AAA – Audit of Historical Financial

Information

Planning – Part 1

PLANNING AN AUDIT ENGAGEMENT:

The reasons for planning an audit engagement are numerous:

 To target our work to areas where the risk of misstatement is high.

 To design a suitable audit approach.
 To help us decide who carries out the work and when it is done.
 To set materiality levels.

In order to plan effectively, a thorough understanding of the client business is required. If an auditor knows all
the systems and controls that are in place then we can identify the key risks and design our work accordingly.

Key planning issues:

Here is a useful list of key planning issues that should be taken into account in any audit engagement (all of
the above issues need to be taken into account in order to ensure good audit planning).

 Understand the client business:

The nature of the client business has a direct impact on our audit plan:

 A client operating in a highly regulated environment is more likely to be subject to fines for regulatory
breaches.
 Cash based businesses require more robust internal control systems.
 Fashion based or high technology businesses are more likely to suffer from product obsolescence.

All of the above, and other factors as well, can affect the risk involved and, consequently, the type and
 amount of work we do as auditors. Auditors must spend time familiarising themselves with all aspects of a
client business before any detailed work is done.

 Assess an appropriate materiality level:

Auditors must be satisfied that the financial statements they are auditing are free from material
misstatement. So they must set a materiality level for each assignment. Materiality level is a level of
tolerance, if a misstatement is above materiality level then it is important, it affects the financial statements,
and must be corrected in order to receive a clean audit report. If a misstatement is immaterial then it is
insignificant and does not matter in the context of the financial statements as a whole.

Initially, a planning level of materiality is set by using the draft financial statements provided by the client.
This materiality level may well be changed during an audit as risk levels are assessed and further issues
identified. The auditing guidelines suggest percentages to use as a basis for planning materiality:

 0.5% to 1% revenue;
 1% to 2% total assets;
 5% to 10% profit.

Usually, all six percentages would be calculated and a simple average is taken of the six to arrive at an initial
planning level of materiality. It must be remembered that this is a guide only and if an auditor wishes to use
their professional judgement to set a different level using slightly different benchmarks then that is fine.

For example, if the client makes only a very small profit then the profit figure may be ignored in order to
obtain a more realistic level. If the profit figure was not ignored, then you can argue that the materiality level
may be set too low and we could end up over auditing.

Normally, a planning level of materiality will be set first, then a risk assessment will be carried out and then
the materiality level will be revisited and adjusted if it is felt necessary to do so.

 Carry out a risk assessment:

Audit risk is the risk that an auditor will arrive at an inappropriate opinion and will always exist, an auditor has
to try to keep this risk within acceptable levels by managing it accordingly. Audit risk is comprised of 3
component parts:

1. Inherent risk:
Inherent risk is the risk that misstatement will occur in the financial statements due to the environment.
This is outside the control of the auditor - all we can do is assess it as being either CLICK high, medium
or low.

For example, a client operating in a high technology industry may overstate their inventory because they
record it at cost but the inventory is obsolete so should be recorded at net realisable value, which is now
 lower.

Perhaps management is paid a profit related bonus so the inherent risk is that they are more likely to
manipulate the financial statements to make them look healthier than they really are.

2. Control risk:
Control risk is the risk that the client system of internal control will fail to identify material misstatements.
This is also outside the control of the external auditor. Just like Inherent risk, all we can do is assess it as
either high, medium or low.

3. Detection risk:
Detection risk is the risk that our work as auditors will fail to identify a material misstatement. We can
change the level of detection risk by doing more work, changing the type of work we do or by carrying
out our work at a different time.

Example:
For example, if a client is in a business that involves the lease of lots of equipment, this would be a high
inherent risk due to the potential for lease misclassification, operating versus finance. If the client had no
system in place for determining the correct lease type then control risk would be high as well. It would then
be up to the auditor to do a large amount of work in this area to ensure no material errors had been made.

NOTE: Inherent and control risk are often together referred to as financial statement risk and a lot of
questions require the identification and explanation of financial statement risk within a given scenario.

 Consider the extent of reliance upon analytical procedures:

Analytical procedures are comparisons between groups of data in order to identify either consistencies or
inconsistencies. Any unexpected relationships should then be areas of focus for further detailed audit work.
Analytical procedures are compulsory at the planning stage of an audit. Sometimes, perhaps with a
disaggregated business, they are even more useful and more emphasis will be placed upon them. They are
a very efficient way of identifying financial statement risk. Analytical procedures include the calculation of
various ratios but also just involves simply looking at data to see if it looks right.

 Remember practical planning issues:

We must also not forget practical planning considerations like staff allocation, the setting of fee levels and
the deadlines that are in place in order to ensure work is carried out to the right level of quality and that it is
completed on time.

 Arrive at an appropriate audit strategy:

Finally, when all other planning issues have been addressed, the audit firm will arrive at an appropriate audit
strategy, what work will be done, the type of work to be carried out and when will the work get completed.
The two basic strategies are either a test of control-based approach or a substantive approach.
  A test of control based approach involves testing the client’s system of internal control to ensure its
operationally effective.
 A substantive based approach assumes the controls do not work properly and tests the output from
the systems by verifying a sample of transactions and balances. Analytical procedures can form part of a
substantive approach.

EXAMPLE:

Let us consider the following question:

You are the audit manager responsible for the audit planning of Greedy Oil Company, which is an existing client,
not a new one. The company is an oil producer with interests in the North Sea, Africa and Asia. Most of the
company assets are the oil rigs. Each rig comprises a platform, buildings and drilling equipment. The useful
economic life of each rig varies between 15 and 30 years depending mainly upon the weather conditions in the
area and the oil resources nearby. A provision for the present value of decommissioning each rig is made in full
once oil production has commenced. One of the rigs in Asia was damaged by a cyclone and Greedy believes it
is beyond economic recovery so proposes to abandon the rig where it currently lies, in the middle of the sea.

The requirement is to identify and explain the financial statement risks relevant to Greedy.

Solution:
This is not a general planning question - it is just asking for financial statement risks. This means we are looking
for inherent or control risks.

There is a risk that the component parts of the rigs are not identified separately. According to IAS 16 component
parts of non-current assets that have different useful lives should be depreciated separately. If this has not been
done then the non-current assets will be misstated.

There is a risk of misclassification with the smaller items of equipment. Perhaps some revenue expenditure has
been capitalised in error or perhaps some capital expenditure has been missed. This could result in either over
or understatement of non-current assets.

Inappropriate useful economic lives may be applied to the rigs if the weather reports are inaccurate, leading to
more possible misstatement. Useful lives are estimates anyway and the range used here simply increases the
risk that they will not be applied appropriately.

The present value calculation for the decommissioning of the rigs may be misstated, perhaps the wrong discount
factor has been used.

The decommissioning provision should have been capitalised not expensed. If it has been expensed then non-
current assets are understated.
Greedy is proposing to leave a rig where it is as a result of cyclone damage. If it is allowed to do this, then there
cannot be an obligation, legal or constructive, to decommission. This means the provision does not meet the IAS
37 recognition criteria and should not be included in the financial statements. If it remains then liabilities are
overstated.

This damaged rig will possibly comprise assets that are impaired and if no impairment has been recognised then
these assets are overstated.

NOTE: This is only a couple of paragraphs about a company but there are still loads of financial statement risks
to explain, detail is most important. Detail comes from accounting treatment knowledge. If you know what the
accounting standards say then you can talk about what can happen if they are not followed, which is the
essence of financial statement risk. We must try to avoid general statements like assets can be misstated! It is
how and why that is important.