AUDIT APPROACH, PLANNING & RISK

(INCL. RESPONSIBILITIES, FUNCTIONS AND QUALITIES)

RESPONSIBILITIES, FUNCTIONS AND QUALITIES

Only need to know for background information

 Overall objective

 Reasonable assurance

 Material misstatement

 Applicable financial reporting framework

 Report and communicate to ??

TYPES OF SERVICES

Statutory audit – Audits mandated by an act eg. Companies act. Auditors duties and responsibilities are
mandated by the act

Non-statutory audit – Audit requested by client although it is not statutorily required

Audit – The objective of an audit of the F/S is to enable the auditor to express an opinion as to whether or not
the f/s fairly present, in all material respects, the financial position of an entity at a given date, and the result
of its operations and cash flow information for the period ended on that date, in accordance with an
identified reporting framework and/or statutory requirements

Review – objective of review engagement is to enable the auditor to state, based on procedures that do not
require all the evidence of an audit, whether or not anything has come to the auditors attention that may
cause the auditor to believe that the statements were not prepared with all material respects in accordance
with an identified reporting framework and/or given criteria (negative assurance)

Agreed-upon procedures – The auditor preforms those procedures of an audit nature that the client, 3 rd
parties and auditor agree upon. The receiver of the report forms own opinion based on procedures performed
and the findings thereof

Compilations – The accountant uses accounting expertise (as apposed to auditing expertise) to collect, classify
and summarise financial information

WHO NEEDS TO BE AUDITED

Over and above public companies (i.e. listed) and state-owned entities:

 any profit/non-profit entity holding assets in ordinary course of business in fiduciary capacity for
persons who are not related to company in aggregate of value in financial year of R5 million
 Certain non-profit entities by state
 Any other entity whose PIS as calculated reg 26(2) is:

- 350 or more OR

- is at least 100 but less 350, if its AFS for that year were compiled internally

PIS SCORE
Co/CC to calculate at end of each financial year end

 1 point every R1m or portion thereof TURNOVER

 1 point every R1m or portion thereof in 3rd PARTY LIABILITY
 1 point every beneficial interest (shareholder)
 1 point every employee – average number

Things to keep in mind when calculating:

 Made at company level ≠ consolidated group level

 Employee includes any who person who receives or is entitled to receive any remuneration
 3rd party liability refers to all liabilities includes sub-ordinate loans, intercompany creditors
 Beneficial interest means the right /entitlement of a person through
ownership/agreement/relationship
 Turnover is the gross revenue from most recent annual FS

WHO NEEDS TO BE REVIEWED

All Companies/CC where:

- PI Score > 100…….need a CA(SA) to do review

- PI Score < 100 ……… can be a CA(SA) or Accounting Officer as per CC Act

Independent Review can NOT be conducted by the same person that is involved in the preparation of the AFS.

Only applies to individual and not the Firm

EXEMPT FROM AUDIT/REVIEW

Co Act

- IF every holder of securities/ beneficial interests = member/director

BUT

- Not if another law requires audit or review (eg PFMA)

- OR; it falls into a class that requires an audit (EG. SOE)
QUALITY CONTROL

Relates to policies and procedures adopted by a firm to provide reasonable assurance that the firm and its
personnel comply with professional standards, regulatory and legal requirements and that the reports issued
by the firm or engagement partners are appropriate

QUALITY CONTROL WILL ENSURE THAT

- The firm acts appropriately in all given circumstances and in doing so limits its risk of legal liability
and reputational damages resulting from assurance and other related service failures
- AND
- A professional service is rendered to clients at all times

DOCUMENTATION

Firm shall keep documentation of its compliance with quality control policies and procedures

QUALITY CONTROL AT FIRM LEVEL (ISQC 1)

PURPOSE AND RESPONSIBILITY

- Establish principles and procedures regarding a firm’s responsibility for its system of quality control
for audits and reviews of historical financial information and other assurance and service
engagements

OBJECTIVE
- Establish a system of quality control to provide it with reasonable assurance that the firm and its
personnel comply with the professional standards and regulatory and legal requirements and
ensuring that reports issued by the firm are appropriate in the circumstances

ELEMENTS OF A SYSTEM OF QUALITY CONTROL

- Leadership responsibilities

- Ethical requirements

- Acceptance and continuance of client relationships and engagements

- Human Resources

- Engagement performance

 Direction, supervision, review

 Consultation

 Differences of opinion

 Engagement quality control review

 Engagement documentation
 - Monitoring

- Documentation of the system of quality control

For all above elements policies and procedures should exist

QUALITY CONTROL AT AUDIT LEVEL (ISA 220)

PURPOSE AND RESPONSIBILITY

- Establish basic principles and procedures that will assist the auditor (engagement partner)
with his/her responsibilities with regards to quality control for individual audits

OBJECTIVE
- Implement quality control at the engagement level to provide reasonable assurance that the audit
complies with professional standards and applicable regulatory and legal requirements and ensuring
that reports issued by the auditor is appropriate in the circumstances

ELEMENTS OF SYSTEM OF QUALITY CONTROL

- Leadership responsibilities

- Ethical requirements

- Audit engagements

- Engagement team

- Engagement performance

- Monitoring

For all above elements policies and procedures should exist

THE AUDIT PROCESS

1. Pre-engagement activities
2. Planning (overall and assertion level)
3. Audit procedures (RAPs, TOCs, SPs)
4. Evaluating concluding and reporting
 1. PRE-ENGAGEMENT ACTIVITIES

REASONS FOR SCREENING NEW/EXISTING CLIENTS

ISA 220 – quality control for an audit of financial statements

ISA 300 – Planning an audit of financial statements

ISQC 1 – Quality control for firms

Auditors need to perform engagement activities to evaluate the acceptability of new clients or to consider the
ability to continue as auditors of existing clients

- Done to limit auditors risks by not accepting unsatisfactory clients

- Done to ensure firms only accept clients for whom they can provide a professional and
quality service

RISK TO AUDIT FIRM OF UNACCEPTABLE CLIENTS

Legal liability - result from lawsuits against the audit firm as a result of company failures which are somehow
seen as audit failures

Reputational damage – Stems from negative publicity and damage to the audit firms good name and
reputation by being associated with a specific client. This might result from company failures, clients
involvement in illegal and unlawful activities etc.

PROVIDING A QUALITY AUDIT (ISA 220)

Auditors should only take on an engagement if they have the

- skills,
- competence,
 - necessary staff and
- experience
- to provide an effective and efficient audit

REGULATORY, STATUTORY AND ETHICAL CONSIDERATIONS

Auditor should only take on a client if all the professional, ethical, statutory and regulatory requirements have
been met

- failure to do so may result in disciplinary action, penalties and even suspension from public
practice
- IRBA conducts practice reviews to evaluate whether ISA 220 and ISQC 1 are being complied
with

RESPONSIBILITY FOR CLIENT ACCEPTANCE AND CONTINUANCE DECISIONS

- Audit firm is responsible for establishing policies and procedures to determine acceptance or
continuance
- At audit level the engagement partner is responsible for the quality of the audit and for the
appropriate conclusions reached regarding client acceptance and continuance

OBTAINING ENGAGEMENT ACCEPTANCE INFORMATION

RAPS = risk assessment procedures

METHOD AND TIMING OF OBTAINING INFORMATION: RAPS

- Before acceptance of engagement for new clients, or before the start of the current years
audit for existing clients
- Info obtained through RAPS
 Enquiries of management and other inside and outside the entity
 Observation and inspection
 Analytical review

NEW CLIENTS
Auditor normally acquires information of a general nature from a wide range of sources to evaluate and
screen a new perspective client

Sources available to the auditor

- Communication with predecessor auditor

- Enquiry from client personnel (boards, audit committees, management etc)
- Enquiry from 3rd parties (bankers, lawyers, analysis)
- Enquiry from other auditor in same industry
- Press & media coverage of client
- Background searches of relevant databases

EXISTING CLIENTS
When considering continuance auditor normally is in a good position to have access to all information required
from current and previous years audit files and experience
Must consider if any changes occurred that might affect the ability to continue as their auditors

- Takeovers and mergers resulting in conflict of interest

- Factors affecting the auditor’s independence
- Changes in owners/shareholders, management, directors, business practices, litigation
status, etc, resulting in additional risk

DOCUMENTATION
The procedures performed, information obtained and conditions regarding acceptance of a new client, or
continuance with an engagement for existing clients, should be documented in working papers

PRE-ENGAGEMENT PROCEDURES

STEP 1: PERFORM A CLIENT INVESTIGATION

- Consider:

 Independence of the auditor

 Integrity of the client (risk of client & management thereof)

 Changes in the entity for existing clients

 Information obtained from communication with the predecessor auditor

 Financial responsibility of the client

 Legal procedures in respect of the engagement

STEP 2: DETERMINE THE SKILLS AND COMPETENCE REQUIREMENTS FOR THE ENGAGEMENT
Does the auditor have the capabilities, competence, time and resources to accept engagement?

Consider:

- Firm personnel have knowledge of the relevant industries or subject matters

- Firm personnel have experience of relevant regulatory or reporting requirements, or have
the ability to obtain the necessary skills and knowledge
- The firm has sufficient personnel with necessary skills, competencies and expertise
- Experts are available if needed
- Whether the audit deadline can be met

STEP 3: ESTABLISH THE TERMS OF THE ENGAGEMENT

New engagements/ changes to existing engagements must be confirmed through an engagement letter. This
establishes a contractual relationship and should remove any misunderstandings that may exist. A copy of the
letter and confirmation of receipt thereof must be filed in the working papers

ENGAGEMENT LETTERS – ISA 210

PURPOSE OF ENGAGEMENT LETTER

 - Issued for audit engagements and other services to avoid misunderstandings between the
client and auditor with respect to the engagement
- Records the auditor’s acceptance of the engagement, his responsibilities to the client,
objective and scope of the audit and the format of any reports

THE ISSUE OF ENGAGEMENT LETTERS

- Should be issued at each audit or other engagement
- For recurring audits letter does not need to be issued every time unless the auditor finds
 Indications client does not understand objective/scope of the audit
 Special/significant changes occurred ito the engagement
 Changes to senior management or the board
 Significant change in ownership
 Significant changes to nature and size of business
 Change in legal/regulatory requirements
 Change in financial reporting framework adopted in preparation of financial
statements

CONTENTS OF ENGAGEMENT LETTERS

- Letterhead, address, salutation, intro paragraph
 Confirmation of acceptance of engagement
- Differentiate between auditing, accounting and other services
- Required information
 Objective and scope of audit
 Responsibilities of auditor
 Responsibilities of management
 Identification of financial reporting framework
- Additional information
 Reporting to management
 Representations by management
 Arrangements in respect of documents to be issued with the f/s
 Fees
 Acknowledgement of receipt
- Additional information where applicable
 Arrangement ito the audit of subsidiaries (other auditors)
 Arrangements ito internal auditors
 First audit engagement – arrangements iro the predecessor auditor
 Limiting the auditors’ liability where applicable
 Other agreements/services rendered
 Arrangements ito planning the audit
- The auditors’ responsibility for reporting reportable irregularities to IRBA and the impact
thereof on the audit report
- Signed and dated

ACCEPTING A CHANGE ITO THE AUDIT ENGAGEMENT

- Auditor may not agree to a change ito the engagement where there is no justification to do
so
 - Where the auditor is requested to change the engagement to a lower level of assurance
before the completion of the engagement
 Auditor consider reasons and justification thereof and issue a new engagement
letter if the change is considered acceptable
 Where an auditor is unable to agree to a lower level of assurance and is not
permitted by management to continue with the original engagement
o He should withdraw from the engagement and consider any legal or
regulatory obligations to report the circumstances to other parties

PLANNING

BENEFITS OF PLANNING

- Appropriate attention to important areas

- Identify potential problem and risk areas
- Audit work completed expeditiously (efficiently and effectively)
- Work properly delegated (members to team & work to team members)
- Work by other auditors and experts are properly co-ordinated

PERSON RESPONSIBLE FOR PLANNING

Person/persons with relevant knowledge, skills and expertise

- Normally at senior level

- Engagement partner should also approve the overall strategy and the audit response

PROFESSIONAL SCEPTICISM

Auditor should plan the audit with an attitude of professional scepticism that:

- Circumstances may exist that may cause the financial statements to be materially misstated;
and
- During the audit, circumstances may arise that might result in the need to change the overall
strategy for the scope and conduct of the audit and planned audit procedures

STEPS IN PLANNING (OVERALL F/S LEVEL)

1. OBTAINING AN UNDERSTANDING OF THE ENTITY AND ITS ENVIRONMENT;

OBJECTIVE
gain sufficient understanding to identify and assess the risk of material misstatements and design and perform
further audit procedures

VALUE
- Plan the audit
- Apply professional judgement in assessing the risk of material misstatement
- Respond to identified risks when
 Setting materiality
 Formulating an overall audit strategy
 Considering appropriateness of the acc policies
  Identifying special audit consideration areas (related parties; going concerns etc.)

ON WHAT – Aspects to obtain an understanding

- External factors

 Industry conditions

 Regulatory environment

 Economic factors

- Internal factors

 Business operations

 Investments

 Financing

 Financial reporting

- Objectives, strategies and related business risks

 Industry developments
 New products and services
 Expansion
 New acc requirements
 Regulatory requirements
 Financing requirements
 Use of IT

- Measurement and review of the entities financial performance

 Key ratios and operating statistics

 Key performance measures and incentive compensation policies
 Trends
 Use of forecasts, budgets and variance analysis
 Analyst reports and credit rating reports
 Competitor analysis
 Period-on-period financial growth

HOW – Risk assessment Procedures

- Enquiries of management and others within the entity

 Management and those charged with governance

 Those responsible for financial reporting

 Internal audit personnel

  Personnel involved in initiating, recording and processing complex transactions

 Internal legal council

 Marketing and sales personnel

- Analytical procedures

 Helpful in identifying the existence of unusual transactions, events, amounts, ratios,

trends etc

- Observation and inspection

 Observation of the entity’s activities and operations

 Inspection of documents, records and internal control manuals

 Reading reports prepared by management

 Visit to entity’s premises

 Walk through tests

 Using info from prior periods – what changes have taken place since then that can
effect reliability and relevance of evidence

RAPs – procedures to obtain knowledge of the entity and its environment, including its accounting information
systems, to access the risk of material misstatements

2. OBTAINING AN UNDERSTANDING OF THE ENTITY’S I/C, INCLUDING THE ACCOUNTING

INFORMATION (AND IT);

Accounting system

- the functions by which the entity’s tractions are processed as a means of maintaining the
accounting records

Internal control

- The process designed and effected by those charged with governance and management and
other personnel to provide reasonable assurance about the achievement of the entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of
operations, and compliance with laws and regulations
- Consists of the following components
 The control environment
 Entity’s risk management process
 Accounting information system
 Control activities
 Monitoring of controls

Control environment
 - Overall attitude, awareness and actions of the directors and management regarding internal
control system and importance thereof

Internal control procedures

- Policies and procedures instituted by management to achieve the entity’s objectives

VALUE TO THE AUDITOR OF UNDERSTANDING

- Only concerned with policies and procedures within the accounting and internal control
system relevant to the f/s
- Understanding the accounting and internal control systems will help the auditor understand
control risk better and develop procedures accordingly

SOURCES FOR OBTAINING INFORMATION ON CONTROLS

- System walk through test
- Enquiry
- Inspection of documents
- Observations of controls and processes
- Internal control questionnaires
- Prior year’s working papers

IT RISKS AND INTERNAL CONTROLS

- Inaccurately processing data and processing inaccurate data
- Unauthorised access to data
- IT personnel gaining excessive access privileges
- Unauthorised changes to data in master files
- Unauthorised changes to systems or programs
- Inappropriate manual intervention over programmed controls (eg. Overriding system controls)
- Potential loss of data or inability to access data as required

3. IDENTIFYING AND ASSESSING THE RISK OF MM AT THE OVERALL F/S LEVEL;

Audit risk - Risk that auditor expresses an inappropriate audit opinion on FS that are materially misstated

 AR = IR * CR * DR

Risk of material misstatement = combination of

o Inherent risk that fraud and errors may occur

o Control risk that the internal controls would fail to prevent or detect the misstatement

- These 2 issues of risk are at the managements/company’s responsibility – therefore independent of

auditor and considered entity risk

INHERIT RISK:
 The susceptibility of an assertion
 to a misstatement [by fraud (intentional) or error (not intentional)]
 that could be material
 either individually or when aggregated with other misstatements
 assuming that there are no related internal controls

- Relates to client’s circumstances and operating activities on the financial level

FACTORS TO CONSIDER AS AUDITORS WHEN LOOKING AT THE CLIENTS INHERIT RISK

AT f/s level

- Integrity of management
- Management experience and knowledge
- Changes in management
- Unusual pressure on management
- Nature of entity’s business
- Factors affecting the industry

AT balances and class of transactions level

- Accounts susceptible to misstatement

- Complexity of transactions and the use of experts
- Degree of judgement involved in determining account balances (provisions)
- Susceptibility of assets to loss or misappropriation
- Occurrence of unusual or complex transactions, particularly close to year-end
- Transactions not subjected to routine processing

CONTROL RISK:
 Risk that a misstatement that occurs in an assertion and
 that could be material,
 either individually or when aggregated with other misstatement,
  will not be detected or prevented and corrected on a timely basis
 by the entity’s accounting & internal control systems.

- Directly dependable on the effectiveness of the design and functioning of internal control (Design &
operation)

THE METHODS AN AUDITOR CAN ASSESS THE CONTROL RISK:

TEST OF CONTROLS
Audit procedures designed to evaluate

- operating effectiveness of controls in:

o Preventing, detecting and correcting material misstatements at the assertion level.
- Specifically, will TEST:
o suitability of design of IC and
o existence and effective operation of systems throughout period of reliance
- Designing TOCs to obtain relevant audit evidence includes identifying conditions (characteristics and
attributes) that indicate performance of a control

Testing consists of:

Inspection of - docs and assets

Observation of a – process or procedure (limited to moment when observation took place)

Enquiry of – knowledgeable persons inside and outside entity

Recalculation of -mathematical accuracy of docs or records

Re-performance of – procedures or controls that were originally performed as part of the internal control, by
the auditor manually or through CAATs

 The auditor can make recommendations, but he has no power in enforcing the
recommendations

DETECTION RISK:
- Risk that an auditor’s procedures will not detect a material misstatement that exists in an assertion
- that could be material,
- either individually or when aggregated with other misstatements.

Detection risk may arise because auditor:

o Selects inappropriate procedure

o Misapplies appropriate procedure

o Misinterprets results of test

Limit detection risk through substantive procedures:

o Detail testing of transactions and balances, and

 o Analytical procedures

DR is a function of

- Effectiveness of auditor’s procedures and

- Application of those procedures

THE RELATIONSHIP BETWEEN RISKS:

IR & CR: independent from audit

DR: directly related to auditors substantive procedures

IR & CR directly influence the nature, timing and extent of substantive procedures

Always perform some substantive procedures on material balances

The higher the level of IR & CR the more audit evidence the auditor should obtain from substantive
procedures, therefore decreasing DR

Risk of material misstatement = IR & CR

AR(down) = IR (down) * CR(down) * DR(up)  Combined approach (good controls). the reason DR goes up is
because we don’t take it so seriously, due to IR and CR being low, we don’t do much testing to reduce DR.

AR(UP) = IR (up) * CR(UP) * DR(down)  Substantive approach (poor controls). the reason DR is now down,
because we are so worried that the first 2 are high, we do a lot of detailed testing to reduce DR

4. SETTING OF PLANNING MATERIALITY;

Materiality

- Omission/misstatement which will

- Influence economic decisions of the user
- Taken on basis of financial statements

PLANNING MATERIALITY
- Planning phase
- This is provisional judgment by partner of materiality
- Quantified to assist in determining nature, timing and extent of audit procedures
- Helps identify which accounts need to be audited in detail
- Often applied on a chosen benchmark as a starting point for calculation
- At overall f/s level and individual account balance and class of transaction level
- Asses final materiality as well. Allows auditor to assess whether the amount of planning
materiality is still appropriate
FIGURES USED
- Estimates or provisional info
- Budgets or forecasts
- Interim financial information
- Information from prior periods
- Current-year unaudited info

AUDITOR TO CONSIDER
- The amount of misstatements (quantitative) and nature (qualitative) of misstatements
- Materiality of overall f/s in relation to misstatement
- Misstatement individually or in aggregate

QUALITATIVE FACTORS
- The control environment
- The effectiveness of internal controls
- Integrity of management
- Appropriateness of accounting policies and the disclosure thereof
- Statutory requirements and regulations
- Problems and errors experienced in previous years
- The result of the provisional analytical procedures
- The possibility of the occurrence of illegal transactions

QUANTITATIVE INDICATORS
(Turn on, good porn, near, the, evening)

Turn over [0,5 low |1 high]

Gross profit [1 low | 2 high] SCI = 12 month
Net income [5 low | 10 High]
Total assets [1 low | 2 High]
Equity [2 Low | 5 High] SFP = AS at that point in time

AUDITOR MUST BASE MATERIALITY ON

- Most appropriate criteria
- Stable basis
- Single indicator or combination thereof
- Accuracy with which indicators can be calculated

MATERIALITY AND AUDIT RISK

Inverse relationship

High audit risk; use low materiality to compensate

Low audit risk; use high materiality to compensate

COMPENSATING FOR HIGH AUDIT RISK
- Reduce control risk
o Extended and additional tests of controls
- Reduce detection risk
o Modify nature, timing and extent of substantive procedures

FRAMEWORK TO ANSWER MATERIALITY CALCULATION

*perform materiality calculation*

Audit risk: Impact of AR on materiality (high AR = low materiality and vice versa) state why

Stability of indicators: if not stable don’t use, i.e. How appropriate is the indicator, When is the indicators not
stable?

Single or combination: Both SFP and SCI? Only SFP? Only SCI? Give reasons WHY!!!

Actual/Budget/Previous Year Audited amounts? Give reasons WHY!!!

Calculate

Conclude on your materiality amount, I believe my audit risk is low, therefore I go to my calculation and say I
will be using the high amount, and the ill say therefore my materiality amount is X/5.

DUAL PURPOSE OF PLANNING MATERIALITY

- To determine performance materiality
- To identify significant accounts (accounts that carry significant risks)

PERFORMANCE MATERIALITY
- Individually detected misstatements might not be material ito planning materiality figure
- But when aggregated, it could cause the f/s to be materially misstated
- Performance materiality is calculated by using professional judgement based on prior experience,
knowledge of the client and expectations

5. FORMULATING AN OVERALL AUDIT STRATEGY.

COMBINED APPROACH
- We can rely on the controls = analytical procedure will take place, this will take place during the
year and we will need less time
- Here we have test of controls and limited substantive procedures = its quicker, cheaper and less
time consuming

SUBSTANTIVE APPROACH
- No test of controls
 - Audit evidence and assurance obtained through substantive procedures to ensure correctness of
result

NATURE

- The type of procedure that will be used in the audit (TOCS, SPS, APS)

EXTENT
- How many items will be tested.
- When testing controls, the extent will be determined by how regularly the control is exercised.
- When performing substantive testing the extent will be determined by the sample size calculated

TIMING
- When procedures will be performed
- Most of the time when a sound control exists, a combined approach can be followed and early
verification can be done on the balances. This saves time at year end
- If the control environment is not sound, then one will perform only substantive procedures and
only at year end or close thereto

TOCs SPs
Nature (how) - Inspection - Recalculation
- Observation - Inspection
- Enquiry - Observation
- Re-performance - Enquiry
- Re-performance
- Confirmation
Analytical review
 Always performed for material classes
of transactions/account balances
Timing (When) - Cover whole period of reliance - Verify year end balances
- Effective operation of controls - Mainly at or after year end
- Interim testing - At interim period, further
procedures for remaining time
along with TOCs
Extent (Sample - Sufficient appropriate audit - Substantive audit opinion
size) evidence on effectiveness - Limit detection risk
throughout period of reliance
-
- Frequency of control procedure
- Length of time relying on control
- Expected deviation
- Extent of intended reliance

CONSIDERATIONS REGARDING LENGTH OF TIME ELAPSED BEFORE RE-TESTING

- Effectiveness of other elements of internal controls including control environment, monitoring of
controls and risk assessment procedures
- Risks arising from characteristics of control, including manual or automated controls
- Effectiveness of general IT controls
- Whether lack of change in particular control poses a risk due to changing circumstances
- Risk of material misstatement and extent of reliance on the control

FACTORS THAT DECREASE ELAPSED TIME BEFORE RE-TESTING

- Weak control environment; monitoring of controls and general IT controls
- Significant manual element to relevant control
- Personnel changes that significantly affect the application of control
- Changing circumstances which indicate the need for changes in the control

AUDIT PLAN (AUDIT PROGRAMME)

- Converts the audit strategy into a comprehensive description of the work to be performed
- Detailed audit procedures
- Provides record of planning and execution of work
- Updated and changed as necessary during the course of the audit

PLANNING (ASSERTION LEVEL)

 Detailed audit planning at the assertion level for individual classes of transactions, account balances
and disclosures. (significant accounts)

 Risk assessment procedures

 Enquiry of management and staff

 Analytical procedures

 Observation and enquiry

 Step 1: Identify Risks for individual significant accounts

 Step 2: Identify Controls of audit significance

 Step 3: Set audit strategy