Chapter 6

Audit Planning
AUDIT AND ASSURANCE

Preliminary
Understanding Risk Calculate the Audit Design Audit
Planning engagement
the Entity assessment materiality Strategy
Audit Plan
Procedures
activities

Purpose of planning
Audits are complex and risky expensive processes, so to be performed in an effective manner, we need planning to:
1) Select important areas of the audit.
2) Selects team members with appropriate capabilities and competencies.
3) Directs supervises the team and reviews their work.
4) Coordinates the work of others, such as experts and internal audit.
5) Organizes / manages the audit so that it is performed in an effective and efficient manner
Planning ensures that the risk of performing a poor quality audit (and giving an inappropriate audit opinion) is reduced to an acceptable
level, and it is an evidence that the audit was conducting in accordance with ISAs, hence:
• Allows a user to have as much confidence in the auditor's opinion.
• Ensures that the quality of audits internationally, is maintained to a high standard.
• Provides a measure to assess the standard of an auditor's work

Planning needs a Professional skepticism and professional judgment

Professional skepticism is an attitude that includes questioning mind alert which may indicate possible misstatement
Professional judgment is a behavior that requires the auditor to make appropriate decisions in the circumstances of the audit engagement.
based on the knowledge, skills, and experience that the auditor have , in accordance with the standards, laws, and regulations.
Therefore, the use of a risk-based approach, selecting the sample, setting materiality, audit opinion, etc.. are requires skill, knowledge, experience
and an open mind

The planning process

Planning consists:
Preliminary engagement activities:
1) Procedures regarding to acceptance or continuance of the client engagement.
2) Ensuring that ethical requirements are met, including independence
3) Identify the terms of the engagement.

Audit strategy:
After auditors assess the risk and determine the risky areas in the financial statements, they need to design an appropriate audit strategy to respond
to the risks and potential misstatements

➜ The audit strategy and the audit plan must be documented in the audit working papers. Any updates to them must also be documented.

Auditors usually use the audit strategy as the basis for preparing the audit plan that would list the audit procedures that needed to be performed for
each relevant assertion of significant accounts and balances in financial statements.

The audit strategy sets the Scope, timing and direction of the audit. It allows the auditor to :
1) Put the right people in the right place. (determined the level of experience and expertise is required in the audit work).
2) Allocate the audit staff based on their skills, knowledges, and experiences.
3) Determined how the team managed, directed, and supervised,
4) Setting the timing for meetings, guiding the teams on performing their tasks, and performing reviews of the audit works

Audit strategy also involving in designing a suitable audit approach including the test of control and substantive test. For example, auditors may
decide to perform the test of control and reduce some of their substantive works if they intend to rely on the client’s internal control. Or they may
decide to go directly to substantive tests without placing reliance on internal control .

Matters to consider when establishing the overall audit strategy

Characteristics of the For example, what accounting standards client uses, which industry it is in, where is the location of
engagement branches or subsidiaries, any need for expert, what is reporting currency, etc..

Reporting objectives, timing of For example, the timing for reporting, meeting with management, communications with third parties,
the audit, and nature of discussions with management and those charged with governance, etc..
communication

Significant factors and For example, determining materiality, risk assessment, evidence of management’s commitment and
preliminary engagement importance of internal controls, Results of previous audits, Need to maintain professional skepticism,
activities Volume of transactions, any significant changes in business, industry, and reporting requirement, etc..

Nature, timing, and extent of For example, selecting the engagement team, assigning the work to the team members, and budgeting
resources the engagement (e.g. how much time needed on a certain area), etc.
 Contents of audit strategy may be different from one accounting firm to another. However, the audit strategy usually includes the following
contents below

Overview This section summaries the engagement and responsibilities of auditors

Significant risks This section of audit strategy contents describes significant risks and how auditors will deal with them

Audit scope and It describes what audit standards and approach auditors use and whose works auditors will rely on e.g. the work of
approach internal audit and expert, etc.

Materiality Materiality in this part may include both overall materiality and performance materiality

Audit engagement In this section, it usually describes senior team members including team leader and team manager
team

Timetable and This is where auditors describe the timetable of the audit with deliverable documents
deliverables

Independence This is the part contents that describes how auditors ensure their independence in the audit engagement.

Audit Planning:
The audit plan converts the audit strategy into a more detailed plan and includes the nature, timing and extent of audit procedures to be
performed by engagement team members.

Nature: generally mean, based on the walk through testing performed (test of controls or substantive audit procedures )
Timing: depends on the size and complexity of the client's business. Higher the complexity, More works are required, More time is needed
Extent: depends on how well the auditor knows his client, the effectiveness and efficiency of internal controls in the client's entity, Audit history of
auditor etc. Based on the above the auditor decides the performance materiality levels (amount(s)

The audit plan shall include the following:

A description of the nature, timing and extent of planned risk assessment procedures
A description of the nature, timing and extent of planned audit procedures at the assertion level
Other planned audit procedures required to be carried out for the engagement

Examples of items included in the audit plan could be:

• When the work should be done: Timetable of planned audit work (e.g. Interim or Final)
• what audit procedures: Audit procedures for each major account area (e.g. inventory, receivables, cash etc.)
• who should do the procedures: Allocation of work to audit team members (e.g. Ahmed carrying cash Mohamed carrying revenue etc.)
• how much work should be done: Materiality for the financial statements as a whole and performance materiality

Interim and final audit

The auditor must consider the timing of audit procedures such as whether to carry out an interim audit and a final audit, or just a final audit. For an interim
audit to be justified, the client normally needs to be of a sufficient size because this may increase costs. However, an interim audit should improve risk
assessment and make final procedures more efficient.

It is important to note that the interim audit and final audit are two stages of the same audit. One set of financial statements are audited. One auditor's report
will be issued.

Interim audit Final audit

Timing Takes place before the year-end. Takes place after the year-end.

Purpose • Enables more effective planning for the final stage of the audit. • Obtain sufficient appropriate evidence in respect of the financial
• Useful when increased detection risk. statements to enable the auditor’s report to be issued.

Work • Documenting systems Cycles. • Audit balances on Financial position

performed • Evaluating controls • Transactions that have occurred since the interim
• Test complete transactions • Obtaining evidence that the controls tested at the interim
• Attend inventory counts. • Obtaining Confirmations and subsequent events revie

Impact of interim audit work on the final audit

If the controls tested at the interim stage provided evidence that control risk is low, fewer substantive procedures can be performed.
Then, fewer procedures will be required at the final audit in general.
Then, the final audit will require less time to perform.
If control risks is high, increased substantive procedures will be required at the final audit.

Fraud and error

Misstatement in the financial statements can arise from either fraud or error.
➜ Fraud: is an intentional act by one or more individuals among management, those charged with governance, employees or third parties, involving the use
of deception to obtain an unjust or illegal advantage.

Fraud can be split into two types:

Fraud in financial reporting: deliberately misstating the financial statements to make the company's position look better or worse than it actually is.
Misappropriation: the theft of a company’s assets such as cash or inventory.

➜ Error: is an unintentional misstatement in financial statements, including the omission of amounts or disclosures, such as the following:
• Mistake in gathering and processing data.
• Incorrect accounting estimate.
• A mistake in the application of accounting principles.
Directors’ responsibilities in respect of fraud
Those charged with governance and the management of an entity are responsible to prevent and detect the fraud thru:
1) Effective system of internal control.
2) Creating a culture of honest ethical behavior.
3) Risk assessment and corporate governance procedures.
4) Audit committee should review these procedures to ensure that they are in place and working effectively.

This will normally be done Internal Auditors as follows:

• Testing the effectiveness of the internal controls
• Performing fraud investigations to identify: (how the fraud was committed, the extend of the fraud, provide recommendations on how to prevent the fraud)
• Performing surprise asset counts to identify misappropriation.

External auditor's responsibilities in respect of fraud

The auditor’s role is two-fold:
1) Assess the risk of material misstatement due to fraud
• Apply professional skepticism and remain alert to the possibility that fraud could take place
• Consider the potential for management override of controls (the audit procedures that are effective for detecting error may not be effective for detecting fraud)

Audit Procedures:
1) Discuss with the engagement team about susceptibility of the client's financial statements to material misstatement due to fraud:
Consider any incentives to commit fraud such as profit related bonuses
Opportunities to commit fraud such as ineffective internal controls
Management’s attitude e.g. disputes with the auditor over auditing matters or known deficiencies have not been corrected
2) Enquire of management about their processes for identifying and responding to the risk of fraud.
3) Enquire of management, internal auditors and those charged with governance if they are aware of any actual or suspected fraud activity.

2) Responding to the assessed risks

Audit Procedures:
1) Review transactions outside the normal course of business.
2) Review journal entries made to identify manipulation of figures recorded or unauthorized journal adjustments: JV TEST
Enquire of the unusual activity relating to adjustments.
Select journal entries and adjustments made at the end of the reporting period.
3) Review management estimates for evidence of bias:
Reasonableness of estimates they indicate any management bias.
Perform a retrospective review of management judgments reflected in the prior year.
4) Obtain written representation from management and those charged with governance those that they:
Acknowledge their responsibility for internal controls to prevent and detect fraud.
Have disclosed to the auditor the results of management’s fraud risk assessment.
Have disclosed to the auditor any known or suspected frauds.

Reporting of fraud and error

• Communicate the matter to the appropriate level of management those with the primary responsibility for prevention and detection of fraud.
• If the suspected fraud involves management, communicate the matter to those charged with governance.
• If the auditor has doubts about the integrity of those charged with governance, they should seek legal advice regarding an appropriate course of action.
• If the fraud has a material impact on the financial statements, the auditor's report will be modified.

Laws and regulations

Non-compliance means acts by the entity include omission or commission intentional or unintentional, which are conflict with laws or regulations.
Non-compliance must specifically relate to the business activities i.e. does not include personal misconduct

Responsibilities of management
Management oversight of those charged with governance, to ensure that the entity's operations are conducted in accordance with relevant laws and
regulations

Responsibilities of the auditor

• The auditor must obtain sufficient, appropriate evidence regarding compliance with laws and regulations generally recognized to have a direct
effect on the financial statements (e.g. tax provision / applicable financial reporting framework).

• The auditor must perform audit procedures to help identify non-compliance with other laws and regulations that may have a material indirect
impact on the financial statements (e.g. data protection) such matters could affect the company’s ability to continue as a going concern.

Audit Procedures to identify instances of non-compliance

1) Obtaining a general understanding of the legal and regulatory how the entity is complying with.
2) Enquiring of the management and those charged with governance.
3) Inspecting correspondence with relevant licensing or regulatory authorities.
4) Obtaining written representation from the directors that they have disclosed all events of which they are aware which involve possible non-compliance

Audit procedures when non-compliance is identified

1) Enquire management about penalties to be imposed.
2) Inspect correspondence with the regulatory authority to identify the consequences.
3) Inspect board minutes for management's discussion on actions to be taken regarding the non-compliance.
4) Enquire of the company's legal department the possible impact of the non-compliance.

Reporting of fraud and error

• The auditor should report non-compliance to management and those charged with governance, unless prohibited by law or regulation.
• If The auditor believes the non-compliance is intentional and material, the matter should be reported to those charged with governance.
• If the auditor suspect’s management or TCWG are involved in the non-compliance, the matter should be reported to the audit committee or supervisory board.
• If the non-compliance has a material effect on the financial statements, a qualified or adverse opinion should be issued.
• The auditor should also consider whether they have any legal or ethical responsibility to report non-compliance to third parties e.g. to a regulatory authority.
 Quality control
ISA 220 Quality Control for an Audit of Financial Statements requires the firm to establish a system of quality control consisting of:

▪ Leadership
Engagement partner takes overall responsibility for the overall quality of the engagement in respect of:
Compliance ethical requirement.
Appropriate acceptance and continuance.
Selecting the engagement team
Reviews.
Sufficient appropriate evidence has been obtained the audit conclusion through a review of the documentation and discussion with the audit team.
Appropriate consultation on difficult or contentious matters.

▪ Relevant ethical requirements

Chapter 4
▪ Acceptance and continuance of client relationship
The firm should ensure that the are accepted level of risk. This requires consideration of:
• Integrity of management
• Adequate resources( Auditor ) are exist
• Compliance with ethical requirements
• Significant matters that have arisen during the current or previous audit engagement and their implications for continuing the relationship.

▪ Human resources
The engagement partner should ensure that the engagement team have the competence and capabilities to perform the audit in accordance with
knowledge of professional standards, knowledge of relevant industries and ability to apply judgment understanding of the firm's quality control.

▪ Engagement performance

Direction Supervision Review

Involves informing team members of: Involves: Responsibilities include consideration of whether:
• Their responsibilities • Tracking the progress of the audit timetable can be met • evidence obtained is sufficient and appropriate
• Fulfil ethical requirements • Providing Coaching to help develop skill of the team • work has been performed with professional standards
• Exercise professional skepticism • Identifying matters for consultation internal expertise. • The objectives of the engagement procedures have been achieved
• Maintain professional judgement • Addressing significant matters arising modifying the ➜ The engagement partner must review audit documentation at
• Understanding the objectives of the work planned approach appropriate points during the engagement including documentation
• Achievement of quality of the engagement of significant matters, significant judgments and other matters
relevant to the engagement partner’s responsibilities.
▪ Monitoring
Quality control policies alone do not ensure good quality work, we also need to ensure that the implementation of these quality control policies is
operating effectively Therefore, the Audit firms must evaluate:
➜ Commitment to professional standards and regulatory/legal requirements.
➜ Ensure that the quality control procedures have been implemented on a day-today basis.
➜ Carry out post-issuance (cold) review.
Post-issuance (cold) review
Purpose To assess whether the firm's policies and procedures were implemented during an engagement and to identify any deficiencies.

When After the auditor's report has been signed.

Which files completed audit files.

Conducted by quality department / a qualified external consultant / an independent partner

Working papers should demonstrate that:

Matters Sufficient appropriate evidence has been obtained.
considered All matters were resolved before issuing the auditor's report.
All working papers should be: • On file • Completed • Signed as completed • Evidence as reviewed.

A report of the results will be provided to the partners of the firm highlighting deficiencies that require corrective action.
Recommendations will be made including:
Outcomes • Communication of findings
• Additional quality control reviews • Training
• Changes to the firm's policies and procedures • Disciplinary action.

▪ Audit documentation
Audit Documentation requires auditors to prepare and retain written documentation that:
. Provides evidence of the auditor’s basis for their report.
Provides evidence that the audit was planned and performed in accordance with ISAs and applicable legal and regulatory requirements.
. It enables the team to be accountable for its work.
. It enables the conduct of quality control reviews and inspections (both internal and external).
. It allows a record of matters of continuing significance to be retained.
. It assists team members responsible for supervision to supervise and review audit work.
Form and content of audit documentation
Documentation should be sufficient and clear to enable an experienced auditor, with no previous background to the audit, to understand:
• Nature timing extent of audit procedures performed.
• Results of the procedures performed the evidence obtained.
• Conclusions and significant matters arising during the audit work.
Retention of working papers
• Completed in a timely fashion after the date of the auditor's report (normally not more than 60 days after).
• Retained for the period required (this is normally five years from the date of the auditor's report).