PLANNING AN AUDIT OF FINANCIAL STATEMENTS

INTRODUCTION

Planning an audit involves establishing the overall audit strategy for the engagement and developing a detailed audit plan, in order
to reduce audit risk to an acceptably low level.

MAJOR AUDIT PLANNING ACTIVITIES

A. Understand the client and its environment
B. Assess the possibility of non-compliance
C. Establish materiality and assess risk
D. Identify related parties
E. Perform Preliminary Analytical Procedures
F. Determine the need for experts
G. Develop the overall audit strategy
H. Preparation of Preliminary Audit Program

RISK ASSESSMENT PROCEDURES (RAP)

• RAP--a major category of audit procedures designed to obtain an understanding of the entity (ie., the client) and its
environment, including the client’s internal control.
• RAP Procedures include:
-Inquiries - of management and others within the entity
-Observation - and inspection, and
-Analytical procedures

A. OBTAIN AN UNDERSTANDING OF THE CLIENT AND ITS ENVIRONMENT

Requires an understanding of the following:
• Industry, regulatory and other external factors, including the applicable financial reporting framework
• Nature of the entity (i.e., operations, governance structures, investment appetite)
• The entity’s accounting policies, including the reasons for changes thereto.
• Objectives and strategies and the related business risk that may result in risks of material misstatements
• Measurement and review of the entity’s financial performance
• Internal control

B. ASSESSING THE POSSIBILITY OF NON- COMPLIANCE

• ‘Non-compliance’ refers to acts of OMISSION OR COMMISSION by the entity being audited, either intentional or unintentional,
which are contrary to the prevailing laws or regulations.

C. ESTABLISHING MATERIALITY AND ASSESSING RISK

• Establish a preliminary judgment about materiality.
• Determine tolerable misstatement.
• Estimate likely misstatements and compare the totals to the preliminary judgment about materiality.

THE EFFECT OF MATERIALITY ON AUDIT PROCEDURES

•The amount of tolerable misstatement assigned to an account affects the extent of audit procedures.
•The LOWER the tolerable misstatement, the MORE EXTENSIVE the required audit procedures.
•The concept of materiality recognizes that auditors work within constraints of time and cost.

D. IDENTIFY RELATED PARTY – in relation to BIR 1709 form, need to report on a separate return during submission of AFS

E. PERFORMING ANALYTICAL PROCEDURES

• Analytical procedures refer to evaluations of financial information made by a study of plausible relationships among both financial
and non- financial data.
• These procedures are required to be performed in the planning and in the final review stages of the audit, but not required as
substantive test procedure.

ANALYTICAL PROCEDURES DURING PLANNING

• The primary objective in performing analytical procedures in the PLANNING STAGE of the audit, is TO ENHANCE THE
AUDITOR’S UNDERSTANDING OF THE CLIENT, its business and the industry in which the client operates and to
identify areas of potential risk of material misstatements.
F. DETERMINING NEED FOR EXPERT
• When determining the need to use the work of an auditor’s expert, the auditor would consider:
– The engagement team’s knowledge and previous experience of the matter being considered;
– The risk of material misstatement based on the nature, complexity, and materiality of the matter being considered; and
– The quantity and quality of other audit evidence expected to be obtained.

• The auditor should evaluate the professional competence of the expert.

• This will involve considering the expert’s professional certification or licensing by, or membership in, an appropriate
professional body.
• It also involves considering the expert’s experience and reputation in the field in which the auditor is seeking audit
evidence.
• The auditor should evaluate the objectivity of the expert.

G. DEVELOPMENT OF THE AUDIT STRATEGY

The establishment of the overall audit strategy involves:
• Determining the characteristics of the engagement that define its SCOPE;
• Ascertaining the reporting objectives of the engagement to plan the TIMING of the audit and the nature of the communications
required; and
• Considering the important factors that will determine the FOCUS or direction of the engagement team’s efforts.

SCOPE of audit engagement includes:

• Financial reporting framework applied in the preparation of financial statements
• Industry-specific reporting requirements
• Expected audit coverage, including number and locations of components
• The reporting currency to be used
• Availability of the work of internal auditors
• Effects of information technology on audit procedures

FOCUS of audit engagement includes:

• Audit areas where there is a higher risk of material misstatement
• Selection of the engagement team and assignment of audit work to the team members
• Engagement budgeting
• Significant business developments affecting the entity
• Significant changes in the financial reporting framework

TIMING of audit engagement includes:

• Observation of physical inventory count
• Confirmation of accounts receivable
• Commencement of field work
• Submission of required schedules and analyses
• Closing conference
• Availability of FS for client’s Board of Directors’ meeting
• Filing of financial statements with BIR, SEC

H. PREPARATION OF PRELIMINARY AUDIT PROGRAM

• AUDIT PROGRAM is a list of procedures (tests of controls or substantive tests) used to gather sufficient appropriate audit
evidence.
• For INITIAL ENGAGEMENTS, preliminary audit programs are prepared after the client’s control structure has been reviewed and
documented
• In CONTINUING ENGAGEMENTS, preliminary audit programs can be drafted in advance of fieldwork, based on the auditor’s prior
knowledge of the client’s control structure and the results of previous assessments of control risk.

OTHER PLANNING CONSIDERATIONS

• Arrangement for Company Assistance.
• Consider the Work of the Internal Auditors.
• Direction, Supervision and Review of the audit engagement.
 STUDY AND EVALUATION OF INTERNAL CONTROL
INTERNAL CONTROL
Internal control is a process, effected by an entity’s board of directors, management and other personnel, designed to provide
reasonable assurance regarding the achievement of objectives in the following categories:
o Effectiveness and efficiency of operations,
o reliability of financial reporting, and
o compliance with applicable laws and regulations.

WHAT IS AN INTERNAL CONTROL SYSTEM?

An internal control system consists of all the policies and procedures (i.e., related to internal control) and processes adopted by the
management of an entity to assist in achieving management’s objective of ensuring, as far as practicable, the orderly and efficient
conduct of its business.

COMPONENTS OF INTERNAL CONTROL

1. Control Environment
2. Risk Assessment Process
3. Control Activities- Information System and Related Business Processes Relevant to Financial Reporting and Communication
4. Monitoring of Controls

1. THE CONTROL ENVIRONMENT

o The control environment sets the tone of an organization, influencing the control consciousness of its people.
o It is the foundation for all other components of internal control, providing discipline and structure.
o It includes the governance and management functions and the attitudes, awareness, and actions of those
charged with governance

ELEMENTS OF THE CONTROL ENVIRONMENT

a. Communication and enforcement of integrity and ethical values

b. Commitment to Competence
c. Participation by Those Charged with Governance
d. Management’s Philosophy and Operating Style
e. Organizational Structure
f. Assignment of Authority and Responsibility
g. Human Resources Policies and Practices

COMMITMENT TO COMPETENCE

-Competence should reflect the knowledge and skills needed to accomplish tasks that define the individual’s job.
-How well these tasks need to be accomplished generally is a management decision which should be made considering
the entity’s objectives and management’s strategies and plans for achievement of the objectives.

2. THE ENTITY’S RISK ASSESSMENT PROCESS

Risk assessment is the identification and analysis of relevant risks to achievement of the company’s objectives, forming
a basis for determining how the risks should be managed.

Changes in economic, industry, regulatory and operating conditions should be identified and the risks associated with
changes should be assessed.

CONDITIONS THAT MAY INCREASE RISK

Changed Operating Environment
New Personnel
New or Revamped Information Systems
Rapid Growth of Business
Significant Decline in Economic Condition
New Technology
New product lines and activities
 Corporate restructuring

3. COMPONENTS OF INFORMATION AND COMMUNICATION CONTROL

a. Timely Reporting of Financial and Operational

b. Performance (e.g., Variance Analysis)
c. Relevant Information Provided to the Right People
d. Communication of Control Responsibilities
e. Openness of communication channels

INFORMATION AND COMMUNICATION COMPONENTS AUDITORS ASSESS

- Whether the information system produces the financial, operational and compliance reports needed to run the
business;
- Whether pertinent information is identified, captured and communicated in a form that enables people to effectively
carry out their responsibilities;
4. COMPONENTS OF CONTROL ACTIVITIES
(PSA 315)
Performance Review Information Processing Physical Controls Segregation of Duties Authorization

EXAMPLES OF MONITORING CONTROLS Periodic review of expenses against budget

Analysis of trends
Review of performance indicators Internal and external audits Operations audit

POLICIES AS MEANS OF CONTROL

1. Policies should be clearly stated in writing, systematically organized into handbooks, manuals, or other publications,
and properly approved.
2. Policies should be systematically communicated to all officials and appropriate employees of the organization.
3. Policies must conform with applicable laws and regulations.

THOUGHT ON POLICIES AND PROCEDURES

“Policies are excellent, but if they are not effectively communicated to the staff they are a waste of time.”

LIMITATIONS OF INTERNAL CONTROL

1. Internal Control cannot ensure that all frauds will be detected; people have fertile minds.
2. Internal control will not change a stupid manager into a genius.
3. Risk assessment and the establishment of internal control is EXPENSIVE.
4. Some situations do not allow effective controls to be implemented.
5. Most internal controls tend to be directed at routine rather than non-routine transactions.
6. The potential for human error due to carelessness, distraction, mistakes of judgment and the misunderstanding
of instructions.
7. The possibility that a person responsible for exercising an internal control could abuse that responsibility (i.e.,
management override).

OTHER REASONS WHY CONTROLSDON’T WORK

Fatigue Complexity Communication

PLACEMENT OF CONTROLS

Controls should be positioned where they are most effective. They should be installed:
1. Before an expensive part of the project.
2. Before points of no (or difficult) return.
3. Where one phase of an operation ends and another starts.
4. Where corrective action is easier to take.
5. Where accountability for resources change.
 STEPS IN THE STUDY AND EVALUATION OF INTERNAL CONTROLS
1. Obtain and DOCUMENT your Understanding of the Control Structure
2. ASSES the Level of Control Risk.
3. Perform TEST OF CONTROL
4. Determine the NATURE, TIMING AND EXTENT of SUBSTANTIVE TEST.

PSA 315, REQUIRES

The auditor should OBTAIN AN UNDERSTANDING OF THE CLIENT’S INTERNAL CONTROL SYSTEM, including the
related business processes, relevant to financial reporting, in order to:
o Identify types of potential misstatements in the financial statements.
o Identify factors that affect the risk of material misstatements in the financial statements.
o Design the nature, extent and timing of further audit procedures.
o After obtaining an understanding of the internal control systems, the auditor should make a PRELIMINARY
ASSESSMENT OF CONTROL RISK at the assertion level, for each material account balance or class of
transactions.
o The assessment could be HIGH (ie., internal control elements are not present), or LESS THAN HIGH (ie.,
internal control elements are present).

IN CONSIDERING THE NATURE OF THE RISKS, THE AUDITOR CONSIDERS

o Whether the risk is a risk of fraud
o Whether the risk is related to recent significant
economic, accounting or other developments
and, therefore, requires specific attention
o The complexity of transactions
o Whether the risk involves significant
transactions with related parties
o Whether the risk involves significant transactions that appear to be unusual

CONTROL RISK ASSESSED. . . AS HIGH

Control risk should be assessed as. . . HIGH.. for some or all assertions if:
a. Policies and procedures are NOT PERTAINING to an assertion.
b. Policies and procedures are NOT EFFECTIVE.
c. Obtaining enough or proper evidence is NOT EFFICIENT in relation to audit of the financial statements.

OVERALL RESPONSES TO ADDRESS RISKS

o Emphasize to the audit team the NEED TO MAINTAIN PROFESSIONAL SKEPTICISM in gathering and evaluating audit
evidence
o ASSIGN MORE EXPERIENCED STAFF
or those with special skills or using experts
o Provide MORE SUPERVISION
o Incorporate additional ELEMENTS OF UNPREDICTABILITY in the selection of further audit procedures to be
performed TESTS OF CONTROLS

When the auditor’s assessment of risks of material misstatement at the assertion level includes an EXPECTATION THAT
CONTROLS ARE OPERATING EFFECTIVELY (I.E., LESS THAN HIGH), the auditor should perform tests of controls to
obtain sufficient appropriate audit evidence that the controls were operating effectively at relevant times during the period
under audit.

NATURE OF TESTS OF CONTROL

1. Inquiry of client personnel
2. Observation
3. Inspection (examination of documents) Re-performance (or “recalculation”)

SUBSTANTIVE TEST PROCEDURE

Irrespective of the assessed risk of material misstatement, the auditor should design and perform substantive procedures for
each material class of transactions, account balances, and disclosures

The higher the assessment of control risk, the more audit evidence the auditor should obtain from performance of
substantive procedures
COMMUNICATION OF WEAKNESSES

The auditor should make management aware, as soon as practicable and at an appropriate level of responsibility, of
material weaknesses in the design or operation of the internal control system, which have come to the auditor’s attention.

Such communication should be done in written form through a Management Letter.