Chapter 2.

Auditing Planning – Introduction and Risk Assessment Procedures

Planning an audit of Financial Statements

The primary objective of the auditor is to plan the audit so that the audit will be performed in an
effective manner. However, adequate planning also leads to an efficient and timely audit engagement.

The Role and Timing of Planning

Planning an audit involves establishing the overall audit strategy for the engagement and developing an
audit plan. Adequate planning benefits the audit of financial statements in several ways, including the
following:

• Appropriate attention is devoted to important areas

• Potential problems are identified and resolved on a timely basis
• Proper organization and management of the audit engagement leading an effective and efficient
performance
• Work are properly assigned to appropriate engagement team members
• Assistance in coordinating work done by other auditors and experts
• Assistance in facilitating direction, supervision and review

The nature and extent of planning activities will vary according to the:

(SECTa)

• Size and complexity of the entity

• Previous Experience with the entity of key engagement team members (partner, manager, staff-
in-charge)
• Changes in circumstances that occur during the audit engagement
• Timing of the Appointment of the independent auditor

Planning as a phase of the audit process

Planning is not a discrete phase of an audit, but rather a continual and iterative process that often
begins shortly after (or in connection with) the completion of the previous audit and continues until the
completion of the current audit engagement.

Major Audit Planning Activities

Planning is required regardless whether it is a new engagement of or recurring engagement. Planning

activities may differ from one client to another client but normally includes the following:

1. Obtaining an understanding of the client and its environment

2. Determining the need for experts
 3. Determining the appropriateness of management use of going concern assumption.
4. Establishing materiality and assessing risks
5. Assessing the possibility of non-compliance
6. Identifying related parties
7. Performing preliminary analytical procedures
8. Development of the overall audit strategy and detailed audit plan.
9. Preparation of preliminary audit programs.

The overall audit strategy and audit plan

Overall Audit Strategy

The audit shall establish an overall audit strategy that sets the scope, timing and direction of the audit
and that guides the development of the audit plan.

In establishing the overall audit strategy, the auditor shall:

• Identify the characteristics of the engagement that define its scope;

• Ascertain the reporting objectives of the engagement to plan the timing of the audit and nature
of the communications required;
• Consider the factors that, in the auditor’s professional judgement, are significant in directing the
engagement team’s efforts
• Consider the results of preliminary engagement activities and, where practicable whether
knowledge gained on other engagements performed by the engagement partner for the entity
is relevant.
• Ascertain the nature, timing and extent of resources necessary to perform the engagement

Audit plan

After the overall audit strategy has been established, an audit plan can be developed to address the
various matters identified in the overall audit strategy, taking into account the need to achieve the audit
objectives through the efficient use of the auditor’s resources.

The audit plan is more detailed than the overall audit strategy in that it includes the nature, timing and
extent of audit procedures to be performed by engagement team members. These procedures may be
documented in an audit program.

The audit program shall serve as a:

• Set of instructions to assistants involved in the audit; and

• Means to control and record the proper execution of the work.

The audit program also contains:

• The audit objectives for each area; and

 • A time budget in which hours are budgeted for the various audit areas or procedures.

Changes to planning decisions during the course of the Audit

The overall audit plan and the audit program should be revised as necessary during the course of the
audit. Planning is continuous throughout the engagement because of changes in conditions or
unexpected results of audit procedures.

Completion of Overall Strategy and Audit Plan

The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete
or sequential processes; but are closely interrelated since changes in one may result in consequential
changes to the other. Also, preferably, a plan shall be initially completed prior to consideration of
internal controls or performance of specific procedures.

Planning documentation

The audit shall document:

a. The overall audit strategy

b. The audit plan
c. Any significant changes made during the audit engagement to the overall strategy audit plan
and the reasons for such changes

Additional Considerations in Initial Audit Engagements

After performing preliminary engagement activities, for an initial audit, the auditor may need to expand
the planning activities because he/she does not ordinarily have the previous experience with the entity
that is considered when planning recurring engagements. For initial audits, additional matters the
auditor may consider in developing the overall audit strategy and audit plan include the following:

• Arrangements to be made with the predecessor auditor to review prior year’s working papers.
• Any major issues discussed with management in connection with the initial selection as
auditors, the communication of these matters to those charged with governance and how these
matters after the overall audit strategy and audit plan.
• Other procedures required by the firm’s system of quality control for initial audit engagements.

Direction, Supervision and Review

The auditor should plan the nature, timing and extent of direction and supervision of engagement team
members and review of their work.

The nature, timing and extent of the direction and supervision of engagement team members and
review of their work vary depending on many factors, including

• the assessed risks of material misstatements;

 • size and complexity of the entity;
• the area of audit; and
• capabilities and competence of personnel performing the audit work.

Considerations specific to smaller Entities

When an audit is carried out entirely by an audit engagement partner, who may be a sole practitioner, it
may be desirable to consult with other suitably experienced auditors or the auditor’s professional body.

Identifying and assessing the risks of material misstatement through understanding the entity and its
Environment

It is the objective of the auditor to identify and assess risks of material misstatements, whether due to
fraud or error, at the financial statement and assertion levels, through understanding the entity and its
environment, including the entity’s internal control, thereby providing a basis for designing and
implementing responses to the assessed risk of material misstatements.

The required understanding of the Entity and its Environment

The auditor shall obtain an understanding of the following:

a. Relevant industry, regulatory, and other external factors including the applicable financial
reporting framework;
b. The nature of the entity, including its operations; ownership and governance structure; types of
investments that the entity is making and plans to make; and the way the entity is structured
and how it is financed;
c. Entity’s selection and application of accounting policies, including reasons for changes thereto;
d. Entity’s objectives and strategies, and those related business risks that may result in risk of
material misstatement;
e. The measurement and review of the entity’s financial performance and
f. Internal control

Risk assessment Procedures

Risk assessment procedures are audit procedures performed to obtain an understanding of the entity
and its environment, including the entity’s internal control, to identify and assess the risks of material
misstatements, whether due to fraud or error, at financial statement and assertion levels.

Risk assessment procedures and related activities

The Auditor shall:

 a. Identify risks throughout the process of obtaining an understanding of the entity and its
environment, including the entity’s internal control, to identify and assess the risks of material
misstatement whether due to fraud or error, at the financial statement and assertion levels.
b. Relate the identified risks to what can go wrong at the assertion level
c. Consider the likelihood that the risks are of a magnitude that could result in a material
misstatement of the financial statements.

The risk assessment procedures shall include the following:

a. Inquiries of management, and of others within the entity who in the auditor’s judgement may
have information that is likely to assist in identifying risks of material misstatement due to fraud
or error;
b. Analytical procedures; and
c. Observation and inspection.

Note: Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit
evidence on which to base the audit opinion.

Analytical Procedures during Planning Stage

Analytical procedures consist of evaluations of financial information made by a study of plausible

relationships among both financial and non-financial data. Analytical procedures also encompass the
investigation of identified fluctuations and relationships that are consistent with other relevant
information or that differ from expected values by a significant amount.

Analytical procedure is required to be performed during planning stage overall review stage of the audit.
Analytical procedures performed audit planning is designed to:

1. Enhance the auditor’s understanding of the entity’s business and transactions to help plan the
nature, timing, and extent of substantive auditing procedures that will be used to gather audit
evidence.
2. Identify areas that may represent specific risks (such as unusual transactions and events or
abnormal, insignificant fluctuations in amounts, ratios, trends) that the auditor may need to
investigate further

Audit risk and materiality

Materiality and audit risk affect the application of PSA, and are reflected in the auditor’s report. The
auditor must make judgements about materiality and audit risk in determining the nature timing and
extent of procedures to apply and in evaluating the results.

Materiality

Information is material if its omission or misstatement could influence the economic decisions of users
taken on the basis of the financial statements.
Materiality depends on the size of the item or error judged in the particular circumstances of its
omission or misstatement.

The concept of materiality recognizes that some matters, but not all, are important for fair presentation
of the financial statements in conformity with PFRS.

In planning the audit, the auditor makes judgments about the size of misstatements that will be
considered material. These judgements provide a basis for:

a. Determining the nature, timing and extent of risk assessment procedures;

b. Identifying and assessing the risks of material misstatements; and
c. Determining the nature, timing and extent of further audit procedures

Using professional judgement, the auditor shall determine the following materiality:

1. Financial statement level materiality – the smallest aggregate amount of misstatement

applicable to all financial statements.
2. Performance materiality – amount or amounts set by the auditor at less than materiality for the
financial statements as a whole, and if applicable, at less than materiality level or levels for
particular classes of transactions, account balances or disclosures

Audit risk

Audit risk is the risk that the auditor gives an inappropriate audit opinion when the financial statements
are materially misstated.

Components of Audit Risk

1. Risk of Material Misstatement (RMM)

a. Inherent Risk is the susceptibility of an account balance or class transactions,
misstatement that could be material, individually or when aggregated with
misstatements in other balances or classes assuming that there were no related
controls.
b. Control risk is the risk that a misstatement, that could occur in an account balance or
class of transactions that could be material individually or when aggregated with
misstatements in other balances or classes, will not be prevented or detected and
corrected on a timely basis by the accounting and internal control systems.
2. Risk of not Detecting the Misstatement
a. Detection risk is the risk that the auditor’s substantive procedures will not detect a
material misstatement that exists in an account balance or class of transactions that
could be material, individually or when aggregated with misstatements in other
balances or classes.
If the auditor which to reduce detection risk, procedures to b e performed shall be
a. As to nature – more effective procedures
b. As to timing – closer or nearer to year-end
 c. As to extent – larger sample size

Relationships of Risk and Materiality to substantive procedures

Risk of material misstatements (inherent and control risks) Direct

Risk of not detecting the misstatement (detection risk) Indirect
Materiality Inverse

Summary of Procedures Performed in Planning an Audit

• Obtain an understanding of the entity and its environment

• Establish materiality and set desired level of audit risk
• Assess inherent risk
• Identify detection risk to determine the nature, timing and extent of future audit procedures