PLANNING & AUDIT AN AUDIT (APA YANG AUDITOR KENA TAHU MASA AUDIT) RISK 1. Staff requirements and use of LEARNING CONTENTS: experts 1. Definition 2. Considerations of materiality and 2. The purpose of audit planning risks 3. The issue and relevant consideration 3. Understand the applicable laws and when planning an audit. regulations. 4. Steps in audit planning. 4. Identify related parties. 5. Analytical procedures in planning 5. Going concern issues 6. Risk assessment 6. Using the work of internal auditing 7. Audit risk 7. Develop overall audit strategy and 8. Materiality audit plan. Define: The auditor should plan the audit 8. Review audit strategy with audit work so that the audit will be performed in committee an effective manner. Planning means 9. Additional value-added services developing a general strategy and detailed (example: tax planning) approach for the expected nature, timing, and extent of the audit. 1. Staff Requirements and Use Of THE PURPOSE OF AUDIT PLANNING Expert Objective Achievement: - The auditor must know and have Ensures the audit plan aligns with and helps knowledge about the client’s achieve the intended audit objectives. industry. Devotes adequate attention to vital areas - To performed when audit, he/she needing audit scrutiny. should: Problem Identification: i. Understand and have well practical A well-crafted plan assists in spotting experience with audit engagement on nature potential issues before they become and complexity through training. significant problems. Timely Completion: ii. Appropriate technical knowledge Ensures work is finished within set of relevant information technology. timeframes. iii. Knowledge of relevant industry in Guarantees that all important management which the client operates. areas receive due attention, avoiding iv. Have ability to apply professional omissions. judgement. Coordination and Team Efficiency: v. An understanding of the firm’s quality control policies and procedures Facilitates the coordination of audit tasks vi. An understanding of professional among auditors and experts. standards and regulatory and legal Helps in selecting the right team members requirements. with the needed skills and assigning tasks 2. Consideration of materiality and effectively. risks. Enhanced Audit Quality: (auditor kena pertimbangkan materiality Contributes to improving the overall quality dan risiko) of audit work. - Materiality tu apo? (benda yang Promotes promptness and accuracy in boleh diukur dalam FS; contohnya conducting the audit. – kesalahan yang tak disengajakan) - -kalau fraud (intentional), dia looking for events or conditions that might bukannya materiality. Gitu. cast doubt. - Melalui auditor punya knowledge, - Discussions with management about auditor kenalah tentukan berapa bukti yang their assessment of going concern help in kena ada (kena kumpul). understanding potential impacts on financial - Semasa nak audit, auditor kena health. faham client punya external environment, - This discussion usually occurs (macam mana nak cari? Kena lah baca during the preliminary meeting to update industry trade information about the entity. Discussing publication. going concern - Auditors have to use the knowledge issues helps auditors determine if using the (nature and risk of the client business) to going concern assumption poses a determine the appropriate amount of audit significant risk of misstatement. evidence to gather. - Auditors need to understand the - Events affecting going concern can client external environment by reading the be financial, operational, or of other natures. industry trade publication. 6. Using the work of internal auditing - If the auditor follows all this, auditor - Depth of Understanding: Internal auditors can settle down the risk in the company. have an in-depth understanding of an 3. Laws and regulation involved. organization's processes and can provide valuable context to external auditors. - Selain daripada itu, auditor kena - Collaboration Opportunities: juga follow law and regulation which is Collaboration between internal and external auditing standard. auditors fosters a holistic approach, - Auditing standard adalah non- ensuring comprehensive coverage and more compliance, act as of commission by the robust audit outcomes. entity, whether intentional or unintentional which are contrary to - Scope Expansion: External auditors the prevailing law or regulation. can expand their audit scope by relying on - Auditing standard ni dapat bezakan the work already performed by internal mana satu undang undang dan peraturan audit, covering a wider range of areas. yang ada direct effect ke atas penentuan dekat amount material dan - Quality Assurance: Using internal pendedahan dalam financial statement. audit work for specific areas ensures a level 4. Identify related parties. of quality and rigor, adding credibility to the - The auditor needs to assess the external audit process. entity's handling and disclosure of transactions involving related parties. - Regulatory Compliance: Internal - Identifying these parties early is audit often monitors compliance with crucial to avoid non-arm's length regulations and standards, providing transactions (e.g., transactions with external auditors with significant price differences). insights into regulatory adherence. - The auditor should understand the 7. Developing Audit Strategy and Plan: entity's controls over related party - Documenting the overall audit identification, transaction authorization, strategy and plan and accounting is crucial, disclosure. detailing decisions about audit tests' nature, 5. Going concern issue timing, and extent. - Auditors must consider the going - This involves compiling knowledge concern assumption early in the audit, about the entity's business objectives, strategies, and associated proactively identify opportunities to risks. enhance client service within limits set for consulting services. - The auditor documents how the entity manages risks and plans audit STEPS IN AUDIT PLANNING procedures, accordingly, linking risks to 1. Client acceptance and initial audit plans. planning 2. Understanding the client’s 8. Review audit strategy with audit business and accounting system committee 3. Assessing client’s business risk - Alignment and Understanding: 4. Performing preliminary analytical Presenting the audit strategy to the procedures audit committee ensures alignment between 5. Setting materiality and assessing the committee's expectations and the acceptable risk planned audit approach. It fosters a shared 6. Developing an audit plan understanding of the audit's focus areas, 7. Documentation risks, and planned procedures. - Transparency and Accountability: Reviewing the audit strategy promotes 1. CLIENT ACCEPTANCE transparency in the audit process. It allows AND INITIAL PLANNING the audit committee to assess the adequacy Client Acceptance and Initial Planning: of the audit plan, ensuring it addresses key Quality Control Check: Auditors must risks and areas of concern. This process follow procedures outlined in ISA 200 to also establishes accountability for assess whether to accept or continue a client the audit approach and decisions made. relationship, focusing on client integrity, the - Input and Oversight: Engaging the auditor's competence, and compliance with audit committee in reviewing the ethical standards. audit strategy enables them to provide Annual Review: For existing clients, audit valuable input based on their oversight role. firms should annually assess the auditor- Their insights, guidance, and questions can client relationship to decide whether to enhance the effectiveness of the audit plan, continue the audit engagement. contributing to a more robust and New Client Procedures: When taking on comprehensive audit process. new clients, auditors need to inquire about reasons for changing auditors as per ethical 9. Additional value – added services codes. Proper documentation of client (eg.tax planning) acceptance processes is essential, using - During planning, auditors seek memos or checklists. opportunities to recommend Engagement Letter: After accepting the additional value-added services beyond appointment, the auditor should draft an traditional ones like tax planning or IT consultancy. engagement letter detailing the services, - Understanding business risks timing, fees, responsibilities (auditor and enables auditors to suggest valuable client), and any additional services to be recommendations related to provided. Initial Audit Planning: processes, strategic planning, and Client Assessment: Auditors decide whether improvements. to accept a new client or continue with an - Considering these services during existing one based on various factors, planning helps the audit team including the need for an audit. Understanding Client Needs: Identifying need this understanding to evaluate and why the client wants or needs an audit is assess compliance. crucial as it influences the entire planning Information Gathering Methods: process. Reviewing Previous Audit Files: Examining Agreeing on Engagement Terms: Auditors past audit records provides crucial historical ensure mutual understanding with the client context. regarding the engagement terms to prevent Consulting Published Material: Reading misunderstandings. articles about the client and its industry Overall Audit Strategy: Auditors develop a from trade magazines or financial press aids comprehensive strategy for the audit, in understanding trends and industry including staffing decisions and the dynamics. potential requirement for specialized audit Internet Research: Using online resources experts. helps gather additional information about 2. UNDERSTANDING THE the company and its industry. CLIENT’S BUSINESS AND Reviewing Company Accounts: Examining ACCOUNTING SYSTEM interim, internal, and management accounts, Knowledge of Business Impact: Auditors if accessible, offers insight into current must understand the business sufficiently to financial standings. identify events, transactions, and practices Communication with Management and affecting financial statements and the audit Audit Staff: process. Discussions with Management: Engaging in Assessing Risk Processes: Use gained conversations with current management knowledge to understand the client's risk provides valuable insights into the current assessment methods for: state of the business. - Potential impact on financial Consulting Previous Audit Staff: reporting Conversations with past audit staff who - Risks of fraud and error worked on the client's audit offer historical - Risks related to transactions with related parties. perspectives and insights into prior audit - Risks from complex transactions processes. - Level of subjectivity in financial 3. ASSESSING CLIENT’S statement information BUSINESS RISK - Risks linked to unrecorded Understanding Accounting Systems: Before liabilities. assessing risk, the auditor examines accounting and internal control systems. Reasons for Understanding the Client's These procedures yield evidence supporting Business and Industry: assessments of financial statement Industry-specific Risks: Different industries misstatement risks. pose varying risks that can influence an Using Knowledge for Assessment: The auditor's assessment of business risk and auditor leverages insights gained from acceptable risk, potentially affecting understanding the client's business and engagement acceptance. industry to assess the risk that the client Common Industry Risks: Certain risks are might not achieve its objectives (client common across industries; understanding business risk). these helps auditors evaluate their relevance Management's Responsibility: Management in specific industries. identifies business risks and responds to Unique Accounting Needs: Industries have them. The auditor focuses on the risk of unique accounting requirements (e.g., financial statement misstatements resulting construction, financial institutions); auditors from client business risks. Not All Business Risks Impact Statements: indicate potential misstatements or Not all identified business risks translate irregularities, prompting auditors to dig into material financial statement deeper into those areas. misstatements. ISA 315 emphasizes the Materiality Assessment: Preliminary importance of the entire audit team analytical procedures assist in assessing understanding potential misstatement risks. materiality, determining what amounts or Discussion of Risk Factors: ISA 315 errors might have a significant impact on requires the audit team to discuss risk the financial statements. factors during the planning process. Planning Further Audit Steps: Findings Assessing Misstatement Risks: The auditor from preliminary analytics guide the auditor evaluates risks of misstatement at two levels: in planning subsequent audit procedures, - Financial statement level: Risks with including where to allocate more audit potential widespread impact across financial resources and attention. statement items (e.g., the risk of a Documentation: Results from these company's procedures should be documented, inability to continue as a going concern). explaining the findings and their implications. This documentation forms part - Assertion level: Risks specific to of the audit trail and supports the overall transaction classes, account balances, and audit strategy. disclosures. 5. SETTING MATERIALITY 4. PERFORM PRELIMINARY AND ASSESSING ACCEPTABLE ANALYTICAL PROCEDURES RISKS The purpose: auditor get a better Understanding Key Processes: understanding of the client’s business and Auditors need to know the main processes assess this business risk. Also, can perform that make a company stand out or face comparison of the client’s ratio to industry. challenges compared to others. Understanding the Business: Analytical They gather info about these processes, procedures are used at the start of an audit including industry factors affecting them, to understand the client's business and how management oversees them, and their industry. They provide an initial assessment potential impacts on operations and of financial data and trends. finances. Risk Assessment: They assist in risk Using Key Process Information: assessment by identifying unusual Auditors use this information to form fluctuations or inconsistencies in financial expectations about the company's account information. This helps auditors focus on balances and performance. areas that might pose higher risks of These expectations are based on: material misstatement. i. Being independent of management's Comparative Analysis: Preliminary views. analytics involve comparing current ii. Documenting reasoning behind financial data with prior periods or industry these expectations. benchmarks. Deviations from expected iii. Sharing these expectations with the trends are investigated further. entire audit team. Financial Statement Relationships: These procedures analyse relationships and ratios 6. DEVELOPING AN AUDIT PLAN within the financial statements (like gross i. Overall Audit Strategy: margins, expense ratios, etc.). Significant ISA 300 requires creating a strategy guiding deviations trigger additional inquiry. the audit's scope, timing, and direction Identifying Potential Misstatements: Large before crafting the detailed audit plan. variances or unexpected trends could ii. Components of the Audit Plan: - Details of key decisions, scope, Description of procedures: timing, and how the audit will be Risk assessment procedures: Understand conducted. potential misstatement risks. - This can be summarized in a memo outlining important decisions related to the Further audit procedures: Detailed checks at audit's scope and conduct. the assertion level. ii. Audit Plan Details: Other required audit procedures as per Documentation should include: standards. - Nature, timing, and extent of risk assessment procedures. iii. Types of Audit Tests: - Further audit procedures at the Risk Assessment Procedure: Identifying assertion level for each important class of material misstatement risks based on transaction, account balance, and disclosure understanding the business and based on assessed risks. environment. - Use of standard audit programs or Test of Controls: Checking effectiveness of checklists tailored as necessary to suit the client controls through inquiries, document specific engagement circumstances. checks, observation, and testing transactions. RISK ASSESSMENT Substantive Test of Transactions: Verifying Components of Risk in Auditing: accuracy of recorded transactions affecting 1. Business Risk: financial statement balances. Definition: Impact on operations and Analytical Procedures: Identifying potential outcomes of organizational activities. misstatements in financial statements. Importance: Affects how the organization Test of Details of Balances: Focusing on operates and achieves its goals. ending balances in financial accounts using Key point: Understand operational risks for highly reliable external sources. effective auditing. Conclusion: Crucial to assess operational iv. Audit Program Structure: impacts on financial statements. Typically structured into three parts: 2. Financial Reporting Risk: - Tests of controls and substantive Definition: Risks related to recording transactions. transactions and financial data presentation. - Analytical procedures. Importance: Influences accuracy and - Test of details of balances. reliability of financial statements. Each transaction cycle evaluated using Key point: Ensuring accurate financial data specific sub-audit programs. presentation is essential.
v. Flexibility in Planning: Conclusion: Critical for reliable financial
The audit plan might need adjustments statement reporting. during the audit process based on findings 3. Engagement Risk: or changes in circumstances. Definition: Risks auditors face while working with a client. 7. DOCUMENTATION Importance: Affects auditor-client i. Overall Audit Strategy and Plan: association and potential financial loss. The auditor should document: Key point: Managing risks through client - Overall audit strategy, highlighting acceptance decisions. significant changes made during the audit. Conclusion: Crucial for maintaining reputation and financial stability. 4. Audit Risk: Definition: Risk of providing an incorrect - Aspects of the entity and its opinion on materially misstated financial environment. statements. - Internal control components, Importance: Impacts the credibility of audit including sources of information used to findings and conclusions. gain this understanding. Key point: Assessing risks of misstatements - Outline risk assessment procedures in financial statements. performed. Conclusion: Vital for ensuring accuracy in 3. Identified and Assessed Risks: audit opinions. - Document identified risks of potential material misstatements: - At both the financial statement level HOW TO IDENTIFY RISK and assertion level. ASSESSMENT - Include related controls for which 1. Enquiry the auditor has gained an understanding. 2. Analytical procedures By that, auditors can: 3. Observation and inspection - Reduce their workload significantly.
RISK ASSESSMENT PROCEDURES IN - Enhance the audit's effectiveness
AUDITING: and efficiency. 1. Identification through Procedures: - Directly align the audit with the Enquiries of management, analytical client's day-to-day operations. procedures, observation, and inspection. - Increase the chances of identifying Not solely sufficient for audit evidence but significant errors or misstatements. helps in identifying potential risks. 2. Business Risk Assessment: AUDIT RISK Immediate impact on financial statements 1. Acceptable Audit Risk: and controls. - Measures the auditor's willingness to Management identifies and addresses these accept that financial statements might have risks through internal control. material misstatements after issuing an 3. Audit Approach: unqualified opinion. Develop an understanding of the business, - Different from business risk, which management's risk management processes, encompasses all risks in a company's daily and use these to develop expectations about operations. account balances. 2. Components of Audit Risk: Assess control quality to manage risks and - Material misstatement risk in determine residual risks. financial statements or individual DOCUMENTATION transactions and balances. 1. Discussion Summary: - Detection risk: The risk that auditor - Record discussions within the procedures might miss a material error. engagement team about the susceptibility of 3. Assessment and Planning: the entity's financial statements to potential - Assessed using professional material misstatements. judgment, crucial in the planning phase. - Document significant decisions - Evaluated at the organizational level made during these discussions. (whole financial statement) and transaction 2. Understanding Elements level (individual financial components). Documented: 4. Setting Audit Risk: - Capture key elements of - Often assessed after engagement understanding: risk evaluation. - Inversely related: High engagement 5. Audit Planning and Inherent Risk: risk demands lower audit risk (more - Integral in developing the overall rigorous audit), and vice versa. audit plan. - Engagement risk guides the - At the financial statement level, it's determination of the desired audit risk level. linked to material balances or assumed high 5. Considerations in Audit Risk Model: inherent risk for specific assertions. - Influences the amount of evidence - Complexity or uniqueness of gathered; higher inherent risk requires more transactions increases the chance of error. evidence. - Management incentives or pressures 6. Relationship with Audit Process: may lead to earnings or asset misstatements. - Inversely linked to Detection Risk - Stronger internal controls reduce the (DR) and directly affects the evidence likelihood of misstatement. needed. 6. Audit Risk Model Equation: - High inherent risk demands more AR= IR x CR x DR audit attention and evidence gathering to AR = Audit Risk ensure accuracy and reliability. IR = Inherent Risk (risk of material b. CONTROL RISK misstatement before considering controls) 1. Definition: CR = Control Risk (risk that internal - Represents the risk that a client's internal controls won't prevent/detect control system won't catch or prevent a misstatements) misstatement in financial statements. DR = Detection Risk (risk that auditor 2. Key Points about Control Risk: procedures won't catch misstatements) - Quality of controls varies across a. INHERENT RISK different transaction types. 1. Definition: - Strong internal controls lower the - Measures the likelihood of material risk of misstatement. misstatements in an account balance before 3. Factors Influencing Control Risk: considering client's internal control - Attitude of directors and effectiveness. management towards internal control 2. Factors Influencing Inherent Risk (control environment). (Financial Statement Level): - Effectiveness of internal controls - Integrity of management. and staff capabilities in maintaining and - Nature, quality, and experience of operating them. the business management. - Level of competition in the market. - Integrity of staff and management. - Complexity of operations. 4. Assessment and Impact on Audit: - Cash situation of the business. - Preliminary assessment of control 3. Factors Affecting Inherent Risk risk is done for each significant account (Transaction Level): balance or class of transactions. - Susceptibility to misappropriation. - Preliminary assessment is typically - Complexity of transactions. high unless: - Degree of judgment involved. - Relevant internal controls are identified that could prevent or detect 4. Characteristics Elevating Inherent misstatements. Risk: - Plans are made to perform tests of - Complex transactions are more control to validate this assessment. likely to have errors. 5. Relationship with Audit Process: - Estimated balances are more prone - Inversely related to Detection Risk to misstatement compared to fact-based (DR) and directly related to the evidence ones. needed. - High control risk implies more - Development of substantive tests substantial audit procedures and evidence aligned with detection risk. required to ensure accuracy and reliability. - Anticipating potential c. DETECTION RISK misstatements. 1. Definition: - Adjusting the timing of audit tests. - The risk that audit procedures might not - More comprehensive review of catch significant misstatements in financial engagements due to heightened risk. statements. 2. Control and Application: MATERIALITY - Controlled by the auditor and is a 1. Definition: key aspect of audit planning. - Information is material if its - Sets the level of rigour for omission or misstatement could impact substantive audit work. users' economic decisions based on 3. Influence on Audit Procedures: financial statements. - Preliminary assessment of inherent - Acts as a threshold for significant and control risks helps determine the nature, errors, rather than a primary characteristic. timing, and extent of substantive 2. Auditor's Responsibility: procedures. - Auditors must determine if financial - Can be assessed subjectively as statements are materially misstated. high, medium, or low, or using statistical - If material misstatements are methods. identified and not corrected, auditors must address them in the audit report. 3. Preliminary Judgements: 4. Relation to Audit Risk and - Auditors assess materiality early in Engagement Risk: the audit to guide audit procedures. - Inversely related to engagement - Professional judgment determines risk; lower engagement risk leads to lower the level of materiality, reviewed as the detection risk. audit progresses. - Higher inherent or control risk leads 4. Materiality for Financial Statements: to lower detection risk, necessitating more - Assessing the total uncorrected robust substantive testing. errors to gauge materiality for the entire 5. Impacts on Audit Procedures: financial statement. - Lower detection risk demands more - Planning materiality is set for the rigorous testing: larger sample sizes, whole statement and then allocated to reliable evidence, experienced auditors, specific accounts based on their closer supervision, and extensive year-end susceptibility to errors. testing. 5. Factors Influencing Materiality: - More checks are required with - Determined by professional judgment higher inherent or control risk to minimize based on users' needs, financial statement overall audit risk. elements, areas of focus, entity nature, 6. Variation in Detection Risk: ownership structure, and financing. - Table 5.1 demonstrates the acceptable 6. Relation to Audit Risk and levels of detection risk based on evaluations Evidence: of inherent and control risks. - Materiality and audit risk are 7. Modifying Audit Procedures: interrelated throughout the audit process. - Changes in evidence collection and - Audit risk is a function of material audit response: misstatement risks and detection risk; - Deployment of experienced personnel. auditors consider both while planning audit procedures and evaluating misstatements' impact. 7. Documentation: - Audit documentation must include: - Materiality for the entire financial statement. - Materiality levels for specific transactions or balances. - Performance materiality. - Any revisions in materiality as the audit progresses.
Audit Engagement Strategy (Driving Audit Value, Vol. III): The Best Practice Strategy Guide for Maximising the Added Value of the Internal Audit Engagements