primarily governs audit planning is the PSA 300.
When performing the audit planning, primarily, the objective would be to determine the
scope of the audit procedure.
The scope of the audit is the nature, timing, and extent of the procedures. You perform
planning so that you will be able to perform the audit in an efficient and an effective
manner (to save time and save costs).
Whenever we’re discussing audit planning, our focus is more on the inherent risk.
The different procedu res in audit are not on a step-by-step basis, that when you are done
with it, it’s done and final. Audit planning is continuous and cumulative. Whenever we
discover additional evidence or data from our clients, we can always update and change
our strategy, plan, and program.
Steps to perform an audit planning:
1. Obtaining an understanding of the client and its environment
Sources
o Evidence in order to have an understanding of your client
a. Prior year working papers,
b. tour of the plant facilities,
c. discussion of people within and outside the entity,
d. books and periodicals
What are the things that we have to have an understanding about? (IINOM)
a. Industry, regulatory environment, and other external factors
Industry
What is happening in the different kinds of industries would
depend on what kind of industry your client is in; as early as the
start try to depict what is happening in their FS.
Regulatory Environment
Based upon the nature of your client, there are different
regulatory agencies that would monitor it. (i.e. publicly listed
companies - SEC)
b. Internal control
3 Objectives:
1. Financial Reporting
2. Operations (Efficiency and Effectiveness)
If the client can no longer operate profitably, then it will no
longer be a going concern entity.
3. Compliance
c. Nature of the entity
If you know the nature of the entity, then you already have an immediate
idea of what are the accounts that should appear on the financial
statements.
d. Objectives, strategies, and risks
This is connected to financial management, the higher the risk, the
higher the return. The more risk taken by the client, the more dangerous
it is for the accounts and amounts that would appear on the financial
statements.
Material misstatement is just a specific kind of business risk.
The stages of businesses would start low, it would become stable and
then it would decline. So during the period wherein its rising from low
to stable there is a high risk of material misstatement and during the
period wherein from stable its going to shut down it also has a high risk
of material misstatement but if it's on the stable stage then you could
give it a risk of material misstatement set at less than high.
e. Measures of performance
How does management give compensation to its key employees? (e.g.
CEO, CFO)
How does management measure the performance of its key employees?
For example, if management gives compensation in a way that it’s a
certain percentage of income, or a certain percentage of sales, that would
create a higher risk of fraudulent financial reporting.
Additional Considerations
a. Verification of the opening balances – We want to make sure that the
beginning balances of the current year are exactly the audited figures of last
year.
b. Consistent application of the accounting principles and the accounting
policies
How is step 1 performed?
4 key procedures in obtaining an understanding of a client:
a. Inquiries
Inquire with employees, the board of directors, legal council
Essentially, it is performed by the risk assessment procedure
b. Inspection
c. Observation
d. Analytical Procedures
In analytical procedure the steps are:
Develop your own expectations
Compare what actually happened with the client and your
expectations
Investigate differences
If you’re auditing Anytime Fitness and starting march no operations, my
account with Anytime Fitness has been freeze starting march so no revenue and if that’s
your expectations as a client and as a auditor as well I know how their financial
statements are going to look like, that’s already the start of your analytics, you are
developing an expectation, I am expecting that there will be no service revenue for
Anytime Fitness starting the period of the pandemic which is like March 16. Now the
moment the client gives me the financial statements and I see the revenue as high as 5
million pesos starting March, now you inquire with your client and question the
difference since we expect zero revenue from you client.
2. Determining the need for experts
Who are considered to be your experts?
o The auditor is not considered as an expert in an audit engagement, the experts
are whether the:
a. Actuary
Provides the actuarial valuation reports, used to compute the
actuarial gain or loss, they predict life expectancy, health risks
(based upon age, gender, etc.)
b. Engineer
Assessor's report (PPE of the client)
c. Lawyers
In charge of estimating the liabilities, the provisions, and
contingencies.
Key considerations when we have to determine the need for experts
o We have to assess the competence and independence of the expert. As a rule, the
expert cannot be employed by the client, and at the same time, the expert must
not be financially dependent, or related to the client.
o Is there a need to request for a face to face interview with the expert?
No, as long as they are able to provide us with the reports that we need
for our audit. As a general rule, face to face interviewing the experts is
not necessary.
Considerations in trying to determine the need for experts:
a. Teams knowledge and prior experience
b. Risk of material misstatement based on the matter considered
the higher the risk of material misstatement, the higher the need
for an expert.
c. The quantity and quality of the audit procedures that were obtained
if you are able to perform alternative high quality procedures
then the need for an expert is also decreased
3. Establishing materiality and assessing risk
Relationship between materiality, risk, and substantive procedures
o The relationship between materiality and risk is inverse.
o What is the relationship between materiality, risk, and substantive procedure?
Independent Variable → Risk
o The higher the risk, the lower the materiality threshold that you should set, more
substantive procedures to be performed, vice versa.
Risk Materiality Threshold Substantive Procedures
↑ ↓ ↑
↓ ↑ ↓
We have to ensure that the audit is performed in an efficient and effective
manner, reducing audit risk to a reasonable level.
Audit Risk Model
o Audit Risk = Risk of Material Misstatement x Detection Risk
o Risk of Material Misstatement = Inherent Risk x Control Risk
o Audit Risk = Inherent Risk x Control Risk x Detection Risk
According to this step, we have to assess risk, so we have to be more
specific, what is the risk that is being pertained to here in step 3, the risk here is
actually the risk of misstatement, inherent risk, and control risk. So how do we
assess your risk, we have to identify risk based on the understanding of our client,
meaning after doing properly your step number 1, you should be able to identify risk
based on your understanding. Next step, based from those understanding, you have
to now understand what are the things that can go wrong, your WCGW, after
knowing the risk of your client, you have to be able to identify your “What could go
wrong?” and lastly whether or not that would result in a misstatement that would
have an impact on the financial statement, because at the end of the day, the question
would always have to be “will there be an impact on the financial statement?”, if not,
forget it, ignore it.
Inherent Risk
o Professional judgment on the part of the auditor
a. Financial Statement Level (MIMO)
assessed through an interview with the management
1. Management Characteristics
2. Industry Characteristic
3. Management Integrity
4. Operating Characteristic
b. Account Balance Level
1. Susceptibility of an account to theft (cash and inventories)
2. Complexity of the account (calculations, underlying
transactions)
3. Degree of judgment that is involved in the account
4. Assessing the possibility of non-compliance
What is noncompliance?
o This is an act of omission or act of commission, these are either fraud or errors
against rules and regulations. The main difference between fraud and error is
intention.
o Who has the responsibility of assessing the possibility of noncompliance? –
Management (or the lawyer), NOT the auditor.
For example, you want to know whether or not the entity is still a going
concern entity, who should make the assessment? – Management.
o How can there be a noncompliance in relation to a going concern issue?
If the entity is no longer a going concern entity, the financial reporting
framework that should be used is no longer accrual basis, but cash basis.
If the client is no longer a going concern entity and still uses the accrual
basis, that is called a noncompliance with the accounting standard.
Procedures for Noncompliance:
1. Identify the existing industry and regulatory framework
You should be able to know what would be violated, what are the
possible rules and regulation that would be violated
2. Inquire based upon your understanding
For example, the doctrine for going concern is the entity’s ability to
contain you for a foreseeable future. For an entity to be considered a
going concern, the capital should be positive, there should be no capital
deficiency. Upon examination of the trial balance, the client is already
capital deficient. Now inquire based on your understanding. “Client, are
you still a going concern entity, because upon looking at your FS, your
capital is already in the negative.”
3. Inquire whether or not the noncompliance would have a fundamental
impact on the FS.
Look for evidence and proof that the client can justify their claims.
Always assess the impact to the financial statements.
4. To discuss the policies and procedures adopted and the legal and regulatory
framework of affected subsidiaries if any.
5. Identifying related parties
What is a Related Party Transaction (RPT)?
o So your Related Party Transactions are the definition as provided in IAS 24, are
transfer of resources, shares, obligations, regardless whether a price is charged.
Who are the Related Parties?
o Whenever there is a parent subsidiary relationship, these are your related parties:
Investment in Associate
Investment in Joint Venture
Key Management Personnel
Why do we need to be aware of them? (SoDAM)
o Without first going into specifics, the treatment for a RPT is very different: It
should not commingle with the transactions with outside entities.(e.g. Sales, it
should not include related party sales, and when you discuss business
combination, you know that intercompany transactions should always be
eliminated and should not appear on the financial statements because it would
confuse the users of the financial statements.)
1. Source of audit evidence
If there are related party transactions, we need to gather
evidence in relation to the RPT.
2. Disclosure requirements under IAS 4
There is separate note disclosure if there are RPTs.
3. Affects the financial statements
4. Motivated by profit sharing or fraud
How do we identify when there are related parties?
1. Inquire with management
2. Inquiry with the predecessor
3. Examine the stockholder listing
A sure way for you to identify when there are related party transactions.
6. Performing preliminary analytical procedure
Analytical Procedure
o Analytical procedure is the establishment of plausible relationships between and
among financial and non-financial data.
Analytics is governed by PSA 520
Analytics if performed in 3 stages of the audit:
1. Planning
2. Evidence Gathering – analytics in this stage is optional
3. Opinion Phase
Purpose of Analytics
o To perform the audit in an efficient and effective manner.
o To predict the movement of the account
e.g. Sales this year is 20,000, sales last year was 10,000, there is an
increase of 10,000. Because of the pandemic, are we expecting an
increase in sales? Depends on the nature of the client’s business.
o To be able to understand the business and to be able to identify potential areas of
risk
Different Kinds of Analytics:
1. Trend Analysis
2. Horizontal Analysis
3. Vertical Analysis
4. Different Financial Ratios
7. Development of overall audit strategy and detailed audit plan; preparation of
preliminary audit program
Audit Strategy
o Sets out in broad terms the nature, timing, and extent of the audit procedure
o Is it high?
If there is a high inherent risk, then the audit strategy would be high.
o Is it less than high?
If there is a low inherent risk during the planning phase, then the audit
strategy would be less than high.
Audit Plan
o sets out in broad terms, the nature, timing, and extent of audit procedure.
Audit Program
o Sets out in detail the audit procedures to be performed in each segment of the
audit. It is more detailed than the audit plan.
Consequence:
o Based upon the preliminary control risk assessment, we now try to analyze:
What would be the effect on the acceptable detection risk?
What would be your audit approach?
Is there a need for a test of controls?
Is there a need for substantive testing?
For example:
o If your preliminary control risk assessment is set at high or maximum:
What would be the effect on the acceptable detection risk?
Decrease
What would be your audit approach?
No Reliance Approach
Is there a need for a test of controls?
No, because there is no reliance to the internal structure
Is there a need for substantive testing?
Yes, you always perform your substantive testing regardless of
the preliminary control risk assessment or the audit strategy that
will be adopted by the auditor
o if your preliminary control risk assessment is set at less than high:
What would be the effect on the acceptable detection risk?
Increase
What would be your audit approach?
Reliance Approach
Is there a need for a test of controls? Yes
Yes, because there is a reliance to the internal structure
Is there a need for substantive testing?
Yes
You always perform your substantive testing regardless of the preliminary
control risk assessment or the audit strategy that will be adopted by the auditor.
