Audit Planning

Session Objectives To explain the need for planning To outline the essential elements

of planning process To finalise the audit approach To lay down specific audit

procedures To communicate audit plan to the

auditee

Why Planning? Planning for financial (attest) audits helps to develop

an audit approach that will ensure that sufficient appropriate evidence is gathered to support the audit opinion in the most cost-effective manner, i.e. in an economic, efficient and effective way and in a timely manner.

The Audit Plan should be documented and kept as a part of audit working papers.

The planning process encompasses several steps and it should be carefully noted that the steps are all inter-related and not considered as ends in themselves.

Basis for audit planning Audit planning should be based on a thorough

understanding of the auditee entity and its operations and the knowledge should be used to: determining the materiality i.e. the magnitude of

misstatements which might reasonably influence the users of the C&AG's certificate on the financial statements;

identifying those factors that might lead to an increased risk of material misstatement or irregularity.

risks are first identified at the entity level and then to pinpoint them in terms of their effect on particular account areas and audit objectives;

preparing an audit approach which focuses on testing of the specific risk factors while providing an acceptable level of assurance across the financial statements as a whole.

Planning Process1. Understanding the Entity2. Determination of Materiality Levels3. Assessment of Risk4. Controls Testing and Evaluation5. Determination of the Sampling Frame 6. Deciding on the Audit Approach and

procedures7. Drawing of the Audit plan8. Communication of the Plan to the

Auditee

1. Understanding the Entity

To study, analyse, record and comprehend Operations and organisation Financial reporting requirements Regularity and legal framework Parliamentary and legislative interest Public interest Accounting processes and formations

e.g DDOs, PAOs, Treasuries, Works & Forest Divisions for Government Accounts etc.

Computer involvement Control environment Analytical review Account areas

2. Determination of Materiality

Materiality is the Tolerable Error Level One essential step in planning is to determine

materiality by value, nature and context Materiality should take into account the concerns of

the users of audit certificate The reasons and bases on which the materiality is

calculated should be documented. At the planning stage, the audit team is concerned

primarily with materiality by value. ‘Planning materiality’ may be set at a lower level

than ‘Reporting materiality’

3. Assessment of Risk

Purpose of risk assessment to identify the factors that lead to

an increased risk of misstatement or irregularity

to identify the controls which mitigate those risks

Types of Risk Entity risks Account area risks

Assessment of Risk (Contd.)

The audit team should use understanding of the entity and its operations to identify specific risk factors taking into account factors relevant at both the entity level and to specific areas as well as the audit objectives.

The audit approach of CAG seeks to reduce to an acceptable level the risk that audit work will not detect material error or irregularity.

Decisions on the nature, extent and direction of audit tests depend upon assessment of the risk of material error or irregularity (inherent risk) and the risk that the entity’s controls will not detect such errors or irregularities in a timely manner (control risk).

Entity risks

Entity Risks are risks that identified from top down review of entities that may affect a number of different account areas

Entity Risks are to be measured in the context of : Overall control environment External pressures on the entity Experience and competence of staff Reliability of accounting systems Stability of the entity

Account area risks Account area risks are the risks identified from more

detailed review of each account area and that may arise as a result of particular characteristics of the associated transaction streams.

Account area risks mainly arise from: Transactions governed by complex regulations Services and programmes delivered through third parties Payments and receipts made on the basis of claims or

declarations rather than in exchange for goods and services Transactions not in the normal course of business or

operations Transactions recording estimates Multiple sources of funds

4. Controls Testing and Evaluation

After identifying specific risk factors, the next step is to identify controls which effectively mitigate those risk factors.

Audit should identify specific risk factors that increase the risk of material misstatement and relate them to account areas and objectives.

Controls Testing and Evaluation (Contd.)

For each specific risk factor, it should be seen whether management have mitigating controls in place.

For example: in the area of complex regulations, management may ensure

that the regulations are translated into clear desk instructions for all staff concerned;

for services delivered by third parties, management may require independent verification by external or internal inspectors or auditors;

All the cases where the audit team identifies specific risk factors without corresponding mitigating controls should be specially kept in view in deciding the audit approach.

Such cases should also be brought to the notice of the entity’s management for possible introduction of mitigating controls.

Controls Testing and Evaluation (Contd.)

Steps in identifying material risk factors Establish Entity Objectives Detail business / operations

characteristics Identify risks Risks screening and prioritisation Assess implications for financial

statements Determine entity management response

to risk

5. Determination of the Sampling Frame

For each objective in each account area, the auditor should select methods for collecting audit evidence and a suitable sampling method.

For testing the completeness of say either income or expenditure sampling may not be appropriate. In such a case careful application of analytical procedures in combination with other audit procedures can provide a better result.

Determination of the Sampling Frame (contd)

. Overall, the auditor needs to use audit judgement and

experience to decide which combination of techniques is likely to provide the total required assurance in the most cost-effective way.

The sampling efficiency can be improved by applying knowledge, experience and judgement, especially for transactions which carry higher levels of risk or sensitivity.

By using such knowledge, experience and judgement at the planning stage of the audit, a more efficient sampling approach can be developed.

Determination of the Sampling Frame (Contd.)

Steps in finalising a sampling frame are: Determine materiality Assess Risk and Evaluate Mitigating Controls Determine the extent and nature of

substantive tests Determine Sample Size, i.e. extent of

substantive testing Identify sampling methods to be applied

depending on the nature of substantive tests

6. Deciding on the Audit Approach and Audit Procedures

Audit approach should focus on specific risk factors while providing an acceptable level of assurance across the financial statements as a whole.

The audit approach chosen will: reflect understanding of the auditee entity and

its business; take account of audit judgement on ‘Planning

materiality’; and respond to the specific risk factors identified in

the course of risk assessment.

Audit approach (Contd) A cost-effective audit approach is one that is an

optimum mix of the following objectives: minimising sampling risk - the risk that audit

procedures will fail to detect material misstatement or irregularity due to drawing a non-representative sample;

minimising audit cost - by achieving the most efficient deployment of audit resources taking account the overall timetable and minimising potential disruption to the normal functioning of the auditee;

maximising assurance on the audit objectives

Audit procedures Testing of control by the audit team Using the work of internal audit Applying direct substantive procedures

direct tests based on statistical or non-statistical samples

100% testing or less? Applying predictive analytical procedures Using the work of other auditors Consulting third party experts

Level of substantive procedures

The substantive procedures can be performed at one of three levels, depending on the amount of assurance required. In decreasing order of assurance, they are: Focused Standard Minimum

The lower the level of assurance required, the lesser will be the extent of audit procedures.

7. Drawing of the Audit plan

An Audit Plan in the form of Audit Planning Memorandum detailing the results of all the processes discussed so far is then prepared.

This documents all the processes and analyses through which the final plan has been drawn.

8. Communication with auditee

The audit planning memorandum is then communicated by the audit team to the auditee. Their suggestion may be taken before execution of the plan.

Assignment

A2_S7