Chapter 7 - Planning Flashcards
Why is it important to plan an audit? (8)
Planning an audit is crucial because it ensures the audit process is efficient, effective, and meets its objectives. Here are key reasons why audit planning is important:
* Defines Scope and Objectives – Planning helps auditors clearly understand the purpose, scope, and specific objectives of the audit.
* Allocates Resources Efficiently – Proper planning ensures that the right personnel, time, and resources are allocated to the audit, reducing inefficiencies.
* Identifies Risks – It allows auditors to assess potential risks and areas of concern, focusing on critical aspects that might impact financial statements or operations.
* Ensures Compliance – Planning ensures the audit follows regulatory requirements, professional standards, and internal policies.
* Enhances Communication – It facilitates clear communication with management and key stakeholders about the audit process, expectations, and timelines.
* Improves Audit Quality – A well-planned audit ensures thorough testing, minimizes errors, and enhances the credibility of audit findings.
* Minimizes Disruptions – Effective planning reduces disruptions to daily business operations by scheduling audit activities appropriately.
* Facilitates Problem Resolution – Identifying potential issues early allows for better resolution strategies before they escalate.
What is an audit strategy? (6)
The audit strategy is a high-level approach that outlines the overall direction of the audit. It provides a framework for the audit plan and considers materiality, risk, audit approach, experts, timing, team, budgets and the deadlines of the audit and guides the development of the audit plan.
Key Elements of an Audit Strategy:
* Scope of the Audit – Defines the extent and boundaries of the audit.
* Objectives – Determines what the audit aims to achieve.
* Risk Assessment– Identifies significant risks and how they will be addressed.
* Resources & Team Allocation – Assigns responsibilities to auditors.
* Timing & Deadlines – Establishes key milestones for the audit process.
* Audit Approach – Decides between a substantive or control-based audit approach.
What is an audit plan? (6)
The audit plan is a detailed roadmap that outlines the specific procedures and steps to be performed during the audit. It is derived from the audit strategy and provides practical guidance to the audit team.
Key Elements of an Audit Plan:
* Audit Procedures – Lists the specific tests and verification steps for transactions, controls, and balances.
* Audit Timeline – Defines the schedule and deadlines for various audit phases.
* Resource Allocation – Specifies roles and responsibilities of audit team members.
* Sampling Techniques – Describes the methods used to select audit samples.
* Communication Plan – Details how findings will be reported to stakeholders.
What is materiality?
According to ISA 320, materiality is:
“Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements.”
This means that an error or omission is material if it could impact the decision-making of financial statement users, such as investors, regulators, or management.
What determines if a balance is material?
By definition, a material are misstatements, including omissions, that individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements
Therefore items might be material due to their:
* Amount/value/quantity
* Nature/quality
What are the standard benchmark ranges used to determine the level of materiality based on value in an audit?
What are the common matters considered material by nature in an audit?
- Misstatements which affect compliance with regulatory requirements
- Misstatements which impact on debt covenants
- Misstatements which obscure a change in earnings or affect ratios used to evaluate the entity
- Misstatements which affect management compensation
When is materiality determined in an audit, can it be adjusted, and does it apply uniformly across all audit areas?
Materiality is set during the planning stage of the audit to help focus on significant misstatements. It can be adjusted if new information arises during the audit. However, a single materiality level may not be appropriate for all areas; auditors often use performance materiality for specific accounts or transactions to ensure undetected errors remain below overall materiality.
What is performance materiality?
When the auditor plans an audit the overall risk of material misstatement based on the financial statements as a whole may be low leading to planning materiality being set as high. However this high level of materiality may not be appropriate for auditing all elements of the financial statements as certain elements may be high risk leading to their under auditing.
As a result the auditor should use a figure lower than planning materiality to audit these riskier assertions to ensure their appropriate auditing. This is performance materiality.
What is sustainability materiality and how do auditors assess it?
Sustainability materiality considers whether omitting, misstating, or obscuring sustainability information could influence users’ decisions. Auditors assess it alongside traditional materiality when reviewing financial and sustainability-related disclosures.
What is ‘double materiality’ in the context of sustainability reporting?
Double materiality is a key concept in sustainability reporting that recognises two dimensions of materiality:
- Financial materiality: When sustainability issues (e.g. climate risk, regulation, supply chain disruption) could impact the company’s financial performance or position—relevant to investors and creditors.
- Impact materiality: When the company’s operations have a material impact on people or the environment—relevant to wider stakeholders like regulators, communities, and NGOs.
This dual perspective ensures that both the risks to the business and the company’s impact on society are considered in sustainability disclosures.
What are analytical procedures? Why are they used at the planning stage?
Analytical procedures involve evaluating financial information by studying relationships between data, trends, and expected patterns to identify anomalies or inconsistencies.
Auditors will use these in the planning to understand the business and identify potential risks.
Outline the key benefits and limitations of analystical procedures at the planning stage of an audit (5-5)
Benefits:
* Identifies Risk Areas – Helps the auditor pinpoint material areas that need further work.
* Detects Unusual Items – Highlights inconsistencies or oddities in relation to the overall accounts.
* Finds Hidden Errors – May uncover errors not identified through detailed testing.
* Uses External Information – Leverages data (e.g., budgets, industry trends) outside of the accounting records, reducing reliance on the preparer.
* Enhances Business Understanding – Assists auditors in gaining insights into the client’s business operations and performance.
Limitations:
* Requires Knowledge of the Business – A deep understanding of the client is needed to interpret results accurately.
* Risk of Concealed Errors – Consistency in results might mask significant errors.
* Potential for Mechanical Execution – There’s a risk of performing procedures without adequate professional skepticism.
* Requires Experienced Staff – Needs skilled auditors to apply procedures effectively.
* Availability of Reliable Data – Reliable external data may not always be accessible for comparison.
What are the key ratio types we look at in this course? State what aspect of financial statements they help the auditor assess
- Perfomance ratios - helps the auditor assess the company’s ability to generate profit.
- Liquidity ratios - help the auditor assess how easily a company can meet its obligations, and how the company manages its working capital
- Long term solvency ratios - Help the auditor assess the company’s ability to meet its long-term debt obligations
- Efficiency ratios - Help the auditor assess how effectively the company uses its assets and resources to generate revenue
Outline the perfomance ratios
- Gross profit margin
- Operating profit margin
- Operating cost percentage
- Return on capital employed
Define gross profit margin, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures the efficiency of a company in producing goods or services relative to its revenue.
Factors That Can Cause Changes Year to Year:
* Changes in Sales Prices – An increase or decrease in the price at which products are sold can directly impact gross profit.
* Cost of Goods Sold (COGS) Fluctuations – Variations in the cost of raw materials, labor, or manufacturing overhead can affect the margin.
* Product Mix Changes – A shift in the types of products or services sold, with different cost structures, can influence the gross margin.
* Economic Conditions– Inflation, supply chain disruptions, or changes in demand for goods can affect both revenue and COGS.
* Pricing Strategies – Discounts, promotions, or price adjustments can affect the margin.
Audit Risks Gross Profit Margin Can Help Identify:
* Revenue Recognition Issues – Significant fluctuations in gross profit margin could indicate improper revenue recognition or sales manipulation.
* Cut-off Issues - Improper cut-off of sales transactions may lead to revenue and costs being recorded in the wrong period, affecting gross profit.
* Inventory Valuation Problems – Changes in gross margin may highlight issues with inventory valuation methods (e.g., FIFO vs. LIFO) or unrecorded inventory adjustments.
* Cost Misstatements – Variations in gross profit margin might suggest that the COGS is not being accurately recorded, potentially leading to misstatements in financial statements.
* Fraud Risk – Unexplained or unusual changes in the margin could signal potential fraudulent activities, such as manipulation of sales or cost figures.
Define operating profit margin, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures a company’s ability to generate profit from its core business operations, excluding the impact of financing and tax expenses.
Factors That Can Cause Changes Year to Year:
* Changes in Revenue – Growth or decline in sales directly impacts operating profit margin.
* Operating Cost Fluctuations – Increases in administrative, selling, or distribution expenses reduce the margin.
* Operational Efficiency – Improvements or declines in cost control, production efficiency, or economies of scale affect the margin.
* One-Off Items – Exceptional items such as restructuring costs or gains/losses from asset sales can distort operating profit.
* Changes in Business Strategy – Shifts in focus (e.g., expansion, outsourcing) can lead to higher or lower operating expenses.
* Inflation or Wage Increases – Rising costs that aren’t matched by price increases can erode margins.
Audit Risks Operating Profit Margin Can Help Identify:
* Expense Misclassification – Misstating operating expenses (e.g., capitalising costs that should be expensed) inflates profit.
* Incomplete Expense Recognition – Omitting or deferring operating costs can falsely enhance margins.
* Revenue Recognition Issues – Recognising revenue too early or late may distort the margin.
* Management Bias or Manipulation – Pressure to meet profit targets may lead to aggressive accounting estimates or improper adjustments.
* Going Concern Issues – Declining margins may signal deteriorating performance, raising concerns about the company’s viability.
Define operating cost percentage, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures the proportion of revenue that is consumed by operating costs, indicating how efficiently a business controls its operating expenses.
Factors That Can Cause Changes Year to Year:
* Changes in Operating Costs – Increases in rent, wages, utilities, or other overheads will increase the percentage.
* Revenue Fluctuations – A decrease in revenue without a corresponding drop in operating costs will raise the percentage.
* Cost Control Measures – Implementation of cost-saving strategies or automation can reduce the percentage.
* Business Expansion – New locations, product launches, or market entry may initially increase costs faster than revenue.
* Inflation or Wage Pressures – General increases in prices or staff costs will raise the operating cost base.
* Outsourcing or Restructuring – Changes in business structure may shift or reduce certain operating costs.
Audit Risks Operating Cost Percentage Can Help Identify:
* Expense Understatement – A lower-than-expected percentage may indicate that some costs have been omitted or deferred.
* Classification Errors – Misclassification of expenses (e.g., capitalising operating costs) can distort the percentage.
* Revenue Recognition Issues – Inflated or prematurely recognised revenue lowers the percentage artificially.
* Inadequate Disclosure of One-Off Costs – Unusual or non-recurring costs not properly disclosed can skew the metric.
* Fraud Risk – Manipulation of costs to meet targets or conceal poor performance may be reflected in abnormal fluctuations.
Define return on capital employed, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures how efficiently a company is generating profit from the capital it has invested in the business. It’s a key indicator of profitability and capital efficiency.
Factors That Can Cause Changes Year to Year:
* Operating Profit Changes – Increases or decreases in profitability directly impact ROCE.
* Asset Base Fluctuations – Significant investments or disposals of assets affect capital employed.
* Financing Structure – Changes in long-term debt or equity can alter the capital employed figure.
* Depreciation Policies – Variations in depreciation methods or estimates can impact both operating profit and asset values.
* Efficiency Improvements – Better asset utilisation or cost control can boost operating profit relative to capital employed.
* Non-Recurring Items – One-off gains or losses can distort ROCE if not adjusted for.
Audit Risks Return on Capital Employed Can Help Identify:
* Overstatement of Profit – Inflated operating profit (e.g., via revenue misstatement or cost understatement) exaggerates ROCE.
* Incorrect Asset Valuation – Over- or understatement of non-current assets impacts capital employed and may distort the ratio.
* Misclassification of Liabilities – Errors in identifying current vs. non-current liabilities can misstate capital employed.
* Manipulation of Earnings – Pressure to improve ROCE may lead to aggressive accounting estimates or improper deferral of expenses.
* Going Concern Concerns – A declining ROCE may indicate weakening financial performance and raise concerns over long-term viability.
Outline the liquidity ratios
- Current ratio
- Quick ratio (acid test)
Define current ratio, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures a company’s ability to meet its short-term obligations using its short-term assets. It indicates liquidity and short-term financial health.
Factors That Can Cause Changes Year to Year:
* Changes in Working Capital – Increases or decreases in receivables, inventory, or payables will affect the ratio.
* Cash Flow Management – Strong or weak cash generation impacts current assets directly.
* Debt Repayment or Refinancing – Repaying short-term debt or refinancing it into long-term liabilities can improve the ratio.
* Inventory Fluctuations – Overstocking or selling off inventory can influence current assets.
* Credit Policies – Stricter or more lenient credit terms with customers or suppliers will affect receivables and payables.
* Seasonality – For some businesses, current asset and liability levels vary significantly at different points in the year.
Audit Risks Current Ratio Can Help Identify:
* Liquidity Risk – A declining current ratio may indicate potential going concern issues.
* Overstatement of Current Assets – Inflated receivables or obsolete inventory can falsely improve the ratio.
* Understatement of Liabilities – Omitting or misclassifying current liabilities can distort liquidity.
* Cut-off Errors – Misstated timing of transactions near year-end can affect both current assets and liabilities.
* Fraud or Window Dressing – Manipulation of working capital items to temporarily boost the ratio around reporting dates.
Define quick ratio, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures a company’s ability to meet its short-term liabilities using its most liquid assets, excluding inventory. It’s a stricter test of liquidity than the current ratio.
Factors That Can Cause Changes Year to Year:
* Changes in Receivables or Cash Balances – Increases or decreases in liquid assets directly impact the ratio.
* Inventory Levels – A rise in inventory has no effect on the quick ratio but may signal poor liquidity if liquid assets don’t increase alongside.
* Payment Practices – Changes in how quickly customers pay or how the business manages supplier payments affect the ratio.
* Short-Term Borrowings – New short-term loans or repayments alter current liabilities and influence the ratio.
* Cash Management Strategies – Decisions around holding cash vs. reinvesting can shift liquidity.
* Economic Conditions – Slow-paying customers or rising bad debts reduce receivables, impacting the ratio.
Audit Risks Quick Ratio Can Help Identify:
* Liquidity Risk – A declining quick ratio may indicate that the company is unable to cover short-term obligations, suggesting potential going concern issues.
* Overstated Receivables – Including uncollectible debts can falsely improve the ratio.
* Understated Liabilities – Failure to include all short-term obligations can overstate liquidity.
* Improper Cut-off – Timing issues with revenue or expenses around year-end can misstate both assets and liabilities.
* Fraud or Window Dressing – Inflating liquid assets (e.g., cash or receivables) to boost the quick ratio near year-end may signal manipulation.
Outline the long term solvency ratios
- Gearing ratio
- Interest cover ratio
Define gearing ratio, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures the proportion of a company’s capital that is financed through debt compared to equity. It indicates the financial risk and long-term solvency of the business.
Factors That Can Cause Changes Year to Year:
* New Borrowings or Loan Repayments – Taking on more debt increases gearing; repaying debt reduces it.
* Changes in Equity – Issuing new shares reduces gearing; buybacks or losses that reduce retained earnings increase it.
* Profitability – Strong profits increase retained earnings and equity, potentially reducing gearing.
* Dividend Policies – High dividends reduce retained earnings and equity, increasing gearing if debt remains unchanged.
* Business Expansion or Acquisition – May involve new financing that increases debt levels.
* Fair Value Adjustments – Revaluation of assets or liabilities can impact equity and thus affect the ratio.
Audit Risks Gearing Ratio Can Help Identify:
* Going Concern Issues – High gearing can indicate financial stress and reliance on debt financing.
* Misclassification of Liabilities – Classifying long-term debt as equity or vice versa can distort gearing.
* Incomplete Disclosure of Debt – Undisclosed or off-balance sheet financing will understate gearing.
* Manipulation of Equity Figures – Errors or bias in profit measurement, retained earnings, or reserves may misstate the ratio.
* Covenant Breaches – High gearing may suggest risk of breaching loan covenants, requiring auditor attention and disclosure.
Define interest cover ratio, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures how easily a company can pay its interest expenses from its operating profit. It indicates the company’s ability to service its debt obligations.
Factors That Can Cause Changes Year to Year:
* Changes in Operating Profit – Improved profitability increases cover; declining profits reduce the ratio.
* Fluctuations in Finance Costs – Interest rate changes or variations in debt levels directly impact the ratio.
* New Borrowings or Loan Repayments – Taking on more debt increases interest costs; repayments reduce them.
* One-Off Gains or Losses – Exceptional items affecting operating profit can distort the ratio if not adjusted.
* Foreign Exchange Movements – If debt is in foreign currency, exchange rate changes can affect interest expense.
* Capital Structure Changes – Shifts between debt and equity financing influence the ratio over time.
Audit Risks Interest Cover Ratio Can Help Identify:
* Going Concern Risk – A low or declining ratio may suggest the company is at risk of being unable to meet interest obligations.
* Overstatement of Profit – Inflated operating profit (e.g., via misstatement of revenue or expenses) can mask debt-servicing issues.
* Incomplete or Incorrect Finance Costs – Errors in recording interest expenses (e.g., missing accruals) may misstate the ratio.
* Undisclosed Borrowings – Off-balance sheet or improperly recorded debt can understate finance costs.
* Aggressive Capitalisation Policies – Capitalising interest instead of expensing it inflates the ratio and understates financing burden.
Outline the efficiency ratios
- Net asset turnover ratio
- Inventory period
- Inventory days
- Trade receivable period
- Trade payable period
Define net asset turnover ratio, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures how efficiently a company uses its net assets to generate revenue. It indicates asset utilisation and operational efficiency.
Factors That Can Cause Changes Year to Year:
* Changes in Revenue – Increases or decreases in sales directly impact the ratio.
* Asset Base Fluctuations – Investment in or disposal of assets will change the net assets figure.
* Profit Retention or Distribution – Retained profits increase net assets; dividends reduce them, affecting the ratio.
* Asset Impairments or Revaluations – Adjustments to asset values impact net assets and therefore the ratio.
* Business Restructuring or Expansion – Acquisitions, mergers, or operational changes can significantly alter both revenue and net assets.
* Depreciation and Amortisation – These reduce the net book value of assets over time, influencing the ratio.
Audit Risks Net Asset Turnover Ratio Can Help Identify:
* Revenue Recognition Errors – Overstated or understated revenue distorts the ratio and may mask inefficiencies.
* Incorrect Asset Valuation – Overstated assets from improper valuation inflate net assets, lowering the ratio artificially.
* Incomplete Liability Recording – Understated liabilities overstate net assets and distort turnover.
* Cut-off Issues – Improper recording of revenue or expenses around the year-end can impact both components of the ratio.
* Inefficient Use of Resources – A declining ratio may signal poor utilisation of assets, raising questions around asset management or impairment.
Define inventory period, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures the average number of days it takes a company to sell its inventory. It reflects inventory management efficiency and how quickly stock is converted into sales.
Factors That Can Cause Changes Year to Year:
* Inventory Management Practices – Improvements in stock control or supply chain efficiency reduce the period.
* Sales Volume Changes – Higher sales can reduce inventory levels and shorten the inventory period.
* Product Mix – A shift toward products with longer lead times or slower turnover can increase the period.
* Seasonality – Businesses may hold more stock during certain times of the year, affecting the average.
* Obsolete or Slow-Moving Stock – An accumulation of unsold or outdated items increases the inventory period.
* Changes in Cost of Sales – Rising or falling COGS without a corresponding inventory change will affect the ratio.
Audit Risks Inventory Period Can Help Identify:
* Obsolete or Overvalued Inventory – A long inventory period may indicate obsolete or unsellable stock not written down appropriately.
* Inventory Valuation Issues – Inconsistent application of valuation methods (e.g., FIFO, weighted average) may misstate inventory levels.
* Cut-off Errors – Inclusion of inventory purchases or sales in the wrong period can distort the calculation.
* Theft or Shrinkage – Discrepancies between recorded and actual stock can go unnoticed if turnover appears normal.
* Fraud Risk – Manipulation of inventory figures to inflate asset value and profitability may be masked by irregular inventory periods.
Define inventory turnover, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures how many times a company sells and replaces its inventory during a given period. It reflects inventory efficiency and how well stock is being managed relative to sales activity.
Factors That Can Cause Changes Year to Year:
* Sales Volume – Higher sales usually lead to more frequent inventory turnover.
* Inventory Management – Efficient procurement and demand forecasting improve turnover.
* Product Mix – Different products turn over at different rates depending on demand and shelf life.
* Stock Obsolescence – Unsellable or obsolete inventory reduces turnover.
* Seasonality – Seasonal fluctuations can cause temporary increases or decreases in turnover.
* Bulk Purchasing – Buying in large quantities may increase average inventory and reduce turnover temporarily.
Audit Risks Inventory Turnover Can Help Identify:
* Overstocking or Obsolete Inventory – A low turnover rate may signal slow-moving or obsolete stock, possibly requiring a write-down.
* Inventory Valuation Issues – Misstatements in costing methods (e.g., FIFO vs. weighted average) can distort the calculation.
* Cut-off Errors – Improper recognition of inventory purchases or sales near year-end may affect inventory and cost of sales.
* Misstated Cost of Sales – Errors in recording production or purchase costs will impact the ratio.
* Fraud Risk – Intentional manipulation of inventory balances or cost figures could be hidden by unusual turnover patterns.
Define trade payable period, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures the average number of days it takes a company to collect payment from its customers after a sale. It indicates the effectiveness of credit control and cash collection processes.
Factors That Can Cause Changes Year to Year:
* Credit Policy Changes – Offering longer or more flexible payment terms can increase the period.
* Collection Efficiency – Delays or improvements in collection processes directly affect the period.
* Customer Creditworthiness – A higher proportion of sales to risky or slow-paying customers can lengthen the period.
* Economic Conditions – In a downturn, customers may delay payments, increasing the receivable period.
* Sales Volume and Timing – Year-end sales spikes may temporarily inflate receivables.
* Bad Debts or Disputes – Higher levels of uncollectible debts can distort the average collection period.
Audit Risks Trade Receivable Period Can Help Identify:
* Revenue Recognition Issues – Inflated or premature recognition of revenue may artificially increase receivables.
* Bad Debt Provisioning – An unusually long collection period may indicate the need for higher bad debt provisions.
* Cut-off Errors – Invoices recorded in the wrong period may overstate receivables.
* Fictitious Sales – Fraudulent sales can inflate trade receivables and distort the period.
* Going Concern Risk – Increasing delays in customer payments may signal liquidity issues and risk to cash flow.
Define trade receivable period, including the equation, and state what factors can cause this to change from year to year, and the audit risks it can help identify
It measures the average number of days a company takes to pay its suppliers. It reflects how the business manages its cash flow and relationships with creditors.
Factors That Can Cause Changes Year to Year:
* Supplier Payment Terms – Renegotiation of terms can lengthen or shorten the period.
* Cash Flow Constraints – Companies may delay payments when under financial pressure, increasing the period.
* Purchase Volume Fluctuations – Large one-off purchases or changes in production levels can affect average payables.
* Supplier Relationships – A strong relationship may result in more favourable terms, affecting timing.
* System or Process Changes – New accounting systems or procedures may affect when liabilities are recognised.
* Economic Conditions – In times of uncertainty, businesses may hold onto cash longer and delay payments.
Audit Risks Trade Payable Period Can Help Identify:
* Understatement of Liabilities – A shorter-than-expected payable period may suggest missing or unrecorded payables.
* Cut-off Errors – Purchases recorded in the wrong period can distort the payables balance and the period.
* Cash Flow Risk – A very short payable period may indicate poor cash management or pressure from suppliers.
* Overreliance on Supplier Credit – A very long period could signal that the company is using supplier credit to cover liquidity issues.
* Fraud Risk – Deliberately omitting or deferring recognition of liabilities can artificially improve financial ratios and mislead users.
CARD ON HOW TO STRUCTURE ANSWERS TO ANALYTICAL PROCEDURE QUESTION
How is Audit Data Analytics used in the planning of an audit?
Audit Data Analytics (ADA) is used during audit planning to analyse large volumes of both structured data (e.g. accounting records) and unstructured data (e.g. emails, social media posts, images).
It helps auditors to:
* Identify patterns, anomalies, and correlations
* Detect red flags or deviations from expected outcomes
* Gain early insight into areas of risk or potential misstatement
By doing so, auditors can better tailor their audit approach, focusing on high-risk areas and increasing audit efficiency and effectiveness.
What types of data can auditors use for data analytics in audit planning, and why?
Auditors can now analyse a wider range of data sources, including:
- Email – May reveal customer complaints or internal control concerns.
- Social media – Can highlight reputational risks, customer dissatisfaction, or trends that impact financial reporting.
- Electronic records – Provide access to large volumes of transaction data, often in real time.
- Mobile technology & location tracking – Offers insights into asset usage, employee activity, or supply chain issues.
These sources help auditors develop a richer, more dynamic understanding of business risks and operations before audit testing begins.
What is cyber security and why is it important in audit planning?
Cyber security protects IT systems from unauthorised access, fraud, viruses, and other threats. It’s important in audit planning because breaches can lead to data loss, legal penalties, operational disruption, and reputational damage—auditors must consider cyber risks when assessing internal controls.
What are four key cyber security challenges identified by the ICAEW, and what recommendations are made to address them?
-
Communication is a key barrier – Cyber security language can be overly technical and hard to understand.
Recommendation: Appoint a Chief Information Security Officer (CISO) to translate complex language and make it more accessible. -
Responsibility and accountability – Without clear ownership, cyber security can be overlooked.
Recommendation: Employ dedicated cyber security professionals (in-house or outsourced) to take responsibility for managing cyber risk. -
Board-level accountability – Cyber risk is often not integrated into overall risk governance.
Recommendation: Boards should regularly consider cyber risk and ensure it is embedded in day-to-day risk management. -
Lack of knowledge – Non-executive directors and audit committees may not have the expertise to oversee cyber security.
Recommendation: Provide training and expert support to help board members understand and fulfil their oversight role.
Name and explain key approaches business can take to combat IT risk and improve IT security (8)
- Business Continuity Planning – Involves preparing for major IT failures (e.g. cyberattacks, system crashes) to ensure the business can continue operating. This includes backup systems, recovery plans, and crisis response procedures.
- System Access Controls – Focuses on controlling who can access systems and data. This includes passwords, multi-factor authentication, and user permissions to prevent unauthorised use or data breaches.
-
Systems Development and Maintenance –
Ensures all systems are regularly updated and patched to fix vulnerabilities and maintain protection against evolving threats. - Physical Security – Protects hardware and devices from theft or tampering. This may include locked server rooms, CCTV, security staff, and access control systems.
- Compliance – Ensures the organisation complies with legal and regulatory requirements, especially those related to data protection laws like the UK GDPR.
- Security Policy – A formal, written policy that outlines the organisation’s approach to IT and data security. It sets expectations for staff behaviour and outlines procedures for dealing with security threats.
- Asset Classification and Control –Recognises information as a valuable asset. Each piece of data should have an assigned owner responsible for its protection, access, and classification based on sensitivity.
- Personnel Security – Ensures only trusted and properly trained staff have access to systems. Includes background checks, staff training, and clearly defined responsibilities to reduce internal threats.
What is cloud computing and how is it relevant to audit planning?
Cloud computing delivers services (e.g. storage, software, processing power) over the internet without the need for physical infrastructure.
In audit planning, it’s relevant because client data may be stored remotely, which impacts how auditors access and obtain sufficient, appropriate audit evidence.
What are the key challenges when auditing cloud-based systems, and why do they matter?
-
Third-party access dependencies –
Many companies outsource their accounting systems to third-party providers using cloud platforms. This means auditors may not have direct control over where or how data is stored. Auditors must plan for remote access and may face delays or complications obtaining sufficient and appropriate audit evidence. They need to coordinate with third parties to ensure access is granted and reliable data is available. - Security and certification concerns – Cloud systems often hold external certifications like SOC2, which can be helpful for assessing data security and integrity. However, cloud environments involve strict security protocols and permission controls. Auditors may need to go through complex procedures to access data securely. They must also evaluate whether the client’s cloud provider meets necessary security standards, especially regarding confidentiality, integrity, and availability of data.
What should auditors consider when auditing clients using cloud systems, and why?
- Understanding the cloud system’s structure – Auditors need to grasp how the cloud platform operates, where data is stored, and how it flows through the system. This ensures the auditor applies the right audit procedures and understands any system limitations that could affect evidence gathering.
- Timing of data access – Cloud systems may have restricted access windows or require special arrangements for pulling data. Auditors need to factor this into their planning and scheduling to avoid delays or missing critical data for testing.
- Staff expertise – Audit teams must have the technical knowledge to understand and assess cloud systems. Lack of understanding may lead to inadequate testing or failure to recognise security risks and data integrity issues.
- Storage and security of audit evidence –Auditors should know where and how evidence collected from the cloud will be stored and protected so as to maintain audit trail integrity, confidentiality, and compliance with audit standards.
- Security and access risks – Auditors must ensure any data access and usage complies with client security policies and does not compromise sensitive information. This is to protect against data breaches, unauthorised access, and to uphold professional and legal responsibilities.
