V

1
N
2
I
7 &
D
T
U
I
A UD
A

I
T
A
G
I
T
S
E

N
O
AUDIT
PLANNING

FOR
DR. SHARIFAH NAZATUL FAIZA
SYED MUSTAPHA NAZRI

Presented by - Ameer Shafiq Kamalullail

OBJECTIVE OF AUDIT PLANNING

Pre-Plan

Test of
Control

Planning

Substantive
Procedures

AUDIT STRATEGY

Completion

AUDIT PLANNING

Comprises of 3 sections, namely :

1. Scope/characteristics of
engagement
2. Timing of forms of
communications
3. Direction

Converts the audit strategy into more details and it

includes the nature, timing and extent of audit
procedures to be performed by engagement team
members in order to obtain sufficient appropriate audit
evidence to reduce audit risk to an acceptable low
level.

1
2

OBJECTIVE

Develop general strategy and detailed approach

Obtain sufficient-appropriate evidence

Determine amount of work to be carried out

Maintain reasonable cost

Reporting

To avoid misunderstandings with clients

BASIC AUDIT PROCESS

Pre-Plan

Planning
Planning

Test of Control

Substantive
Procedures

Completion

Term of Engagement

Engage Expert if needed

Using the work of Internal

Auditor

Identify Sources of
Evidence

Knowledge of Client
Business

Risk Assessment

Determination of
Materiality

Reporting

TERMS OF ENGAGEMENT
CLIENT ACCEPTANCE & CONTINUANCE

1 Evaluate the clients background

2 Ethical requirements
3 Communicate with previous auditor
4 Determine need for other experts
5 Select staff to perform the audit
6 Obtain engagement letter
Objectives of the engagement
Managements responsibilities
Auditors responsibilities
Limitations of the engagement

Predecessor & Successor

KNOWLEDGE OF CLIENTS BUSINESS

Background Information
What

Why

Related parties involved To fulfill the requirement by GAAP (General Accepted

Affiliated company
Principal owner
Party that can influence
management

Understanding clients
business or operations

Accounting Principles) requires disclosure of related

party transactions
To determine if any unique accounting is required
To identify industry risks for setting acceptable audit
risk
To identify industry risks for setting inherent risks
Determining materiality
Understanding internal control
Identify sources and nature of available audit evidence
Understanding substance of transactions
Assessing whether sufficient appropriate evidence is
available
Assessing appropriateness of accounting policies
Evaluating overall financial statement presentation

KNOWLEDGE OF CLIENTS BUSINESS

Regulatory, External, Industry

En
gag
em
ent

Obtain an understanding of the

a) industry (competition in the industry; growth in market size),
b) regulatory (legal framework; reporting framework), and
c) other external factors (economy they are trading n eg. Interest
rates, inflation, etc)
Nature of Entity
The nature of an entity refers to the clients operations, its ownership,
the types of investments it is making and plans to make and the way the
entity is structured and how it is financed
Performance Measures
Internally generated information used by management may include KPIs,
budgets, variance analysis, segment information and divisional,
departmental or other level performance reports and comparisons of an
entitys performance with that of competitors

Ris
k
ass
ess
me
nt

Risk, Objectives & Strategies

Strategies are the operational approaches used by management to
achieve objectives (defining what the entity wants to achieve). Business
risk will eventually have financial consequences and therefore inflict an
impact on the financial statements

Objective

Identifying risks of material

misstatements; some
industries are subject to risks
of material misstatements as a
result of unique accounting
Objective
Better idea of what to expect
in the financial statements

Objective
Used to measure and review
the entitys financial
performance
Objectives
Increases the likelihood of
identifying risk of material
misstatements

Internal Controls

Objectives

Internal controls is the label given to the entitys policies and procedures
designed to provide reasonable assurance about the achievement of the
entitys objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations and compliance with
applicable laws and regulations

Inherently limited to a certain

extent breakdown, override,
human errors, collusion,
controls. Cost limitations

RISK ASSESSMENT
MATERIALITY
Misstatements of omissions are material if they could reasonably be expected to
influence the economic decisions of users taken on the basis of the financial statements

Audit Risk

Inherent Risk

The risk that the

The susceptibility of
auditor expresses an an assertion about a
inappropriate audit class of transaction,
opinion when the
account balance or
financial statements
disclosure to
are materially
misstatements that
misstated.
could be material,
before consideration
Includes :
of any related
-Risk of material
controls
misstatement
-Inherent risk
-Control risk
-Detection risk

Control Risk

Detection Risk

The risk that a

The risk that an
misstatement could auditors substantive
occur in an assertion procedures will not
about a class of
detect a
transaction, account misstatement that
balance or disclosure exist and that could
and that could be
be material.
material, will not be
prevented, or
detected and
corrected, on a
timely basis by the
entitys internal
control

AR = IR x CR x DR

RISK ASSESSMENT
Relationship between Inherent, Control and Detection Risk
The darker shaded areas in this
table relate to detection risk.
There is an inverse relationship
between detection risk and
combined level of inherent and
control risks.

eg.

Auditors assessment of control

Auditors
assessment of
inherent risk

High

Medium

Low

High

Lowest

Lower

Medium

Medium

Lower

Medium

Higher

Low

Medium

Higher

Highest

When inherent and control risk

are high, acceptable levels of
detection risk need to be low to
reduce audit risk to an
acceptable low level.
On the other hand, when
inherent risk are low, an auditor
can accept a higher detection
risk and still reduce audit risk to
an acceptable low level

RISK ASSESSMENT

S
Set audit risk
(AR) to an
acceptable
and
reasonably
low level

A
Assess the risk
of material
misstatements
(IR X CR)

C
Calculate
the
detection
risk
(AR/ (IR X
CR)

D
Design the
audit
procedures
based on
detection risk

How to
assess
risk ?

RISK ASSESSMENT
Factors auditor will consider when assessing inherent risks
At Financial Statements Level

At Account Balance and Class of Transaction

Level

Management experience and knowledge and

changes in management during the period eg.
The inexperience of management may affect
the preparation of the financial statements of
the entity

The complexity of underlying transactions and

other events, which might require using the
work of an expert

Unusual pressures on management eg.

Circumstances that might predispose them to
misstate financial statement such as inability
to obtain financing to continue in operations

Susceptibility of assets to loss or

misappropriation such as assets, which are
highly describe and moveable such as cash

The nature of the entity such as the potential

for technological obsolescence of its products
and services

Financial statement accounts are likely to be

susceptible to misstatement eg. Accounts
which require adjustment in the prior period or
which involve a high degree of estimation

The integrity of management that might lead

them to misstate the financial statements

Accounting systems: the degree of judgment

involved in determining account balances

Factors affecting the industry in which the

entity operates; eg. Economic and competitive
conditions

Nature of transactions: the completion of

unusual or complex transactions particularly at
or near period end

RISK ASSESSMENT
Factors auditor will consider when assessing control risks
7 COMPONENTS
Human resource policies and practices
Organizational structure determines the way it imposes authority and
responsibility
Management philosophy and operating style reporting and risks
Assignment of authority and responsibility
Participation by those charged with governance is there positive involvement
Communication and enforcement of integrity and ethical values
Commitment to competence

RISK ASSESSMENT

Risk Assessment Procedure

Inquiry

Observation

Inspection

Consist of seeking
information of
knowledgeable
persons, both
financial and nonfinancial throughout the entity or
outside the entity;
to assess strength
of control
environment of the
entity.

Consists of looking at a process

or procedure being performed
by others; eg. The observation
by the auditor of the counting
of inventories by the entitys
personnel or the performance
of control activities (policies
and procedures that help
ensure that management
directives are carried out, a
component of internal
controls)

As an audit
procedure,
examining records
or documents
whether internal or
external of
tangible assets
inspections of
manuals, systems
documentation,
internal controls
evaluation reports

Discussion
amongst the
engagement team
Discussion with all
personnel
performing an
engagement
including any
experts
contracted by the
firm in connection
with that
engagement.

Analytical procedures
Evaluations of financial information made by a study of plausible relationships among both financial
and non-financial data; analytical procedures also encompass the investigation of identified
fluctuations and relationships that are inconsistent with other relevant information or deviate
significantly from predicted amounts.
Important and powerful tool for auditors in explaining the performance of a business. They are used
at the planning, testing and review stages of the audit. Analytical procedures refers to analysis of
relationships using techniques like ratio and trend analysis. Then any unusual fluctuations or
unexpected fluctuations would subject to investigations by performing audit procedures and uses
audit procedures to gather evidence.

RISK ASSESSMENT

Risk Assessment Procedure (cont. on Analytical Procedures)

Analytical Procedure

Types

Used in obtaining an understanding of

an entity and its environment and in
the overall overview at the end of
the audit.
Means the evaluation of financial and
other information, and the review of
plausible relationships in that
information. The review also includes
identifying fluctuations and
relationships that d not appear
consistent with other relevant
information or results

1. Comparison of comparable information to prior

periods to identify unusual changes of fluctuations in
amounts
2. Comparison of actual or anticipated results of the
entity with budgets and/of forecasts, or the
expectations of the auditor in order to determine the
potential accuracy of those results
3. Comparison to industry information either for the
industry as a whole or by comparison to entities of
similar size to the client to determine whether
receivable days, eg. Are reasonable

Use
Risk assessment procedures

Analytical procedures as
substantive procedures

Analytical procedures in the overall

review at the end of audit

Used at the beginning of the

audit to help the auditor obtain
an understanding of the entity
and assess the risk of material
misstatement. Audit procedures
can then be directed to these
risky areas

Used as substantive
procedures in determining
the risk of material
misstatement as the
assertion level during work
on the income statement
and balance sheet

Helps the auditor at the end of

the audit in forming and overall
conclusion as to whether the
financial statements as a whole
are consistent with the auditors
understanding of the entity

RISK ASSESSMENT
Importance of Risk Assessment Procedure

1
2 Fully understand the entity which is vital for an effective audit
Unusual transactions or balance would also be
3 identified early, and could be addressed timely
4 To develop a detailed work programs
5 Ensure appropriate and experienced staff allocated
6 Reduce risk of an inappropriate audit opinion

Attention is focused early on the areas most likely to cause material

misstatements

DETERMINATION OF MATERIALITY
Misstatements of omissions are material if they could reasonably be expected to
influence the economic decisions of users taken on the basis of the financial
statements
Judgments about materiality are made in
light of surrounding circumstances, and
are affected by the size of nature of a
misstatement, or a combination of both
Judgments about matters that are
material to users of the financial
statements are based on a consideration
of the common financial information
needs of users as a group. The possible
effect of misstatements on specific
individuals users, whose needs may wary
widely, is not considered.

Size of the Item

The most common application of materiality has
to do with the size of the item considered

Nature of the Item

The nature of the item is a qualitative
characteristic

Circumstances
The materiality of an error depends upon the
circumstances of its occurrence

LOW MATERIALITY LEVEL

There will be additional cost incurred for an auditor to audit with a lower materiality
The lower the materiality, the more costly is the audit
If any error or whatever small size needs to be found in the audit, the auditor would
spend significantly more time than when a certain level of imprecision (higher
materiality level) is considered acceptable.

information used by the auditor in arriving at the conclusion on which the audit opinion
AUDIT All
is based, and includes the information contained in the accounting records underlying the
EVIDENCE financial statements and other information.

APPROPRIATENESS

The measure of the

quantity of audit
evidence
Quantity needed is
assessed by the
assessed-risk of
material misstatement
AND by the quality of
the audit evidence
gathered.
The GREATER the
assessed-risk, the
MORE audit evidence
is likely to be required
(to meet audit
objective)
The HIGHER the
quality of the
evidence, the LESSER
evidence may be
required to meet the
audit test.
Has inverse
relationship between
sufficiency and
appropriateness.

Relevance

Reliability

Qualification
of Informer

Sources

Evidence on its relevance to the audit objective being tested

If auditor relies on evidence that is unrelated to the assertion, the
auditor may reach and incorrect conclusion about the assertion
Whether a
External evidence
Internal evidence
particular
type of
Indirect evidence
Direct evidence
evidence can
Oral representation
be relied
Documentary form
upon to
Photocopies
Original documents
signal the
true state of
Ineffective Internal Control
an assertion Effective Internal Control
If information to be used as audit evidence has been prepared using the
work of a managements expert, the auditor shall, to the extent
necessary, having regard to the significance of that experts work for the
auditors purposes:
a) Evaluate the competence, capabilities and objectivity of that expert;
b) Obtain an understanding of the work of that expert; and
c) Evaluate the appropriateness of that experts work as audit evidence for
the relevant assertion.
When using information produced by the entity, the auditor shall evaluate
whether the information is sufficiently reliable for the auditors purposes,
including as necessary in the
circumstances:
a) Obtaining audit evidence about the accuracy and completeness of the
information; and
b) Evaluating whether the information is sufficiently precise and
detailed for the auditors purposes
is more reliable than

SUFFICIENCY

USING THE WORK OF INTERNAL AUDITOR

Must obtain an understanding of a clients internal audit
department and its work

Prior to using the work of internal auditors, external

auditors should consider internal auditors objectivity
and competence
Internal auditors should not be delegated tasks that
require extensive professional judgment

ENGAGE EXPERTS IF NEEDED

WHO

EXPERTS

WHO

WHAT

AUDITORS

Persons skilled in fields other than accounting and

auditing, who re not members of the audit team

Should be unrelated to the company being audited

Are not referred to in the audit report unless the

specialists findings cause the auditors report to
be modified

KNOW
OBTAIN

Must know about the experts professional

qualifications, experience and reputation

Should obtain an understanding of the experts

methods and assumption

information used by the auditor in arriving at the conclusion on which the audit opinion
AUDIT All
is based, and includes the information contained in the accounting records underlying the
EVIDENCE financial statements and other information.

APPROPRIATENESS

The measure of the

quantity of audit
evidence
Quantity needed is
assessed by the
assessed-risk of
material misstatement
AND by the quality of
the audit evidence
gathered.
The GREATER the
assessed-risk, the
MORE audit evidence
is likely to be required
(to meet audit
objective)
The HIGHER the
quality of the
evidence, the LESSER
evidence may be
required to meet the
audit test.
Has inverse
relationship between
sufficiency and
appropriateness.

Relevance

Reliability

Qualification
of Informer

Sources

Evidence on its relevance to the audit objective being tested

If auditor relies on evidence that is unrelated to the assertion, the
auditor may reach and incorrect conclusion about the assertion
Whether a
External evidence
Internal evidence
particular
type of
Indirect evidence
Direct evidence
evidence can
Oral representation
be relied
Documentary form
upon to
Photocopies
Original documents
signal the
true state of
Ineffective Internal Control
an assertion Effective Internal Control
If information to be used as audit evidence has been prepared using the
work of a managements expert, the auditor shall, to the extent
necessary, having regard to the significance of that experts work for the
auditors purposes:
a) Evaluate the competence, capabilities and objectivity of that expert;
b) Obtain an understanding of the work of that expert; and
c) Evaluate the appropriateness of that experts work as audit evidence for
the relevant assertion.
When using information produced by the entity, the auditor shall evaluate
whether the information is sufficiently reliable for the auditors purposes,
including as necessary in the
circumstances:
a) Obtaining audit evidence about the accuracy and completeness of the
information; and
b) Evaluating whether the information is sufficiently precise and
detailed for the auditors purposes
is more reliable than

SUFFICIENCY