CHAPTER THREE

AUDITING PLANNING
THE AUDIT PROCESS AND THE NATURE OF AUDIT PLANNING

Auditors perform series of activities in auditing financial statements and making a conclusion
about their fairness. These activities are classified in to four phases. Each subsequent phase
builds on the previous phases. Each phase in the audit process needs to be planned carefully so
that audit can be conducted efficiently and effectively. It is also the requirement of Generally
Accepted Auditing Standards that the auditors should make adequate planning and supervision
(the first standard of field work) for the engagement.

3.1. THE AUDIT PROCESS

The audit process involves a series of activities leading to the expression of opinion on the
fairness of the financial statements and the issue of audit report. These activities may be
classified in to four phases. These are:
1) Plan and design an audit approach.
2) Perform tests of controls (TOC) and substantive tests of transactions (STOT)
3) Perform analytical procedures and tests of details of balances
4) Complete the audit and issue the audit report
The Nature of Audit planning
The first generally accepted auditing standard of field work requires the auditor to plan the audit
work adequately and supervisor the work of assistants. There are four main reasons why the
auditor should properly plan engagements to:
a) Enable the auditor to obtain sufficient appropriate evidence for the circumstances.
b) Help keep audit costs reasonable.
c) Avoid misunderstandings with the client.
d) Maintain good relationship with the client.
Parts of Audit Planning
Audit planning includes the following eight interrelated parts:
 Accept client and perform initial planning
 Understand the client’s business and industry
 Assess client business risk
 Perform preliminary analytical procedures
 Set materiality and assess acceptable audit risk and inherent risk
 Understand internal controls and assess control risk
 Gather information to assess fraud risks
 Develop overall audit plan and audit program

1
 3.2. INITIAL AUDIT PLANNING AND UNDERSTANDING THE CLIENT’S BUSINESS AND
INDUSTRY

A thorough understanding of the client’s business and industry and knowledge about the
company’s operations are essential for the auditor to conduct an adequate audit. The second
standard of field work states: The auditor must obtain a sufficient understanding of the entity and
its environment, including its internal control, to assess the risk of material misstatement of the
financial statements whether due to error or fraud, and to design the nature, timing, and extent of
further audit procedures.
3.2.1. Initial Audit Planning
Initial audit planning involves four things, all of which should be done early in the audit:
1. Client Acceptance and continuance. The auditor decides whether to accept a new client
or continue serving an existing one. This determination is typically made by an
experienced auditor who is in a position to make important decisions.
2. Identify client’s reasons for audit. The auditor identifies why the client wants or needs
an audit. This information is likely to affect the remaining parts of the planning process.
3. Obtaining an understanding with the client. To avoid misunderstandings, the auditor
obtains an understanding with the client about the terms of the engagement.
4. Develop Overall audit strategy. The auditor develops an overall strategy for the audit,
including engagement staffing and any required audit specialists.
3.2.2. Obtain an understanding with the Client
Auditing standards require that auditors document their understanding with the client in an
engagement letter, including the engagement’s objectives, the responsibilities of the auditor and
management, the engagement’s limitations, agreement to provide other services (e.g. tax
returns), any restrictions to be imposed on the auditor’s work, deadlines for completing the audit,
assistance to be provided by the client’s personnel in obtaining records and documents, schedules
to be prepared for the auditor, and an agreement on fees. The engagement letter also serves the
purpose of informing the client that the auditor cannot guarantee that all acts of fraud will be
discovered.
Engagement letter information is important in planning the audit principally because it affects
the timing of the tests and the total amount of time the audit and other services will take. For
example, if the deadline for submitting the audit report is soon after the balance sheet date, a
significant portion of the audit must be done before the end of the year. Please the sample
engagement letter in
the box below:

Sample Engagement Letter

Meti and Dharra, ACCAs

2 Road
Addis Ababa, Bole
October 20, 2012
Mr. Lemmesa Waktola, President
MD Textile Co.
The financial statements are the responsibility of the company’s management. Management is also
responsible for (1) establishing and maintaining effective internal control over financial reports, (2)
identifying and ensuring the company complies with the laws and regulations applicable to its
activities, (3) making all financial records and related information available to us, and (4) providing to
us at the conclusion of the engagement a representation letter that, among other things, will confirm
management’s responsibility for the preparation of the financial statements in conformity with
3
International Financial Reporting Standards, the availability of financial records and related data, the
completeness and availability of all minutes of the board and committee meetings, and to the best of its
knowledge and belief, the absence of fraud involving management or those employees who have a
significant role in the entity’s internal control. The timing of our audit and the assistance to be supplied
An engagement letter is a formal agreement (contract) between the client and the auditor for the
engagement.

3.3. UNDERSTANDING THE CLIENT’S BUSINESS AND INDUSTRY, AND ASSESSING BUSINESS
RISK

3.3.1. Importance of Understanding the Client’s Business and Industry

The business and industry in which the client is operating has significant bearing on its business
risk and the risk of material misstatements in the financial statements. Client business risk is the
risk that the client will fail to meet its objectives. The auditor should understand the client’s
business and industry for the following reasons:
 Significant declines in economic conditions around the world are likely to significantly
increase a client’s business risks.
 Information technology connects client companies with major customers and suppliers.
As a result, auditors need greater knowledge about major customers and suppliers and
related risks.
4
  Clients may have expanded operations globally, often through joint ventures or strategic
alliances.
 Information technology affects internal client processes, improving the quality and
timeliness of accounting information.
 The increased importance of human capital and other intangible assets has increased
accounting complexity and the importance of management judgments and estimates.
 Many clients may have invested in complex financial instruments, such as collateralized
debt obligations or unusual mortgage backed securities, which may have declined in
value, require complex accounting treatments, and often involve unknown counterparties
who may create unexpected financial risks for the client.

3.3.2. Understanding Industry and External Environment

The three primary reasons for obtaining a good understanding of the client’s industry and
external environment are:
1. Effect of industry risk on client. Risks associated with specific industries may affect the
auditor’s assessment of client business risk and acceptable audit risk—and may even
influence auditors against accepting engagements in riskier industries, such as the
financial services
2. Commonality of inherent risk to the industry. Many inherent risks are common to all
clients in certain industries. Familiarity with those risks aids the auditor in assessing their
relevance to the client. Examples include potential inventory obsolescence in the fashion
clothing industry, accounts receivable collection inherent risk in the consumer loan
industry, and reserve for loss inherent risk in the casualty insurance industry.
3. Uniqueness of Industry accounting requirements. Many industries have unique accounting
requirements that the auditor must understand to evaluate whether the client’s financial
statements are in accordance with accounting standards. For example, if the auditor is
doing an audit of a city government, the auditor must understand governmental
accounting and auditing requirements. Unique accounting requirements exist for
construction companies, railroads, not-for-profit organizations, financial institutions (e.g.
banks), and many other organizations.
The auditor must also understand the client’s external environment, including such things as
wide volatility in economic conditions, extent of competition, and regulatory requirements. For
example, auditors of financial companies (e.g. banks) need more than an understanding of the
industry’s unique regulatory accounting requirements. They must also know how the regulations
of the central banks (i.e. National Bank in case of Ethiopia).

3.3.3. Understanding Business Operations and Processes

The auditor should understand factors such as major sources of revenue, key customers and
suppliers, sources of financing, and information about related parties that may indicate areas of

5
increased client business risk. For example, many technology firms are dependent on one or a
few products that may become obsolete due to new technologies or stronger competitors.
Dependence on a few major customers may result in material losses from bad debts or obsolete
inventory.
3.3.4. Understanding Management and Governance
Management establishes a company’s strategies and business processes. The auditor should
assess management’s philosophy and operating style and its ability to identify and respond to
risk. This is the case because they significantly influence the risk of material misstatements in the
financial statements. In most cases, the chief executive officer (CEO) or chief financial officer
(CFO) are named as being involved in committing the fraud
To gain an understanding the client’s governance system, the auditor should understand how the
board and audit committee exercise oversight. More specifically,
a) Code of Ethics
b) Minutes of the Meetings
3.3.5. Understanding Client Objectives and Strategies
Strategies are approaches followed by the entity to achieve organizational objectives. Auditors
should understand client objectives related to:
 Reliability of financial reporting
 Effectiveness and efficiency of operations
 Compliance with laws and regulations
3.3.6. Understanding Measurement and Performance
A client’s performance measurement system includes key performance indicators that
management uses to measure progress toward its objectives. These indicators go beyond
financial statement figures, such as sales and net income, to include measures tailored to the
client and its objectives. Such key performance indicators may include market share, sales per
employee, unit sales growth, same-store sales, sales by country, sales per square foot for a
retailer, and so on.
Inherent risk of financial statement misstatements may be increased if the client has set
unreasonable objectives or if the performance measurement system encourages aggressive
accounting. For example, a company’s objective may be to obtain the leading market share of
industry sales. If management and salespeople are compensated based on achieving this goal,
there is increased incentive to record sales before they have been earned or record sales for
nonexistent transactions. In such a situation, the auditor is likely to increase assessed inherent
risk and the extent of testing for the occurrence transaction-related audit objective for sales.
Performance measurement includes ratio analysis and benchmarking against key competitors. As
part of understanding the client’s business, the auditor should perform ratio analysis or review
the client’s calculations of key performance ratios.
3.3.7. Assessing the Client Business Risk

6
Business risk refers to the risk that the client will fail to achieve its objectives. Client business
risk can arise from any of the factors affecting the client and its environment, such as significant
declines in the economy that threaten the client’s cash flows, new technology eroding a client’s
competitive advantage, or a client failing to execute its strategies as well as its competitors. The
auditor’s primary concern is the risk of material misstatements in the financial statements due to
client business risk.
The auditor’s assessment of client business risk considers the client’s industry and other external
factors, as well as the client’s business strategies, processes, effective risk assessment practices
and corporate governance, and other internal factors. Remaining risk after considering the
effectiveness of top management controls is sometimes called residual risk. After evaluating
client business risk, the auditor can then assess the risk of material misstatement in the financial
statements, and then apply the audit risk model to determine the appropriate extent of audit
evidence.
3.3.8. Performing Preliminary Analytical Procedures
Analytical procedures are defined by auditing standards as evaluations of financial information
made by a study of plausible relationships among financial and nonfinancial data involving
comparisons of recorded amounts to expectations developed by the auditor. Analytical
procedures may be performed at any of three times during an engagement: during planning
phase, during testing (field work) phase, and during the completion phase. This part is concerned
with analytical procedures used during the planning phase also referred to as preliminary
(planning) analytical procedures.
Planning analytical procedures may include comparing client ratios to industry or competitor
benchmarks to provide an indication of the company’s performance. Client ratios may also be
compared with its own projected or historical ratios. Relevant ratios include short-term liquidity
ratios (e.g. current ratio, quick ratio), activity ratios (e.g. inventory turnover, average collection
period, asset turnover), leverage ratios (debt to equity, times interest earned ratio), and
profitability ratios (net profit margin, RoE, RoA). Such preliminary tests can reveal unusual
changes in ratios compared to prior years, or to industry averages, and help the auditor identify
areas with increased risk of misstatements that require further attention during the audit.
Thus, analytical procedures are required in the planning phase to assist in determining the nature,
extent, and timing of audit procedures. This helps the auditor identify significant matters
requiring special consideration later in the engagement.

The overall purpose of analytical procedures is to test the reasonableness of information. We

can use them during audit planning, testing, and/or final review phase of the audit.

3.4. MATERIALITY AND AUDIT RISK

The phrase obtain reasonable assurance is intended to inform users that auditors do not
guarantee or ensure the fair presentation of the financial statements. Some risk that the financial

7
statements are not fairly stated exists, even when the opinion is unqualified. The phrase free of
material misstatement is intended to inform users that the auditor’s responsibility is limited to
material financial information. Materiality is important because it is impractical for auditors to
provide assurances on immaterial amounts. Materiality and risk are fundamental to planning the
audit and designing an audit approach.
3.4.1. Materiality

Meaning and Nature of Materiality

Materiality is a major consideration in determining the appropriate audit report to issue.

Materiality may be defined as the magnitude of an omission or misstatement of accounting
information that, in the light of surrounding circumstances, makes it probable that the judgment
of a reasonable person relying on the information would have been changed or influenced by the
omission or misstatement. Materiality is an account or fact that would affect decisions made by
users relying on the financial statements.
Because auditors are responsible for determining whether financial statements are materially
misstated, they must, upon discovering a material misstatement, bring it to the client’s attention
so that a correction can be made. If the client refuses to correct the statements, the auditor must
issue a qualified or an adverse opinion, depending on the materiality of the misstatement. To
make such determinations, auditors depend on a thorough knowledge of the application of
materiality.
3.4.2. Steps in Applying Materiality
Auditors follow five closely related steps in applying materiality as listed below:
a) Establish a preliminary judgment about materiality
b) Allocate the preliminary judgment about materiality to account balances or classes of
transactions
c) Estimate total misstatement in segment
d) Estimate the combined misstatement
e) Compare combined estimate with preliminary or revised judgment about materiality
The first two steps are used to plan the extent of tests whereas the later two steps are concerned
with evaluating the results of the audit tests.
Several factors affect the auditor’s preliminary judgment about materiality for a given set of
financial statements. The most important of these are:
a. Materiality is a Relative rather than an Absolute Concept
A misstatement of a given magnitude might be material for a small company, whereas the same
Birr misstatement could be immaterial for a large one. This makes it impossible to establish Birr-
value guidelines for a preliminary judgment about materiality that are applicable to all audit
clients. For example, a total misstatement of Birr1million would be extremely material for a

8
large company. A misstatement of the same amount is almost certainly immaterial for a multi-
billion company, which has total assets and net income of several billion Birr.
b. Bases are needed for evaluating materiality
Because materiality is relative, it is necessary to have bases for establishing whether
misstatements are material. The common bases include net income before taxes, net sales, gross
profit, and total or net assets. After establishing a primary base, auditors should also decide
whether the misstatements could materially affect the reasonableness of other bases such as
current assets, total assets, current liabilities, and owners’ equity. Auditing standards require the
auditor to document in the audit files the basis used to determine the preliminary judgment about
materiality.
c. Qualitative Factors also affect materiality
Certain types of misstatements are likely to be more important to users than others, even if the
Birr amounts are the same. Misstatements are more important if they arise from fraud, violation
of contractual obligations, and affect a trend in earnings. For example, if reported income has
increased 3 percent annually for the past 5 years but income for the current year has declined
1percent, that change may be material. Similarly, a misstatement that would cause a loss to be
reported as a profit may be of concern.
Auditors face three major difficulties in allocating materiality to balance sheet accounts:
a. Auditors expect certain accounts to have more misstatements than others.
b. Both overstatements and understatements must be considered.
c. Relative audit costs affect the allocation.
3.5. AUDIT RISK
Audit risk refers to the risk that the auditor fails to express appropriate opinion on the true
and fair view of the client’s financial statements. In this section, we will see the
components of audit risk model and how audit risk affects audit evidence determination.

3.5.1. Audit Risk Model and its components

Auditors consider risk in planning procedures to obtain audit evidence primarily by applying the
audit risk model. The audit risk model helps auditors decide how much and what types of
evidence to accumulate in each cycle. The model is usually stated as follows:

AAR
PDR =
IR x CR

Where,
PDR = Planned detection risk IR = Inherent risk
AAR = Acceptable audit risk CR = Control risk
To support the model with numerical example, assume that acceptable audit risk, inherent risk,
and control risk are 6%, 90%, and 50% respectively. Planned detection risk would be:

9
 0.06
PDR = = 13%
0.90 x 0.50

Auditors use the audit risk model to further identify the potential for misstatements in the overall
financial statements and specific account balances, classes of transactions, and disclosures where
misstatements are most likely to occur. Each of the audit risk model is discussed below:
a. Planned Detection Risk (PDR)
Planned detection risk is the risk that audit evidence for a segment will fail to detect
misstatements exceeding tolerable misstatement. There are two key points to know about
planned detection risk. Planned detection risk is dependent on the other three factors in the
model. It will change only if the auditor changes one of the other risk model factors. Planned
detection risk determines the amount of substantive evidence that the auditor plans to
accumulate. If planned detection risk is reduced, the auditor needs to accumulate more evidence
to achieve the reduced planned risk.
In the preceding numerical example, the planned detection risk (PDR) of 13% means the auditor
plans to accumulate evidence until the risk of misstatements exceeding tolerable misstatement is
reduced to 13%.
b. Inherent Risk
Inherent risk measures the auditor’s assessment of the likelihood that there are material
misstatements due to error or fraud before considering the effectiveness of internal control. If the
auditor concludes that a high likelihood of misstatement exists, the auditor will conclude that
inherent risk is high. Internal controls are ignored in setting inherent risk because they are
considered separately in the audit risk model as control risk. Items in the financial statements
involve different levels of inherent risk. For example, inherent risk is high for acquisitions and
payments and inventory and warehousing and lower for payroll and personnel and capital
acquisition and repayment. Inherent risk is assessed based on discussions with management,
knowledge of the company, and results in audits of previous years.
c. Control Risk
Control risk measures the auditor’s assessment of whether misstatements exceeding a tolerable
amount in a segment will be prevented or detected on a timely basis by the client’s internal
controls. Assume that the auditor concludes that internal controls are completely ineffective to
prevent or detect misstatements. The auditor will therefore assign a high, perhaps 100 percent,
risk factor to control risk. The more effective the internal controls, the lower the risk factor that
can be assigned to control risk.
d. Acceptable audit risk
Acceptable audit risk is a measure of how willing the auditor is to accept that the financial
statements may be materially misstated after the audit is completed and an unqualified opinion
has been issued. When auditors decide on a lower acceptable audit risk, they want to be more
certain that the financial statements are not materially misstated. Zero risk is certainty, and a 100
percent risk is complete uncertainty. Complete assurance (zero risk) of the accuracy of the

10
financial statements is not economically practical. Moreover, the auditor cannot guarantee the
complete absence of material misstatements.
The following table shows the relationship among the four elements in the audit risk model and
in turn to audit evidence:
Acceptable audit Inherent risk Control risk Detection
risk risk
Acceptable audit risk Perfect Inverse Inverse Direct
Inherent risk Inverse Perfect Direct Inverse
Control risk Inverse Direct Perfect Inverse
Detection risk Direct Inverse Inverse Perfect
Audit evidence Inverse Inverse Direct Inverse
3.6. DEVELOPING AN OVERALL AUDIT PLAN AND AUDIT PROGRAM

3.6.1. Audit Tests for Overall Audit Plan

In developing an overall audit plan, auditors use five types of tests to determine whether
financial statements are fairly stated. These are risk assessment procedures, tests of controls,
substantive tests of transactions, tests of details of balance, and analytical procedures. The last
three are considered collectively substantive tests or further audit procedures.
Auditors use risk assessment procedures to assess the risk of material misstatement represented
by the combination of inherent risk and control risk. Collectively, procedures performed to
obtain an understanding of the entity and its environment, including internal controls, represent
the auditor’s risk assessment procedures. A major part of the auditor’s risk assessment
procedures are done to obtain an understanding of internal control. Procedures to obtain an
understanding of internal control focus on both the design and implementation of internal control
and are used to assess control risk for each transaction-related audit objective.
The second audit test (tests of controls) focuses on determining the effectiveness of the client’s
internal control systems. The auditor’s understanding of internal control is used to assess control
risk for each transaction-related audit objective. Examples are assessing the accuracy objective
for sales transactions as low and the occurrence objective as moderate. When control policies
and procedures are believed to be effectively designed, the auditor assesses control risk at a level
that reflects the relative effectiveness of those controls. The result of the tests of controls
determines the extent, nature and timing of additional audit procedures (i.e. substantive tests).
The third type of audit tests (substantive tests) are procedures designed to test for Birr
misstatements (often called monetary misstatements) that directly affect the correctness of
financial statement balances. Auditors rely on three types of substantive tests: substantive tests of
transactions, substantive analytical procedures, and tests of details of balances.
The fourth audit test (tests of details of balances) focuses on the ending general ledger balances
for both balance sheet and income statement accounts. The primary emphasis in most tests of

11
details of balances is on the balance sheet. Examples include confirmation of customer balances
for accounts receivable, physical examination of inventory, and examination of vendors’
statements for accounts payable. Tests of ending balances are essential because the evidence is
usually obtained from a source independent of the client, which is considered highly reliable.

Audit tests are conducted to obtain audit evidences. Auditors conduct five types of audit
tests: risk assessment procedures, tests of controls, substantive tests of transactions,
tests of details of balance, and analytical procedures

3.6.2. Designing an Audit Program

Audit program is a set of policies and procedures that dictate how an audit is to be undertaken.
This generally involves specific instructions as to what, and how much, evidence must be
collected and evaluated, as well as who will collect and analyze the data and when this should be
done. Audit program may also refer to a step by step procedure laid down by the audit firm to be
followed by the accountants in the audit.
The audit program contains the specific audit procedures for each type of audit tests discussed
above. Particularly the audit program for each test should, at least, include audit procedures to be
performed, sample size, items to select, and timing.
 Audit program usually should contain audit procedures to be performed, sample size, items
to select, and timing

3.7. Audit Working Papers

Working papers are records kept by the auditor of the procedures applied, the test performed, the
information obtained, and the pertinent conclusions reached in the audit. For example, when samples
are takes for audit tests, the items drawn must be recorded and computations must be made.

Working papers provide:

1 The principal support for the auditor’s report.

2 A means for coordinating and supervising the audit, and.
3 Evidence that the audit was made in accordance with GAAS.

Working papers normally include the audit plan and programs, documentation of the auditor’s
understanding of the internal control structure, the assessed level of control risk, account analyses
explaining the composition of account balances, reconciliation of related records, letters of confirmation
and representation, recommended journal entries if necessary to correct the accounts, and trial
balances and other schedules that summarize the contents of other working papers.

12