Ch 4 - Planning an audit (basics)

Question 1

What are the benefits of planning an audit?

Answer 1

Attention is devoted to important areas
- i.e. areas that are more likely to include material errors
Potential problems are identified and resolved on a timely basis
Audit is organised to ensure it is performed in an effective and efficient way
As this allows a profit to be made
Staff with appropriate level of competence can be selected
Facilitates direction, supervision and review of audit work
Aids co-ordination of work done by auditors of components or experts
E.g. if one auditor does consolidated FS, they might not have done indiv FS so would work with auditor of indiv FS to help understand

Question 2

Why is it important that an Audit is organised to ensure it is performed in an effective and efficient way?

Answer 2

Allows for profit to be made

Question 3

What must an auditor do at the strat of an audit?

Answer 3

ISA 300 requires the auditor to

• plan the audit engagement
• establish and document an overall audit strategy and a detailed audit plan

Question 4

Is the overall audit strategy and detailed audit plan set in stone in planning?

Answer 4

No, These documents should be updated as necessary as the audit progresses

Question 5

How is an overall audit strategy done for clients?

Answer 5

This is specific to each indiv client

Question 6

What does the audit strategy cover?

Answer 6

the main general areas of planning such as 
The entity and its env
Materiality
Preliminary analytical procedures 
Risk assessment 
Audit approach
Co-ordination of the audit

Question 7

What are the main general areas of planning?

Answer 7

The entity and its env
Materiality
Preliminary analytical procedures 
Risk assessment 
Audit approach
Co-ordination of the audit

Question 8

What must be co-ordinated in the audit strategy?

Answer 8

Timing
Teams
Locations
Budgets 
Deadlines

Question 9

How can auditors assess risk properly?

Answer 9

only possible with a thorough understanding of the client

Question 10

Why is it important for an auditor to understand the entity and its env?

Answer 10

ISA 315 and 330 require the auditor to assess risk, which is only possible with a thorough understanding of the client
An understanding of the entity and its env underpins all the benefits of planning we saw earlier in the chapter

Question 11

What are the 4 forms of obtaining understanding of an entity and its env?

Answer 11

Firm
You
Client
Other

Question 12

How can the firm understand an entity and its env?

Answer 12

Partner
Manager briefing
Industry experts
Last years team

Question 13

How can you understand an entity and its env?

Answer 13

Through past experience

Question 14

How can the client help the auditor to understand an entity and its env?

Answer 14

Discussion
Observation
Watch what they actually do to see how it works
Website/brochures
Helps determine their aims
E.g. if they want to be listed soon or show huge growth, may require more attention to sales figures
Analytical procedures
Draft figures for the current year can be a good indicator

Question 15

What other things help the auditor to understand an entity and its env?

Answer 15

Industry surveys 
Compare to competitors 
Credit reference agencies 
Companies House
Internet search

Question 16

What areas must the auditor understand?

Answer 16

Environment 
- Laws and regulations
- Industry conditions
Entity 
- Operations
- Ownership and governance 
- Investments
-Structure & finance 
- Accounting policies
- Objectives and strategies
- System of internal control
- Use of outsourcing

Question 17

Define materiality

Answer 17

ISA 320 states that info is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the FS
Materiality is therefore a matter of professional judgement

Question 18

What is materiality a matter of?

Answer 18

Materiality is therefore a matter of professional judgement

Question 19

What are the general thresholds for materiality?

Answer 19

0.5-1% of revenue
5-10% of profit before tax
1-2% of gross assets

Question 20

Give some examples of materiality by nature

Answer 20

• Matters relating to directors or related party transactions which are required to be disclosed in FS regardless of their value
• Small amounts that impact on critical points
  Examples
  Change a profit to a loss
  Net assets to net liabilities
  Affect thresholds such as whether a company is a small or medium sized company under CA
  Descriptions which are misleading
  E.g. of accounting policies

Question 21

What is performance materiality?

Answer 21

Performance materiality is an amount set at less than materiality for FS as a whole, to reduce the risk that the aggregate of smaller misstatements in the indiv acc balances or classes of transactions could exceed materiality for the FS as a whole

Question 22

What is the purpose of performance materiality?

Answer 22

to reduce the risk that the aggregate of smaller misstatements in the indiv acc balances or classes of transactions could exceed materiality for the FS as a whole

Question 23

Why and when are analytical procedures used?

Answer 23

During planning

To identify risks

Question 24

What are the 3 uses of analytical procedures?

Answer 24

During planning, help to identify risks
Can be used as a form of substantive procedures to gather audit evidence (ISA 520)
Must be used to assist in forming an overall conclusion on the FS (ISA 520)

Question 25

Why are analytical procedures useful at the planning stage?

Answer 25

To give an overall perspective on the FS using both financial and non-financial data

Question 26

What are the limitations to analytical procedures?

Answer 26

Require sound knowledge/experience in the entity, which may be limited on a first year audit
Experienced staff may be required to carry them out
Quality of the analytical procedures depends on the reliability of the source data

Question 27

How do you perform analytical procedures?

Answer 27

Understand the business
Develop an expectation
Compare actual to expectation
Unexpected variations create risk

Question 28

How can analytical procedures be formed?

Answer 28

Analytical procedures can be performed using simple trends or complex calculations predicting figures in the FS
Acc ratios can be used

Question 29

How do you calc and what is the interpretation of

Gross profit margin

Answer 29

Gross profit/revenue * 100%

Assess profitability before taking OH into acc

Question 30

How do you calc and what is the interpretation of operating margin?

Answer 30

Operatingprofit/ revenue * 100%

Assess profitability after taking OH into acc

Question 31

How do you calc and what is the interpretation of

return on capital employed?

Answer 31

Operating profit / equity + debt * 100%

Measure how effectively resources are used to generate profit

Question 32

What are the 3 key performance ratios?

Answer 32

Gross profit margin
Operatin margin
Return on capital employed

Question 33

What are the 2 key ST liquidity ratios?

Answer 33

Current ratio

Quick ratio

Question 34

How do you calc and what is the interpretation of

Current ratio

Answer 34

current assets / current liabilities

Assess ability to pay current liabilities from current assets

Question 35

How do you calc and what is the interpretation of

Quick ratio

Answer 35

Current assets less inv / current liability = assesses ability to pay current liabilities from reasonably liquid assets

Question 36

What are the 2 solvency ratios?

Answer 36

Gearing ratio

Interest cover

Question 37

How do you calc and what is the interpretation of

Gearing ratio

Answer 37

Net debt / equity

Assess reliance on external finance

Question 38

How do you calc and what is the interpretation of

Interest cover

Answer 38

Profit before interest payable / interest payable

Assess ability to pay interest charges

Question 39

What are the 3 key efficiency ratios?

Answer 39

Trade receivables collection period
Inventory holding period
Trade payables payment period

Question 40

How do you calc and what is the interpretation of

Trade receivables collection period

Answer 40

Trade receivables / revenue * 365

Assess average time taken to collect cash from credit customers

Question 41

How do you calc and what is the interpretation of

Inventory holding period

Answer 41

Inventory / CoS * 365

Assess the average length of time inv held

Question 42

How do you calc and what is the interpretation of

Trade payables payment period

Answer 42

Trade payables / purchases * 365

Average time taken for suppliers to pay

Question 43

What is business risk?

Answer 43

risk that could adversely affect an entity’s ability to achieve its objectives and execute its strategies

Question 44

What are the types of business risk?

Answer 44

Financial
Operational
Compliance based

Question 45

Who should manage business risk?

Answer 45

DIRECTORS

Question 46

When are auditors related to business risks

Answer 46

Auditors are ONLY interested in business risks that impact the FS

Question 47

What is audit risk?

Answer 47

risk that the auditor expresses an inappropriate opinion on the FS
Audit risk = inherent risk x control risk x detection risk

Question 48

What is entity risk?

Answer 48

risk that the FS are materially misstated and is made up of
Inherent risk
Control risk
Detection risk

Question 49

What is inherent risk?

Answer 49

susceptibility of the assertion about transactions, balances or disclosure to a misstatement which could be material, assuming there were no related internal costs

Question 50

What is control risk?

Answer 50

risk that a misstatement isn’t prevented, detected or corrected by an entity’s internal control systems

Question 51

What is detection risk?

Answer 51

risk that procedures performed by an auditor doesn’t detect a misstatement that exists and is made up of
Sampling risk
Non-sampling risk

Question 52

What is sampling risk?

Answer 52

risk that the conclusion drawn from the results of a sample test is diff to the conclusion that would’ve been drawn had the whole population been tested

Question 53

What is non-sampling risk

Answer 53

risk of drawing the wrong conclusions for other reasons than sampling

Question 54

What are the signif risk areas that requite special audit consideration?

Answer 54

Fraud 
Related party transactions 
Subjective items
Complex items 
Unusual transactions

Question 55

What risks must an auditor identify?

Answer 55

ISA 315 requires the auditor to identify specific risks arising at each audit client

Question 56

What are the specific risks that are common in most audits?

Answer 56

Management override
Risk i present in every audit engagement
Management is in a unique position to manipulate acc records so audits must assess the risk during the planning stage
Journals
Fraudulent activity may be carried out using inappropriate or unauthorised journal entries
Auditor should test journal entries for
Unusual items
Round number entries
Journals made by indivs who don’t normally do so
Journals made outside office hours
Postings to suspense accounts
Revenue recognition
Risk of misstatement is higher where management reward is linked to revenue or profit
Cyber security

Question 57

What is management override risk?

Answer 57

Risk is present in every audit engagement

Management is in a unique position to manipulate acc records so audits must assess the risk during the planning stage

Question 58

What is journal risk and how should they be tested?

Answer 58

Fraudulent activity may be carried out using inappropriate or unauthorised journal entries
Auditor should test journal entries for
Unusual items
Round number entries
Journals made by indivs who don’t normally do so
Journals made outside office hours
Postings to suspense accounts

Question 59

What is revenue recognition risk?

Answer 59

Risk of misstatement is higher where management reward is linked to revenue or profit

Question 60

In the audit approach, how should an auditor reduce the audit risk to suitable level?

Answer 60

Determine overall responses to assessed risk at the FS level
Perform audit procedures to response to a assessed risks at the assertion level

Question 61

What are involved in the overall responses of reducing audit risk to an acceptable level?

Answer 61

Emphasise staff need to maintain professional scepticism
Assign extra/more experienced staff
Use the work of experts, internal auditors and other auditors
Provide more supervision on the audit
Incorporate more unpredictability into audit procedures

Question 62

What are involved in the responses at assertion level of reducing audit risk to an acceptable level?

Answer 62

Adjust the nature,natures tent and timing of procedures in response to assessed risks
Nature: type of test
Extent: how much testing
Timing: during the year, at the y.e and after y.e

Question 63

What must the auditor assess when planning to rely on the work of others?

Answer 63

General assessment
Consider whether third party is competent and independent
Specific assessment
Consider whether the piece of work on which the auditor wants to place reliance on is suitable for this purpose

Question 64

What is the specific assessment required when the auditor intends to rely on info from others ?

Answer 64

Consider whether the piece of work on which the auditor wants to place reliance on is suitable for this purpose

Question 65

What is the general assessment required when the auditor intends to rely on info from others ?

Answer 65

Consider whether third party is competent and independent

Question 66

What must an auditor do if they expect controls to be effective?

Answer 66

Test controls
if found to be effective, do limited substantive testing
If not found, do significantly substantive testing

Question 67

What must an auditor do if they don’t expect controls to be effective?

Answer 67

Carry out substantive testing

i.e. analytical procedures and tests of detail

Question 68

What action is required when signif substantive testing is required?

Answer 68

Analytical procedures

Tests of detail

Question 69

What must be done when carrying out limited substantive testing?

Answer 69

Perform some substantive testing due to inherent limitations of control

Question 70

What should the audit plan be guided by?

Answer 70

Overall audit strategy

Question 71

What should the audit plan include a description of?

Answer 71

Nature, extent and timing of planned risk assessment procedures
Nature, extent and timing of further audit procedures at the assertion level

HOWEVER Plan will develop over time, so the auditor doesn’t play how to audit indiv acc balances until they have considered the results of their risk assessment procedures
Audit plan should be modified where necessary in response to new info, or the results of audit testing carried out

Question 72

Why is an audit plan not rigid?

Answer 72

Plan will develop over time, so the auditor doesn’t play how to audit indiv acc balances until they have considered the results of their risk assessment procedures
Audit plan should be modified where necessary in response to new info, or the results of audit testing carried out

Question 73

When must an audit plan be modified?

Answer 73

where necessary in response to new info, or the results of audit testing carried out

Question 74

What is cyber security?

Answer 74

Cyber security protects systems, networks and data in cyberspace

Question 75

What does cyber security include?

Answer 75

The protection of data from unauthorised modification, disclosure or destruction
The protection of the info systems from failure

Question 76

Why is cyber security v important for most orgs?

Answer 76

Increasing use of technology and constantly evolving risk makes this v important for most organisations

Question 77

What are the key risk areas for entity’s IT system?

Answer 77

Hacking
Fraudulent theft of funds
Deliberate sabotage 
E.g. commercial espionage/malicious damage 
Viruses, malware and other corruption
Denial of Service attacks

Question 78

What are the risks for businesses that auditors must react to?

Answer 78

Reputational damage
Breaches of data protection legislation leading to fines
Misstatements in FS

Question 79

What should IT security controls cover?

Answer 79

prevention, detection, deterrance and recovery procedures

Question 80

What practical measures are included in IT security controls?

Answer 80

Business continuity planning
Measure to ensure the business can continue in the event of a disaster/system failure
Systems access control
Protection of systems and detection of unauthorised activity
Systems development maintenance
IT projects should be conducted securely and development/maintenance should ensure systems/data are protected
Physical and env security
Prevention of unauthorised access, damage, theft or interference with assets/systems
Compliance
Monitor compliance with legal requirements and organisational policies
Personnel security
Recruitment of trustworthy employees, training and reporting arrangements
Security organisation
Clear reporting lines and responsibility for info security
Computer and network management
Protection of system integrity (e.g. from viruses/malware) and info especially when exchanged between organisations
Asset classification and control
Assign ownership of info assets
Security policy
Written policy available to all employees

Question 81

What does business continuity planning do?

Answer 81

Measure to ensure the business can continue in the event of a disaster/system failure

Question 82

What does systems access control do?

Answer 82

Protection of systems and detection of unauthorised activity

Question 83

What does systems development maintenance do?

Answer 83

IT projects should be conducted securely and development/maintenance should ensure systems/data are protected

Question 84

What is physical and env security?

Answer 84

Prevention of unauthorised access, damage, theft or interference with assets/systems

Question 85

What is personnel security?

Answer 85

Recruitment of trustworthy employees, training and reporting arrangements

Question 86

What are computer and network management?

Answer 86

Protection of system integrity (e.g. from viruses/malware) and info especially when exchanged between organisations

Question 87

What is security policy?

Answer 87

Written policy available to all employees

Question 88

What is cloud computing

Answer 88

allowing users to access data from any location

Question 89

What are the benefits of cloud computing?

Answer 89

Creates cost savings compared to traditional IT storage on site

Question 90

What are the disadvantages of cloud computing?

Answer 90

passes on control of data to a cloud-service provider

Creates danger that inadequate cyber security could lead to data being lost, corrupted stolen

Question 91

What must auditors consider re cloud computing?

Answer 91

consider whether the cloud-based service provider’s controls are reliable