Module 3 AUDIT PLANNING AND SUPERVISION
OUTLINE Materiality: nature (quantitative and qualitative), determination, impact and use throughout different phases of the audit Audit risk and its components (inherent, control and detection risks) Audit strategies (risk-based auditing, test of controls, substantive procedures, audit around and through the computerized systems) and their impact on the conduct of the audit. Knowledge of the entity and its environment: business, risk, management, and accounting system Nature, extent and timing of audit procedures in response to assessed risks of material misstatement, sufficient and appropriate audit evidence, types of audit evidence, general audit techniques (enquiry, observation, inspection, analysis, computation, confirmation) Audit planning memo, audit programme and working papers. Audit Supervision and review
Materiality: In planning the conduct of an audit, auditors seek to provide reasonable assurance that the financial statements are free of material mis-statement and give a true and fair view. Auditors exercise professional judgement in determining what is material. Both the amount (quantity) and the nature (quality) of mis-statements are considered in determining materiality. There exists a difficulty in ascribing general mathematical definition to materiality, in that it has both qualitative and quantitative aspects. Auditors must consider the possibility of misstatements of relatively small amounts that, cumulatively, could have a material effect on the financial statements. For example, a relatively small error in a month-end procedure could be an indication of a potential material misstatement, if that error is repeated each month during the financial year that is being audited. The International Statement on Auditing on Audit Materiality states that information is considered to be material to the financial statements if the misstatement or omission of such information may reasonably be expected to.influence the economic decisions of users. of those financial statements, including their assessments of management s stewardship.
A misstatement or the aggregate of all misstatements in financial statements is material if, considering the surrounding circumstances: (a) It is probable that, the decision of a person who is relying on the financial statements; and (b) Who has a reasonable knowledge of business and economic activities (the user), would be changed or influenced by such misstatement or the aggregate of all misstatements. Steps in establishing materiality The steps to be followed in establishing materiality of an audit item are: (a) Set a threshold at the planning stage about materiality; (b) Record misstatements identified in the course of the audit; and (c) Document the likely misstatements and compare with materiality. When immaterial information is given in the financial statements, the result may distort the understandability of the other information provided. In such circumstances, the auditors need to consider the exclusion of such immaterial information. However, the requirements of legislation, accounting standards and auditing standards must be considered in determining the nature of information to be given in the financial statements.
Materiality and audit work In planning and conduct of an audit, auditors must consider: (a) Materiality and its relationship with audit risk; and (b) Materiality when determining the nature, timing and extent of audit procedures. At the planning stage, the assessment of materiality based on the latest available reliable financial information, assists in the determination of an efficient and effective audit approach. The preliminary materiality assessment helps auditors decide such questions as what items to examine, and whether to use sampling techniques. This enables auditors to select audit procedures that, in combination, reduce audit risk to an acceptably low level. In practice, the assessment of materiality at the audit planning stage, may differ from that at the time of evaluating the results of audit procedures. This may be caused by a change in circumstances, or a change necessitated by the outcome of the audit. For example, if the actual results of operations and financial position are different from those they expected when the audit was planned.
Auditors must consider the implications of factors which result in the revision of their preliminary materiality assessment on their audit approach. In this circumstance, auditors may modify the nature, timing and extent of planned audit procedures. For example, if, after planning for specific audit procedures, auditors determine that the acceptable materiality level falls short of the initial materiality level, the risk of failing to detect a material mis-statement necessarily increases. The risk may be compensated for by the auditors carrying out more audit work.
Audit risk and its components Audit risk means the risk that auditors may give an inappropriate audit opinion on financial statements. Audit risk has three components: inherent risk, control risk and detection risk. Inherent risk: is the susceptibility of an account balance or class of transactions to material misstatement, either individual or when aggregated with misstatements in other balances or classes, irrespective of related internal controls. Control risk: is the risk that a misstatement could occur in an account balance or class of transactions and that could be material, either individually or when aggregated with misstatements in other balances or classes, would not be prevented, or detected and corrected on a timely basis by the accounting and internal control systems. Detection risk: is the risk that auditors. substantive procedures (tests of details of transactions and balances or analytical procedures) do not detect a misstatement that exists in an account balance or class of transactions that could be material, either individually or when aggregated with misstatements in other balances or classes.
The nature, timing and extent of the procedures performed by auditors to obtain an understanding of the systems vary, because of: (a) Materiality considerations; (b) The size and complexity of the entity; (c) Their assessment of inherent risk; (d) The complexity of the entity s computer systems; (e) The type of internal controls involved; and (f) The nature of the entity s documentation of specific internal controls. Usually, the auditors. understanding of the systems is obtained through previous experience with the entity updated as necessary by: (a) Enquiries of appropriate supervisory and other personnel at various organizational levels within the entity, together with reference to documentation such as procedures manuals, job descriptions and systems descriptions; (b) Inspection of relevant documents and records produced by the systems; and (c) Observation of the entity s activities and operations, including the information technology functions organization, personnel performing control procedures and the nature of transaction processing
Audit Strategies The auditor develops the general audit strategy in an overall audit plan to set the direction for the audit and provide guidance for the development of the audit programme. The audit programme sets out the detailed procedures required to implement the strategy as part of planning for the audit. Auditors need to discuss elements of the overall audit plan and certain audit procedures with: (a) The entity s management and staff; and (b) The audit committee (where such a committee is in place) in order to improve the effectiveness of the audit and to co-ordinate audit procedures with work of the entity s personnel, including internal auditors. The overall audit plan and the detailed audit procedures to be performed, however, remain the auditors. responsibility.
Test of Control Tests of control are performed to obtain audit evidence about the effective operation of the accounting and internal control systems - that is, that properly designed controls identified in the preliminary assessment exist in fact and have operated effectively throughout the relevant period. They include tests of elements of the control environment where strengths in the control environment are used by auditors to reduce control risk assessments. In the process of obtaining the understanding of the accounting and internal control systems, some tests of control on one assertion may provide audit evidence about the effectiveness of the operation of internal controls relevant to another assertion and, consequently, serve as tests of control for the other assertion. For example,.in obtaining the understanding of the accounting and internal control systems pertaining to cash, auditors may obtain audit evidence about the effectiveness of the bank reconciliation process, through enquiry and observation. In these circumstances, when auditors conclude that procedures performed to obtain the understanding of the accounting and internal control systems also provide audit evidence about the operating effectiveness of policies and procedures relevant to a particular financial statement assertion, they may use that evidence, on its own or (if not in itself sufficient) with other appropriate audit evidence, to support a control risk assessment at less than high.
Tests of control may include: (a) Corroborative enquiries about, and observation of, internal control functions; (b) Inspection of documents supporting controls or events to gain audit evidence that internal controls have operated properly, for example, verifying that a transaction has been authorized or a reconciliation approved; (c) Examination of evidence of management reviews, for example minutes of management meetings at which financial results are reviewed and corrective action taken; (d) Re-performance of control procedures, for example reconciliation of bank accounts, to ensure they were correctly performed by the entity; and (e) Testing of the internal controls operating on specific computerized applications or over the overall information technology function, for example access or program change controls
Substantive procedures are those policies and procedures in addition to the control environment which are established to achieve the entity s specific objectives. They include, in particular procedures designed to prevent or to detect and correct errors. The latter may be a particular focus of high level controls in small or owner-managed entities. Specific control procedures include: (a) Approval and control of documents; (b) Controls over computerized system and the information technology environment; (c) Checking the arithmetical accuracy of the records; (d) Maintaining and reviewing control accounts and trial balances; (e) Reconciliations; (f) Comparing the results of cash, security and stock counts with accounting records; (g) Comparing internal data with external sources of information; and (h) Limiting direct physical access to assets and records.
In a computer environment, auditors may find it necessary, or may prefer to use computer-assisted audit techniques. The use of such techniques, for example file interrogation tools or audit test data, may be appropriate when the accounting and internal control systems provide no visible evidence documenting the performance of internal controls which are programmed into a computerized accounting system.
Knowledge of the entity and its environment Prior to acceptance of an engagement, auditors obtain a preliminary knowledge of the industry and of the ownership, directors, management and operations of the entity to be audited, sufficient to enable them to consider their ability to undertake the audit. The following are to be considered: (a) General economic factors and industry conditions affecting the entity.s business; (b) Important characteristics of the entity, its business, principal business strategies, its financial performance and its reporting requirements, including changes since the previous audit; (c) The operating style and control consciousness of directors and management; and (d) The auditors. cummulative knowledge of the accounting and internal control systems and any expected changes in the period.
Knowledge obtained prior to acceptance of an engagement generally includes: (a) Knowledge from previous relevant experience; (b) Knowledge from enquiries of predecessor auditors; (c) Specific rules or regulations pertaining to the industry; (d) Accounting standards applicable to the industry; (e) An initial perception of the viability of the business; and (f) The perceived integrity of the directors and management. Auditors also require sufficient knowledge to enable them to assess whether there is a requirement for staff with specialist audit expertise (for example computer audit specialists) or other experts.
Nature, Timing and Extent of Procedures The following are to be considered: (a) The relative emphasis expected to be placed on tests of control and substantive procedures; (b) The effect on the audit of the use of information technology by the entity or the auditors; (c) The work of any internal audit function and its expected effect on external audit procedures; (d) Procedures which need to be carried out at or before the year end; and (e) The timing of significant phases of the preparation of the financial statements.
Procedures for obtaining audit evidence Auditors normally obtain audit evidence by inspection, observation, enquiry, confirmation, computation and analytical procedures. The choice of one or a combination of the procedures which the auditor may adopt is dependent, in part, upon the period of time during which the audit evidence sought is available and the form in which the accounting records are maintained. Inspection Inspection involves the following: (a) Examination of records, documents or tangible assets; (b) Provision of audit evidence of varying degrees of reliability depending on their nature and source and the effectiveness of internal controls over their processing. Inspection provides reliable audit evidence about the existence of the tangible assets inspected, but not necessarily as to the ownership or value of such assets.
Observation The auditor by observation looks at a procedure being performed by others. For example, the auditor observes the counting of stock by the entity s staff or the performance of internal control procedures as part of the conduct of an audit. Confirmation This involves obtaining response to an enquiry to corroborate information previously made available to the auditors in the course of the audit. Examples of direct confirmation are as follows: (a) Confirmation of debts by communication with debtors; (b) Confirmation of legal cases by communication with the entity.s solicitors; and (c) Confirmation of bank balances by communication with the entity s bankers, etc. Computation The auditor uses computation to check the arithmetical accuracy of source documents and accounting records. Computation also involves performing independent calculations.
Analytical procedures Analytical procedures consist of the analysis of relationship between: (a) Items of financial data; (b) Items of financial and non-financial data, derived from the same period; and (c) Comparable financial information deriving from different periods or different entities. Analytical procedures are used to identifying consistencies and predicted patterns or significant fluctuations and unexpected relationships, and the results of investigations performed. Documentation It is the duty of the auditor to document matters which are important in providing evidence t was carried out in accordance with auditing standards, accounting standards and relevant regulations. The International Federation of Accountants (IFAC) published the International Standard on Auditing titled.documentation. which establishes standards and provides guidance regarding documentation in the context of the audit of financial statements. o support the audit opinion and evidence that the audit.
Audit planning memo, audit programme and working papers In developing the detailed audit procedures to be performed, auditors consider the assessments of risks of error and the amount of audit evidence that the procedures are planned to provide. They also consider the co-ordination of audit work with any work on preparing the financial statements, the timing of tests of controls and substantive procedures, and the co-ordination of any assistance expected from the entity, the composition of the audit team and the involvement of other auditors or experts. The documentation may take the form of an audit programme which: (a) Sets out the audit procedures the auditors intend to adopt; (b) Includes reference to other matters such as the audit objectives, timing, sample; (c) Determine the size and basis of selection for each area; (d) Serves as a set of instructions to the audit team; and (e) Serves as a means to control and record the proper execution of the work. The level of detail in the audit programme depends on the complexity of the audit, the extent of other documentation and experience of the members of the audit team.
Working Papers Auditors should document in their working papers matters which are important in supporting their report.. In this context, Working papers are the material that auditors prepare or obtain, and retain in connection with the performance of the audit. Working papers may be in the form of data stored on paper, film, electronic media or other media. Working papers support, amongst other things, the statement in the auditor s report as to the auditors compliance or otherwise with auditing standards, and thus record compliance with auditing standards to the extent that it is important in supporting their report. Working papers are the record of: (a) The planning and performance of the audit; (b) The supervision and review of the audit work; and (c) The audit evidence resulting from the audit work performed which the auditors consider necessary and on which they have relied to support their report.
Audit Supervision and Review Working papers: (a) assist in the planning and performance of the audit; (b) assist in the supervision and review of the audit work; and (c) record the audit evidence resulting from the audit work performed to support the auditor s opinion.
Review Questions 1) Highlight the steps in determining materiality. 2) What is Audit risk? Discuss the types of audit risk 3) Highlight the knowledge that is to be obtained prior to acceptance of an engagement 4) What is a working paper? 5) Highlight the procedures in obtaining audit evidence
Reference Adebisi.J.F (2009), Auditing, Investigation and Assurance Services, Bee Printing & Publishing Co, Abuja Nigeria. ANAN Study Pack