FINANCIAL

STATEMENT AUDIT
PLANNING
AUDIT PLANNING

• It involves establishing the overall audit strategy for the engagement

and developing an audit plan, to reduce audit risk to an acceptably low
level.
• Planning is not a discrete phase of an audit, but rather a continual and
iterative process that often begins shortly after (or in connection with)
the completion of the previous audit and continues until the completion
of the current audit engagement. Audit planning is a continuous
function that last throughout the audit.
FACTORS THAT AFFECT THE NATURE AND
EXTENT OF AUDIT PLANNING
• The size and complexity of the entity
• Changes in circumstances that occur during the audit engagement.
• The auditor’s previous experience with and understanding of the entity.
AUDIT PLANNING

• The time before fieldwork starts, when the auditor is gathering

information about the client and its environment and designing overall
audit strategy and audit plan.
ACTIVITIES UNDER AUDIT PLANNING STAGE

• Establish an overall audit strategy that sets the scope, timing, and direction for the audit, and that guides the
development of the more detailed audit plan.
• Develop an audit plan that addresses the various matters identified in the overall audit strategy [description
of the nature, timing and extent of planned risk assessment procedures; the nature, timing and extent of
planned further audit procedures (at the assertion level)-to be performed during testing stage; other planned
audit procedures]
• Modifying or updating the overall audit strategy and the audit plan as necessary during the audit.
• Planning the nature, timing and extent of direction, supervision of the engagement team members and the
review of their work.
• Other planning considerations (considering the work of an expert and considering the work of other
independent auditors).
• Developing the audit program
DOCUMENTATION UNDER PLANNING
ACTIVITIES
• The overall audit strategy
• The audit plan
• Audit program
• Record of any significant changes made to the overall audit strategy and the audit plan during the audit;
resulting changes to the planned nature, timing and extent of audit procedures; final overall audit
strategy; final audit plan; appropriate response to the significant changes occurring during the audit.
• Discussion among the engagement team
• Key elements of the understanding of the entity, its environment, including internal control
• The identified and assessed risks of material misstatements
• The risks identified, and related controls about which the auditor has obtained an understanding.
OVERALL AUDIT STRATEGY

• Identifying the characteristics of the engagement that define its scope.

• Ascertaining the reporting objectives of the engagement to plan the timing of the audit
and the nature of the communications required.
• Considering the factors that are significant in directing the engagement team’s efforts
• Considering the results of preliminary engagement activities and, where applicable,
whether knowledge gained on other engagements performed by the engagement
partner for the entity is relevant.
• Ascertaining the nature, timing, and extent of resources necessary to perform the
engagement.
BENEFITS OF DEVELOPING OF THE OVERALL
AUDIT STRATEGY
• It assists the auditor in determining:
• The resources to deploy for specific audit areas
• The number of resources to allocate to specific audit areas
• When these resources are to be deployed
• How such resources are managed, directed and supervised
CONSIDERING THE WORK OF INTERNAL
AUDITORS
• The external auditor should consider the work of internal auditing to
minimize audit costs.
DETERMINING THE APPROPRIATE
MATERIALITY LEVELS
• The auditor shall determine materiality and performance materiality
when planning the audit
• Materiality is the amount (threshold or cut-off point) at which judgment
of informed decision makers based on the financial statement may be
altered, changed or influenced. An item or information is material if its
omission or misstatement could influence the economic decisions of
users taken based on the financial statements. In determining
appropriate level of materiality, the auditor uses professional judgment
using his perception of the needs of reasonable users of the financial
statements.
DETERMINING THE APPROPRIATE
MATERIALITY LEVELS
• Considering materiality throughout the audit:
• Planning stage
To identify and assess risk of material misstatement.
To determine the nature, timing, and extent of further audit procedures.
• Testing stage (materiality levels set during audit planning are simply
updated/revised if necessary)
• Completion stage (to evaluate the effect of uncorrected misstatements, if any,
on the financial statements and in forming the opinion in the auditor’s report.
DETERMINING THE APPROPRIATE
MATERIALITY LEVELS
• Inverse relationship between materiality and audit
procedures/evidence:
• More evidence will be required for a low peso amount of materiality
than for a high peso amount.
• The lower the tolerable misstatement, the more extensive the required
audit procedures.
DETERMINING THE APPROPRIATE
MATERIALITY LEVELS
• Materiality at financial statement as a whole or materiality threshold or
planning materiality or overall materiality.
• Materiality at assertion level or tolerable misstatement
• Performance materiality
DETERMINING THE APPROPRIATE
MATERIALITY LEVELS
• Materiality at financial statement as a whole or materiality threshold or planning
materiality or overall materiality.
• Overall materiality is usually expressed as a percentage (%) of a chosen benchmark
(such as profit before tax, total revenues, gross profit, total expenses, total equity,
or net asset value).Profit from continuing operations is often used for profit-oriented
entities except when the profit from continuing operations is volatile.
• Relevant financial data as source of benchmarks: prior periods’ financial statements;
annualized interim financial statements; period-to-date financial statements and
budgeted financial statements of the current year.
DETERMINING THE APPROPRIATE
MATERIALITY LEVELS
• Materiality at assertion level or tolerable misstatement: materiality
level for individual or particular class of transactions, account balance,
or disclosure where appropriate.
DETERMINING THE APPROPRIATE
MATERIALITY LEVELS
• Performance materiality: amount or amounts set by the auditor at less than materiality for the
financial statements as a whole or amount or amounts set by the auditor at less than
materiality level or levels for particular classes of transactions, account balances or
disclosures.
• Purpose of performance materiality: it provides margin to reduce the possibility of undetected
misstatements because; it reduces to an appropriate low level the probability that the
aggregate of uncorrected and undetected misstatements in the financial statements exceeds
the materiality level for the financial statements as a whole also it reduces to an appropriately
low level the possibility that the aggregate of uncorrected and undetected misstatements in
the particular class of transactions, account balance or disclosures exceeds the materiality
level for that particular class of transactions, account balance or disclosure.
RISK ASSESSMENT PROCEDURES

• Risk assessment procedures: are audit procedures whose purposes include:

1. to obtain understanding of the entity and its environment, including the entity’s internal
control
2. to identify risks of material misstatements, whether due to fraud or error, at the financial
statement and assertion levels.
3. To assess risk of material misstatement
4. To provide a basis for the identification and assessment of risks of material misstatements.
5. To provide a basis for designing and implementing responses to the assessed risks of
material misstatement.
RISK ASSESSMENT PROCEDURES

• Risk assessment procedures include:

• Inquiry of management and other firm personnel
• Analytical procedures
• Observation and inquiry
RISK ASSESSMENT PROCEDURES:
ANALYTICAL PROCEDURES
• Analytical procedures: evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data. The relationship among data should
be both:
Plausible: there is a clear cause and effect relationship among data.
Predictable: reasonably expected to exist and continue in the absence of known conditions
to the contrary. Income statements accounts are more predictable than balance sheet
accounts. Accounts not subject to management discretion are generally predictable and
relationships in a stable environment are more predictable than those in a dynamic or unstable
environment.
• Analytical procedures performed during audit planning is known as preliminary analytical
procedures.
RISK ASSESSMENT PROCEDURES:
ANALYTICAL PROCEDURES
• Specific purpose/focus/objective of analytical procedures in the three stages of audit:
• In the planning stage: performed as risk assessment procedures (required or
mandatory) to obtain an understanding of the entity and its environment.
• In testing stage: as substantive procedures when their application is based on the
auditor’s judgment, more effective and efficient than test of details (not required)
• In the overall review or completion stage: to identify a previously unrecognized risk of
material misstatement (unusual fluctuations that were not identified in the planning
and testing phases of the audit and to confirm conclusions reached with respect to
the fairness of the financial statements.
RISK ASSESSMENT PROCEDURES:
OBSERVATION AND INSPECTION
• These includes:
• Observation of entity activities and operations
• Inspection of documents (such as business plans and strategies,
records and internal control manuals)
• Inspection of reports prepared by management (such as quarterly
management reports) and those charged with governance (such as
minutes of board of directors’ meetings)
• Visit or tour of entity’s premise/facilities.
 RISK ASSESSMENT PROCEDURES
To obtain understanding of the entity and its environment, including the entity’s internal control
• Relevant industry factors: the industry in which the entity operates may give rise to specific risks of material
misstatements arising from the nature of the business or the degree of regulation. Industry conditions such as the
competitive environment, supplier and customer relationships and technological developments.
• Entity-internal factors: an understanding of the nature of an entity enables the auditor to understand the classes of
transactions, account balances, and disclosures to be expected in the financial statements.
• Entity’s selection and application of accounting policies
• Objectives of the entity
• Strategies of the entity
• Business risks
• Internal control: internal control is designed, implemented, and maintained to address identified business risks that
threaten the achievement of any of the entity’s objectives that concern: the reliability of the entity’s financial
reporting, the effectiveness and efficiency of its operations and its compliance with applicable laws and regulations.
RISK ASSESSMENT PROCEDURES

To identify risks of material misstatements (inherent risk and control risk),

whether due to fraud or error, at the financial statement and assertion levels.
• Risk of material misstatement (RMM): the risk that the financial statements
contain a material misstatement.
• The auditor shall provide reasonable assurance of detecting material
misstatements, whether arising from errors or fraud.
• Components of RMM: inherent risk and control risk
RISK ASSESSMENT PROCEDURES:
COMPONENTS OF RMM
• Inherent risk: the susceptibility of an assertion to a misstatement that could be material,
either individually or when aggregated with other misstatements, assuming there are no
related controls to mitigate such risks. The concept of inherent risk recognizes that the risk
of misstatement is greater for some assertions than for others. Examples of inherent risk:
• Cash is more susceptible to theft than an inventory.
• Complex calculations are more likely to be misstated than simple calculations.
• Estimated transactions, especially if they involve accounting estimates that are subject to
significant measurement uncertainty.
• High value inventory (could be easily stolen, thus, there would be an inherent risk relating
to the existence assertion.
RISK ASSESSMENT PROCEDURES:
COMPONENTS OF RMM
• Control risk: the risk that a material misstatement, either individually or
when aggregated with other misstatements, that could occur will not
be prevented or detected and corrected on a timely basis by the
entity’s internal control. Some control risk will always exist because of
the inherent limitations of any internal control system.
RISK ASSESSMENT PROCEDURES:
COMPONENTS OF RMM
• Risk of material misstatement cannot be eliminated or controlled by
the auditor because these are entity’s risks that exist independently of
the audit of financial statements.
RISK ASSESSMENT PROCEDURES: CAUSES OF
MISSTATEMENTS OF THE FINANCIAL
STATEMENTS
• Errors: refer to mistakes or unintentional misstatements or omissions of amounts or
disclosures in the financial statements. Examples: mistake in gathering or processing data
from which FS are prepared, incorrect accounting estimate arising from oversight or
misinterpretation of facts and mistake in applying accounting principles.
• Fraud: either fraudulent financial reporting (management fraud) or misappropriation of
assets (employee fraud or defalcation). Fraud is the intentional misstatements or omissions
of amounts or disclosures in the financial statements. It refers to an intentional act by one or
more individuals among management, those charged with governance, employees or third
parties, involving the use of deception to obtain an unjust or illegal advantage.
• The main distinction of fraud and error is their intent.
RISK ASSESSMENT PROCEDURES: CAUSES OF
MISSTATEMENTS OF THE FINANCIAL
STATEMENTS
• The risk of not detecting a material misstatement resulting from
management fraud is greater than for employee fraud because
management has the most opportunity to commit fraud, while
employees need to exploit weakness in internal control to commit
fraud. Management can override or bypass an existing effective
internal control and management can influence the preparation and
presentation of financial statements.
RISK ASSESSMENT PROCEDURES: CAUSES OF
MISSTATEMENTS OF THE FINANCIAL
STATEMENTS
Fraudulent financial reporting (or management fraud): intentional
misstatements committed by members of management or those charged
with governance or oversight to render financial statements misleading
to deceive users of the financial statements.
The most serious types of fraud usually involve management. This
results from the fact that management is primarily responsible for the
design and implementation of internal control.
RISK ASSESSMENT PROCEDURES: CAUSES OF
MISSTATEMENTS OF THE FINANCIAL
STATEMENTS
• Misappropriation of assets (employee fraud or defalcation): theft of
assets and is often perpetrated by non-management employees.
Examples are misappropriating collections on accounts receivable,
stealing inventory, colluding with a competitor by disclosing
technological data in return for payment, payments to fictitious
employees or vendors and using the entity’s assets as collateral for a
personal loan.
RISK ASSESSMENT PROCEDURES: CAUSES OF
MISSTATEMENTS OF THE FINANCIAL
STATEMENTS
• Fraud risk factors: conditions that could heighten an auditor’s concern about risk of material misstatements
because they provide clues or red flags to the existence of fraud.
• Incentives/pressures: a pressure is often generated by immediate needs that are difficult to share with others.
• Enjoying the challenge of beating the system
• Being dissatisfied with a job or wanting revenge against an employer
• Being emotionally unstable
• Opportunity (whether perceived or real): opportunity pertains to an individual’s perception that he can commit
fraud and that it will not be detected. A poor corporate culture and a lack of adequate internal control
procedures can often create the confidence that a fraud could go undetected.
• Attitudes/rationalizations: fraud involves some rationalization to commit fraud or the belief that a crime has not
been committed.
RISK ASSESSMENT PROCEDURES: CAUSES OF
MISSTATEMENTS OF THE FINANCIAL
STATEMENTS
• Conditions and events that may indicate risks of material misstatement:
• Operations in regions that are economically unstable
• Operations exposed to volatile markets
• Operations that are subject to high degree of complex regulation
• Going concern and liquidity issues including loss of significant customers
• Constraints on the availability of capital and credit
• Changes in the industry in which the entity operates
• Changes in the supply chain
RISK ASSESSMENT PROCEDURES:
CONSIDERING COMPLIANCE WITH LAWS AND
REGULATIONS
• Noncompliance refers to acts of omission or commission by the entity
being audited, either intentional or unintentional, which are contrary to
the prevailing laws or regulations.
• The auditor should consider compliance with laws and regulations since
noncompliance by the entity with laws and regulations may materially
affect the financial statements. However, an audit cannot be expected
to detect noncompliance with all laws and regulations. Auditor’s
responsibility in detecting non-compliance is limited to material direct-
effect noncompliance or illegal act.
AUDIT RISK

• Reducing audit risk to an acceptably low level the auditor shall:

• Assess the risks of material misstatement (inherent and control risk)
and
• Limit detection risk. This may be achieved by performing procedures
that respond to the assessed risks of material misstatement at the
financial statements, class of transactions, account balance and
assertion levels.
• Audit risk= inherent risk x control risk x detection risk
• Acceptable level of detection risk: audit risk/(inherent risk x control
risk)
AUDIT RISK

• Steps in assessing audit risk:

• Step 1: set the desired level of audit risk
• Step 2: assess the level of inherent risk (such as low, medium, or high)-for example, low
level if likelihood of misstatement is low.
• Step 3: assess the level of control risk (such as low, medium or high)-for example, low
control risk if internal control is effective, or high control risk if internal control is not
effective.
• Step 4: determine the acceptable level of detection risk: the acceptable level of detection
risk depends on the assessed level of inherent and control risk (inverse relationship).
• Step 5: design audit substantive tests.
AUDIT RISK

• The auditor usually makes combined assessment of inherent and

control risks. If the combined assessment of inherent risk and control
risk is high, the auditor should:
• Place more emphasis on obtaining external evidence
• Reduce reliance on internal evidence
• Design more effective substantive procedures
AUDIT RISK: DETECTION RISK

• Detection risk: the risk that the auditor will not detect such a material misstatement that
exists/occurs in an assertion. It is a function of the effectiveness of an auditing procedure
and its application by the auditor.
• Detection risk is significantly affected by the nature, timing and extent of the auditor’s
substantive procedures.
• Detection risk is a complement of an assurance provided by substantive tests (for example,
a 10% detection risk means a 90% assurance of detecting material misstatement)
• Detection risk can be increased or decreased by the auditor by performing substantive tests
but can never be reduced to zero because of the inherent limitations in the procedures
carried out, the human judgments required and the nature of the evidence examined.
AUDIT RISK: DETECTION RISK

• Lower acceptable level of detection risk: higher assurance is to be

provided by substantive tests by changing any or combination of the
following:
nature: performing more effective substantive procedures.
timing: performing substantive procedures at year-end rather than
interim dates (decreases detection risk by reducing the risk for the
period after the performance of those tests.)
extent: increasing the extent of substantive tests by using larger
sample size.
AUDIT RISK: DETECTION RISK

• Higher acceptable level of detection risk: low assurance is to be

provided by substantive tests by changing any or combination of the
following:
nature: performing less effective substantive procedures.
timing: performing substantive procedures at interim dates
extent: decreasing the extent of substantive tests by using smaller
sample size.