LO 5.

5 Developing an overall audit strategy

Once the auditor has obtained an understanding of the entity, its environment and its
business risks, the auditor, through that understanding, is able to make judgments in
relation to areas of audit risk and materiality to assist in the development of an overall audit
strategy and a detailed audit plan.

ASA 300.7 (ISA 300.7) requires that the auditor establish an overall audit strategy, which
requires the auditor to make decisions in relation to the scope of the audit, the general
evidence requirements for the forming of an opinion, and the initial choice as to the nature,
timing and extent of audit procedures to make efficient use of resources. The auditor also
considers the terms of the engagement and any statutory responsibilities, the effect of new
accounting or auditing standards and the work of internal auditors. Examples of the
specific decisions coming from the determination of the audit strategy include whether and
where to use statistical sampling or computer-assisted audit techniques (CAATs); the
appropriate levels of audit staff to assign to particular parts of the audit; the involvement of
experts; and whether another firm of auditors might be engaged to audit a branch location
to save travel by audit staff.

The interrelationship between materiality, audit risk and what constitutes sufficient
appropriate audit evidence affects the auditor’s choice of strategy. Two alternative audit
strategies, representing opposite ends of a continuum of possible strategies, are a lower
assessed level of control risk and a predominantly substantive approach.

Page 205

Lower assessed level of control risk approach

If the internal control is well designed and expected to be highly effective, the auditor may
Copyright © 2018. McGraw-Hill Australia. All rights reserved.

adopt a lower assessed level of control risk approach. However, this approach will only be
adopted where it is expected that the cost of the more extensive procedures necessary to
obtain the required understanding of the internal control and test controls will be more than
offset by reduced costs from performing less extensive substantive procedures.

The audit strategy will be as follows:

Use a planned assessed level of control risk of low or medium.

Obtain an extensive understanding of relevant parts of the internal control.

Gay, GE, & Simnett, R 2018, Auditing and Assurance Services in Australia, McGraw-Hill Australia, Sydney. Available from: ProQuest Ebook Central. [30 October 2020].
Created from usc on 2020-10-30 19:50:58.
 Plan extensive tests of controls.
Plan restricted substantive audit procedures based on the planned acceptable level of
detection risk being high or medium.

Predominantly substantive approach

If the auditor believes that adequate controls do not exist or that existing controls are likely
to be ineffective, the auditor will adopt a predominantly substantive approach. This
approach might also be adopted when an auditor expects that the cost of the procedures
necessary to obtain an extensive understanding of the internal control and test controls so
as to enable a lower level of control risk will be more than the cost of performing extensive
substantive procedures.

The audit strategy will be as follows:

Use a planned assessed level of control risk of high.

Plan to obtain a minimum understanding of the internal control.
Plan no tests of controls.
Plan extensive substantive audit procedures based on a planned acceptable level of
detection risk of low or medium.

These audit strategy determinations and the resultant broad audit strategy should be
documented in accordance with ASA 300 (ISA 300), and then reflected in a more detailed
audit plan or audit program.

Preparing a detailed audit plan or program

An audit plan or audit program is a detailed list of the audit procedures to be applied to a
Copyright © 2018. McGraw-Hill Australia. All rights reserved.

particular account or class of transactions needed to implement the audit strategy. ASA
300.9 (ISA 300.9) requires the auditor to develop and document an audit plan, setting out
the nature, timing and extent of planned audit procedures required to reduce audit risk to an
acceptably low level. ASA 300.A19 (ISA 300.A19) notes that the auditor may document
the audit plan by the use of appropriately tailored standard audit programs and audit
checklists. A well-prepared audit program provides the following:

Evidence of proper planning of the work It allows a review of the proposed scope of
the audit before the work is performed, when there is still time to modify the proposed
audit procedures.
Gay, GE, & Simnett, R 2018, Auditing and Assurance Services in Australia, McGraw-Hill Australia, Sydney. Available from: ProQuest Ebook Central. [30 October 2020].
Created from usc on 2020-10-30 19:50:58.
 Guidance to inexperienced staff It lays down the specific audit procedures to be
performed and thus provides a set of instructions to assistants.
Evidence of the work performed Each staff member signs or initials each step in the
program upon completing the required work.
A means of controlling the time spent on the engagement The program may show the
estimated time required to complete each audit step and have provision for recording the
actual time taken.
Evidence of the consideration of internal control in relation to the proposed audit
procedures Many programs include a brief summary of the important internal control
activities relevant to the area to be tested, so the auditor can evaluate the work undertaken
in terms of the strengths and weaknesses of internal control.

It must be remembered that the audit program is only tentative, based on Page 206
assumptions about the entity’s accounting procedures and internal control. When
the audit work cofmmences, if the conditions are not as anticipated the auditor may revise
the program on the basis of the conditions actually found. For example, if the auditor’s
preliminary review and evaluation of internal control for accounts receivable shows strong
internal control, the program may be designed to confirm only a limited number of
accounts receivable. If, however, as a result of the work undertaken the anticipated
strengths are not found, the program should be changed to meet these circumstances, such
as confirming more accounts receivable.

The audit program is generally prepared by the audit senior (in charge) in conjunction with
the manager, and is reviewed and approved by the audit partner. The audit program for a
particular engagement is influenced by the nature and size of the entity’s business, the
strategy of management and its associated risks, the internal control and the entity’s
accounting procedures. The factors that define audit procedures in preparing a detailed
program are:

1. nature—the particular audit procedures to use and the particular items to which a
Copyright © 2018. McGraw-Hill Australia. All rights reserved.

procedure will be applied

2. extent—the number of items to which the procedure will be applied (the sample sizes)
and the number of different tests to be performed
3. timing—the appropriate time to perform the procedure.

Thus, the questions the auditor must ask can be summarised as ‘what’, ‘how many’ and
‘when’. In answering these questions, the auditor considers, for a particular account, class
of transactions or disclosure:

1. the risk of undetected errors or other irregularities getting through in the audit
Gay, GE, & Simnett, R 2018, Auditing and Assurance Services in Australia, McGraw-Hill Australia, Sydney. Available from: ProQuest Ebook Central. [30 October 2020].
Created from usc on 2020-10-30 19:50:58.
 2. the practical availability of evidence that would indicate the presence or absence of a
material error or irregularity of that type
3. the maximum dollar amount of errors or irregularities acceptable (the materiality
decision).

Entity-specific audit programs

The types of errors and other irregularities that can occur and the reliability of evidence
produced by particular procedures bear some similarity from entity to entity. Thus, it is
possible to produce a standardised list of audit tests for particular accounts, classes of
transactions and disclosures that can be adapted to the circumstances of a specific
engagement. Exhibit 5.3 illustrates a simplified audit program for accounts payable.

EXAMPLE OF A SIMPLIFIED AUDIT PROGRAM FOR

EXHIBIT 5.3
ACCOUNTS PAYABLE
Copyright © 2018. McGraw-Hill Australia. All rights reserved.

Prepared by:
Date:

Approved by:
Date:

Accounts Payable
[CLIENT’S NAME]

Gay, GE, & Simnett, R 2018, Auditing and Assurance Services in Australia, McGraw-Hill Australia, Sydney. Available from: ProQuest Ebook Central. [30 October 2020].
Created from usc on 2020-10-30 19:50:58.
 AUDIT PROGRAM FOR ACCOUNTS PAYABLE
[AUDIT PERIOD]

Item Remarks as to W.P.

no. Audit procedures Done by: extent covered, etc. ref.

1 Obtain or prepare a    
schedule of accounts
payable.

2 Examine creditors’    
invoices and monthly
statements on a test
basis for support of
individual balances.

3 Investigate large,    
irregular, old or disputed
balances and obtain an
explanation for old and
disputed items.

4 Consider confirming    
accounts with unusual
balances (3) and with
principal suppliers (2).

5 Search for unrecorded    

liabilities by:
(a)
referring to minutes
Copyright © 2018. McGraw-Hill Australia. All rights reserved.

(b)
examining unentered
invoices
(c)
examining invoices
entered for period after
balance date
(d)
examining cash
disbursements after
balance date.

Gay, GE, & Simnett, R 2018, Auditing and Assurance Services in Australia, McGraw-Hill Australia, Sydney. Available from: ProQuest Ebook Central. [30 October 2020].
Created from usc on 2020-10-30 19:50:58.
 The timing of audit procedures was considered earlier in this chapter. The extent of audit
procedures is probably the most difficult decision in detailed program planning. The
auditor must continually decide how much evidence is enough. In most cases, this question
is answered by reference to accumulated experience, supported by decision support
systems maintained within the audit firm. Such judgments are not intuitive: they are based
on consideration of the effectiveness of controls, knowledge of and experience with the
entity, understanding of what has worked in similar circumstances and the composition of
the account being tested. For example, some accounts contain only a few large items that
represent most of the balance. This makes it easy to verify the majority of the account’s
balance by substantively verifying a few large items.

Caution is required in using a standardised list of audit tests because circumstances differ
between entities. The auditor must consider the evaluation of audit risk and the likelihood
of errors and irregularities for the particular account in order to determine the need for
additional or unusual procedures. Also, each audit program must be adapted by deciding
the extent and timing of procedures. In that sense, every audit program should be tailor
made. Many audit firms have computer software available to them that takes the
assessment of inherent risk and control risk (by prompting audit staff’s responses to
specific questions) and combines it with knowledge of the entity to produce tailor-made
audit programs for the account balances, classes of transactions and disclosures for that
entity. The decisions made in last year’s audit about the nature, timing and extent of
procedures should not be followed routinely.

Page 207

QUICK REVIEW
1. An audit strategy covers the overall scope and conduct of the audit.
Copyright © 2018. McGraw-Hill Australia. All rights reserved.

2. The auditor will normally choose an audit strategy of either a lower

assessed level of control risk or a predominantly substantive approach,
depending on the interrelationship between materiality, audit risk and
sufficient appropriate audit evidence. The choice will take into account the
cost effectiveness of each approach.
3. An audit plan or audit program will be prepared to reflect the detailed
procedures for the strategy chosen and will be approved by the audit
partner.
4. Many audit firms use computer software to produce audit programs that
are adapted or tailored to the particular audit.

Gay, GE, & Simnett, R 2018, Auditing and Assurance Services in Australia, McGraw-Hill Australia, Sydney. Available from: ProQuest Ebook Central. [30 October 2020].
Created from usc on 2020-10-30 19:50:58.