2. Learning Objectives
• Define audit plan
• Explain the objectives of audit planning.
• How to understand the entity being audited
• Discuss issues related to materiality in audit.
• How to evealuate risk in auditing and how they
can be mitigated
Kwame Oduro Amoako (PhD)
3. What is audit plan
• A comprehensive list of the specific audit procedures that the audit
team needs to perform to gather sufficient appropriate evidence on
which to base their opinion on the financial statement
• Planning the audit includes establishing the overall audit strategy for
the engagement and developing an audit plan, which includes, in
particular, planned risk assessment procedures and planned
responses to the risks of material misstatement.
4.
5. Objectives of adequate planning
• To identify potential problems.
For example, if the company has
recently changed its
computerised accounting system
there may well have been
problems at the switch-over
time, and staff may still be
inexperienced.
6. Objectives of adequate planning cont’d
• To carry out the work
expeditiously.
• That really means reasonably
quickly and efficiently since
audit team know exactly what to
do at which time
7. Objectives of adequate planning cont’d
• To ensure that the right numbers of staff are in the audit team with
the right skills. They have to be timetabled so that the work for this
client and other clients can be accommodated.
• To coordinate, if necessary, with other parties. For example, the
internal audit department of the company.
• To facilitate the direction and supervision of the audit team and the
review of their work.
8. Objectives of adequate planning cont’d
• Nature of the entity. We have to understand the nature of the entity.
For example, we simply have to understand what it does: is it in a
financial sector, the retail sector, the manufacturing sector? This may
seen trivial but it may help you to think of a new audit client. You can
often tell very little from the name of the client. You have to go and
find out about the entity itself.
9. Objectives of adequate planning cont’d
• Nature of business risks. Business risks can arise from circumstances
which mean that the company’s objectives and strategies may not be
achieved. Business risk is broader than the risk of material
misstatement of the financial statements. Most business risks will
eventually have financial consequences and therefore an effect on the
financial statements. It is important for the auditors, therefore, to
understand what the risks are.
10. Understanding the entity (ISA 315)
• Particular regulations. Banks, insurance companies, and many other
operations in the financial sector are subject to regulation and
sometimes the auditor has to ensure that these regulations have
been adhered to.
• Accounting policies. We need to understand what the entity’s
accounting policies are; different entities have different ways of
valuing inventories perhaps. If you are a building company you will
have specific accounting policies with regard to taking profits from
construction contracts
11. Understanding the entity Cont’d (ISA 315)
• Objectives and strategies. The auditors must gain an understanding
of the entity’s, objectives, and strategies. The entity’s management
defines objectives, and strategies are devised to try and achieve those
objectives.
• Internal controls. The auditor has to gain an understanding of the
entity’s internal controls. Whether they exist and to what extent they
are expected to operate.
12. Understanding the entity Cont’d (ISA 315)
• The control environment. This refers to the context in which the
internal controls operate. The effectiveness of the control
environment has a significant bearing on the auditor's confidence in
internal control which will affect the nature, timing and extent of
audit procedures.
• How does management identify business risks? It is important for
management to identify business risks. Management has a real
expertise of the business sector and if they can’t identify business
risks it can be relatively difficult for the auditor to ensure that all
business risks have been covered.
13. • Financial performance. Performance measures create pressures on
management. Obtaining an understanding of the entity’s
performance measures assists the auditor in considering whether
such pressures may result in management actions that could increase
the risks of material misstatements. A review of key performance
indicators, ratios and trends may indicate that risks of misstatement
exist (eg unusually rapid growth or profitability compared to other
entities in the same industry).
14. Internal control
• ISA 315 requires the auditor not only to understand the controls
relevant to the audit but also:
• To evaluate the design of controls – Should they prevent or detect
and correct material misstatement?
• To determine whether they have been implemented – Are the
controls operating effectively?
15.
16. What is materiality
• Materiality is a concept in accounting which states that firm can
ignore small information which does not have any significant impact
on the business.
• This also means that a business must include all other information in
its financial statements which is material/significant enough.
• This degree of significance is determined from the perspective of the
users of the financial statements.
• So, if a piece of information is significant enough to change the
opinion of a user about the company, the information must be
present in the financial statements
17. Guidance on materiality
• These are only guidelines, but an amount will generally be considered
immaterial if it is less than the following and material if it is greater:
• 0.5% to 1% of revenue
• 1% to 2% of total assets
• 5% to 10% of profit before tax
• Finally, there are some amounts in the financial statements where no
errors are tolerable. For example, there is often a statutory duty to
disclose directors’ remuneration and that has to be stated with
absolute accuracy.
18.
19. What is risk?
• In broad terms, risk involves
exposure to some type of danger
and the possibility of loss or
injury.
• probability or threat of damage,
injury, liability, loss, or any other
negative occurrence that is
caused by external or internal
vulnerabilities, and that may be
avoided through pre-emptive
action.
22. Business risks?
• Business risk means that
a company’s or an organization’s
plans may not turn out as originally
planned or that it may not meet its
target.
• Business risks result from significant
conditions, events, circumstances,
actions or inactions that could
adversely affect the entity's ability
to achieve its objectives and
execute its strategies
24. 1. Strategic risk
• Strategic risks can occur at any
timeme.
• For example, a company
manufacturing an anti-mosquito
lotion may suddenly see a decline
in its sales because people’s
preferences have changed, and
they now want a spray mosquito
repellent rather than a lotion.
• To avoid having to face such a risk,
companies need to implement
a real-time feedback system to
know what its customers want.
25. 2.Compliance risk
• Compliance risk involves
companies having to comply
with new rules that are set by
the government or by any
other governing body.
• For example, there may be a
new minimum wage that must
be implemented immediately.
26. 3. Financial risk
• Financial risk is about the financial
health of the company. Financial risks
could arise because of high
borrowings and a rise in interest
rates.Questions such as:
• Can the company afford to offer
instalment payments to its customers?
• How many customers can it offer such
an instalment scheme?
• Can it handle business operations when
two or three of these customers are not
able to make their payments on time?
• This will put the business under
severe pressure and could increase
the risk of material misstatement,
perhaps with regards to going
concern problems.
27. 4. Operational risk
• Operational risk occurs within
the business’ system or
processes. For example, one of
its production machines breaks
down when the target output is
still unmet.
• What will the company do if one
of its machine operators has an
accident during work hours?
30. The auditor and business risks
• The auditor does not have a responsibility to identify or assess all
business risks, but an understanding of business risks that may result
in ROMM is essential (ISA 315).
• it is important because business risk will often influence inherent risk
(ie the susceptibility of a financial statement assertion to the risk of
material misstatement).
• If misstatements which are not prevented or detected and corrected
by internal controls (control risk) are not detected by the auditor
(detection risk), the auditor will express an inappropriate opinion
(audit risk).
32. Audit risk is the risk that the auditor,
while appropriately following ISA, will
conclude that the financial statements
fairly stated when, in fact, they are not.
audit
risk
33. What is audit risk?
• Audit risk (also referred to as residual risk) refers to the risk that
an auditor may issue an unqualified report due to
the auditor's failure to detect material misstatement either due to
error or fraud
• Audit risk is the risk that auditors issued the incorrect audit opinion to
the audited financial statements. For example, auditors issued an
unqualified opinion to the audited financial statements even though
the financial statements are materially misstated
34.
35. Audit risk depends on three factors, and the
relationship is described by the audit risk model:
38. Sampling risk
• This arises when audit procedures are applied to samples rather
than entire populations.
• The auditor may conclude, based on a sample, that controls
are more effective than they actually are or that there is no material
misstatement when, in fact, there is.
• The auditor may then be doing toolittle work so that actual
misstatements go undetected. Sampling risk can be reduced by
examining larger samples.
39. Non-sampling risk
• This risk arises from reasons other than sample size. For example, if
the audit staff were inappropriately qualified, there is a higher risk
that they might use inappropriate audit procedures, misinterpret
evidence or fail to recognise an error.
• Good quality control procedures should minimize non-sampling risk:
• adequate planning,
• assigning sufficiently skilled staff and
• the direction, supervision and
• review of their work.
40. How to reduce detection Risk
• Composition of the engagement team, e.g.
• competence/skillfulness of the auditors
• size of the engagement team
• objectivity and independence
• Types of audit procedures, e.g.
• degree of substantive procedures compared to tests of controls
• evidence collection procedures such as whether the evidence is internally generated
or external
• testing of year-end and post year-end transactions vs testing evenly throughout the
year
• Rigorousness of audit procedures, e.g.
• sample sizes
• duration of audit engagement
• Quality control, e.g.
• audit firm’s system of quality control
• reviews by qualified personnel outside engagement team
Editor's Notes
Learning objective 2-1 is to identify and give examples of each of the three basic manufacturing cost categories.