QAR Audit Methodology:

Pre-Engagement, Audit
Planning and Test of Controls
NOVEMBER 2022
 • Gather information about the prospective client

Pre-Engagement • Perform client acceptance and continuance procedures

• Agree with the client on the terms of the engagement
• Brief Engagement Team Members

• Set the audit scope

• Schedule Timing and Deadlines
Audit Planning • Identify and assign audit team members
• Set audit time and cost budgets
• Review and approve audit plan

Study & Evaluation of Internal • Understand and evaluate

• Internal Control Structure

Control
• Accounting processes (routine, non-routine, accounting estimates)
• Test of controls

• Design work programs

Substantive Testing • Perform substantive test procedures
• Consider other audit procedures

• Perform final analytical procedures

Completing the Audit • Summarize and evaluate audit differences and findings
• Review audit documentation
• Review subsequent events

• Discuss and agree with client on audit conclusion

Issuance of the Audit Report • Review financial statement presentation and disclosure
• Prepare audit report

• Perform engagement quality review

Post-audit responsibilities • Assemble final audit files
• Debrief engagement team members
Pre-Engagement
 • Gather information about the
prospective client
• Perform client acceptance and
Pre- continuance procedures
Engagement • Agree with the client on the terms
of the engagement
• Brief Engagement Team Members
Pre-Engagement

Ac1 - Client acceptance/Continuance

Ac2 – Provision of Non-Audit Services

Client or Continuance Form – Ac1

• Should be completed by the Audit Partner before you do any other planning
• The Audit Partner is considered to be the only person with enough knowledge to
complete this form and if anyone else completes it, it could be considered a
fraudulent working paper
• This form covers the key ethical issues and is the Audit Partner’s permission for work
to start
• All questions should be answered ‘yes’ or ‘no’, and ‘yes’ answers mean there are
potential issues
Provision of Non-audit Services – Ac2

• The IESBA’s Code of Ethics requires you to consider the acceptability of providing
non-audit services:
- Prohibited services
- Non-audit services provided
- Safeguards introduced to reduce threats to an acceptable level
• The client must have Informed Management for the firm to provide both audit and
non-audit services
Audit Planning – Information Gathering
Audit Planning

• Critical part of the audit

• Identify the risks
• Produce a well structured plan
• Make sure the audit team is fully briefed
 • Set the audit scope
• Schedule Timing and Deadlines
Audit Planning • Identify and assign audit team members
• Set audit time and cost budgets
• Review and approve audit plan
The Benefits of Good Planning
• Challenging and needs experienced staff to implement
• Benefits when successful
- Focus of audit work on risks
- Much better knowledge of business
- Helps with staff training and experience
- Makes the audit more efficient
• Effective planning should identify risk areas and provide a plan which will
reduce audit risk to an acceptably low level
Planning

Ac3: Permanent File Checklist

Ac4: Preliminary Planning Procedures

Ac5: Preliminary Analytical Procedures

Permanent File Checklist – Ac3

• PSAs require excellent knowledge of the client

• The importance of permanent files is emphasised by the PSAs
• This compulsory checklist is used to ensure that the permanent file contains all the
information that it should
• All answers should be ‘yes’ or ‘n/a’ as ‘no’ answers indicate omissions from the
permanent file
Permanent File

• What does the client do?

• How do they do it?
• Why do they do it (objectives)
• Who owns and controls it?
• How is it managed (management structure, risk assessment etc.)
• What are the company’s accounting policies?
• Other accounting issues – pensions, share options
Permanent File

• Letter(s) of engagement with your firm

• Other key contracts
• Leases
• Bank loan agreements
Permanent File

• Statutory (constitutional) information

- Client’s Articles of Incorporation/By-Laws
- Is the client complying with these?
- Details of Directors / shareholders for disclosure
- Details of classes of shares (if appropriate)
- Details of shareholder agreements
Permanent File

Payroll

Expenses Inventory

Revenue
Overall Journals
system
Permanent File

• Controls must be documented and understood

- Controls over transactions:
- Authorisation
- Sequence checks
- Matching of documents
- Segregation of duties
- Non-transaction based controls;
- Reconciliations
- Preparation and review of management information
Preliminary Planning Procedures – Ac4

• You need to communicate with the client before doing the audit
- This could be a face to face meeting, or a virtual meeting. Also, routine
communication during the year might have given valuable information.
- It should be clear from this how the communication occurred, who was involved,
when it occurred and a summary of the matters discussed
- This discussion must involve a director of the company, and where they are not
involved in the day to day management of the company, a member of the
management team
- All points on the agenda are required by the PSAs and must be covered
Preliminary Analytical Procedures – Ac5

• PSA 520 requires analytical procedures to be considered and documented at the

planning stage
• Preliminary analytical procedures should consider the auditor’s expectations
• This should directly affect the risk assessment (including the risk of fraud) and the
audit approach
Audit Planning – Risk Assessment and Materiality
Computation
Formal Planning

• Assessment of risk
• Materiality and
• The audit plan
Risk Assessment – Ac6/Ac7

• The PSAs require a thought driven approach to assessing risk

• Risk must be considered for each audit assertion for each material element of the
financial statements
Audit Assertions - PSA 315

About balance sheet items, and related disclosures, at the period end:
• Existence
• Rights and Obligations
• Completeness
• Accuracy, Valuation and Allocation
• Classification
• Presentation
Audit Assertions – PSA 315

About transaction types and events, and related disclosures, for the period under
audit:
• Occurrence
• Completeness
• Accuracy
• Cut-off
• Classification
• Presentation
Risk Assessment – Ac6/7

• Summary of risk assessment (Ac6)

• Overall inherent risk assessment (Ac6)
• Overall consideration of controls (Ac6)
• Detailed assessment for each material element of the financial statements (Ac7)
Inherent Business Risk – Ac6

Who is using
Experience with Client’s Management
the financial
client business expertise
statements?

Accounting Financing / Experience of

Regulation
systems going concern employees

...
Inherent Risk – Ac6

• Detailed notes are needed to justify your high / medium / low risk conclusion
• The PSAs assume all areas are high risk unless you can justify otherwise
• Overall risk assessment helps to decide the audit approach; it does not directly affect
sample sizes. However, it does affect risk conclusions in specific audit areas which
then determine the sample sizes
• ‘Significant risks’ must be highlighted.
Control Environment – Ac6

• For all audits, you must document the adequacy of the client’s controls
• In most cases for standalone, small and medium sized audit clients this form will
conclude that controls testing is not possible (this is the likely conclusion if any
question on the checklist is answered ‘yes’)
• Audit testing in this case will be wholly substantive
Walkthrough Tests

• The objective is to confirm that systems operate as documented on the permanent

file
• Should normally be done for all material transaction cycles:
- Consider the impact if there are multiple locations
- Has the client changed systems and what is the impact?
- When might you not need a walkthrough test?
Control Environment – Ac6

• As this is a wholly substantive approach there are two possible conclusions on the
client’s control environment.
– Controls are potentially ineffective and will not be relied upon
- Controls are potentially effective but will not be relied upon

• You also need to consider the level of risk from management override of controls
Specific Area Risk – Ac7

• Questions are included for each area as a prompt:

- Any question answered ‘yes’ suggests a possible risk which should be addressed
on the form
- Consideration must be made of the area as a whole and each audit assertion
- The purpose is to provide a convincing argument (if appropriate) as to why the
area / assertions are not high risk – this is of particular importance for revenue
- ‘Significant risks’ must be highlighted and summarised.
Significant Risks – Ac7

• Significant risks will need to be considered in detail

• PSA 315 gives a range of risks that could be significant
• Examples could include:
- Going concern
- Directors and management who lack integrity
- Large subjective valuations
Revenue Recognition risk – Ac7

• PSA 240, paragraph 47:

“If the auditor has concluded that the presumption that there is a risk of material
misstatement due to fraud related to revenue recognition is not applicable in the
circumstances of the engagement, the auditor shall include in the audit
documentation the reasons for that conclusion”
Management override risk – Ac7

• PSA 240, paragraph 31:

“Management is in a unique position to perpetrate fraud… the level of risk… will
vary from entity to entity… [however] this is a significant risk”
Materiality – Ac8

• Materiality is assessed by selecting an appropriate measure and applying a

percentage to this. The standards used are:
- Revenue x 1%
- Profit/loss before tax x 10%
- Gross Assets (i.e. Non-current assets + current assets) x 2%
• For example for a trading company, normally profit before tax or revenue will be the
correct measure to use; for investment property companies it is likely that gross
assets will be most appropriate.
• Justification of what you use for materiality is ESSENTIAL.
Overall materiality
Overall materiality
Materiality – Ac8

• It is recommended that any large or unusual figures are removed to avoid distortion
of materiality
• The Audit Partner must approve any changes to the materiality figure if the
calculation is considered inappropriate
• This figure is included as the denominator in the substantive sample size formula
Performance Materiality – Ac8

• Materiality is a decision point and auditors need a margin built in

• So ‘performance materiality’ was introduced by PSA 320
• This must be less than materiality
• This audit system sets this as 75% of materiality for low risk areas, 62.5% medium,
50% high with lower values for sensitive areas / disclosures
Materiality – Ac8
• Materiality:
- Maximum aggregate value of errors which can be within the financial statements before they
become misleading
- Used when calculating sample sizes

• Performance Materiality:
- All elements of the financial statements above this must be considered
- All items in a population above this must be included in sample
- Total unadjusted errors should not exceed this level

• Triviality
- The measure beneath which you don’t need to take any action
Audit Planning – Audit Plan and Team Discussion
Assignment (Audit) Plan – Ac9

• Sets out the key matters identified in planning and how they will be dealt with
• Provides a summary of planning for the audit team
• The assignment plan is used to document key issues relating to the planning
Tailoring Audit Programmes

• Work programmes should be tailored at this stage

• This allows the work performed to be focused on what the audit partner wants (and
reduces unnecessary work)
• Evidence of tailoring is documented at Ac9
• The Audit Manual contains only substantive and transaction testing audit
programmes (there are no programmes dealing with controls-based auditing)
Sample Sizes - Ac10

• Use Ac10 to document the audit approach and calculate sample sizes
• Sample sizes are affected by the planned audit approach:
- Immaterial (I)
- Proof in total (P)
- Test 100% (%)
- Transaction testing (T)
- Substantive testing (S)
Sample Sizes – Ac10

=
Immaterial Proof in total OR Test 100% No sampling
OR
required
Sample sizes: transaction testing
• Transaction tests sample sizes:
- Low: 25
- Medium: 40
- High: 60 +
• The above sample sizes are based on a population of 401 – 2 million transactions
• If the population is less than 400 items then the small sample size table can be applied:
No of High Risk Medium Risk Low Risk
transactions

226 – 400 48 + 32 20
101 – 225 36 + 24 15
26 – 100 24 + 16 10
1 – 25 12 + 8 5
Sample sizes: substantive testing

Value of
Residual
Population
Residual
Risk Factor Sample
size

Overall
Materiality
Sample sizes: substantive testing

• Risk factor table (use only lines 1 and 3 as controls testing not being used)

RELIANCE ON:   BALANCE SHEET   INCOME AND EXPENDITURE

Analytical
Controls? Review?   High Risk Med Risk Low Risk   High Risk Med Risk Low Risk
No No   2.5 1.8 1.2   1.2 0.9 0.6
Yes No   1.3 0.9 0.6   0.4 0.3 0.2
No Yes   1.7 1.2 0.8   0.8 0.6 0.4
Yes Yes   0.9 0.6 0.4   0.4 0.3 0.2
Sample sizes: substantive testing

Trade receivables:
CU 1,550,375
Population per Aged Receivables listing:

Overall Materiality: CU 100,000

Performance Materiality CU 75,000
Assessed level of risk: Low
Reliance on controls? No
Reliance on analytical review? No
Sample sizes: substantive testing
Example: Trade Receivables (Debtors)
- The Aged Receivables list includes the following balances:
CU
ABC Training Limited 79,450
DEF Group Limited 103,765
GHI Accountants LLP 135,820
HAT Compliance Limited (a related party) 68,500
Sample sizes: substantive testing
CU
Population per Aged Receivables listing: 1,550,375
Less: Large Items (anything in excess of Performance
Materiality)
ABC Training Limited (79,450)
DEF Group Limited (103,765)
GHI Accountants LLP (135,820)
Less: Key Items (anything else which is important)
HAT Compliance Limited (a related party) (68,500)

Residual Population 1,162,840

Sample sizes: substantive testing
Residual Population (A) CU 1,162,840
Overall Materiality (B) CU 100,000
Risk Factor (no controls, no Analytical Review)
(C) 1.2

Using formula [(A/B) x C], Residual sample size

= 13.95, so round to 14

So the total sample size is 3 large items, 1 key item and 14 residual
population items
Team Discussion and Briefing - Ac11

• Compulsory requirement of the PSAs is that the whole audit team discusses the
potential for fraud and risk
- Where could frauds occur in the business and how likely is this?
- What might indicate to the audit team that problems exist?
- Is your planned audit approach sufficient?
- What risks do related parties bring?
End