AUDITING THEORY

Red Sirug
AUDIT PLANNING

Audit Planning:
Audit planning involves establishing the overall audit strategy for the engagement and
developing an audit plan, in order to reduce audit risk to an acceptably low level
Objective of the auditor in planning the audit: So that the audit will be performed in
an effective manner
Who are involved in planning the audit: Engagement partner and other key members
of the engagement team (because of their experience and insight to enhance the
effectiveness and efficiency of the planning process)
Benefits/Importance of adequate audit planning:
Appropriate attention is devoted to important areas of the audit
Potential problems are identified and resolved on a timely basis
The audit is performed in an effective and efficient manner

The audit engagement is properly organized, staffed and managed

The audit is completed expeditiously
Assists in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks
Assists in the proper assignment of work or proper utilization of assistants
Facilitates the direction and supervision and the review of work
Assists in coordination of work done by auditors of components and experts
Proper utilization of experience gained from previous years engagements and other
assignments

Nature of Planning:
Planning is not a discrete phase of an audit, but rather a continual and iterative process that
often begins shortly after (or in connection with) the completion of the previous audit and
continues until the completion of the current audit engagement. In other words, planning is a
continuous function that last throughout the audit.
Factors that affect the nature and extent of audit planning:
The nature and extent of planning activities will vary according to the following factors:
a. The size and complexity of the entity big companies and companies with more
complex operations require more audit planning time
b. Changes in circumstances that occur during the audit engagement for example,
expansion of operation because of diversification
c. The auditors previous experience with and understanding of the entity more
work is required to obtain information regarding a new client than for an existing client
Initial audit requires more audit time because the auditor has no previous knowledge or
is unfamiliar with the clients business, industry and internal control which need to be
carefully studied.
Recurring audit requires lesser audit time because of auditors previous knowledge of
the entity and its industry
Whether the audit is initial or recurring, the purpose and objective of audit planning
are the same. It is the nature and extent of audit planning that varies. For
example, in case of initial audit the auditor may need to expand the planning
activities because he does not ordinarily have the previous experience with the
entity that is considered when planning recurring audit engagements. Additional
considerations in initial audit engagements are necessary such as the need for the
auditor to review the predecessors working papers and to perform audit
procedures regarding opening balances.
d. The composition and size of the audit team
Planning stage of audit the time before fieldwork starts, when the auditor is gathering
information about the client and its environment and designing overall audit strategy and audit
plan
Effect of timing of appointment of auditor on audit planning:
The earlier the auditor is appointed, the more efficient the audit plan and performance can
be. Thus, early appointment of the auditor allows the auditor to plan a more efficient
audit.
AT Audit Planning

Red Sirug

Page 1

It is acceptable for an auditor to accept an audit engagement near or after year-end.

However, the auditor should consider whether late appointment will pose limitations on
the audit that may lead to a qualified opinion or a disclaimer of opinion, and should discuss
such concerns with the client.

PLANNING ACTIVITIES FOR THE AUDIT ENGAGEMENT:

In order to reduce audit risk to an acceptably low level (Note 3), the auditor shall:
1. Establish an overall audit strategy that sets the scope, timing and direction for the
audit, and that guides the development of the more detailed audit plan (Note 1)
2. Develop an audit plan that addresses the various matters identified in the overall audit
strategy
Audit plan includes a description of:
a. The nature, timing and extent of planned risk assessment procedures (Note 2)
b. The nature, timing and extent of planned further audit procedures (at the assertion
level) to be performed during testing stage
Further audit procedures include:
(1) Tests of controls tests of the operating effectiveness of internal control
(2) Substantive tests/procedures include tests of details and analytical procedures
c. Other planned audit procedures (that are required to be carried out to comply with
PSAs)
AUDIT PLANNING ALSO INVOLVES:
1. Modifying (updating) the overall audit strategy and the audit plan as necessary
during the course of the audit
Revision is necessary because of:
Unexpected events
Changes in conditions
Audit evidence obtained from the results of audit procedures
The establishment of the overall audit strategy and the detailed audit plan are not
necessarily discrete and or sequential processes, but are closely inter-related since
changes in one may result in consequential changes to the other.
2. Planning the nature, timing and extent of direction, supervision of the
engagement team members and the review of their work
The nature, timing and extent of direction, supervision of audit engagement team
members and review of their work depend on the following factors:
a. Size and complexity of the entity Audits of small entities requires lesser (or
even no) direction, supervision, and review of the work of assistants
b. Area of audit Difficult aspects of audit demand increased direction,
supervision, and a more detailed review of work of assistants.
c. Risks of material misstatement As the assessed risk of material misstatement
increases, a given area of the audit, the auditor ordinarily increases the extent
and timeliness of direction, supervision and review
d. Capabilities and competence of personnel performing the audit work.
3. Other planning considerations:
The auditor should consider the work of experts and other independent
auditors
a. Considering the work of an expert An expert is a person or firm possessing
special skill, knowledge and experience in a particular field or discipline other than
accounting and auditing.
Examples of work of experts include:

Valuation of certain assets (such as precious stones, works

of arts, real estate, plant and machinery)

Valuation of financial instruments

Actuarial valuation

Determination of quantities or physical condition of assets

such as minerals stored in stockpiles, underground mineral and petroleum
reserves, and the remaining useful life of plant and machinery

Measurement of % of completion on contracts in progress

Legal opinions concerning interpretations of statute and

regulations and contracts such as legal documents or legal title to
property
When determining the need for an expert, the auditor would consider:
AT Audit Planning

Red Sirug

Page 2

a.
The materiality of the financial statement item being considered
b.
The risk of misstatement
c.
The quality and quantity of other audit evidence available
b. Considering the work of other independent auditors applicable when a
component of the entity is to be audited by other independent auditor
Discussing planned audit procedures with client management:
Discussion is allowed to facilitate the conduct and management of the audit
engagement (for example, to coordinate some of the planned audit procedures with
the work of the clients personnel)
Discussion should not compromise the effectiveness of the audit (audit procedures
should not be too predictable)
Audit engagement team discussions :
The members of the engagement team should discuss the susceptibility of the
entitys financial statements to material misstatements.
Communication between audit team members is necessary at all stages of the
engagement to ensure all matters are appropriately considered.
The objective of audit team discussions is to:
Share insights based on their knowledge of the entity;
Exchange information about business risks;
Gain a better understanding of the potential for material misstatements
(especially for the audit areas assigned to them);
Consider the susceptibility of the entitys financial statements to material
misstatement due to fraud;
Consider application of the applicable financial reporting framework to the
entitys facts and circumstances; and
Understand how the results of the audit procedures performed may affect
other aspects of the audit including the decisions about the nature, timing,
and extent of further audit procedures.
Members of the engagement team have an ongoing responsibility to discuss:
Their understanding of the entity to be audited;
The business risks to which the entity is subject;
Application of the applicable financial reporting framework; and
The susceptibility of the financial statements to material misstatements,
including fraud.
4. Developing the audit program:
The auditor should prepare an audit program.
An audit program is a listing of audit procedures (tests of controls and/or
substantive tests) that the auditor will perform to gather sufficient
appropriate evidence.
It sets out in detail the nature, timing and extent of planned audit
procedures required to implement the overall audit plan.
It is a set of instructions to assistants involved in the audit and as a means
to control and record the proper execution of work
It provides a proof that the audit was adequately planned
It is a basic tool used by the auditor to control the audit work and review
the progress of the audit.
The form and content of audit program may vary for each particular
engagement.
The auditor may use standard audit programs or audit completion
checklists but should appropriately tailor to suit the circumstances on
particular engagement.
An audit program at the beginning of the audit process is temporary
because a complete audit program for an engagement generally should
be developed after evaluation of internal control.
Time budget an estimate of time that will be spent in executing audit
procedures listed in the audit program that provides a basis for estimating audit
fees and assists the auditor in assessing the efficiency of the assistants
5. The auditor should document the planning activities:
Documentation of the following serves as a record/evidence of the proper planning and
performance of the audit procedures:
a. The overall audit strategy documentation or record of the key decisions
b. The audit plan (including the audit program) documentation of the planned
nature, timing and extent of audit procedures
c. Record of:
AT Audit Planning

Red Sirug

Page 3

Any significant changes made to the overall audit strategy and the audit plan
during the audit
Resulting changes to the planned nature, timing and extent of audit procedures
Final overall audit strategy and audit plan
Appropriate response to the significant changes occurring during the audit

The following shall also be documented:

a. Discussion among the engagement team
b. Key elements of the understanding of the entity, its environment, including internal
control
c. The identified and assessed risks of material misstatements
d. The risks identified, and related controls about which the auditor has obtained an
understanding
Note 1:
Establishing the overall audit strategy involves:
a. Identifying the characteristics of the engagement that define its scope
Examples:
Financial reporting framework (Ex. PFRS)
Industry specific reporting requirements (Reports required by industry regulators)
Expected coverage of the audit (Ex. Locations and number of components of the
entity to be included in the audit)
Nature of the control relationships between a parent and its components (this affects
how the group is to consolidated)
Extent to which components are audited by other auditors
Nature of business segments to be audited (this may require the need for specialized
knowledge)
Reporting currency to be used (may involve foreign currency translation)
The need for a statutory audit of standalone financial statements in addition to an
audit for consolidation purposes
Availability of the work of internal auditors and the extent of the auditors reliance on
such work (Note 1.1)
The entitys use of service organizations
Expected use of audit evidence obtained in previous audits (in case of recurring
audit), for example, audit evidence related to risk assessment procedures and tests
of controls
The effect of information technology (IT) on the audit procedures
Coordination of audit work with reviews of interim financial information
Availability of client personnel and data
b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit
and the nature of the communications required
Examples:
Deadlines or timetable for interim and final reporting
Organization of meeting with the management to discuss the nature, timing and
extent of the audit work
Discussion with management regarding the expected type and timing of reports to be
issued and other communications, both oral and written, including the auditors
report, management letter and communications to those charged with governance
Discussion with management regarding the expected communication and status of
audit work throughout the engagement
Communication with auditors of components
Expected nature and timing of communications among engagement team members
Any other expected communications with third parties
c. Considering the factors that are significant in directing the engagement teams efforts
Examples:
Determining the appropriate materiality levels (Note 1.2)
Preliminary identification of areas where there may be higher risks of material
misstatement (Note 1.3)
The impact of assessed risk of material misstatement at the overall financial
statement level on direction, supervision and review
The manner in which professional skepticism is emphasized to engagement team
members
AT Audit Planning

Red Sirug

Page 4

Management commitment to a sound internal control

Volume of transactions, which may determine whether it is more efficient for the
auditor to rely on internal control
Importance attached to internal control throughout the entity to the successful
operation of the business
Significant business developments affecting the entity (such as changes in
information technology, changes in key management, acquisitions, mergers and
divestments)
Significant industry developments (such as changes in industry regulations and new
reporting requirements)
Significant changes in financial reporting framework (such as changes in accounting
standards)
Other significant relevant developments (such as changes in the legal environment
affecting the entity)
d. Considering the results of preliminary engagement activities and, where applicable,
whether knowledge gained on other engagements performed by the engagement partner
for the entity is relevant, and
Examples:
Results of previous audit regarding evaluation of internal control, identified
weaknesses and action taken to address them
The discussion of matters that may affect the audit with firm personnel responsible
for performing other services to the entity
e. Ascertaining the nature, timing and extent of resources necessary to perform the
engagement.
Examples:
Selection of the engagement team
Assignment of audit work to team members (experienced team members are
assigned to areas where there may be higher risks of material misstatement
Engagement budgeting (more audit time is set aside for areas where there may be
higher risks of material misstatement)
Benefits of developing the overall audit strategy:
Establishing the overall audit strategy assists the auditor in determining the following:
a. The resources to deploy for specific audit areas
For example:
Use of experienced team members for high risk areas
Involvement of experts on complex matters
b. The amount of resources to allocate to specific audit areas
For example:
Number of team members assigned to observe the inventory count at material
locations
Extent of review of other auditors work in the case of group audits
Audit budget in hours to allocate to high risk areas
c. When these resources are to be deployed
Is it at an interim audit stage or at key cut-off dates?
d. How such resources are managed, directed and supervised
When to hold team briefing and debriefing meetings
How engagement partner and manager reviews are expected to take place (for
example, on-site or off-site)
Whether to complete engagement quality control reviews
Note 1.1 Considering the work of internal auditing/ auditors
The external auditor should consider the work of internal auditing in order to minimize
audit costs.
The auditor should obtain a sufficient understanding of the internal audit function because
the work performed by internal auditors may be a factor in determining the nature, timing,
and extent of external auditors procedures.
Internal auditing can affect the scope of the external auditors audit of financial statements
by decreasing the auditors need to perform detailed tests.
The tasks that could be delegated to the internal audit staff include preparation of
schedules. The auditor has sole responsibility for the audit opinion expressed, and that
responsibility is not reduced by any use made of internal auditing.
Considering the work of internal auditing involves two important phases:
1. Making a preliminary assessment of internal auditing important criteria in
AT Audit Planning

Red Sirug

Page 5

assessment of internal auditors:

a.
Technical competence personal qualifications and experience as internal
auditors
b.
Objectivity / organizational status organizational level to which the internal
auditor report the results of his work
c.
Due professional care proper planning, supervision and documentation of
internal auditors work
d.
Scope of function nature and extent of internal auditing assignments
performed
2. Evaluating and testing the work of internal auditing
Note 1.2 Determining the appropriate materiality levels
The auditor shall determine materiality and performance materiality when planning the
audit.
Concept of materiality:
Materiality is the amount (threshold or cut-off point) at which judgment of
informed decision makers based on the financial statement may be altered
(changed or influenced).
An item or information is material if its omission or misstatement could influence
the economic decisions of users taken on the basis of the financial statements.
In determining appropriate level of materiality, the auditor uses professional
judgment using his perception of the needs of reasonable users of the financial
statements.
Uses of materiality in planning the audit:
a. To determine the nature, timing and extent of risk assessment procedures
b. To identify and assess risk of material misstatement, and
c. To determine the nature, timing and extent of further audit procedures
Considering materiality throughout the audit:
1. Planning stage
a. To identify and assess risks of material misstatements
b. To determine the nature, timing and extent of further audit procedures
2. Testing stage (materiality levels set during audit planning are simply updated/revised
if necessary)
3. Completion stage
c. To evaluate the effect of uncorrected misstatements, if any, on the financial
statements and in forming the opinion in the auditors report
Documentation on materiality: Documentation should include the amounts and the
factors considered in their determination:
a. Materiality level for the financial statements as a whole
b. Materiality level or levels for a particular classes of transactions, account balances
or disclosures, if applicable
c. Performance materiality
d. Any revision of materiality levels (a to c) as the audit progresses
Qualitative and quantitative considerations:
Materiality should address qualitative and quantitative considerations. In some cases,
misstatements of relatively small amounts could have a material effect on the financial
statements. For example, an illegal payment of an otherwise immaterial amount or failure
to comply with a regulatory requirement may be material if there is a reasonable
possibility of such payment or failure leading to a material contingent liability, a material
loss of assets, or a material loss of revenue.
Inverse relationship between materiality and audit procedures/evidence:
More evidence will be required for a low peso amount of materiality than for a high
peso amount.
The lower the tolerable misstatement, the more extensive the required audit
procedures.
Materiality levels:
a.
Materiality at financial statement as a whole it is the smallest aggregate level
that could misstate/distort any of the financial statements

Also known as materiality threshold or planning materiality or overall

materiality

AT Audit Planning

Red Sirug

Page 6

b.

c.

Overall materiality is usually expressed as a % of a chosen benchmark (such as

profit before tax, total revenues, gross profit, total expenses, total equity or net
asset value).
Profit from continuing operations is often used as benchmark for profit-oriented
entities except when the profit from continuing operations is volatile.
Relevant financial data as source of benchmarks:
Prior periods financial statements
Annualized interim financial statements
Period-to-date financial statements
Budgeted financial statements of the current year

Materiality at assertion level materiality level for individual or particular class of

transactions, account balance, or disclosure where appropriate; this is also known as
tolerable misstatement
Tolerable misstatement refers to allocated materiality to affected accounts
(usually statement of financial position accounts because they are fewer)
Account balance an individual line item in the financial statements, such as
cash and cash equivalents, loans and receivable, etc.
Class of transactions type of transaction processed by the clients accounting
system, such as sales transactions and purchasing transactions
Allocation may be done judgmentally or using formal quantitative approaches.
Materiality at this level are lesser than the overall materiality level but could
reasonably be expected to influence the economic decisions of financial statement
users.

Performance materiality amount or amounts set by the auditor:

At less than materiality for the financial statements as a whole
At less than materiality level or levels for particular classes of transactions, account
balances or disclosures
Purpose of performance materiality:
It provides margin to reduce the
possibility of undetected misstatements because:
a. It reduces to an appropriately low level the probability that the aggregate of
uncorrected and undetected misstatements in the financial statements
exceeds the materiality level for the financial statements as a whole
b. It reduces to an appropriately low level the probability that the aggregate of
uncorrected and undetected misstatements in the particular class of
transactions, account balance or disclosure exceeds the materiality level for
that particular class of transactions, account balance or disclosure

Note 1.3 Preliminary identification of areas where there may be higher risks of
material misstatement
a. Risks of material misstatements may be greater for significant non-routine transactions
which involve:
Greater management intervention to specify the accounting treatment
Greater manual intervention for data collection and processing
Complex calculations or accounting principles
b. Risk of material misstatements may be greater for significant judgmental matters such as:
Accounting estimates
Revenue recognition may be subject to differing interpretation
Required judgment may be subjective or complex or require assumptions about the
effects of future events (for example, judgment about fair value)
c. Significant risk of relating to risk of material misstatement due to fraud
d. There are areas where special audit consideration may be necessary, for example:
Existence of related parties and related party transactions
Related party transaction a transfer of resources, services or obligations
between related parties, regardless of whether a price is charged

The auditor shall inquire of management regarding:

a. The identity of the entitys related parties (relationships and transactions),
including changes from the prior period;
b. The nature of the relationships between the entity and these related
parties; and
c. Whether the entity entered into any transactions with these related parties
during the period and, if so, the type and purpose of the transactions.
Managements use of going concern assumption (financial statements are prepared
based on going concern assumption but there is a significant doubt as to the continued

AT Audit Planning

Red Sirug

Page 7

existence of the entity) the auditor shall

managements use of going concern assumption

assess

the

appropriateness

of

Note 2:
Risk assessment procedures are audit procedures whose purposes include:
a. To obtain understanding of the entity and its environment, including the entitys internal
control (Note 2.1)
b. To identify risks of material misstatements, whether due to fraud or error, at the financial
statement and assertion levels (Note 2.2)
c. To assess risks of material misstatement (Note 2.3)
d. To provide a basis for the identification and assessment of risks of material misstatements
e. To provide a basis for designing and implementing responses to the assessed risks of
material misstatement
Risk assessment procedures include (Note 2.4):
1. Inquiry of management and other firm personnel
2. Analytical procedures
3. Observation and inquiry
Note 2.1 Required understanding of the entity and its environment, including
internal control:
1. Understanding of the environment external factors:
a. Relevant industrys factors the industry in which the entity operates may give rise
to specific risks of material misstatements arising from the nature of the business or
the degree of regulation
Examples of industry factors:
Industry conditions such as the competitive environment, supplier and customer
relationships and technological developments
Specific examples of industry factors:
Market and competition (including demand, capacity, and price competition)
Cyclical or seasonal activity
Product technology relating to the entitys products
Energy supply and cost
b. Regulatory factors include the regulatory environment
Accounting principles and industry specific practices
Regulatory framework for a regulated industry
Laws/legislations or regulations that significantly affect the entitys operations,
including direct supervisory activities
Taxation
Legal and political environment
Government policies currently affecting the conduct of the entitys business
Environmental requirements affecting the industry and the entity
c. Applicable financial reporting framework
d. Other external factors affecting the entity such as general economic conditions,
interest rates and availability of financing, and inflation or currency revaluation
2. Entity internal factors:
a. Nature of the entity: An understanding of the nature of an entity enables the
auditor to understand the classes of transactions, account balances, and disclosures to
be expected in the financial statements. Factors to consider include:

Entitys operations

Ownership and governance structures

Types of investments that the entity is making and plans to make

Entity structure (locations, subsidiaries, etc.) complex structures may give rise to
risks of material misstatement

How the entity is financed

How related party transactions are identified and accounted for

b. Entitys selection and application of accounting policies consider whether
accounting policies are:
Appropriate for the entitys business
Consistent with the applicable financial reporting framework, and
Used in the relevant industry
c. Entitys objectives and strategies, and those related business risks that may
result in risks of material misstatement of the financial statements
1. Objectives relate to entitys mission, vision or values statement

AT Audit Planning

Red Sirug

Page 8

2. Strategies pertain to operational approaches by which management intends to

achieve its objectives
3. Business risks risks of inability to achieve the objectives
The term business risk is broader than the risks of material misstatement in
the financial statements. Not all business risks give rise to risk of material
misstatement.
An understanding of business risks increases the likelihood of identifying the
risks of material misstatement.
However, the auditor does not have a
responsibility to identify or assess all business risks.
d. Measurement and review of the entitys financial performance
Performance measures, whether external or internal, create pressures on the entity
that may motivate management to take action to improve the business performance or
to manipulate/misstate the financial statements.
e. Internal control The auditor shall obtain an understanding of internal control
relevant to the audit.
Internal control is designed, implemented and maintained to address identified
business risks that threaten the achievement of any of the entitys objectives that
concern:
1. The reliability of the entitys financial reporting;
2. The effectiveness and efficiency of its operations; and
3. Its compliance with applicable laws and regulations.
An understanding of internal control assists the auditor in identifying types of
potential misstatements and factors that affect the risks of material misstatement, and
in designing the nature, timing, and extent of further audit procedures.
Note 2.2 Identify the risks of material misstatement:
Identify risks of material misstatement (inherent risk and control risk) based on
understanding the entity and its environment, including the entitys relevant internal control.
The auditor shall provide reasonable assurance of detecting material misstatements,
whether arising from errors or fraud.
Risk of material misstatement (RMM) the risk that the financial statements
contain a material misstatement.
Components of RMM:
The risks of material misstatement are a combination of inherent risk and control
risk:
1. Inherent risk the susceptibility of an assertion to a misstatement that could
be material, either individually or when aggregated with other misstatements,
assuming there are no related controls to mitigate such risks
Inherent risk may also be described as follows:
The concept of inherent risk recognizes that the risk of misstatement is
greater for some assertions than for others.
Inherent risk is the risk that financial statements are likely to be materially
misstated.
Examples of inherent risk:

Cash is more susceptible to theft than an inventory of coal

Complex calculations are more likely to be misstated than simple

calculations

Estimation transactions, especially if they involve accounting

estimates that are subject to significant measurement uncertainty

High value inventory (could be easily stolen, thus, there would be an

inherent risk relating to the existence assertion)
2. Control risk the risk that a material misstatement, either individually or
when aggregated with other misstatements, that could occur will not be
prevented or detected and corrected on a timely basis by the entitys internal
control
Control risk is a function of the effectiveness of the entitys internal
control.
Control risk is the type of risk that the management has the most control
over in the short term.
Some control risk will always exist because of the inherent limitations of any
internal control system.
Risk of material misstatement (inherent risk and control risk) cannot be eliminated
or controlled by the auditor because these are entitys risks that exist independently
AT Audit Planning

Red Sirug

Page 9

of the audit of financial statements.

Causes of misstatements of the financial statements:
1. Errors refer to mistakes or unintentional misstatements or omissions of
amounts or disclosures in the financial statements. Examples:
Mistakes in gathering or processing data from which FS are prepared
Incorrect accounting estimate arising from oversight or misinterpretation of
facts
Mistake in applying accounting principles
2. Fraud intentional misstatements or omissions of amounts or disclosures in the
financial statements
The term fraud refers to an intentional act by one or more individuals
among management, those charged with governance, employees or third
parties, involving the use of deception to obtain an unjust or illegal advantage.
The factor that distinguishes fraud from error is whether the underlying action
is intentional or unintentional.
Two types of Fraud:
a. Fraudulent financial reporting (or management fraud) intentional
misstatements committed by members of management or those charged with
governance or oversight to render financial statements misleading to deceive
users of the financial statements
The most serious types of fraud usually involve management. This results
from the fact that management is primarily responsible for the design and
implementation of internal control in the first place.
Fraudulent financial reporting may be accomplished by:
Manipulation, falsification, or alteration of accounting records or related
supporting documents
Misrepresentation in, or intentional omission from, the FS of
events/transactions or other significant information
Intentional misapplication of accounting principles
Examples of techniques used by management are:
Recording fictitious journal entries
Using inappropriate assumptions in accounting estimate
Untimely recognition in the FS of events and transactions
Concealing, or not disclosing, facts that could affect the amounts recorded in
the FS
Manipulation of financial statements occurs when a higher or lower level of
earnings is reported than that which actually occurred. It could also take the
form of omissions (failure to disclose certain matters) or false statements in the
notes and/or other disclosures. The motive may be to raise finances, reach a
bonus threshold, inflate the value of the business or simply minimize taxes.
b. Misappropriation of assets (employee fraud or defalcation) theft of
assets and is often perpetrated by non-management employees. Examples:
Misappropriating collections on accounts receivable
Stealing inventory
Colluding with a competitor by disclosing technological data in return for
payment
Payments to fictitious employees or vendors
Using the entitys assets as collateral for a personal loan
The most popular ways to manipulate financial statements involves journal
entries and accounting estimates because if manipulation is discovered
management can easily deny involvement. A bias in estimates can be attributed to
excessive conservatism or optimism. An unsupported journal entry, if discovered,
can be characterized as a simple mistake. This differs from strategies such as
falsified records that, if discovered by the auditor, would be quite difficult for
management to deny.
Fraud Risk Factors:
AT Audit Planning

Red Sirug

Page 10

Fraud risk factors conditions that could heighten an auditors concern about risk
of material misstatements because they provide clues or red flags to the existence of
fraud
1. Incentives/pressures reasons to commit fraud.
A pressure is often
generated by immediate needs (such as having significant personal debts or
meeting an analysts or banks expectations for profit) that are difficult to share
with others.
Examples:
Management is under pressure to reduce earnings to minimize taxes
Management is under pressure to inflate earnings to secure bank financing
Meeting analysts or banks expectations for profit
Inflating the purchase price of the business
Meeting the threshold for a performance bonus
Having significant personal debts or poor credit
Trying to cover financial losses
Being greedy or involved in gambling, drugs, and/or affairs
Being under undue peer or family pressure to succeed
Living beyond ones means
Other situations or characteristics, not necessarily financial in nature, include:
Enjoying the challenge of beating the system
Fearing personal loss of pride, position or status such as when a company is
doing poorly
Being dissatisfied with a job or wanting revenge against an employer
Being emotionally unstable
Some of these pressures can easily be identified (such as performance
incentive plans). Others are more difficult to identify (such as family or peer
pressure, living beyond ones means or having a gambling problem).
2. Opportunity (whether perceived or real) Opportunity pertains to an
individuals perception that he can commit fraud and that it will not be detected.
Potential perpetrators who think they might be detected and charged with a
criminal offense would not likely to commit fraud. A poor corporate culture and
a lack of adequate internal control procedures can often create the confidence
that a fraud could go undetected.
Opportunity often emanates from:
Poor corporate culture
Where a person feels they can take advantage of the trust placed in him or
her
Knowledge of specific control weakness
3. Attitudes/rationalizations fraud involves some rationalization to commit
fraud or the belief that a crime has not been committed. For example:
Some individuals possess an attitude or character to knowingly and
intentionally commit a dishonest act
Being dissatisfied with pay
Feeling underappreciated (such as not getting an expected promotion)
Degree of assurance between detection of material fraud and material errors:
1. Fraud is harder to detect than errors: Reasons:
a. Fraud may involve sophisticated and carefully organized schemes designed
to conceal it.
b. Fraud may be accompanied by collusion.
2. Management fraud vs. employee fraud the risk of not detecting a material
misstatement resulting from management fraud is greater than for employee
fraud
Reasons:
Management has the most opportunity to commit fraud, while employees
need to exploit weakness in internal control in order to commit fraud.
Management has the ability to override or bypass an existing effective
internal control.
Management can influence the preparation and presentation of financial
statements.

AT Audit Planning

Red Sirug

Page 11

Conditions and events that may indicate risks of material misstatement:

The following are examples of conditions and events that may indicate the existence
of risks of material misstatement. The examples provided cover a broad range of
conditions and events; however, not all conditions and events are relevant to every
audit engagement and the list of examples is not necessarily complete.
Operations in regions that are economically unstable, for example, countries
with significant currency devaluation or highly inflationary economies.
Operations exposed to volatile markets, for example, futures trading.
Operations that are subject to high degree of complex regulation.
Going concern and liquidity issues including loss of significant customers.
Constraints on the availability of capital and credit.
Changes in the industry in which the entity operates.
Changes in the supply chain.
Developing or offering new products or services, or moving into new lines of
business.
Expanding into new locations.
Changes in the entity such as large acquisitions or reorganizations or other
unusual events.
Entities or business segments likely to be sold.
Existence of complex alliances and joint ventures.
Use of off-balance-sheet finance, special-purpose entities, and other complex
financing arrangements.
Significant transactions with related parties.
Lack of personnel with appropriate accounting and financial reporting skills.
Changes in key personnel including departure of key executives.
Weaknesses in internal control, especially those not addressed by management.
Inconsistencies between the entitys IT strategy and its business strategies.
Changes in the IT environment.
Installation of significant new IT systems related to financial reporting.
Inquiries into the entitys operations or financial results by regulatory or
government bodies.
Past misstatements, history of errors or a significant amount of adjustments at
period end.
Significant amount of non-routine or non-systematic transactions including
intercompany transactions and large revenue transactions at period end.
Transactions that are recorded based on managements intent, for example,
debt refinancing, assets to be sold and classification of marketable securities.
Application of new accounting pronouncements.
Accounting measurements that involve complex processes.
Events or transactions that involve significant measurement uncertainty,
including accounting estimates.
Pending litigation and contingent liabilities, for example, sales warranties,
financial guarantees and environmental remediation
Considering compliance with laws and regulations:
Non-compliance refers to acts of omission or commission by the entity being
audited, either intentional or unintentional, which are contrary to the prevailing
laws or regulations.
The auditor should consider compliance with laws and regulations since
noncompliance by the entity with laws and regulations may materially affect the
financial statements.
However, an audit cannot be expected to detect
noncompliance with all laws and regulations.
Noncompliance is sometimes described as violations of law or regulations or
illegal acts.
Common examples of non-compliance:
Violation of tax laws and environmental laws
Occupational safety and health
Inside trading of securities
Result of non-compliance with laws and regulations:
Fines/penalties
Damages
Threat of expropriation of assets
Enforced discontinuation of operations
Litigation
AT Audit Planning

Red Sirug

Page 12

Auditors responsibility in detecting non-compliance is limited to material

direct-effect noncompliance or illegal act. (Reason: Generally, the further
removed non-compliance is from the events and transactions that are
ordinarily reflected in financial statements, the less likely the auditor is to
become aware of or to recognize non-compliance.
Responsibility for the compliance with laws and regulations rests with
management. This responsibility includes prevention and detection (and
correction) of noncompliance with laws and regulations.

Indications that noncompliance may have occurred:

The entity is under investigation by government departments
Payment of fines or penalties.
Payments for unspecified services or loans to consultants, related parties,
employees or government employees.
Sales commissions or agent's fees that appear excessive in relation to those
ordinarily paid by the entity or in its industry or to the services actually received.
Purchasing at prices significantly above or below market price.
Unusual payments in cash, purchases in the form of cashiers' checks payable to
bearer or transfers to numbered bank accounts.
Unusual transactions with companies registered in tax havens.
Payments for goods or services made other than to the country from which the
goods or services originated.
Payments without proper exchange control documentation.
Existence of an accounting system with inadequate audit trail or sufficient
evidence.
Unauthorized transactions or improperly recorded transactions
Media comment
Note 2.3 Assess the identified risks of material misstatement:
Factors to consider whether a risk is significant:
Whether the risk is a risk of fraud
Whether the risk is related to recent significant economic accounting or other
developments and, therefore, requires specific attention
Complexity of transactions
Whether the risk involves significant transactions with related parties
The degree of subjectivity in the measurement of financial information related to the
risk, especially those involving uncertainty
Whether the risk involves significant transactions that are outside the normal course of
business for the entity, or that otherwise appear to be unusual
Significant risk an identified and assessed risk of material misstatement that, in
the auditors judgment, requires special audit consideration
Significant risks often relate to:
a. Non-routine transactions unusual (in size or nature) and infrequent
transactions
b. Judgmental matters such as those involving accounting estimates for which
there is significant measurement uncertainty
Note 2.4 Risk assessment procedures include:
1. Inquires of management and others within the entity that is likely to assist the
auditor in identifying risk of material misstatement due to fraud or error
For example, inquiries of management, audit committee, board of directors, internal
auditors, in-house legal counsel, and other client personnel
2. Analytical procedures
Analytical procedures evaluations of financial information made by a study of
plausible relationships among both financial and nonfinancial data

Purpose of preliminary analytical procedures:

a. To identify areas that may represent specific risks such as the existence of unusual
transactions or events, and amounts, ratios, and trends that may assist the auditor
in identifying risks of material misstatements that the auditor may need to
investigate further

AT Audit Planning

Red Sirug

Page 13

b. To enhance the auditors understanding of the entitys business and transactions to

help plan the nature, timing, and extent of substantive auditing procedures that will
be used to gather audit evidence
Analytical procedures performed during audit planning is known as preliminary
analytical procedures
Analytical procedures involve:
a. Analysis of significant ratios and trends or the study of plausible relationships
among both financial and non-financial data
b. Investigation of fluctuations and relationships that are inconsistent with other
relevant information or deviate significantly from predicted amounts by:
Inquiries of management
Corroboration of management responses, and
Applying other appropriate audit procedures
Basic premise underlying the use of analytical procedures:
The basic premise underlying the use of analytical procedures is that plausible
relationships among data may reasonably expected to exist and continue (predictable)
in the absence of known conditions to the contrary. The relationship among data
should be both:
a.
Plausible there is a clear cause and effect relationship among data
b.
Predictable reasonably expected to exist and continue in the absence of
known conditions to the contrary
Generalizations in assessing the predictability of the accounts:

Income statements accounts are more predictable than balance sheet

accounts.

Accounts that are not subject to management discretion are generally

predictable.

Relationships in a stable environment are more predictable that those

in a dynamic or unstable environment.
Main purpose of analytical procedures: To assess the overall reasonableness of
account balances and transactions
Specific purpose/focus/objective of analytical procedures in the three stages
of audit:
1. In the planning stage performed as risk assessment procedures
(required/mandatory) to obtain an understanding of the entity and its
environment
Objective/purpose/focus during planning stage:
To enhance the auditors understanding of the entitys business and
transactions to help plan the nature, timing, and extent of substantive
auditing procedures that will be used to gather audit evidence.
To identify areas that may represent specific risks (such as unusual
transactions and events or abnormal/significant fluctuations in amounts,
ratios, or trends) that the auditor may need to investigate further
2. In testing stage as substantive procedures when their application is, based
on the auditors judgment, more effective and efficient than test of details (not
required)
Objective/purpose/focus during testing stage:
To obtain audit evidence to confirm individual account balances
3. In the overall review or completion stage As an overall review of the
financial statements (required)
Objective/purpose/focus:
To identify a previously unrecognized risk of material misstatement (unusual
fluctuations that were not identified in the planning and testing phases of
the audit)
To confirm conclusions reached with respect to the fairness of the financial
statements

3. Observation and inspection these include:

Observation of entity activities and operations
Inspection of documents (such as business plans and strategies, records, and internal
control manuals)
Inspection of reports prepared by management (such as quarterly management
reports) and those charged with governance (such as minutes of board of directors
meetings)
AT Audit Planning

Red Sirug

Page 14

Visit or tour of entitys premise/facilities

Note 3 Reducing audit risk to an acceptably low level

To reduce audit risk to acceptably low level the auditor shall:
a.
Assess the risks of material misstatement (inherent and control risk); and
b.
Limit detection risk. This may be achieved by performing procedures that respond to
the assessed risks of material misstatement at the financial statements, class of
transactions, account balance and assertion levels.
Steps in assessing Audit Risk:
1.
Set the desired level of Audit Risk
Audit risk the risk that the auditor gives an inappropriate audit opinion when the
financial statements are materially misstated; it is the risk that the auditor may
unknowingly fail to modify appropriately the opinion on financial statements that are
materially misstated
2.

Assess the level of Inherent Risk (such as low, medium, or high) for example, low
level if likelihood of misstatement is low
Inherent risk the susceptibility of an assertion to a misstatement that could be
material, either individually or when aggregated with other misstatements, assuming
there are no related controls to mitigate such risks
Sources of assessment include knowledge of entity and its environment and
preliminary analytical procedures.

3.

Assess the level of Control Risk (such as low, medium, or high) for example, low
control risk if internal control is effective, or high control risk if internal control is not
effective
Control risk the risk that a material misstatement, either individually or when
aggregated with other misstatements, that could occur will not be prevented or
detected and corrected on a timely basis by the entitys internal control
Sources of assessment include knowledge of internal control and observation and
inspection
Combined assessment:
The auditor usually makes combined assessment of inherent and control risks. If the
combined assessment of inherent risk and control risk is high, the auditor should:
Place more emphasis on obtaining external evidence
Reduce reliance on internal evidence
Design more effective substantive procedures

4.

Determine the acceptable level of detection risk: The acceptable level of detection
risk depends on the assessed level of inherent and control risk (inverse relationship)
Detection risk the risk that the auditor will not detect such a material misstatement
that exists/occurs in an assertion

Detection risk is a function of the effectiveness of an auditing procedure and its

application by the auditor
Detection risk is significantly affected by the nature, timing, and extent of the
auditors substantive procedures
Detection risk is a complement of assurance provided by substantive tests (for
example, a 10% detection risk means a 90% assurance of detecting material
misstatement)
Detection risk can be increased or decreased by the auditor by performing
substantive tests but can never be reduced to zero because of the inherent
limitations in the procedures carried out, the human judgments required, and the
nature of the evidence examined.
The auditor uses the Audit Risk Model:
Audit Risk = Inherent risk x Control risk x Detection risk
Acceptable level
of
Detection risk =

Audit risk

Inherent risk x
Control risk
5. Design audit substantive tests
Auditors reaction to level of detection risk:
a. Lower acceptable level of detection risk higher assurance are to be
provided by substantive tests by changing any or combination of the following:
AT Audit Planning

Red Sirug

Page 15

 Nature performing more effective substantive procedures

Timing performing substantive procedures at year-end rather than at
interim dates (decreases detection risk by reducing the risk for the period
subsequent to the performance of those tests)
Extent increasing the extent of substantive tests by using larger sample
size
b. Higher acceptable level of detection risk low assurance are to be provided
by substantive tests by changing any or combination of the following:

Nature performing less effective substantive procedures

Timing performing substantive procedures at interim dates

Extent decreasing the extent of substantive tests using smaller

sample size
In summary, the auditor performs audit procedures to assess the risks of material
misstatement and seeks to limit detection risk by performing further audit procedures
based on that assessment.
Summary of relationships among audit risk components:
The acceptable level of detection risk for a given level of audit risk bears an inverse
relationship to the risks of material misstatement at the assertion level. Therefore:
Risk of material misstatement (inherent risk and control risk), detection risk
that can be accepted, and vice versa.
Audit risk and detection risk move in the same direction: Audit risk, detection
risk, and vice versa
The relationship between the risks can also be expressed mathematically in the
following formula:
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk
Inherent risk and control risk are independent variables while detection risk is a
dependent variable.
All the components of audit risk cannot be eliminated by the auditor due to the
following reasons:
a. Inherent risk some accounts are susceptible to a material misstatement or
the risk of such misstatement is greater for some accounts than for others
b. Control risk due to inherent limitations of internal control system
c. Detection risk
Use of testing/sampling
Use of auditors judgment
Even when the auditor conducts 100% examination because audit evidence
is persuasive rather than conclusive in nature
The components of audit risk that can or cannot be controlled by the auditor:
a. Inherent risk and control risk cannot be controlled because these are
entitys risk and exist independently of the audit
b. Detection risk can be directly controlled (increased or decreased) by the
auditor because detection risk relates to the auditors procedures and can be
altered by adjusting the nature, timing, and extent of substantive procedures
The relationship between materiality and audit risk:
There is an inverse relationship between materiality and the level of audit risk
materiality level, audit risk and vice versa.
Materiality is directly related to the acceptable level of detection risk.
It would lead to most audit work if both audit risk and materiality levels are low.

AT Audit Planning

Red Sirug

Page 16

AT Audit Planning

Red Sirug

Page 17