AT.

04 – Planning an Audit of Financial Statements

Learning Objectives:

1. Understand audit process activities, including preliminary engagement, planning, and

documentation.
2. Recognize the role and timing of planning in an audit.
3. Describe risk assessment procedures, including understanding the entity and its
environment.
4. Identify and assess risks of material misstatement and related documentation.
5. Highlight the importance of documentation throughout the audit process.
6. Recognize additional considerations in initial audit engagements.

References:

PSA 200 - Overall Objectives of the Independent Auditor and the Conduct of an Audit in
Accordance with International Standards on Auditing

PSA 210 - Agreeing the Terms of Audit Engagement

PSA 500 - Audit Evidence

Notes:

Role and Timing of Planning

 Audit Planning – Establishing overall audit strategy and plan
 Purpose of Audit Planning
o Devoting appropriate attention to key audit areas
o Identifying and resolving potential problems promptly
o Assists in organizing and managing the audit effectively
o Assists in selecting competent engagement team members
o Facilitates directing and supervising team members' work
o Assists in coordinating work with auditors of components and experts

Involvement of Key Engagement Team Members

 Engagement partner and other key members

 Face-to-face, virtual, or through other means of communication
 Documented, for those who are not able to attend

Preliminary Engagement Activities

 Perform procedures for assessing the continuation of client relationship and audit
engagement.
 Evaluate compliance with ethical standards, including independence.
 Establish clear terms of the audit engagement.

Planning Activities
 1. Overall audit strategy – sets the scope, timing, and direction of the audit and guides the
development of the more detailed audit plan.
 Identify engagement characteristics to define its scope.
 Ascertain reporting objectives to plan audit timing and required communications.
 Consider significant factors for directing team efforts.
 Consider results of preliminary activities and relevance of knowledge from other
engagements.
 Ascertain resources needed for the engagement.
2. Detailed audit plan – description of the nature, timing and extent of:
 Risk assessment procedures
 Further audit procedures (test of controls, substantive procedures, dual-purpose tests)
 Other planned audit procedures

Documentation

 Plan the direction, supervision, and review of engagement team members' work.
 Document the overall audit strategy, audit plan, and any significant changes and reasons
for such changes.
 Update and modify the audit strategy and plan as needed throughout the audit.

Additional Considerations in Initial Audit Engagements

 Perform procedures for accepting the client relationship and audit engagement.
 Communicate with predecessor auditor in case of auditor change, following ethical
requirements.

Purpose of Risk Assessment Procedures

 Understand the entity, its environment, and internal control.

 Identify and assess risks of material misstatement due to fraud or error at financial
statement and assertion levels.
 Provide a basis for designing and implementing responses to assessed risks.

Key Terms

 Assertions: Management's representations in financial statements, guiding auditors on

potential misstatements.
 Business risk: Conditions or actions affecting an entity's objectives and strategies.
 Internal control: Processes ensuring reliability of financial reporting, effectiveness and
efficiency of operations, and compliance with laws and regulations.
 Risk assessment procedures: Procedures to understand the entity and identify risks of
material misstatement.
 Significant risk: Risks needing special audit attention due to potential of material
misstatement.

Risk Assessment Procedures

 Perform risk assessment procedures to identify and assess risks of material

misstatement at financial statement and assertion levels.
  Risk assessment procedures alone are insufficient for audit evidence.
 Include inquiries of management, internal audit, and others with relevant information.
 Employ analytical procedures.
 Conduct observation of operations and inspection of documentation.
 Consider information from client acceptance or continuance process for risk
identification.
 Engagement partner should consider relevance of information from other engagements
for the entity.
 Use information from previous audits and experience, assessing relevance for the current
audit.
 Engagement team must discuss financial statement susceptibility to material
misstatement and apply financial reporting framework.
 Engagement partner to communicate relevant matters to team members not involved in
the discussion.

Required understanding of the entity

 External factors (industry, regulatory, etc.)

 Nature of the entity (operations, ownership and governance, investment and finance
structure)
 Accounting policies
 Objectives and Strategies (business risks, etc.)
 Financial performance review and measurement
 Internal control

Identifying and Assessing the Risks of Material Misstatement

 F/S and assertion level

 Identify risks:
o Understand entity, environment, and controls.
o Consider transactions, balances, and disclosures.
 Assess risks:
o Determine pervasiveness across financial statements.
 Relate risks to assertion level:
o Consider relevant controls for testing.
 Consider likelihood of misstatement:
o Evaluate potential material misstatements.

Significant Risks

Obtain understanding of controls relevant to:

 Fraud risk
 Recent economic, accounting, or other developments
 Transaction complexity
 Significant related party transactions
 Subjectivity in financial measurement
  Significant non-routine transactions

Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Evidence

 Incomplete recording of routine and significant transactions or balances

 Highly automated processing with limited manual intervention
 Understanding of relevant controls is necessary

Documentation

 Discussion among engagement team about significant decisions

 Understanding of entity and environment
o Internal control components
o Sources of information
o Risk assessment procedures
 Risks of material misstatement
o Financial statement level
o Assertion level
 Identified risks and related controls

Materiality

 An item is considered material if its omission or misstatement could influence the

decisions of the users of the F/S.
 Materiality is a matter of professional judgment, and depends on the size (quantitative) or
nature (qualitative) of the item being assessed.
 Consideration: common financial information needs of users.
 Materiality in audit:
o Materiality at the financial statements level – the smallest aggregate
misstatement that could be material to any of the F/S.
o Materiality at the assertion level – largest tolerable misstatement for classes of
transactions, account balances and disclosures
 Applications of materiality:
o Material accounts/disclosures (scoping)
o RAP
o FAP
o Evaluation of uncorrected misstatements
o Form opinion
 Inverse relationship between materiality and assessed risk, audit procedures, and audit
evidence
 Overall materiality – (Benchmark ± Normalizing adjustments) x %
 Specific materiality – (Specific F/S items ± Normalizing adjustments) * %
 Performance materiality – set by auditors below overall materiality to lower the risk of
uncorrected misstatements.
o Allowance for total of uncorrected and undetected misstatements
o Applies also to specific materiality
 Adjust for:
 o Changes in circumstances
o New information
o Change in understanding
o Consider adjustment of audit scope
 Clearly trivial misstatement threshold
o Not a materiality
o A cut-off for unimportant misstatements
o Misstatements falling below CTMT are no longer proposed for adjustment.
1. Planning an audit involves
a. Establishing the overall audit strategy for the engagement.
b. Developing an audit plan.
c. Both A and B
d. Neither A nor B

2. Which of the following statements is not true concerning audit planning activities?
a. Planning is a discrete phase of an audit.
b. Planning is a continual and iterative process.
c. In a recurring audit, planning often begins shortly after (or in connection with) the
completion of the previous audit and continues until the completion of the current
engagement.
d. In planning an audit, the auditor considers the timing of certain planning activities
and procedures that are to be completed before the performance of further audit
procedures.

3. Which of the following is the main reason for an auditor why an auditor should obtain an
understanding of a client’s business and industry?
a. Make constructive suggestions concerning improvements to the client’s business
processes and controls.
b. To assist the auditor in auditing the financial statements of entities in similar
industries.
c. To understand the events and transactions that may have an effect on the client’s
financial statements.
d. To evaluate whether the client’s internal controls are operating effectively.

4. The establishment of an overall audit strategy involves identifying all of the following
except:
a. Characteristics and scope of the engagement.
b. Reporting objectives and nature of communications.
c. Important factors that will determine the focus of the engagement team’s efforts
and resources.
d. All of the above should be included in the overall audit strategy.

5. Which of the following should be included in the audit plan?

a. The nature, timing, and extent of planned risk assessment procedures.
b. The nature, timing, and extent of planned further audit procedures at the assertion
level.
c. The nature, timing, and extent of other planned audit procedures to achieve the
overall objectives of the auditor.
d. All of the above.

6. During the planning stage of an audit, the auditor is required to perform audit procedures
to obtain an understanding of the entity and its environment, as well as its internal control.
These procedures are called
 a. Risk assessment procedures
b. Test of controls
c. Substantive procedures
d. Dual-purpose tests

7. Statement I: Risk assessment procedures include inquiries, inspections, observations,

and analytical procedures.
Statement II: Analytical procedures performed during planning (preliminary) and
completion (concluding) are required. However, analytical procedures performed during
the evidence-gathering phase (substantive) are not required.
Statement III: In performing preliminary analytical procedures, the auditor may establish
expectations over recorded amounts through the use of financial (historical or
prospective) and non-financial data.

Which of the above statements are true?

a. I and II only
b. I and III only
c. II and III only
d. I, II, and III

8. An audit program should be designed for each individual audit and should incorporate
steps and procedures to
a. Detect and eliminate fraud of any type.
b. Provide assurances that the objectives of the audit are satisfied.
c. Ensure that only material accounts are audit.
d. Gather sufficient amount of management information available.

9. In designing written audit programs, an auditor should establish specific audit objectives
that relate primarily to the
a. Financial statement assertions
b. Cost-benefit of gathering audit evidence
c. Effectiveness and efficiency of operations
d. Compliance with laws and regulations

10. Which of the following appropriately relates to the auditor's objective in planning the
audit?
a. The auditor plans the audit to ensure that only Certified Public Accountants will
carry-out the audit procedures.
b. The auditor plans the audit to determine the planned audit opinion to be issued
on the financial statements.
c. The auditor plans the audit so that it will be performed in an effective manner.
d. The auditor plans the audit so that it will be performed in an effective and efficient
manner.
11. Which of the following statements inappropriately relates on how adequate planning
benefits the audit of financial statements?
a. Helps the auditor to devote appropriate attention to important areas of the audit.
b. Helps the auditor plan the level of risks of material misstatements present in the
audit.
c. Helps the auditor identify and resolve potential problems on a timely basis.
d. Helps the auditor properly organize and manage the audit engagement so that it
is performed in an effective and efficient manner.

12. The extent of audit planning will vary according to the

I. Size of the entity

II. Complexity of the audit
III. Auditor's experience with the entity and knowledge of the business
a. I only
b. I and II only
c. II and III only
d. I, II and III

13. An audit approach that allocates proportionately more audit resources to areas of high
audit risk is referred to as a ______________audit.
a. Risk-based approach
b. Substantive approach
c. Controls based approach
d. Data driven approach

14. Which component of the audit risk model may be expressed in qualitative terms?
I. Inherent Risk
II. Control Risk
III. Detection Risk
a. I only
b. I and II only
c. II and III only
d. I, II and III

15. Inherent risk and control risk differ from detection risk in that inherent risk and control
risk are:
a. Elements of audit risk while detection risk is not
b. Considered at the individual account-balance level while detection risk is not
c. Functions of the client and its environment while detection risk is not
d. Changed at the auditor's discretion while detection risk is not

16. Assertions are representations by management, explicit or otherwise, that are embodied
in the financial statements. Management's assertions in the financial statements are of
relevance to the audit process because:
 a. they are the procedures that will be performed by the audit team.
b. they are direct evidence that management has prepared financial statements in
accordance with generally accepted audit standards.
c. they relate more to the audit while the financial statements belong to the auditor.
d. they are utilized by auditors in developing proper tests and procedures.

17. Which of the following is not an inherent risk factors in ISA 315R?
a. Change
b. Complexity
c. Susceptibility to bias and other fraud risk factors
d. Objectivity

18. Which of the following is considered a required documentation in planning an audit?

a. A flowchart or narrative of the accounting system to describe the recording and
classification of transactions for financial reporting.
b. An audit program setting forth in detail the necessary procedures to be performed
during the engagement.
c. A planning memorandum establishing the timing of the audit procedures and
coordinating the assistance of human resources of the entity.
d. An internal control questionnaire identifying policies and procedures that assure
specific objectives will be achieved.

19. Inquiries directed towards those charged with governance may most likely
a. Relate to their activities concerning the design and effectiveness of the entity's
internal control and whether management has satisfactorily responded to any
findings from these activities
b. Help the auditor understand the environment in which the financial statements
are prepared
c. Relate to changes in the entity's marketing strategies, sales trends, or contractual
arrangements with its customers
d. Help the auditor in evaluating the appropriateness of the selection and application
of certain accounting policies.

20. These are audit procedures performed to obtain an understanding of the entity and its
environment, including the entity's internal control, to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial statement and
assertion levels.
a. Risk assessment procedures
b. Further audit procedures
c. Test of operating effectiveness of controls
d. Preliminary analytical procedures

21. An auditor should inspect minutes of the meeting of BOD

a. through the date of the financial statements.
b. through the date of the audit report.
 c. only at the beginning of the audit.
d. on a test basis.

22. The element of the audit planning process most likely to be agreed upon with the client
before implementation of the audit strategy is the determination of the
a. Evidence to be gathered to provide a sufficient basis for the auditor's opinion.
b. Timing of inventory observation procedures to be performed.
c. Procedures to be undertaken to discover litigation, claims, and assessments.
d. Pending legal matters to be included in the inquiry of the client's attorney.

23. After evaluating the risks of material misstatements, the auditor determines detection
risk
a. As the complement of overall audit risk.
b. By performing substantive audit tests.
c. At a level that equates the joint probability of inherent risk, control risk, and
detection risk with overall audit risk.
d. As a product of further study of the business and industry and application of
analytical procedures as part of performing risk assessment procedures to
properly plan the audit in an effective manner.

24. Which of the following conditions supports an increase in detection risk?

a. Internal control over cash receipts is excellent.
b. Internal control over shipping, billing, and recording of sales revenue is weak.
c. Application of analytical procedures reveals a significant increase in sales
revenue in December, the last month of the fiscal year.
d. Study of the business reveals that the client recently acquired a new company in
an unrelated industry.

25. The auditor is required to determine three different levels of materiality: (1) materiality for
the financial statements as a whole, (2) performance materiality, and (3)
a. Overall materiality
b. Scoping materiality
c. Specific materiality
d. General materiality

26. In a financial statements audit, what term refers to the level of materiality set to assess
the significance of misstatements in the financial statements?
a. Overall materiality
b. Performance materiality
c. Specific materiality
d. Scoping materiality

27. Accounts which do not exceed the scoping materiality threshold set by the auditor may
still be included in testing based on qualitative risk factors. Which of the following is not
among those qualitative risk factors considered by the auditor?
 a. Accounting and reporting complexities
b. Risk of fraud and history of fraud or error
c. Level of judgment and estimates
d. Whether the audit client is a listed entity

28. What materiality level would be considered by the auditor to determine which line items
in the financial statements are to be tested?
a. Overall materiality
b. Performance materiality
c. Specific materiality
d. Individual materiality

29. Which of the following would an auditor most likely use in determining a preliminary
judgment about materiality?
a. The contents of the engagement letter.
b. The anticipated sample size of the planned substantive procedures.
c. The entity’s annualized interim financial statements.
d. The results of internal control questionnaire.

30. Which of the following factors are normally considered by the auditor in determining the
appropriate benchmark for the purpose of calculating the overall materiality?
a. Focus of the users of the financial statements
b. Nature of the entity
c. Volatility of the benchmark identified
d. All of the above.