Audit Strategy, Risk & Audit Plan Flashcards
Things that could affect audit planning
Whether the client is a new client to the audit firm – more must be done on a new client.
The size of a client – generally larger clients require more planning.
Complexity of balances and transactions – more planning will be needed if there are complex balances to be audited
Importance of audit planning
Performing an audit is potentially a complex, time consuming and risky process therefore careful planning can ensure the audit is conducted in an effective and efficient manner, identifying and addressing key risk areas.
Planning activities
Establish audit strategy
Develop audit plan
Update audit plan as audit progresses
5 components of audit strategy
- Understanding the entity and its’ environment
- Materiality
- Risk assessment
- Nature, extent and timing of audit procedures
- Direction supervision and review of audit work
Definition of materiality
Materiality in relation to audit refers to the significance of an item in the financial statements. If an item is particularly important the auditor might say it is material.
If there is a misstatement or omission and it does influence the economic decisions of users of the financial statements, it is material and it must be corrected by the the client
If it doesn’t mislead users, it is immaterial and no correction is needed
How do we know if something will mislead users
The partner will set a value. Anything above this value is material.
We will test all balances in the financial statements above the materiality value.
How is materiality assessed
At the planning stage: by determining nature, timing and extent of procedure. By identifying and assessing the risks of material misstatement
Throughout the audit: revised if changes or new information affecting the financial statements exist
4 types of Risk
Audit risk - The risk that the auditor gives the wrong opinion or comes to the wrong conclusion on the financial statements.
Inherent risk - The risk that there are errors in the financial statements due to nature of the business of the entity. It is hard to avoid these risks
regardless of what procedures might be put in place.
Control risk - The risk that any control procedures put in place by the client do not work (detect misstatements or omissions).
Detection risk - The risk that the auditors do not detect any misstatements or omissions.
Inherent risk
Inherent risk cannot be controlled. It exists due to what the company does.
E.g
Bobble and Price is a small grocery company selling mainly fruit and vegetables as well as some fridge and freezer ready meals. The have in inherent risk of stock obsolescence because food has a use by date and does not last forever.
3 levels of inherent risk:
Industry level - factors affecting the whole industry.
E.g. the extent of competition, changing technology, industries events
Entity Level: Factors affecting the whole entity.
E.g. profit related pay awarded to management may increase risk of overstatement of profits, is the entity a going concern?
Balance or transaction level: History of errors in the past, susceptibility of the account balance to misstatements.
E.g items which are subjective or complex
Control risk
Control risk can be controlled by the company (client) if they chose to put control procedures in place to reduce the risk of something going wrong.
Detection risk
Detection risk can be controlled by the auditors by adjusting the audit strategy, type of testing, amount of testing. Controlling the detection risk allows auditors to manage the overall audit risk.
Audit risk model
Audit risk = inherent risk x control risk x detection risk
The four types of risk are all related. Inherent risk, control risk and detection risk all drive audit risk. If the audit risk is too high (there is too high of a risk of the auditors giving the wrong opinion) they might not wish to take on the engagement.
The audit risk model works a bit like a set of scales.
The auditors want audit risk to be at a manageable level. To do so, they will assess the level of inherent risk and control risk and plan the audit to make sure detection risk compensates the other two risks.
Nature, extent and timing of audit procedures
Nature - what work are the auditors going to do
Extent - How much detail are the auditors going to go into?/How many items will be tested?
Timing - when will the auditors do the work?
Fraud & error
Fraud - an intentional act of deception to obtain financial advantage
Error - an unintentional omission or misstatement
Two types of intentional misstatements
- Misstatements resulting from fraudulent financial reporting (manipulating the financial statements)
- Misstatements resulting from misappropriation of assets (theft)
As part of the audit work the auditors keep an eye out for anything that doesn’t sound quite right or looks suspicious that might indicate fraud. This frame of mind is called professional skepticism.
The auditors do not set out to look for fraud but simply design their audit procedures at the planning stage to pick up any misstatements in the accounts that are material.
