UE CENTER for REVIEW and SPECIAL STUDIES_

2219 C.M. Recto, Ave. Sampaloc Manila Tel Nos. 735-5602, 735-5471

Auditing Theory – CPA Review

AT Lecture 6 Prof. Francis H. Villamin

“Planning an Audit of Financial Statements”

PSA 300 Redrafted “Planning an Audit of Financial Statements” states that the auditor should plan the
audit so that the engagement will be performed in an effective manner.
a. It involves establishing the overall for the engagement and developing an audit plan strategy and a
detailed approach for the expected nature, timing and extent of the audit.
b. It involves the engagement partner and other key members of the engagement team to benefit from
their experience and insight and to enhance the effectiveness and efficiency of the planning process.

1. Adequate planning of the audit work accomplished among others the following:
a. It ensures that appropriate attention is devoted to important areas of the audit
b. It enables the auditor to identify potential problems and resolve them on a timely basis
c. It helps to ensure that the engagement is properly organized and managed in order to be
performed in an effective and efficient manner.
d. It assists in the proper assignments of the engagement team members.
e. It facilitates the direction and supervision of engagement team members and review of their
work.
f. It assists in coordination of work done by auditors of components and experts.

2. The extent of planning will vary according to

a. Size of the entity
b. The complexity of the audit
c. Auditor’s experience with the entity
d. Changes in circumstances that occur during the audit engagement.

3. Planning is not a discrete phase of an audit, but rather a continual and iterative process that often
begins shortly after (or in connection with) the completion of the previous audit and continues until
the completion of the current audit engagement.

4. In planning an audit the auditor considers the following:

a. Discussion among engagement team members
b. Analytical procedures to be applied as risk assessment procedures
c. Obtaining of a general understanding of the legal and regulatory framework applicable to the
entity and how the entity is complying with that framework
d. Determination of materiality
e. Involvement of experts
f. Determination of assessment procedures prior to identifying and assessing the risks of material
misstatement and performing further audit procedures at the assertion level for classes of
transactions, account balances, and disclosures that are responsive to those risks.

Preliminary Engagement Activities

1. Perform procedures regarding the continuance of the client relationship and the specific audit
engagement.
2. Evaluate compliance with ethical requirements, including independence.
3. Establish an understanding of the terms of the engagement.

The purpose of preliminary engagement activities is to help ensure that the auditor has considered any
events or circumstances that may adversely affect the auditor’s ability to plan and perform the audit
engagement to reduce audit risk to an acceptably low level.

It also helps to ensure that the auditor plans an audit engagement for which
1. The auditor maintains the necessary independence and ability to perform the engagement.
2. There are no issues with management integrity that may affect the auditor’s willingness to continue
the engagement.
3. There is no misunderstanding with the client as to the terms of the engagement.
 2
AT Lecture 06 “ Planning an Audit of Financial Statements”

Planning Activities

1. The auditor should establish the overall audit strategy for the audit.

Overall audit strategy sets the scope, timing and direction of the audit and guides the
development of the more detailed audit plan.

The establishment of overall audit strategy involves:

a. Determining the characteristics of the engagement that define its scope, such as financial
reporting framework used industry-specific reporting requirements and the locations of the
components of the entity.
b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the
nature of the communications required, such as the deadlines for interim and final reporting, and
key dates for the expected communications with management and those charged with
governance.
c. Considering the important factors that will determine the focus of the engagement team’s efforts.

2. The auditor should develop an audit plan for the audit in order to reduce the audit risk to an
acceptably low level.
Audit plan includes the following:
a. A description of the nature, timing and extent of planned risk assessment procedures sufficient
to assess the risks of material misstatement.
b. A description of the nature, timing and extent of planned further audit procedures at the
assertion level for each material class of transactions, account balances and disclosures.
c. Such other procedures required to be carried out for the engagements to comply with PSAs.
3. The overall audit strategy and the audit plan should be updated and changed as necessary during the
course of the audit.

4. The auditor should plan the nature, timing and extent of the direction and supervision of engagement
team members and review of their work.

5. The auditor should document the overall audit strategy and the audit plan, including any significant
changes made during the audit engagement.

Audit Program
An audit program is a set of audit procedures specifically designed for each audit. The program which
includes both substantive tests and tests of controls will enable the auditor to express an opinion on the
financial statements taken as a whole.
The auditor should develop and document an audit program setting out the nature, timing, and extent of
planned audit procedures required to implement the overall audit plan. The audit program serves as a
set of instructions to assistants involved in the audit and as a means to control and record the proper
execution of the work. The audit program may also contain the audit objectives in which hours are
budgeted for the various audit areas or procedures.

On initial engagements, the audit program typically will develop in three stages:
1. The broad phases of the program can be outlined at the time of the engagement.
2. Other details of the program can be identified after the review of internal control structure and
accounting procedures has begun
3. Procedures on specific phases of the audit can be further challenged and revised as the work
progresses.

On recurring engagements, the program for the preceding audit should be studied before preparing the
program for the current audit. The program of the current audit should reflect modifications or are
required by the experience gained in the business, internal control or accounting methods of the client.

“The overall audit plan and the audit program should be revised as necessary during the course of the
audit. Planning is continuous throughout the engagement because of changes in conditions or
unexpected results of audit procedures. The reasons for significant changes would be recorded.”

An audit program that is properly prepared and used provides:

1. Evidence of proper planning of the work and allows a review of the proposed scope of the audit.
The program gives the partner, manager and other members of the audit team an opportunity to
review the proposed scope of the audit before the work performed, when there is still time to modify
the proposed audit procedures.
2. Guidance to less experienced staff members.
3. Evidence of work performed.
4. A means of controlling the time spent on an audit.
5. Evidence of the consideration of control risk in designing the proposed audit procedures

Time Budget
 3
AT Lecture 06 “ Planning an Audit of Financial Statements”
A time budget is an estimate of the total hours an audit is expected to take. It is based on the information
obtained in the first major step in the audit, that is, obtaining an understanding of the client.

Steps in the Audit Planning

I. Obtaining an understanding of the entity and its environment

According to PSA 315, “Understanding the Entity and Its Environment and Assessing the Risks of
Material Misstatement,” in performing an audit of financial statements, the auditor should have or
obtain a knowledge of the business sufficient to enable the auditor to identify and understand the
events, transactions and practice that, in the auditor’s judgment, may have a significant effect on the
financial statements or on the examination or audit report.

The auditor’s level of knowledge for an engagement would include a general knowledge of the
economy and the industry within which the entity operates, and a more particular knowledge of how
the entity operates. The level of knowledge required by the auditor would, however, ordinarily be
less than that possessed by management.

PSA 315 Redrafted outlines the key steps in understanding the entity and its environment:
a. Industry, regulatory and other external factors, including the applicable financial reporting
framework
b. Nature of the entity, including its selection and application of accounting policies.
c. Objectives and strategies and the related business risks that may result in a material
misstatement of the financial statements.
d. Measurement and review of the entity’s financial performance.

a. Industry, regulatory and other external factors

Industry conditions
Understanding industry conditions include understanding the market for a client’s products, the
competition, the entity’s and competitor’s capacity relative to market conditions and price competition.

Regulatory environment
The regulatory environment can have a direct economic consequences and affect accounting and
disclosure requirements. PSA 250 “Consideration of Laws and Regulations in an Audit of a Financial
Report” states that the auditor must obtain a general understanding of the legal and regulatory
framework applicable to the entity and the industry and the entity’s level of compliance.

Economy-wide factors
The general economy and its effect on the entity’s business should also be considered by the auditor.
This includes the general level of economic activity, interest rates and the availability of financing, and
the level of inflation.

b. Nature of the entity, including its selection and application of accounting policies
Business operations
Knowledge of the entity’s business operations includes understanding such matters as the entity’s
a. Method of obtaining revenues
b. Products or services and markets
c. Conduct of operations
d. Location of production facilities, warehouses and offices
e. Employment
f. Transactions with related parties.

Knowledge of the entity’s business operations may influence the selection and application of accounting
policies. Auditors use the knowledge of the entity’s operations to identify significant inherent risks.
Another important aspect of understanding the business operations involves obtaining knowledge of
related party transactions. Related party transactions are transactions between a company and its
management, principal owners, their immediate family members, and/or affiliated companies. These
transactions represent high inherent risks because they may not have the economic substance of an
arm’s-length transaction between two independent parties. PSA 550 “Related Parties” describe the
important procedures that should be performed in planning an audit.

Investments
Knowledge of the entity’s investing activities includes understanding the entity’s
a. Capital investment activities, including investments in plant and equipment and technology and any
recent or planned changes.
b. Acquisitions, mergers or disposals of plant activities
c. Investments and dispositions of securities and loans
d. Investments in non-consolidated entities, including partnerships, joint ventures and special-purpose
entities.

Financing
Knowledge of the entity’s financing activities includes understanding the entity’s
 4
AT Lecture 06 “ Planning an Audit of Financial Statements”
a. Debt structure, including covenants, restrictions, guarantees and off-balance sheet financing
arrangements.
b. Group structure – major subsidiaries and associated entities, including consolidated and non-
consolidated structures.
c. Leasing of property, plant and equipment for use in the business.
d. Beneficial owners.
e. Use of derivative financial instruments.

Financial Reporting
Knowledge of the entity’s financial reporting activities includes understanding such matters as the entity’s
a. Accounting principles and industry-specific practices
b. Revenue recognition practices
c. Accounting for fair-value
d. Inventories
e. Industry-specific significant accounts and transaction classes
f. Accounting for unusual or complex transactions, including those in controversial or emerging areas,
such as accounting for share-based transactions.
g. Financial statement presentation and disclosures.

c. The entity’s objectives, strategies and related business risks

According to PSA 315 Redrafted, the auditor shall obtain an understanding of the entity’s objectives and
strategies and the related business risks that may result in material misstatement of the financial report.
These terms are defined as follows:

Entity’s objectives – are the overall plans for the entity as defined by those charged with governance and
management.

Entity’s strategies – are the operational approaches by which management intends to achieve the
objectives.

Business risks – result from significant conditions, events, circumstances, actions or inactions that could
adversely affect the entity’s ability to achieve its objectives and execute its strategies, or through the
setting of inappropriate objectives and strategies.

Matters that auditor may consider include:

a. Industry developments
b. New products or services
c. Expansion of the business
d. Current and prospective financing requirements

A “business risk approach” allows the auditor to identify the threats that the organization faces in
attempting to achieve its goals and the extent to which these give rise to audit risks. It also recognizes
that most business risks will eventually have financial consequences and therefore, have an effect on
the financial statements. Sometimes referred to “top-down approach”, everything is considered at the
highest level when reviewing business risk and then worked down to the lowest level where a material
risk might be possible.

Business risks can be categorized as follows:

1. Financial risks – these are risks arising from the company’s financial activities or the financial
consequences of operations.

2. Operational risks – these are risks arising from the operations of the business.

3. Compliance risk – these are risks arising from non compliance with laws, regulations, policies,
procedures and contracts.

d. Measurement and review of the entity’s financial performance

Matters that auditor may consider include

a. Key ratios and operating statistics
b. Key performance indicators
c. Employee performance measures and incentive compensation plans
d. Industry trends
e. The use of forecasts, budgets and variance analysis
f. Analyst reports and credit rating reports.

II. Performing analytical procedures

 5
AT Lecture 06 “ Planning an Audit of Financial Statements”
PSA 520 Redrafted “Analytical Procedures” requires that auditor apply analytical procedures in the
planning stage of the audit to obtain a more detailed understanding and to identify areas of potential risk.
Such procedures are performed during the planning phase to (1) enhance the understanding of the
entity’s business and (2) to identify unexpected fluctuations and unusual relationships.

Analytical procedures involve a study and comparison of relationships among data to identify expected
or unexpected fluctuations and other unusual items. The common types of analytical procedures involve
a comparison of the entity’s financial information with
a. Comparable information for a previous period or periods.
b. Expected results such as budgets or forecasts.
c. Industry averages.

Analytical procedures also include the study of relationships

a. Among elements within the financial statements, such as a study of gross margin percentages.
b. Between financial information and relevant non-financial information, such as the study of payroll
costs for a number of employees.

III. Consideration of fraud in audit planning

The auditor is required to consider the risks of material misstatements in the financial statements due to
fraud. According to PSA 240 Redrafted “The Auditor’s Responsibilities Relating to Fraud in an Audit of
Financial Statements”, it requires that “when obtaining an understanding of the entity and its
environment, including its internal control, the auditor shall consider whether the information obtained
indicates that one or more fraud risk factors are present.”

In making the assessment of whether fraud risk factors are present, the auditor should understand the
three conditions that are generally present when fraud occurs. These are known as the “fraud triangle”.
1. Incentives/Pressures
2. Opportunities
3. Attitudes/Rationalizations

IV, Identifying and assessing the risks of material misstatements through understanding the
entity and its environment

The risk of material misstatement may be separated into two components – inherent risk and control
risk.

Inherent risk is the possibility of material misstatement of an assertion before considering the client’s
internal control. Factors that affect inherent risk relate to either the nature of the client and its
environment or the nature of the particular financial statement element.

In assessing inherent risk, it is often useful to segregate transactions into three types – routine, non
routine and estimation.

Routine transactions involve recurring financial statement activities recorded in the accounting records in
the normal course of business. This type of transactions restrict inherent risk, although controls certainly
must be implemented to assure proper recording.
Examples:
1. Sales
2. Purchases
3. Cash disbursements
4. Cash receipts
5. Payroll transactions

Non routine transactions involve activities that occur only periodically. Inherent risk may be high in this
type of transactions because they are not part of the normal flow of transactions and specialized skills
may be needed to perform the activity.
Examples:
1. Taking of physical inventories
2. Calculating depreciation expense
3. Adjusting financial statements for foreign currency gains and losses

Estimation transactions are those activities that create accounting estimates. These activities have high
inherent risk because they involve management judgments or assumptions.
Examples:
1. Estimating the allowance for uncollectible accounts.
2. Establishing warranty reserves
3. Assessing assets for impairment

Control risk is the risk that a material misstatement could occur in a relevant assertion and not be
prevented or detected on a timely basis by the client’s internal control. It is a function of the
 6
AT Lecture 06 “ Planning an Audit of Financial Statements”
effectiveness of both the design and operation of internal control in achieving the client’s objectives
relevant to the preparation of financial statements.

Both inherent risk and control risk exist independently of the audit of financial statements. That is, the
risk of misstatement exists regardless of whether an audit is performed. The auditor may make
separate assessments of the two risks or an overall assessment of the risk of material misstatement for
the relevant assertions.

Detection risk is the risk that the auditor will fail to detect a material misstatement that exists in relevant
assertion. It is a function of the effectiveness of audit procedures and their application by the auditors.
Unlike inherent and control risk, it does not exist when no audit is performed. Rather than “assessing
detection risk”, auditors seek to restrict it through performance of substantive procedures.

Measuring Audit Risk

AR = IR x CR x DR

Audit Risk is the risk that the auditor gives an inappropriate audit opinion when the financial statements
are materially misstated.

In setting the desired audit risk, auditors seek an appropriate balance between the costs of an incorrect
audit opinion and the costs of performing the additional procedures necessary to reduce audit risk.

The first step involves obtaining an understanding of the entity and assessing the level of business risks.
Auditors then consider the effect these factors could have on the risk of material misstatements at the
financial statement level.

Relationship among risk components

Given that an auditor’s objective is to achieve an acceptably low level of audit risk as is practicable, and
recognizing the cost of performing audit procedures, there is an inverse relationship between the
assessed levels of inherent and control risks and the level of detection risk that the auditor can accept.
Thus, if inherent and control risks are assessed as being low, the auditor can tolerate a higher level of
detection risk, enabling a reduction in the extent of substantive procedures that must be undertaken.
However, it is important to note that an auditor may tolerate different levels of risks in different audits,
depending on the auditor’s professional judgment of the perceived consequences of the risks being
taken.

The audit risk model provides a framework for auditors to follow in responding to these assessed risks
through their choice of audit procedures. PSAs are not specific on what is acceptable level of audit risk,
and use of the audit risk model requires a significant degree of judgment by the auditor. In relating the
components of audit risk, the auditor generally expresses each component in non-quantitative terms
(low, medium and high)

Acceptable detection risk matrix

Auditor’s assessment of control
risk
High Medium Low

High Lowest Lower Medium

Auditor’s
assessment of Medium Lower Medium Higher
inherent risk
Low Medium Higher Highest

Materiality
Materiality underlies the application of accounting and auditing standards and thus has a pervasive effect
in a financial statement audit. An auditor is able to give an unqualified audit opinion if the financial
statements are free from material misstatements. Materiality is particularly important for the auditor at
two of the key phases of the audit process: planning (determining the timing, nature, and extent of audit
procedures) and at the final stage when evaluating the extent of material misstatements as a basis of
audit opinion.
 7
AT Lecture 06 “ Planning an Audit of Financial Statements”
“Materiality means that an information which if omitted, misstated or not disclosed has the potential to
adversely affect decisions about the allocation of scarce resources made by users of the financial report
or discharge of accountability by management or the governing body of the entity.”

There is an inverse relationship between materiality and audit risk and the auditor should take the
relationship into consideration when determining the nature, timing and extent of audit procedures.
Where the auditor considers that there is a higher risk of misstatement, materiality will be set at a lower
level.

Preliminary judgments about materiality

The auditor must assess the risks associated with each client and each audit engagement. As stated in
PSA 315 Redrafted, the auditor shall identify and assess the risks of material misstatement at the
financial statement level and at the assertion level for classes of transactions, account balances and
disclosures.

This assessment is referred to as “planning materiality” and may differ from the materiality levels used at
the conclusion of the audit in the evaluation of audit findings because surrounding circumstances may
change, and additional information about the entity will have been obtained during the course of the audit.

Materiality at the financial statement level

Quantitative guideline
In assessing quantitative importance of a misstatement, the auditor needs to relate the peso amount of
the error to the financial statements under examination. AASB provides some quantitative threshold
guidance to help determine materiality:
a. An amount that is equal to or greater than 10% of the appropriate base amount is presumed to be
material.
b. An amount that is equal to or less than 5% of the appropriate base amount is presumed not to be
material.
c. Whether an amount between 5% and 10% is material is a matter of professional judgment.

Qualitative considerations
These relate to the causes of misstatements or to misstatements that do not have quantifiable effect. A
misstatement that is quantitatively immaterial may be qualitatively material.
a. The significance of the misstatement to the particular entity.
b. The pervasiveness of the misstatement.
c. The effect of misstatement on the financial statement as a whole.

Materiality at the account balance level

Account balance misstatement is the minimum misstatement that can exist in an account balance or it to
be considered materially misstated. Misstatement up to that level is known as “tolerable error”. The
recorded balance of an account generally represents the upper limit on the amount by which an account
can be overstated. Thus accounts with balances smaller than materiality are sometimes said to be
immaterial in terms of risk of overstatements.

Relationship between materiality and audit evidence

Materiality, like risk, is a key factor that affects the auditor’s judgment about the sufficiency of audit
evidence. It is generally correct to say, that the lower the materiality level, the greater the amount of
evidence that is needed (inverse relationship). This is also same as saying that it takes more audit
evidence to obtain reasonable assurance that any misstatement in the recorded inventory does not
exceed P100,000 than it does to be assured the misstatement does not exceed P200,000. It is also
generally correct to say that the larger or more significant an account balance is, the greater the amount
of evidence that is needed. (direct relationship). This is also the same as saying that more evidence is
needed for inventory when it represents 30% of the total assets than when it represents 10%.

Using materiality to evaluate audit evidence

If there are misstatements in the accounts, then the auditor may perform additional audit procedures to
ask that management correct the errors. If the uncorrected errors exceed the materiality and
management refuses to make adjustments, then the auditor may consider issuing a qualified or adverse
audit opinion. The uncorrected aggregated misstatements that the auditor needs to examine when
considering whether they misstate the financial statements include:
a. Specific misstatements identified by the auditor.
b. The auditor’s best estimates of the other misstatements that cannot be specifically identified
(projected errors).
 8
AT Lecture 06 “ Planning an Audit of Financial Statements”

Audit Strategies
The audit strategy significantly affects detailed work performed in the audit. The interrelationship among
audit evidence, materiality and the components of audit risk affects the auditor’s decision on the type of
audit strategy chosen – “predominantly substantive approach” and “ lower assessed level of control risk
approach”.

If the auditor assesses that appropriate controls do not exist or are likely to be ineffective, then no
reliance can be placed on internal controls – control risk is assessed at relatively high level and therefore
“predominantly substantive approach” will be adopted. More substantive procedures will be performed.
An audit strategy that relies on internal controls to support the use of a reduced level of substantive
procedures is sometimes referred to as “lower assessed level of control risk approach” also known as
“combined approach”. This is not a single strategy, but a range of strategies determined by the relative
effectiveness of applicable control procedures (combined with assessments of inherent risk and
materiality).

*************************