ACCO 30043 Assignment Number 4

Answer the following questions briefly and concisely.

1. What is the general objective of planning for an audit?

 Planning is a vital phase in an audit engagement. Auditing standards
require the auditor to prepare adequate planning for an engagement. PSA
300 further provides that the objective of the auditor is to plan the audit so
that it will be performed in an effective manner. Planning an audit involves
establishing the overall audit strategy for the engagement and developing
an audit plan in order to reduce audit risk to an acceptable low level.

2. Contrast the following terms:

a. Audit strategy
b. Audit plan
c. Audit program

 Audit strategy – sets the scope, timing and direction of the audit, and that
guides the development of the audit plan.

 Audit plan – an audit plan is more detailed than the overall audit strategy
in that it includes the nature, timing and extent of the audit procedures to
be performed by engagement team members.

 Audit program - An audit program is a set of guidelines that the auditor

and his or her team must follow in order to complete the audit correctly.
Following the preparation of an audit plan, the auditor assigns tasks and
creates a program that outlines the processes that the audit team must
take while executing the audit.
3. Enumerate the different planning procedures. Explain each one briefly.

A. Identifying and assessing risk of material misstatements through understanding

the entity and its environment
 Obtain an understanding of the entity and its environment
 The auditor shall ensure that members of the engagement team
obtain the required understanding of the entity’s business and
industry to enable them to carry out the required procedures of the
engagement.
 Consider materiality
 The auditor must make judgements about materiality in determining
the nature, timing and extent of procedures to apply and in
evaluating the results.
 Identify and assess the risks of material misstatements
 Using the understanding of the entity and its environment obtained
by the auditor, the auditor identifies and assess RoMMs to provide
a basis for designing and performing further audit procedures.
 Determine the acceptable level of audit risk.
 The determination of acceptable level of audit risk is a matter of
professional judgment to be made by the auditor.
 Identify detection risk to determine the nature, timing and extent of further
audit procedures.
 The determination of detection risk will be highly dependent on the
acceptable level of audit risk set by the auditor and assessed level
of risk of material misstatement.

B. Establishing the overall audit strategy

 In establishing the overall audit strategy, the auditor aims to create a
strategy or approach that will result to an effective and efficient audit.
C. Developing an Audit Plan
 Once the audit strategy has been established, the auditor is able to start
the development of a more detailed audit plan to address the various
matters identified in audit strategy, taking into account the need to achieve
the audit objectives through the efficient use of auditor’s resources.

D. Direct, supervise and review the performance of the engagement team

 The auditor shall plan the nature, timing and extent of direction and
supervision of the engagement team members and the review of their
work.
E. Other planning considerations
 Determining the need of an auditor’s expert
 If expertise in a field other than accounting or auditing is necessary
to obtain sufficient appropriate audit evidence, the auditor shall
determine whether to use the work of an auditor’s expert.

4. What is the purpose of analytical procedures performed during audit planning?

 Analytical procedures consist of evaluations of financial information made
by a study of plausible relationships among both financial and non-
financial data. This is done to help identify the existence of unusual
transactions or events, and amounts, ratios, and trends that might indicate
matters that have audit implications. It assists in enhancing the
understanding of the business, identifying areas that may represent
specific risks relevant to the audit, and determining the nature, timing, and
extent of audit procedures.

5. What are the contents of the audit plan?

 The audit plan must consist of:
 I. The nature, timing and extent of planned risk assessment procedures,
as determined under PSA 315, “Identifying and Assessing the Risks of
Material Misstatement Through Understanding the Entity and Its
Environment.”
II. The nature, timing and extent of planned further audit procedures at
the assertion level, as determined under PSA 330, “The Auditor’s
Responses to Assessed Risks.”
III. The nature, timing and extent of planned further audit procedures at
the assertion level, as determined under PSA 330, “The Auditor’s
Responses to Assessed Risks.”

6. May an external auditor use the work of internal auditor? Explain.

 Yes, the external auditor may use the work of an internal auditor. The
external auditor may be able to use the work of the internal audit function
in obtaining audit evidence in a constructive and complementary manner
depending on
 The level of competency of the internal audit function,
 Whether the internal audit function's organizational status and
relevant policies and procedures adequately support the objectivity
of the internal auditors, and
 whether the function applies a systematic and disciplined approach,
including quality control.

If the external auditor plans to use the work of the internal audit function,
the external auditor shall discuss the planned use of its work with the
function as a basis for coordinating their respective activities.

7. What are the objectives of a system of internal control?

 Internal control is the process designed, implemented and maintained by
those charged with governance, management and other personnel to
provide reasonable assurance about the achievement of an entity’s
 objectives. The objectives of internal control fall in the following
categories:
a. Financial: Reliability of financial reporting
b.Operational: Effectiveness and efficiency of operations
c. Compliance: Compliance with applicable laws and regulations

8. Enumerate, and explain briefly, the components of an internal control.

 Control environment
 Control environment is the foundation on which an effective system
of internal control is built and operated in an organization. It
pertains to the set of standards, processes, and structures that
provide the basis for carrying out internal control across the
organization.

 Entity’s risk assessment process

 An entity’s risk assessment process is its process for identifying
and responding to business risks and the results thereof.

 Information and communication system

 An information system consists of infrastructure (physical and
hardware components), software, people, procedures and data. On
the other hand, communication provides an understanding of
individual roles and responsibilities pertaining to the internal control
over financial reporting.

 Control Activities
 Control activities are actions (e.g., policies, procedures, and
standards) that help management mitigate risks in order to ensure
the achievement of objectives.

 Monitoring of Controls
  Monitoring is the process of assessing the quality of internal control
performance over time. It involves assessing the design and
operations of controls on a timely basis.

9. Why is it necessary to monitor controls?

 Internal controls are monitored to verify that they continue to function
properly. Organizations benefit from well-designed and performed
monitoring because they are more likely to identify and address internal
control problems on a timely basis. Internal control flaws can be
recognized and conveyed to individuals responsible for corrective action,
as well as management and the board of directors, in a timely manner.

10. What are the inherent limitations of internal controls?

 The effectiveness of internal control system has inherent limitations which
consist of the following:
a. Management override of internal control
 To perpetrate a fraud, management may override an internal
control over financial reporting. Some of the techniques of
the management to override financial reports are making
adjusting entries during the financial reporting closing
process, reclassifying items, and overvaluation of some
accounts.
b. Personnel Errors or Mistakes
 Breakdowns of internal control may occur because of human
failures such as simple errors or mistakes (e.g.,
carelessness, not completely understanding the instructions,
etc.).
c. Collusion
  Individuals completing only their allocated occupations or the
performance of one person being checked by another is how
segregation of duties works. Collusion can be used to get
around these safeguards.

11. Enumerate, in chronological order, the steps followed in the study and evaluation
of internal controls. Explain each step briefly.
I. Obtain an understanding of internal control relevant to the audit
a. Evaluating the design of control and assess whether it is capable of
effectively preventing, or detecting and correcting, material
misstatements.
b. Determine whether controls have been implemented
II. Assess the preliminary level of control risk
a. Identify relevant controls that will be relied upon
b. Perform test of control
c. Conclude on the achieved level of control risk
III. Obtain evidential matter to support the assessed level of control risk
IV. Evaluate the results of evidential matter
a. Document the assessed level of risk
V. Determine the necessary level of detection risk

12. What is a transaction walkthrough? What are the different ways by which an
understanding of controls is documented?
 A walk-through test is a process used to assess the reliability of an entity's
accounting system during an audit. A walk-through test follows a
transaction from its inception to its final disposal via the accounting
system. The test can reveal system deficiencies and material weaknesses
that would need to be rectified by the organization as soon as possible.
 On the other hand, the different ways to document the understanding of
control is through:
a. Internal Questionnaires – provide a systematic means for the
auditor to investigate areas such as internal control structure.
b. Narrative Description – describes the flow of transaction cycles,
identifying the employees performing various tasks, documents
prepared, records maintained and the division of duties.
c. Flowcharts – a diagram, or a symbolic representation of an entity’s
internal control system or a series of procedures shown in
sequence.

13. When is the control risk assessment High? Less than high? How does a high
control risk assessment affect the planned audit approach?
 When there is a high chance that material misstatements exist in the
financial statements as a result of insufficient internal controls that cannot
be relied on to meet all or some audit objectives, the control risk
assessment is high. This indicates that the audit team did not believe the
internal controls were developed and operated properly, so they will not
depend on them. As a result, the audit team would have to reduce the risk
of detection and conduct more substantive testing processes (which costs
more time and money).
On the other hand, when the control risk assessment is less than high the
entity has adequate internal controls to prevent and detect instances of
fraud and error in the financial statements. This indicates that the audit
team believes the internal controls are well-designed and functioning and
that they will rely on them. As a result, the audit team's detection risk
would rise, and substantive testing processes would be reduced (which
saves time and money).

14. What is the relationship of a less than high control risk assessment to the nature,
extent, and timing of substantive tests? May substantive tests be eliminated?
  The relationship of the control risk assessment to the nature, extent, and
timing of substantive tests is direct, meaning, the higher the control risk
assessment, the greater the level of detailed testing is required and vice
versa. Therefore, the lower the assessed level of risk, the less evidence
from substantive tests the auditor requires.
On the other hand, regardless of the audit approach selected, the auditor
should design and perform substantive procedures for all relevant
assertions related to each material class of transactions, account balance,
and disclosure. Since internal controls just reduce but do not eliminate the
risk of material misstatements, it is not a good thing to completely
eliminate substantive procedures.

15. How are audit matters related to internal control communicated to management
and to those charged with governance?
 The auditor may identify deficiencies in internal control not only during the
risk assessment process but also at any other stage of the audit. If there is
a deficiency in internal control, the auditor determines, based on the audit
work performed, whether, individually or in combination, if it constitutes
significant deficiencies. If the deficiency is significant, the auditor should
communicate in writing the significant deficiencies in internal control
identified during the audit on a timely basis to the management at an
appropriate level of responsibility and those charged with governance.