CHAPTER FOUR

4. Audit Planning and Linking Audit Procedures to Risk

4.1. Meaning and importance of Audit planning

Audit planning refers to the activity of a general establishing of audit objective,
understanding systems, prioritizing the audit works, including extent of work (deciding
on the auditable activity or area based on risk assessment), determining resource
allocation and other issues.
Planning is an essential element in the audit process to optimum utilization of resources
and efforts. Planning is not simply a process of scheduling a set of mechanistic audit
operations. It involves in general establishing objective, understanding systems,
prioritizing the audit works, including extent of work (deciding on the auditable
activity or area based on risk assessment), determining resource allocation and other
issues.
The responsibility of planning audit lies with the head of audit department. Audit plan
should be revised as and when necessary.

Advantage of Audit Planning

 Helps to define the objectives and the scope of the audit

 Provide base for allocating adequate resources in terms of human and other
resources.

 Provides base line for assessing, monitoring and controlling the progress of
each audit

 Enable the audit to be carried out more efficiently, effectively and timely

 This enables an auditor to organize the different aspects of audit work

including vouching, verification, and valuation, expression of opinion on
financial statement and submission of auditor’s report in a systematic and
mechanical manner.

 Audit planning helps in enhancing the quality of audit work.

 Satisfactory audit planning is important to establish the right means to achieve

the objective of audit, ensure that appropriate attention is paid to important
 areas of management, assists coordinating the work done by auditors and
express, etc.

4.1.2. Factors affecting the extent of Audit planning.

The auditor should plan to conduct an effective audit in an efficient and timely manner.
To this end, audit plan should be based procedures, the extent to which internal control
system may be relied up on, determination of appropriate audit procedures and
coordination of work.
In general, the following factors should be considered while planning audit;
 Complexity of audit (size or operational complexity of business)
 Environment in which the entity operates.
 Previous experience with the client
 Knowledge of the clients business, etc.
[
[

4.1.3. Preliminary Arrangements for Audit planning,

Preparation before audit plan refers to preliminary arrangements by the auditor with
regard to audit planning. An auditor must prepare well before he actually conduct audit
plan. Preliminary arrangement of audit plan, mostly based on the client’s knowledge
about the business. It is most important as this will help the auditor to identify the
events, transactions and a practice that is in his judgment, may have a significant effect
on the financial information. Such knowledge of the business can be obtained from;

 annual audit reports to shareholders

 Past performance/Overall performance

 Expected performance

 Problems encountered leading to non- attainment of goals etc

 Minutes of meeting of the Board of Directors:- by using the above minutes, an

auditor may obtain the information such as:
 Authorized capital expenditure
 Proposed Dividends
 Sale and acquisition of fixed Assets
 Acquisition of long term loans etc.

 Other committees like investment, budget, audit committee etc.

From such minutes, the auditor may obtain information on the client’s budgetary
policy and any problems that may have impeded such policies.
 Previous year’s audit working paper
These contain information on the client’s financial position, the strengths or other
wise of the ICS, Areas where frauds were detected on above all. Areas where the
auditor may not have received maximum cooperation from the client.
 Discussion with client: An auditor may also conduct interviews with responsible
personnel from the client’s organization. From such interviews, he may obtain
information such as:
 Efficiency of the client’s general administration and overall performance.
 Current market situation of the client in the industry
 The achievements of the client and also his failure to date.
 Manuals about client’s policy and procedure
 Relevant publications of the client ( trade journal, magazine, financial management
report, etc)
The auditor should look at the previous reports as well as the current ones. He may, be
able to establish whether the client’s financial position and objectives are consistent.
He will also establish previous performance and any deviations that need to be
explained.
 Visit to the clients premise and Facilities
The auditor will be able to obtain information regarding:
o Size of the client organization and implications for the audit
o Accounting systems and their adequacy
o Nature of the Company’s products and product lines
o Trading operations

4.1.4. Development of an overall Audit plan

An audit plan will not only help the auditor to understand the expected scope of audit
(area of operation), but also facilitates audit activity. The auditor should consider the
under mentioned matter while developing the overall audit plan.
 Terms of engagement and statutory requirements.
 Nature and timing of reports
 Accounting policies adapted
 Identification of significant audit area
 Nature and extent of audit evidence
 The work of internal auditor
 Conditions requiring special attention.

4.2. Audit Program

An audit program is a written scheme / schedule of the exact details of the work to be
done by the auditor and his/her staff in connection with a particular audit. The auditor
should prepare a written audit program setting forth the procedure that is needed to
implement audit plan. It is the auditor’s plan of action.
The plan also indicates the distribution of audit work to the audit staff giving deadlines
for their completion
4.2.1. Importance and Disadvantages of Audit Program

The major importances of audit program are;

 Basic instrument to train audit staff and used as guide for performance of audit
activities.
 Progress of work examined periodically
 Uniformity in performance can be ensured.
 Responsibility for negligence fixed
 Used for supervising the work of the staff
 Save time and assure adherence of to the principles of auditing.
Disadvantage of Audit program

Even though audit program have numerous importance, it suffers still from certain
limitations. Some of the common limitation of audit program is;
 Auditor’s task become mechanical and auditor’s may lose interest and initiative
 Audit program may not be complete and certain items may left form being checked.
 The periods and records required to be tested may not be varies systematically
 Procedures adopted may not be suitable or appropriate to circumstances of the client.
 No rigid audit program can be laid down for each type of audit work.

4.2.2. Preparation of Audit program

Audit program must be developed with due care and skill. In drawing up satisfactory
audit program the auditor should consider the following.
 Ascertaining exact duties of the auditor
 Obtaining list of records, journals, and ledgers
 System of internal control and the extent of reliability
 General nature and operation of the business
 Consulting audit staff while preparing audit programmer
 Examining the system of bookkeeping, accounting system, etc.
Audit Approaches

Audit approach is a point of view, an attitude or a deposition which influences the

procedures and techniquees adapted to a particullar audit circumstances. Different
approaches could be adapted for different purposes and circumstances or objects. The
following are some apprroaches commonly identified as influencing verfication
process.

1. Defensive Approach

In this approach the auditor is very cautious he is suspicious that there is always a
fraud or an error which might be concealed from him, or someone is trying to hide
from being discovered. Thus, he is prepared to fight fraudulent efforts to conceal and
becomes highly keen on methods that help detect fraud. He may at times not be
satisfied unless he finds one. The auditor adapts an attitude that the auditee is guilty
unless proven innocent. The drawback of this approach is it may enhance all the
negative image of an auditor in the public.

2. Positive Approach

In this case the auditor has a constructive attitude; based on the premise that a person
is innocent until proven guilty. Rather than directing efforts to detecting errors, his
efforts are directed to establishing if or conditions which lead to what should be
acceptable. He looks for explanations and possibilities that lead to conclusion. This
approach may lead the auditor to be easily fooled unless he is careful.
3. Analytical Approach
In this approach the auditor performs his audit work through the review of internal
control analysis. This approach involves studying and analysing circumstantial
evidences or indirect evidence which leads to developing techniques of evaluating
internal control systems and procedures.

4. Business Approach

The auditor’s attitude in this approach is not just to establish figures by tracing of
books, but rather to assess whether the figures on financial statements and accountants
“make sense” from the point of view of market conditions, business and economic
sense.

5. The balance sheet audit approach/ Inventory Approach

This approach directs the auditor to finding evidences by retracing to, or

corroborating figures with physical evidence, and reconciling documentary evidence
to physical evidence. Such techniques are usually applicable in cash, and inventory
counts.
An audit directed at the expression of opinion on financial statements. Consists of
three major components. The first involves obtaining, or updating, a knowledge of the
client – including its organizational structure and business objectives, strategies and
processes – and in doing so, identifying the client’s risk exposure and control
procedures implemented to monitor these. The second is the assessement of the
reliability of the accounting and control systems; the third is the verification of the fair
presentation of the financial statements.
Balance sheet audit approach involved procedures directed at substantiating that
assets and liabilities had been correctly disclosed in the balance sheet. The following
may be identified as the reasons why the balance sheet audit in itself cannot be
sufficient in forming an opinion on the faireness of the financial statements;
 Although the auditor is able, without resort to all the client’s detailed
accounting records, to verfy the existance and ownership of disclosed assets
and that liabilities disclosed are in fact owed, there can be no certainty or
substantial probability that all assets and liabilities of the client have been
included in the financial statemetns. The auditor’s tests for understatement of
assets and liabilities must be drawn inpart from evidence in the accounting
records and therefore depend on the reliability of the accounting system.
  The approapriate valuation of assets under the historic cost convention is
largely dependent on reliable accounting records. The valuation of
manufactured inventory illustrates the point. The checking of physical
quantities, and extensions and additions of the inventory of the inventory
sheets, prove little if the auditor does not check that approapriate unit costs
were obtained from reliable accounting records.
 In time, users of audited financial information, in addition to their concern
with solvency, directed their attention to achieved earnings and income-
earning potential of companies. The focus of auditing thus extended to the
income statement and its components. The accuracy of the individual
components of the income statement cannot be determined from a balance
sheet audit. While the auditor’s analytical reveiw procedures directed at the
verification of assets and liabilities may cover some components of the income
statement, much of the auditor’s opinion on the fair presentation of revenue
and expenses is based on theassessment of the reliability of the accounting
records.
The balance sheet verification procedures involved:
 Checking the arthimetical accuracy of the general ledger accounts;
 Checking the blances in the trial balance against those in the general ledger;
 Checking that the trial balance balanced and that amounts were appropriately
disclosed in the financial statements; and
 Verfying the assets and liabilities at the year end.
The verification of assets and liabilities was, at this stage of the development of
auditing, little more than acceptance of the book figures after checking the arithimetic
and postings. Gradually, however, auditors began to seek external evidence.
The extensive development of internal control systems that occurred as a concomitant
of increased company size greatly improved the reliability of accounting records and
made it possible for audtors to gain the requisite reliance from clients’ systems of
control.
6. The systems-based approach

The primary objective of a systems-based audit approach is to assess the effectiveness

of the accounting and internal control system so as to decide the reliance that may be
place on it to produce reliable fiancial statements. In theory, the examination of the
system could be approached in two different ways. One could evaluate an accounting
system through an examination of transactions processed and recorded by the system
or by an analysiss of the structure and design of the system itself. The former
appraoch looks at the product of the system and was once the most commonly
empolyed appraoched throughout the auditing profession. The latter approach
involves an examination of the mechanics of the system and if it is designed with
approapriate controls, checks and balances to prevent or detect errors, then this would
be a good indication that the accounting information produced by the system is
reliable.
As far as the primary objective of supporting an ausit opinion is concerned, either
approach has some validity. Following the transaction approach, the auditor draws a
conclussion about the whole population based on an examination of a part of it; in the
systems approach the auditor makes an inference about the accuracy of the accounting
records based on a knowledge and examination of the system which produced those
records.
7. The transaction flow or cycle approach

The auditor in this case concentrates his efforts on transactions or events,

reconstructing accounts of transactions, or tracing amounts back to initial event.
The concept of focusing on a small number of cycles through which a large number
of transactions are processed into a large number of accounts has been widely adopted
by the audit firms within the profession.
It has been said that the approach adopted by systems analysis when introducing
computerized accounting systems had a significant influence on thedevelopment of
the cycle approach.
The following are the four main transaction cycles found in most commercial and
industrial enterprises:
 Revenue/Receipts;
 Expenditure/Payments;
 Production/Inventory;
 Finance
 Financial Reporting cycle
 Integrity cycle [computerised accounting system]
The steps to be taken by the auditor when following the transaction cycle approach to
evaluate internal control may be summarized as follows:
 The business activities of the entity must be analysed to identify significant
categories of similar transactions that are processed. In thi swas the relevant
cycles which are operating are identifed.
 The functions that are performed within each cycle to authorized and record
transactions and safeguard assets must be identified.
 The internal control objectives for each cycle must be specified.
 Internal control techniques in use must be identified and evaluated as to
whether they achieve the specified control objectives.
The auditor accordingly makes a judgemental decision as to whether the control
objectives are achieved, partly achieved or not achieved at all. This is an importnat
phase of the decision on the overall audit approach for it determines the nature and
extent of the audit tests to be performed. If the control objectives are not achieved or
only partly achieved, the auditor must assess the risk that material errors or
irregularities could occur and go undetected in theprocessing of transactions. The risk
definition stage is important, for, by identifying the type of error that could occur, that
is, the risk faced, the auditor is able to design appropriate substantive tests to search
for such errors and should thus detect materail errors if these have occured.
The following are some advantages which f0lllow the adoption of the transaction
cycle approach to evaluating internal constrol systems:
 The transaction cycle approach combines a standardised systematic aaproach
with a flexibility that accommodates basic differences between the business
activities of diverse companies and the many alternative control techniques
that may be instituted by management to meet overall interanl control
objectives.
 The approach simplifies the review of controls in a complex system
environment, as the reviewer avoids being overhelmed by the detatils of
individual control techniques relating to transaction recording in numerous
individual general ledger accounts by focussing on the overall controls which
regulate the regulate the recording of similar transactions that flow through the
cycle and impact on several different ledger accounts.
  The approach simplifies the identification of offsetting strengths where a good
control feature in one function compensates for a weakness in another. For
example, the weakness arising from the lack of division of duties that exists
where the buyer also receives goods supplied is negated by the control
requirement that cheques are only prepared once suppliers’ statemetn balances
are reconciled to invoices and goods received advices prepared and signed by
warehouse or store staff.
 The auditor concentrates on systems of control and related transactions that
materially affect the entity’s financial statements.
8. Risk Based Audit Approach

The definition of audit risk and its analysis has had a far-reaching effect on the
auditor’s approach in recent times. The distinguishing feature has been the realization
that the auditor’s assessment of inherent risk [the intrinsic susceptibiliity of financial
information to material error] impacts on the nature and extent of the auditor’s and
other auditing procedures necesary to reduce overall audit risk to an acceptable level.
Obtaining audit assurance for differnt audit approaches ins summarised as follows:

AUDIT APPROACH AUDIT ASSURANCE

Inherent Control Substantive
Balance Sheet *
System Based / Transaction Cycle * *
Risk Based * * *

Traditionally, a risk based audit approach involved the auditor identifying internal and
external factors that could result in materail errors occuring at an overall financial
statement level and then relating such factors to their potential impact at an assertion
level in respect of balances or classes of transactions contained in financial
statements. Assertions are representations by managemetn, explicit or otherwise, that
are embodied in financial statemetns. For example, underlying assets disclosed in
financial statements are the assertions that such assets exist and are owned by the
entiry; that they have been appropriately measured and valued; and that all assets are
accounted for – termed completness.
Broadly speaking the business risk analysis approach involves the following steps:
  Obtaining a thorough knowledge of the entity, which would include its
directors, management and organizational structure, as well as its strategic
objectives and business process.
 Considering the director’s and amanagement’s assessement of the potential
risks faced by the entity that could result in material misstatemetns in the
accounting for the activities of an entity’s various business processes.
 Considering how the directors and managers of an entity manage these risks
 Should the auditor conclude that the risks have been adequately identified and
are apparently being appropriately managed or monitored, the auditor gathers
evidence regarding the operation of such monitoring and control procedures.
 Alternatively, should the auditor conclude that the risks have not been
adequately identified or appropriately managed or monitored, the auditor
responds by designing and performing extended substantive tests, normally
mainly tests of detail which should detect material misstatement if needed
such misstatements have occured.
3.6.2 Audit risk

At the planning stage of the audit the auditor considers the extent and nature of the
audit work he is to perform. It is common sense to realize that the ‘riskier’ the client
is, the more work the auditor will plan to perfome this risk might take many forms. It
could be a risk that the client is operating in a volatile market, and may not succeed. It
could be risks that the financial statements are misstated because managements are
biased, or because internal controls have failed to detect and correct errors.

3.6.3 Risk based audit

The risk-based audit is a developemnt of the systems based audt. It is used by auditors
in order to concentrate on high risk clients and on high risk areas of a client’s business
rather than perform detailed audit tests on alll areas of a client’s business. It enables a
cost effective audit to be achieve, and is dealt with in ISA 400 Risk Assessments and
Internal Control.

The auditor should obtain an understanding of the accounting and internal control
systems sufficient to plan the audit and develop an effective audit approach. The
auditor should use professional judgement to assess audit risk and to design audit
procedures to ensure it is reduced to an acceptably low level.
Total audit risk, the risk of giving an inappropriate opinion when financial statemetns
are materially misstated, has three components:
 Inherent risk [IR]: the susceptibility of an account balance or class of
transactions to material misstatement, irrespective of related internal controls.
 Control risk [CR]: the risk that material misstatement could occur in an
account balance or class of transactions which would not be prevented or
detected by the accounting or internal control systems.
 Detection risk [DR]: the risk that auditors’ substantive procedures do not
detect a material misstatement in an account balance or class of transactions.
The three risk multiplied together give total audit risk.
AR = IR x CR x DR
The combination of inherent risk and control risk is referred to as cleint or entity risk
ie, both these risks relate to a client as an entity. It is both elements of entity risk
which the auditor needs to consider at the planning stage although control risk will
need to be re-considered when the client’s accounting systems are examined in detail.