Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

CHAPTER FOUR

CLIENT ACCEPTANCE AND PLANNING THE AUDIT

LEARNING OBJECTIVES

After studying the material in this unit, you should be able to:

 Identify and explain the procedures to be performed in deciding to accept a new client or
continue an existing client;
 Describe the purpose and content of an engagement letter;
 Explain why adequate audit planning is essential;
 Make client acceptance decisions and initial audit planning;
 Gain an understanding of the client’s business and industry;
 Know how to assess client business risk;
 Perform preliminary analytical procedures;
 Know how the concepts of the previous units such as materiality, audit risk and its
components relate with the planning phase of the audit; and
 Know the process of designing an audit program.

1
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

UNIT ONE

CLIENT ACCEPTANCE PROCEDURES

1. OBTAINING AND ACCEPTING A NEW AUDIT ENGAGEMENT

Audit practices are businesses, and their objective is to make a profit. However, this does not
mean that the practitioner should automatically accept every audit engagement that is offered to
it, in order to maximize profit. Circumstances may arise where it is appropriate to decline the
offer of an audit appointment, for either commercial or ethical reasons. Several commercial and
ethical matters should be considered by an external auditor when considering the acceptance of a
new audit engagement. The Code of Professional Ethics also includes procedures that auditors
must follow to assure that their appointment is valid.

1.1. Accepting an Audit Appointment

Client Acceptance

Before accepting an appointment, the audit firm should:

 Assess whether acceptance would create any threats to compliance with the fundamental
principles and consider the significance of any threat identified. For example, a personal
relationship between a partner at the firm and a senior member of the client’s staff could
create a threat to objectivity. Lack of technical expertise could create a threat to professional
competence and due care.
 Ensure that resources are available to complete the audit assignment; in particular, it must
ensure that there will be sufficient staff (of the right level of expertise) available at the right
time. Again, not to have sufficient resources available would create a threat to professional
competence and due care.
 Take up references on the proposed client company and its directors, if they are not already
known to the auditors. This is usually referred to as client screening.

Where it is not possible to reduce the threats to an acceptable level, a chartered accountant in
practice (the auditor) should decline to enter into the client relationship.

Acceptance decisions should be periodically reviewed for recurring client engagements.

Engagement Acceptance

The auditor should agree to provide only those services that they are competent to perform.
Before accepting a specific client engagement, they should consider whether acceptance would
create any threats to compliance with the fundamental principles. For example, a self-interest
threat to professional competence and due care is created if the engagement team does not
possess, or cannot acquire, the competencies necessary to properly carry out the engagement.

2
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

The auditor should evaluate the significance of identified threats and, if they are other than
clearly insignificant, safeguards should be applied as necessary to eliminate them or reduce them
to an acceptable level.

Where it is not possible to reduce the threats to an acceptable level the auditor should decline the
engagement.

Safeguards may include:

 Acquiring an appropriate understanding of the nature of the client’s business, the

complexity of its operations, the specific requirements of the engagement and the
purpose, nature and scope of the work to be performed.
 Acquiring knowledge of relevant industries or subject matters.
 Possessing or obtaining experience with relevant regulatory or reporting requirements.
 Assigning sufficient staff with the necessary competencies.
 Using experts where necessary.
 Agreeing on a realistic time frame for the performance of the engagement.
 Complying with quality control policies and procedures designed to provide reasonable
assurance that specific engagements are accepted only when they can be performed
competently.

When the auditor intends to rely on the advice or work of an expert, they should evaluate
whether such reliance is warranted. They should consider factors such as reputation, expertise,
resources available and applicable professional and ethical standards. Such information may be
gained from prior association with the expert or from consulting others.

1.2. Procedures After Accepting an Appointment

After accepting the appointment as auditor, the audit firm should take the following measures:

 It should ensure that the current auditor (if any) has resigned from the audit in a proper
manner, or has been removed from office in accordance with any appropriate local
legislation.
 It should ensure that its appointment is valid in law and is properly documented.
 It should prepare and submit an engagement letter to the board of the new client (see
below).

1.3. Communication Between Predecessor and Successor Auditors

The firm should communicate with the current auditors (if there are any) to establish if there are
any matters that it should be aware of when deciding whether or not to accept the appointment.
Although this is partly a matter of courtesy between professionals, this will involve discussion of
the appointment, the client and the audit work. Such discussion will allow the firm to decide if
the client is someone for whom it would wish to act.

3
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

The following points should be noted in connection with communicating with the current
auditors:

 Client permission is required for any such communication. If the client refuses to give its
permission, the appointment as auditor should not be accepted.
 If the client does not give the current auditor permission to reply to any relevant
questions, the appointment as auditor should not be accepted.
 If the current auditor does not provide any information relevant to the appointment, the
new auditor should accept or reject the engagement based on other available knowledge.
 If the current auditor does provide such information, the new auditor should assess all the
available information and take a decision about whether or not to accept the audit work.

Note that even where the current auditor provides information that is judged to be relevant to the
acceptance of the engagement, the proposed new auditor may still accept the assignment.
However, he should exercise appropriate professional and commercial judgement in doing so.

2. AGREEING THE TERMS OF AUDIT ENGAGEMENTS (ISA 210)

The objective of the auditor, per ISA 210 Agreeing the terms of audit engagements, is to accept
or continue an audit engagement only when the basis upon which it is to be performed has been
agreed.

This is done by:

 establishing whether the preconditions for an audit are present; and

 confirming that there is a common understanding between the auditor and management

2.1. Preconditions

To establish if the preconditions for an audit are present, ISA 210 requires the auditor to:

 establish if the financial reporting framework to be used in the preparation of the

financial statements is acceptable, for example IFRS or IPSAS; and
 obtain the agreement of management that it acknowledges and understands its
responsibility (the ‘premise’):
 for the preparation of the financial statements;
 for internal controls to ensure that the financial statements are not materially
misstated; and
 to provide the auditor with all relevant and requested information and unrestricted
access to all personnel.

Response if preconditions are not present

If the preconditions for an audit are not present, the auditor shall discuss the matter with
management. The auditor should explain what the preconditions are and that they are required in

4
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

order to comply with ISA 210 Agreeing the terms of audit engagements. The auditor should also
explain that one of the purposes of the preconditions, and agreeing the terms of the audit
engagement in general, is to avoid misunderstanding about the respective responsibilities of
management and the auditor.

Unless required by law or regulation to do so, the auditor shall not accept the proposed audit
engagement where:

 a limitation on scope is imposed by management such that the auditor would be unable to
express an opinion on the financial statements, or
 the financial reporting framework to be used in the preparation of the financial statements
is unacceptable, or
 management do not agree to the above responsibilities (the ‘premise’) stated in the
preconditions.

The only exception allowed by ISA 210 for accepting or continuing the engagement to the above
is when law or regulation requires the auditor to do so.

2.2. Engagement Letters

Having accepted an appointment as auditor of a client company, the audit firm should submit an
engagement letter to the board of directors of the client company. The engagement letter can be
seen as the basis for the contract between the company and the auditor.

The content of the engagement letter

The engagement letter should include details of the following:

 The objective and scope of the audit.
 The responsibilities of the auditor.
 The responsibilities of management.
 Identification of the underlying financial reporting framework.
 Reference to the expected form and content of any reports to be issued.

In addition to the above, the auditor may feel that it is appropriate to include additional points in
the engagement letter, such as:

 more details on the scope of the audit, such as reference to applicable legislation,
regulations, ISAs, and ethical pronouncements;
 the fact that because of the inherent limitations of an audit, and the inherent limitations of
internal control, there is an unavoidable risk that some material misstatements may not be
detected even though the audit was properly planned and performed in accordance with
ISAs;
 arrangements regarding the planning and performance of the audit, including the
composition of the audit team;
 the expectation that management will provide written representations;
 the basis on which fees are computed and any billing arrangements;

5
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

 a request for management to acknowledge receipt of the engagement letter and to agree to
its terms;
 arrangements concerning the involvement of other auditors, experts or internal auditors
(or other staff of the entity); and
 any restriction of the auditor’s liability when such possibility exists.

Recurring audits (Existing Clients)

Many audit firms evaluate existing clients annually to determine whether there are reasons for
not continuing to do the audit.

The engagement letter issued on the initial appointment as auditors may state that its provisions
will apply to all future annual audits, until it is revised. However, ISA 210 requires the auditor,
for recurring audits, to assess whether:

 circumstances mean that the terms of engagement need to be revised

 management need to be reminded of the existing terms of the engagement.

The ISA suggests that the following factors may indicate that the above is appropriate:

 Any indication that the entity misunderstands the objective and scope of the audit.
 Any revised or special terms of the audit engagement.
 A recent change of senior management.
 A significant change in ownership.
 A significant change in nature or size of the entity’s business.
 A change in legal or regulatory requirements.
 A change in the financial reporting framework adopted in the preparation of the financial
statements.
 A change in other reporting requirements.

Acceptance of a change in the terms of engagement

The entity might, in certain circumstances, ask the auditor to change the terms of the audit
engagement. This might result from a genuine change in circumstances or from a
misunderstanding as to the nature of an audit as originally requested.

However, it could result from a situation where the auditor is unable to obtain sufficient
appropriate audit evidence regarding a material item. The entity might then ask for the audit
engagement to be changed to a review engagement to avoid a qualified opinion or a disclaimer of
opinion.

ISA 210 requires the auditor to consider the justification for the request and whether it is
“reasonable”.

 If the auditor considers that it is a reasonable request then revised terms should be agreed
and recorded.

6
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

 If the auditor is unable to agree to a change of terms he should withdraw from the
engagement and consider whether there is any obligation to report the circumstances to
those charged with governance, owners or regulators.
UNIT TWO

AUDIT PLANNING AND RISK ASSESSMENT

PLANNING AN AUDIT

Audit Planning is one of the basic audit standards to be followed in the conduct of an audit.
International Standards on Auditing (ISA) 300, “Planning an Audit of Financial
Statements,” states, the objective of the auditor is to plan the audit so that it will be performed
in an effective manner… The auditor shall establish an overall audit strategy that sets the
scope, timing and direction of the audit, and that guides the development of the audit plan”

The objective of the auditor, per ISA 300 Planning an audit of financial statements is to plan the
audit work so that the audit will be performed in an effective manner.

Preparing an audit plan is the first stage in the conduct of an audit engagement.

The plan sets out answers to three main questions (the ‘3Ws’):

 Who will perform the audit work? (Staffing)

 When will the work be done? (Timing)
 What work is to be done? (The scope of the audit)

Professional Skepticism

It is a requirement of ISA 200 that, when planning and performing an audit, the auditor should
adopt an attitude of professional skepticism. Professional skepticism is defined by ISA 200 as:

“An attitude that includes a questioning mind, being alert to conditions which may
indicate possible misstatement due to error or fraud, and a critical assessment of audit
evidence”.

This does not mean that the auditors should disbelieve everything they are told, but they should
view what they are told with a skeptical attitude, and consider whether it appears reasonable and
whether it conflicts with any other evidence. In other words, they must not simply believe
everything management tells them.

The Need for Adequate Audit Planning

There are three reasons why proper planning of an engagement is crucial:

 to obtain sufficient competent evidence,
 to keep audit costs reasonable, and
 to avoid misunderstandings with the client.

7
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

Ultimately, planning the audit pays off in minimizing legal entanglements and maintaining good
relations with your customer--the client.
Audit planning consists of Seven Steps:

Major Steps in Audit Planning

1. Accept Client and Perform Initial Audit Planning

2. Understand the Entity and Its Environment

3. Assess Client and Business Risk

4. Perform Preliminary Analytical Procedures

5. Set Materiality and Assess Acceptable Audit Risk and Inherent Risk

6. Understand Internal Control and Assess Control Risk

7. Develop Overall Audit Plan and Audit Program

The auditor must consider two types of risk: Acceptable Audit Risk and Inherent Risk.
Acceptable Audit Risk measures how willing the auditor is to accept that the financial statements
may be materially misstated at completion of the audit. Inherent Risk measures the likelihood of
a material misstatement before considering the effectiveness of internal control. These two
measures of risk are important in determining the quantity of evidence that must be accumulated.
The higher the risk, the more evidence it is necessary to acquire.

1. MAKE CLIENT ACCEPTANCE DECISIONS AND PERFORM INITIAL AUDIT

PLANNING

This first step can be broken down in to four tasks:

Client Acceptance and Continuance: Not every client is acceptable. The auditor must consider
the client's integrity, as well as the industry in which the client operates. In short, the audit risk
must be measured against the auditor's threshold. The audit firm should conduct an investigation
of a company to assess its desirability as a client. If the would-be client has been audited
previously by another audit firm, that firm must be contacted, with the client's permission. The
auditor may even go further in the investigation by contacting other entities that have had
dealings with the client, in order to further assess the client's situation.

For a continuing client, the auditor must reflect upon previous relations with the client, evidence
of the client's integrity, whether the audit fees have been paid (which could introduce an

8
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

independence violation if the fees are one year or more in arrears), and the industry in which the
client operates.

Identify the Client's Reasons for an Audit: Two factors will affect audit risk--the likely
statement users and their intended use of the statements. If the statements are to be used widely,
the auditor will need to collect more information in the audit.

Obtain an Understanding with the Client: The auditor must document the understanding of
the engagement by submitting an engagement letter to the client. The engagement letter will
carefully specify what work the auditor will perform (audit, compilation, review, tax return
preparation) and should indicate that there is no guarantee of fraud discovery.

Select Staff for the Engagement: The staffing of the audit must meet the audit standard relating
to adequate technical training and proficiency. Additional specialists should also be considered,
if appropriate. Auditing standards sets requirements for selecting and reviewing the work of
specialists. Also, continuity of personnel from year to year may help to improve efficiency of the
audit.

2. UNDERSTAND THE ENTITY AND ITS ENVIRONMENT

In the client acceptance phase, the auditors review material that is readily available about the
entity and the entity’s environment (annual reports, public news, and public information
databases). However, in the planning phase the auditor’s understanding of the entity and its
environment should grow significantly. As ISA 315 points out, this understanding is an essential
aspect of carrying out an ISA audit. It establishes a frame of reference within which the auditor
plans the audit and exercises professional judgment about assessing risks of material
misstatement of the financial statements and responding to those risks.

An auditor must have a thorough knowledge of the client's business and industry. This need has
been accentuated by the prevalence of information processing systems, global operations,
intangible asset complexities, as well as to provide consulting or other services to the client.

Auditors use the strategic systems approach to understand the client's business. This approach
examines a number of dimensions:

1. Industry and the external environment

2. Business operations and processes
3. Management and governance
4. Objectives and strategies
5. Measurements and performance

Industry and the external environment: There are risks associated with certain industries;
there are risks associated to all clients in certain industries. Additionally, there are varying
accounting requirements that the auditor must take into account in assessing whether or not to
serve a particular client. The auditor must also consider the external environment in which a
company operates--the economic situation, regulatory requirements, and other factors.

9
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

Business operations and processes: The auditor must strive to understand how the business
works--how revenue is generated, how the company is financed, who the customers are, etc. A
company tour is a step toward getting some familiarity, particularly if questions can be directed
to some of the employees. Additionally, identifying transactions with related parties is a
necessary step in understanding the business, and may involve examination of stock market
regulators filings, conversations with management, and reading through stockholder lists.

Management and governance: The auditor should become familiar with the company's
organization chart, as well as the corporate charter and bylaws. The stock market regulatory
body requires public companies to establish a code of ethics; assuming such a code exists, it
should be reviewed by the auditor for any changes or waivers taking place. Corporate minutes
taken at board meetings or stockholders' meetings should be reviewed by the auditor, to
determine if actions required of management have been executed.

Client objectives and strategies: Auditors should be aware of client objectives related to
reliability of financial reporting, effectiveness and efficiency of operations, and compliance with
laws and regulations. Various contracts, debts, pension plans, leases, and other legal documents
should be reviewed with the purpose of evaluating the client's legal compliance.

Measurement and performance: The auditor should be knowledgeable regarding the client's
performance measures that management uses to measure progress toward objectives.
Performance measurement includes ratio analysis and benchmarking against key competitors. As
part of understanding the client's business, the auditor should perform ratio analysis or review the
client's calculations of key performance ratios. Performing preliminary analytical procedures is
the fourth step in the planning process and is discussed later in this unit.

In general, the auditor should look for factors that could be significant and to which particular
attention should be given by the audit team.

For example, the auditor may be aware that there is a recession in the industry in which the
client company operates, but that rising commodity prices have forced companies to raise the
prices of their products and so pass on the higher costs to customers. In addition, the auditor may
also be aware that the client company has a poor track record in collecting trade receivables. This
knowledge of the business might make the auditor reach the conclusion that the audit should give
particular attention to the measurement of trade receivables, and the estimates for bad and
doubtful debts.

3. ASSESS CLIENT BUSINESS RISK

The auditor uses knowledge gained from the strategic systems understanding of the client's
business and industry to assess client business risk.

Client business risk is the risk that the client will fail to achieve its objectives. Client business
risk can arise from any of the factors affecting the client and its environment. For example, a
new technology may erode a client's competitive advantage, or the client may fail to execute its
strategies as well as competitors.

10
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

The auditor's primary concern is the risk of material misstatements in the financial statements
due to client business risk.

The client's industry and other external factors and the client's business strategies, processes, and
other internal factors are considered in the auditor's assessment of client business risk. The
auditor also considers management controls that may mitigate business risk, such as effective
risk assessment practices and corporate governance. Client business risk, after considering the
effectiveness of top management controls, is sometimes called residual risk. Client business risk
is then evaluated to assess the risk of material misstatement in the financial statements. The risk
of material misstatements is used to classify risks using the audit risk model to determine the
appropriate extent of audit evidence.

4. PERFORM PRELIMINARY ANALYTICAL PROCEDURES

The fourth step in the audit planning process is to perform preliminary analytical procedures.
This step involves comparison of the client's ratios to industry standard ratios, both to see how
the client compares to its industry, as well as to determine if the client's ratios have changed from
previous years.

Analytical procedures are one of the seven types of evidence discussed in chapter 5. Analytical
procedures are defined as "evaluations of financial information made by a study of plausible
relationships among financial and nonfinancial data...involving comparisons of recorded
amounts to expectations developed by the auditor." In other words, do the ratios and balances
calculated appear to be reasonable?

Analytical procedures are performed at least once in an audit – near the end of the audit. ISA 520
states, “The objectives of the of auditor are ... to design and perform analytical procedures
near the end of the audit that assist the auditor when forming an overall conclusion as to
whether the financial statements are consistent with the auditor’s understanding of the entity.”

In addition, most practicing accountants recommend analytical procedures also are applied
during Phase I (planning) and Phase III (testing and evidence).

Thus, analytical procedures are performed at three stages of the audit: 1) in the planning phase,
2) during the testing phase, and 3) during the completion phase of the audit.

It is vital that the auditor develop an expectation of what the calculations should look like, based
on information from prior periods, industry trends, and other information. The auditor will use
one or more of the following analytical procedures:

1. Compare client with industry data

2. Compare client data with similar prior-period data
3. Compare client data with client-determined expected results
4. Compare client data with auditor-determined expected results
5. Compare client data with expected results, using nonfinancial data

11
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

The auditor ordinarily applies analytical procedures at the planning stage to assist in
understanding the business and in identifying areas of potential risk. Application of analytical
procedures may indicate aspects of the business of which the auditor was unaware. Analytical
procedures in planning the audit use information that is both financial and non-financial (e.g., the
relationship between sales and square footage of selling space or volume of goods sold).

When analytical procedures identify significant fluctuations or relationships that are inconsistent
with other relevant information or that deviate from predicted amounts, the auditor should
increase procedures to obtain adequate explanations and appropriate corroborative evidence.

5. SET MATERIALITY AND ASSESS ACCEPTABLE AUDIT RISK AND INHERENT

RISK

The auditor considers materiality from a reasonable user perspective and follows a five-step
process in applying materiality on an audit. The auditor restricts audit risk at the account balance
level in such a way that, at the end of the engagement, he or she can express an opinion on the
financial statements, taken as a whole, at an acceptable level of audit risk. The audit risk model
serves as a framework for this process. The auditor obtains and supports an understanding of the
entity and its environment. Based on this understanding, the auditor identifies those business
risks that may result in material misstatements. The auditor evaluates the client's response to
those business risks and ensures that those responses have been adequately implemented. Based
on this information, the auditor assesses the level of risk of material misstatement of assertions in
relation to financial statement accounts. The risk of material misstatement is used to determine
the acceptable level of detection risk and to plan the auditing procedures to be performed.

The auditor is required by ISA 315 to identify and assess the risks of material misstatement at
both the financial statement and assertion levels.

The financial statement level refers to risks which are pervasive to the financial statements as a
whole and which potentially affect many assertions (see below).

An example might be if management have a tendency to override internal controls – this would
affect all areas of the accounting systems.

The assertion level refers to specific objectives of the financial statements, for example, that all
liabilities have been recorded and that recorded assets exist.

6. UNDERSTAND INTERNAL CONTROL AND ASSESS CONTROL RISK

ISA 315 requires the auditor to obtain an understanding of internal controls relevant to the audit.
Although most of the entity’s internal controls will relate to financial reporting, not all will be
relevant to the audit.

12
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

If the entity has an internal audit function then auditor shall obtain an understanding of the
nature of the internal audit function’s responsibilities, its organizational status, and the activities
performed, or to be performed.
The auditor should try to reach a judgement about how strong (or weak) the internal controls are,
in order to make a decision about the amount of testing that should be carried out in the audit. He
should consider:

 his previous knowledge of the client company

 any recent changes
 any known problems in the internal controls of the client
 the effect of any new auditing or accounting requirements.

ISA 315 emphasizes that establishing communications with the appropriate individuals within an
entity’s internal audit function early in the engagement, and maintaining such communications
throughout the engagement, can facilitate effective sharing of information. It creates an
environment in which the auditor can be informed of significant matters that may come to the
attention of the internal audit function when such matters may affect the work of the auditor.

Once the auditor obtains an understanding of internal control sufficient for audit planning, a
preliminary assessment of control risk must be made.

Control Risk is the risk that material misstatements will not be prevented or detected by internal
controls. The auditor evaluates the effectiveness of internal control for preventing material
misstatements in the financial statements and prepares a preliminary assessment of control risk.
A preliminary assessment of control risk is necessary for the auditor to plan the nature, timing,
and extent of testing. A primary concern is the extent to which information technology is used in
processing accounting information.

In evaluating the effect of information technology on the client's accounting systems, the auditor
needs information on the following:
 The extent to which information technology is used in each significant accounting system
or business process.
 The complexity of the client's computer operations.
 The organizational structure of the information technology activities.
 The availability of data.
 The need for information technology-assisted techniques to gather data and conduct audit
procedures.

The presence of complex information technology may require the use of an information
technology specialist.

7. DEVELOP OVERALL AUDIT PLAN AND AUDIT PROGRAM

The final step in the planning process is to prepare an audit planning memorandum and an audit
plan. The audit planning memorandum summarizes the overall audit strategy and contains the
decisions regarding the overall scope, emphasis, and conduct of the audit, planned audit

13
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

responses at the overall financial statement level, along with a summarization of significant
matters documented in the audit plan.

According the ISA 300, “Planning an audit involves establishing the overall audit strategy for
the engagement and developing an audit plan. “The audit plan (audit program) sets out the
nature, timing and extent of planned audit procedures required by ISA 315 and ISA 330 to
implement the overall audit strategy into a comprehensive description of the work to be
performed. It serves as a set of instructions to staff involved in the audit and as a means to
control and record the proper execution of the work. The Illustration presented below gives a
detail of a sample audit plan (audit program) for payment.

The audit strategy is normally documented in a written audit plan. The audit plan includes the
details of the planned audit procedures for material classes of transactions, account balances, and
disclosures. It includes risk-assessment procedures. The auditor uses the information obtained
from the risk-assessment procedures to plan further audit procedures. As the auditor performs
audit procedures outlined in the audit plan, the audit plan is updated and changed to reflect the
further audit procedures considered necessary given the circumstances.

The Overall Audit Strategy

As set out above, the overall audit strategy sets the scope, timing and direction of the audit and
guides the development of the more detailed audit plan.

The establishment of the overall audit strategy involves the following:

 Determining the characteristics of the engagement that define its scope such as:

o the financial reporting framework used (for example, international financial

reporting standards)
o any industry specific reporting requirements
o the location of the components of the entity (for example, there might be
overseas branches).

 Ascertaining the reporting objectives of the engagement, such as reporting deadlines

and the nature of communications required.

 Considering important factors which will determine the focus of the audit team’s efforts,
such as:

o materiality thresholds
o high risk areas of the audit
o the audit approach (for example, whether the auditor is planning to rely on the
entity’s internal controls)
o any recent developments in relation to the entity, the industry or financial
reporting requirements.

14
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

The above will then allow the auditor to decide on the nature, extent and timing of resources
needed to perform the engagement. In particular the auditor should consider:

 where experienced members of staff may be needed (for example, on high risk areas)
 the number of staff to be allocated to specific areas (for example, extra staff may be
needed for attendance at the year-end inventory count)
 when the resources are needed (for example, are more staff needed at the final audit than
at the interim audit)
 how such resources are to be managed, directed and supervised (for example, the timing
of team briefing meetings and manager and partner reviews of work performed by other
members of the audit team).

The Audit Plan

Once the overall audit strategy has been established the auditor can develop the more detailed
audit plan.

The audit plan will set out:

 the procedures to be used in order to assess the risk of misstatement in the entity’s
accounting records/financial statements, and
 planned further audit procedures for each material audit area. These audit procedures
might be in response to the risks assessed, or specific procedures to be carried out to
ensure that the engagement complies with ISAs.

The audit procedures to be performed by audit team members will be those needed in order to:

 obtain sufficient appropriate audit evidence, and

 reduce audit risk to an acceptably low level.

Audit risk is considered in detail in the next section. What constitutes “sufficient appropriate
audit evidence” is considered in chapter 5.

These procedures will be set out in a series of audit programmes. Audit programmes are sets of
instructions to the audit team, specifying the audit procedures that should be performed in
each area of the audit.

15
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

SAMPLE AUDIT PROGRAMME FOR PAYMENT

Auditee Organization ____________

Method of Sampling ___________
Sample Size _______________
Budget Year Under Audit _______
Procedures Performed Sign. Date
()
Cross Not
S.N. Ref. Performed(X)
Verify that each payment voucher is
authorized by the signature of a competent
1 official
Check that the chief accountant and the
cashier have signed on the appropriate
2 payment voucher
Ensure that the payee has signed on the
payment voucher or original receipts are
3 attached
Check that all payments made were within
4 the limits of authorization
Verify that the check payments are co-
5 signed by two signatories
Check all supporting documents and ensure
6 that they are all stamped "PAID"
Check details of the check book counterfoil
with those of the corresponding payment
7 vouchers

Prepared by: Team Leader Reviewed by: Senior Auditor Approved by: Audit Manager
Name __________________ Name __________________ Name __________________
Sign. ___________________ Sign. ___________________ Sign. ___________________
Date____________________ Date____________________ Date____________________

16
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

QUESTIONS TO PONDER WITH IN CLASS

QUESTION ONE
Discuss and analyze the audit risks involved with accepting a new client. Explain how an
auditor might determine client acceptance.
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________

QUESTION TWO
Engagement letters are used by most auditors in performing professional services.

a. Describe the purpose of an engagement letter.

_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
b. ISA 210 Terms of Audit Engagements explains the content and use of
engagement letters.

Required: State SIX items that could be included in an engagement letter.

_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________

QUESTION THREE

1. Which of the following factors would most likely cause an auditor to decide not to accept a
new audit engagement?
a. Lack of understanding of the potential client's internal auditors' computer-assisted audit
techniques.
b. Management's disregard for internal control.
c. The existence of related party transactions.
d. Management's attempt to meet earnings per share growth rate goals.
2. A successor auditor is required to attempt communication with the predecessor auditor prior
to
a. Performing test of controls. b. Testing beginning balances for the current year.
c. Making a proposal for the audit engagement. d. Accepting the engagement.
3. Preliminary arrangements agreed to by the auditors and the client should be reduced to writing
by the auditors. The best place to set forth these arrangements is in:
a. A memorandum to be placed in the permanent section of the auditing working papers.
b. An engagement letter. c. A client representation letter.
d. A confirmation letter attached to the constructive services letter.

17
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

4. Which statement is correct relating to a potential successor auditor's responsibility for

communicating with the predecessor auditors in connection with a prospective new audit client?
a. The successor auditors have no responsibility to contact the predecessor auditors.
b. The successor auditors should obtain permission from the prospective client to contact the
predecessor auditors.
c. The successor auditors should contact the predecessors regardless of whether the prospective
client authorizes contact.
d. The successor auditors need not contact the predecessors if the successors are aware of all
available relevant facts.
5. Which of the following topics is not normally included in an engagement letter?
a. The auditors' preliminary assessment of internal control.
b. The auditors' estimate of the fee for the engagement.
c. Limitations on the scope of the engagement.
d. A description of responsibility for the detection of fraud.
6. Which of the following must an auditor ensure that they have before taking on a client:
i) That they have sufficient knowledge and experience within the firm to undertake the
work.
ii) That the client has an Audit Committee.
iii) That there are no independence issues.
iv) That the client has a reliable internal audit function.
a. All of the above b. i) only c. i) and iv) only d. i) & iii) only
7. ISA 315 states that before undertaking the audit, the auditor should gain an understanding of
the entity. They should do this by considering the following:
i) Potential for any illegal activities.
ii) The industry environment.
iii) The nature of the industry.
iv) The clients audit history.
v) The ability of management.
vi) The understanding of management of the role of the auditor.
a. All of the above b. i) only c. i) ii), iii) and iv) only d. ii), iii) & iv) only
8. An engagement letter can be seen as the contract between the auditor and the client. As such it
should contain the terms of the engagement such as:
i) Inherent limitations of audit.
ii) The form of the audit report.
iii) The opinion of the auditor.
iv) Any use of internal audit or external experts.
v) Deadlines.
Which of the above items would not appear in the engagement letter:
a. iii) only b. i) only c. i) and iv) only d. i) & iii) only

QUESTION FOUR
Auditors perform various tasks in planning an audit engagement. Provide an overall
description of how an auditor obtains an understanding of the client's business and its purpose.
_____________________________________________________________________________
_____________________________________________________________________________

18
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

_____________________________________________________________________________

QUESTION FIVE
As a part of the planning process, the auditors often prepare an audit plan, an audit program,
and a time budget.
A. Describe an audit plan and explain its purpose.
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________

B. Describe an audit program and explain its purpose.

_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________

QUESTION SIX
1. Which of the following would be least likely to be considered an audit planning procedure?
a. Use an engagement letter. b. Develop the overall audit strategy
c. Perform the risk assessment. d. Develop the audit plan
2. An auditor who accepts an audit engagement and does not possess the industry expertise of
the business entity, should:
a. Engage financial experts familiar with the nature of the business entity.
b. Obtain a knowledge of matters that relate to the nature of the entity's business.
c. Refer a substantial portion of the audit to another auditor who will act as the principal
auditor.
d. First inform management that an unqualified (clean) opinion cannot be issued.
3. Before accepting an audit engagement, a successor auditor should make specific inquiries of
the predecessor auditor regarding the predecessor's:
a. Awareness of the consistency in the application of IFRS between accounting periods.
b. Evaluation of all matters of continuing accounting significance.
c. Opinion of any subsequent events occurring since the predecessor's audit report was issued.
d. Understanding as to the reasons for the change of auditors.
4. Which of the following procedures is not performed as a part of planning an audit
engagement?
a. Reviewing the working papers of the prior year. b. Performing analytical procedures.
c. Confirmation of all major accounts. d. Designing an audit program.
5. If the business environment is experiencing a recession, the auditor most likely would focus
increased attention on which of the following accounts?
a. Purchase returns and allowances. b. Allowance for doubtful accounts.
c. Common stock. d. Noncontrolling interest of a subsidiary purchased during the
year.
6. Which of the following is not part of planning the Audit?
a. Ensure that the correct engagement team is chosen for the assignment.
b. Identify potential problems that may occur on the audit.

19
 Audit I, Lecture Notes, CH 4, Compiled for AAU Students, Dec 2022.

c. Carry out substantive testing on the balances in the financial statements.

d. All of the above.
7. The audit strategy sets the overall scope and direction of the audit but does not detail the
exact work to be carried out.
Is this statement: a. True b. False
8. Which of the following will appear in the audit strategy document:
i) Documented evidence of the understanding of the entity.
ii) Documented evidence of the understanding of the system within the entity.
iii) The audit report.
iv) The scope of the audit.
v) A management representations letter.
a. iii) only b. All of the above c. i) ii) & iv) only d. i) & iii) only
9. The audit plan sets the overall scope and direction of the audit but does not detail the exact
work to be carried out.
Is this statement: a. True b. False
10. Which of the following should the auditor look at in order to understand the client:
i) The industry.
ii) Competition.
iii) Technology.
iv) Laws & Regulations.
v) Stakeholders.
a. iii) only b. All of the above c. i) ii) & iv) only d. i) & iii) only
11. You have asked by the senior auditor to seek out information that can be used in order to
gain an understanding of the company you are about to audit. Which of the following would be
a source of this information?
a. Government statistical records. b. The company’s own annual report.
c. The foreign office information department. d. All of the above

20