AUDIT CAP2 Session 3 2021_2022

CAP 2 Auditing &
Assurance - Session 3
ISA 300, ISA 315, ISA 330, ISA 500
Agenda
3.1 ISA 300 – Planning an audit of financial statements
ISA 315 – Identifying and assessing the risk of material

3.2
misstatement
3.3 ISA 330 – The auditor’s response to assed risk
3.4 ISA 500 – Audit evidence
RoI students – the above standards are International Standards on Auditing (Ireland)
NI students – the above standards are International Standards on Auditing (UK)
Key learning outcomes
Understand the interaction Gain and understanding of

1 between planning and 4 the distinction between tests
strategy of controls and substantive
testing - and to identify
circumstances where each
are appropriate
Understand the business and
2 the related business risk
Gain an ability to develop Understand how evidence is

responses to risks at assessed based on the
3 financial statement and
5 concept of sufficient and
assertion levels appropriate
The Audit Process - you are here
© Chartered Accountants Ireland

ISA 300 – Planning an audit of
financial statements –
Session 3.1
ISA 300 - Planning an audit of financial
statements
Planning an audit involves establishing an overall strategy and from there

developing an audit plan
Benefits of planning –
• Ensuring adequate attention is devoted to important areas on a timely
basis.
• Auditor identifies and resolves potential problems on a timely basis.
• Helps in performing the audit in an effective and efficient manner.
• Ensures selection of engagement team members with appropriate skills.
• Facilitates direction and supervision of engagement team.

statements
At the beginning of the audit engagement, the auditor will perform the following
procedures:
• Perform procedures regarding the continuance of the client relationship.
• Establishing an understanding of the terms of engagement as per ISA 210.
• Evaluating compliance with relevant ethical requirements.
The engagement partner and other key members of the engagement team
should be involved in planning the audit.

statements
• Auditor will establish an overall audit strategy that sets out the scope, timing
and direction of the audit. After the strategy the audit plan is formulated.
• Scope of audit (reporting standards, IASs?)
• The timing (fieldwork, reporting deadlines etc.)
• The direction (assessment of high-risk areas, materiality, site visits, etc.)

statements
Scope – Consider and document the following areas:
• Financial reporting framework for the financial statements?
• International Accounting standards?
• Industry specific or other special reporting requirements?
• Listed companies vs. private companies vs. charities etc.
• Other regulated businesses such as banks and insurance companies.
• Other factors which influence the overall approach to the audit?
• Multiple locations?
• Group audits?

statements
Timing – Assess required timing including:
Deadlines for:
• Final reporting
• Interim report (if applicable)
• Reports to management
• Reports to those charged with governance
The timing of:
• Interim AND final audit visits

statements
Direction –
The ‘direction’ of the audit covers the overall approach and concerns such
issues as:
• Preliminary assessment of materiality
• Preliminary identification of high-risk areas
• Preliminary identification of material components and account balances

statements
Establish the overall strategy -
Consider:
• Characteristics of engagement;
• Reporting objectives of communications that are required;
• Any other significant factors in the auditor’s judgement; and
• Allocate necessary resources to perform the engagement.

statements
The audit plan –
After the strategy, the auditor shall develop an overall audit plan covering:
• Nature, timing and extent of risk assessment procedures;
• Nature, timing and extent of planned audit procedures at the assertion level; and
• Any other procedures which are required to comply with ISA’s
The auditor can update the overall strategy and the audit plan at any stage during the
audit. It is not set in stone!

statements
Planning needs to consider the following matters –
• Analytical procedures to be applied
• Involvement of experts, if any
• Determination of materiality
• Obtaining an understanding of the legal and regulatory framework
• The performance of other risk assessment procedures

statements
Possible Strategies –
• Interim / final audit?
• Substantive tests or controls reliance (with reduced substantive testing?)
• Analytical review or tests of detail?
Each audit is different - tailor your strategy

Understanding the entity and its environment
Relationship between strategy and audit plan:
Planning Execution of Audit

STRATEGY
Strategy Planning
• Important areas • Analytical procedures
• Scope of the audit • Use of experts
• Timing • Materiality
• Interim, stock takes PLAN • Legal and regulatory
etc. framework
• Skills & resourcing • Other risk assessment
• Specialist procedures
knowledge
• Direction & supervision PROCEDURES
Procedures
• We will review these in more detail
over the coming sessions

statements
Examples of typical planning procedures –
• Review the contents of the Letter of Engagement
• Ascertain the nature of the client’s business
• Obtain/review the client’s accounting system (Flowcharts, narrative notes)
• Review the Permanent Audit File (Memorandum and Articles of Association)
and last years Current Audit File
• Review previous years financial statements
• Examine the up to date financial position of the entity (Interim accounts,
management accounts)
• Identify the critical audit areas and also the potential audit issues
• Perform analytical procedures

statements
Examples of typical planning procedures (Cont’d) –
• Discuss with management business issues, recent and future trend
developments, changes in regulatory framework, etc. affecting the business
• Consider the accounting policies (Any changes, any new IFRSs)
• Consider the Business Risk associated with the client’s business
• Determine the appropriate materiality limit
• If there is an internal audit team, consider how they will assist in the audit
• Consider the effect of related parties
• Decide whether the internal control systems are going to be relied on or
whether more independent substantive evidence is required
Please note that the above is not a complete or comprehensive list of planning procedures

ISA 315 – Identifying and
assessing the risk of material
misstatement – Session 3.2
ISA 315
This standard was revised in 2020 with the intention to improve the auditors focus on risk. Key
revisions:
• It introduced the concept of ‘scalability’ to improve the standard’s applicability to entities across
a wide spectrum of circumstances and complexities
• Improved discussion of IT within client's systems and the auditors use of data analytics to
perform audit procedures
• Increased focus on ‘professional scepticism’
• More emphasis and guidance on the use of internal audit (if applicable)

Terms /Definitions – RECAP
• Objectives of an audit • Audit Premise

• Inherent Risks • Ethics
• Going Concern • Letter of engagement
• Audit Report types • Assertions
• Materiality
• Performance materiality
• Clearly trivial
• Sufficient appropriate audit evidence (covered more later)

• Substantive procedures (covered more later)
• Test of details
• Test of controls
• Substantive analytical procedures
ISA 315 - Definitions
• Controls – Policies or procedures that an entity establishes to achieve the control objectives of
management or those charged with governance. In this context:
i. Policies are statements of what should, or should not, be done within the entity to effect
control. Such statements may be documented, explicitly stated in communications, or
implied through actions and decisions.
ii. Procedures are actions to implement policies.
• General IT controls – Controls over the entity’s IT processes that support the continued proper
operation of the IT environment, including the continued effective functioning of information
processing controls and the integrity of information (i.e., the completeness, accuracy and
validity of information) in the entity’s information system.
• Information processing controls – Controls relating to the processing of information in IT
applications or manual information processes in the entity’s information system that directly
address risks to the integrity of information (i.e., the completeness, accuracy and validity of
transactions and other information

• Inherent risk factors – Characteristics of events or conditions that affect susceptibility to
misstatement, whether due to fraud or error, of an assertion about a class of transactions,
account balance or disclosure, before consideration of controls. Such factors may be qualitative
or quantitative, and include complexity, subjectivity, change, uncertainty or susceptibility to
misstatement due to management bias or other fraud risk factors11 insofar as they affect
inherent risk.
• IT environment – The IT applications and supporting IT infrastructure, as well as the IT
processes and personnel involved in those processes that an entity uses to support business
operations and achieve business strategies. For the purposes of this ISA (Ireland):
i. An IT application is a program or a set of programs that is used in the initiation,
processing, recording and reporting of transactions or information. IT applications include
data warehouses and report writers.
ii. The IT infrastructure comprise the network, operating systems, and databases and their
related hardware and software.
iii. The IT processes are the entity’s processes to manage access to the IT environment,
manage program changes or changes to the IT environment and manage IT operations.
• Relevant assertions – An assertion about a class of transactions, account balance or
disclosure is relevant when it has an identified risk of material misstatement. The determination
of whether an assertion is a relevant assertion is made before consideration of any related
controls (i.e., the inherent risk).
• Risks arising from the use of IT – Susceptibility of information processing controls to
ineffective design or operation, or risks to the integrity of information (i.e., the completeness,
accuracy and validity of transactions and other information) in the entity’s information system,
due to ineffective design or operation of controls in the entity’s IT processes
• Significant class of transactions, account balance or disclosure – A class of transactions,
account balance or disclosure for which there is one or more relevant assertions.

ISA 315 – Identifying and assessing the risk of
material misstatement
• In order to perform an efficient audit, an auditor needs to understand the risks

faced by the business:
• This will help the auditor in identifying potential areas where misstatements
might occur
• The auditor shall design and perform risk assessment procedures to obtain
audit evidence that provides an appropriate basis for:
i. The identification and assessment of risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion
levels; and
ii. The design of further audit procedures in accordance with ISA (Ireland)
330

ISA 315 - Understanding of the Entity and its environment
and the Applicable Financial Reporting Framework
The auditor shall perform risk assessment procedures to obtain an understanding of:
a) The following aspects of the entity and its environment:
i. The entity’s organisational structure, ownership and governance, and its business model
(including the extent to which the business model integrates the use of IT);
ii. Industry, regulatory and other external factors; and
iii. The measures used, internally and externally, to assess the entity’s financial
performance;
b) The applicable financial reporting framework, and the entity’s accounting policies and the
reasons for any changes; and
c) How inherent risk factors affect susceptibility of assertions to misstatement and the degree to
which they do so, in the preparation of the financial statements, based on the understanding
obtained in (a) and (b).
The auditor shall evaluate whether the entity’s accounting policies are appropriate and consistent
with the applicable financial reporting framework.

ISA 315 – Identifying and assessing
the risk of material misstatement
System of Internal Control
Control Monitoring
Risk Assessment Control Activities IT System
Environment Activities
• Management • Risk Identification • Org. Controls • Strong general • Internal Audit

Integrity P&P controls Function
• Segregation of
• Tone at the Top • Analysis and Action Duties • Strong App • Response to
Plan controls deviation /
• Organisation • Physical controls weakness
Structure • Fraud Risk • Communication of
Assessment • Review & objectives and
• Chart of authority Authorisation requirements
• Change
• HR P&P management • Systems controls
• Reconciliation
Understanding of the information system including the business processes relevant financial reporting**

ISA 315 - Understanding the Components of the Entity’s
System of Internal Control – Control environment
Control Monitoring
The auditor performs risk assessment procedures including:

• Understanding the set of controls, processes and structures that address:
i. How management’s oversight responsibilities are carried out (entity’s
culture, management’s commitment to integrity and ethical values);
ii. When TCWG are separate from management, the independence of, and
oversight over the entity’s system of internal control by, TCWG;
iii. The entity’s assignment of authority and responsibility;
iv. How the entity attracts, develops, and retains competent individuals; and
v. How the entity holds individuals accountable for their responsibilities in the
pursuit of the objectives of the system of internal control
System of Internal Control – Control environment
Control Monitoring
• Evaluating whether:
i. Management, with the oversight of TCWG, has created and maintained a
culture of honesty and ethical behavior;
ii. The control environment provides an appropriate foundation for the other
components of the entity’s system of internal control considering the nature
and complexity of the entity; and
iii. Control deficiencies identified in the control environment undermine the
other components of the entity’s system of internal control.
System of Internal Control – Entity Risk Assessment
Process
Control Monitoring
• Understanding the entity’s process for:

i. Identifying business risks relevant to financial reporting objectives;
ii. Assessing the significance of those risks, including the likelihood of their
occurrence; and
iii. Addressing those risks.
• Evaluating whether the entity’s risk assessment process is appropriate to the
entity’s circumstances considering the nature and complexity of the entity

ISA 315 - Information System and Communication, and
Control – Control activities
Control Monitoring

a. Identifying controls that address risks of material misstatement at the assertion level as
follows:
i. Controls that address a risk that is determined to be a significant risk;
ii. Controls over journal entries, including non-standard journal entries used to record non-
recurring, unusual transactions or adjustments;
iii. Controls for which the auditor plans to test operating effectiveness in determining the
nature, timing and extent of substantive testing, which shall include controls that
address risks for which substantive procedures alone do not provide sufficient appropriate
audit evidence; and
iv. Other controls that the auditor considers are appropriate to enable the auditor to meet the
objectives with respect to risks at the assertion level, based on the auditor’s professional
judgment;
Control – Control activities
Control Monitoring

b. Based on controls identified in (a), identifying the IT applications and the other aspects of the
entity’s IT environment that are subject to risks arising from the use of IT;
c. For such IT applications and other aspects of the IT environment identified in (b), identifying:
i. The related risks arising from the use of IT; and
ii. The entity’s general IT controls that address such risks; and
d. For each control identified in (a) or (c)(ii):
i. Evaluating whether the control is designed effectively to address the risk of material
misstatement at the assertion level, or effectively designed to support the operation of
other controls; and
ii. Determining whether the control has been implemented by performing procedures in
addition to inquiry of the entity’s personnel.
Control - The information system and
communication
Control Monitoring

a. Understanding the entity’s information processing activities, including its data and information,
the resources to be used in such activities and the policies that define, for significant classes
of transactions, account balances and disclosures:
i. How information flows through the entity’s information system, including how:
a. Transactions are initiated, and how information about them is recorded, processed,
corrected as necessary, incorporated in the general ledger and reported in the
financial statements; and
b. Information about events and conditions, other than transactions, is captured,
processed and disclosed in the financial statements;
ii. The accounting records, specific accounts in the financial statements and other
supporting records relating to the flows of information in the information system;

Control - The information system and
communication
Control Monitoring
iii.The financial reporting process used to prepare the entity’s financial statements,
including disclosures; and
iv. The entity’s resources, including the IT environment, relevant to (a)(i) to (a)(iii) above;
b. Understanding how the entity communicates significant matters that support the preparation
of the financial statements and related reporting responsibilities in the information system and
other components of the system of internal control:
i. Between people within the entity, including how financial reporting roles and
responsibilities are communicated;
ii. Between management and those charged with governance; and
iii. With external parties, such as those with regulatory authorities;
c. Evaluating whether the entity’s information system and communication appropriately support
the preparation of the entity’s financial statements in accordance with the applicable financial
reporting framework.
System of Internal Control – Monitoring of the System
of Internal Control
Control Monitoring
a. Understanding those aspects of the entity’s process that address:

i. Ongoing and separate evaluations for monitoring the effectiveness of controls, and the
identification and remediation of control deficiencies identified; and
ii. The entity’s internal audit function, if any, including its nature, responsibilities and
activities;
b. Understanding the sources of the information used in the entity’s process to monitor the
system of internal control, and the basis upon which management considers the information
to be sufficiently reliable for the purpose; and
c. Evaluating whether the entity’s process for monitoring the system of internal control is
appropriate to the entity’s circumstances considering the nature and complexity of the entity.
Risk assessment procedures may conducted through means including –
• Making enquiries of management and other appropriate individuals within the

entity
• Analytical procedures (ISA 520)
• Observation and inspection

Making enquiries of management and other appropriate individuals within the

entity
Examples of enquiries:
• Management and TCWG may provide insight into the oversight of the FS preparation
• Internal personnel responsible for processing or recording complex transactions
• Internal audit personnel, risk management function and IT personnel
• In-house legal counsel about litigation, compliance with laws and regulations, fraud
etc.
• Marketing or sales personnel about changes in the entities marketing strategies

Analytical procedures –
• Analytical procedures may include both financial and non-financial information such
as the relationship between sales and square footage of selling space or volume of
goods sold.
• Analytical procedures may help identify the existence of unusual transactions ratios
and trends that might indicate matters that have an audit implication.
• Analytical procedures would also identify any unusual or unexpected relationships

which might identify the risks of material misstatement’s.

Observation and inspection –
Examples:
• Observe the entities operations and inspect internal documents, records and internal control
manuals.
• Inspect reports prepared by management (e.g. quarterly management reports).
• Inspect the entity’s premises and plant facilities.
• Information obtained from external sources such as trade and economic journals; reports by
analysts, banks, or rating agencies; regulatory or financial publications etc.
• The behaviors and actions of management or those charged with governance (such as the
observation of an audit committee meeting)

The information system relevant to the preparation of the financial statements consists of activities
and policies, and accounting and supporting records, designed and established to:
1. Initiate, record and process entity transactions (as well as to capture, process and disclose information
about events and conditions other than transactions) and to maintain accountability for the related
assets, liabilities and equity;
2. Resolve incorrect processing of transactions, for example, automated suspense files and procedures
followed to clear suspense items out on a timely basis;
3. Process and account for system overrides or bypasses to controls;
4. Incorporate information from transaction processing in the general ledger (e.g., transferring of
accumulated transactions from a subsidiary ledger);
5. Capture and process information relevant to the preparation of the financial statements for events and
conditions other than transactions, such as the depreciation and amortization of assets and changes in
the recoverability of assets; and
6. Ensure information required to be disclosed by the applicable financial reporting framework is
accumulated, recorded,

The auditor shall identify if any risks are considered to be “significant risks”. These are
identified risks of material misstatement:
i. For which the assessment of inherent risk is close to the upper end of the spectrum of
inherent risk due to the degree to which inherent risk factors affect the combination of the
likelihood of a misstatement occurring and the magnitude of the potential misstatement
should that misstatement occur; or
ii. That is to be treated as a significant risk in accordance with the requirements of other
ISAs (Ireland)
The determination of which of the assessed risks of material misstatement are close to the upper
end of the spectrum of inherent risk, and are therefore significant risks, is a matter of professional
judgment
Revision of risk assessment – If the auditor's assessment of risk changes during the course of the audit, the
auditor will revise the risk assessment and modify the planned audit procedures to address the new risk
assessment.
ISA 330 – The auditor’s response
to assed risk – Session 3.3
ISA 330 – The auditor’s responses to assessed
risk
• ISA 315 helps the auditor get an understanding of the entity and hence identify
risks of material misstatement.
• ISA 330 gives guidance to the auditor to design suitable procedures to address the
risks that have been identified.
• Simply put, ISA 315 asks the auditor what can go wrong with this audit? ISA 330 -
now that you know what can go wrong with the audit what are you going to do about
it?
• What procedures are you going to design and what evidence are you going to
obtain?
risk
• The auditor must design and perform audit procedures whose nature, timing and
extent are based on the risks identified.
• These procedures must be responsive to the risks that have been identified.
• In designing procedures the auditor should consider:
➢ Likelihood and magnitude of misstatements due to particular characteristics of

significant class of transactions balances or disclosure (inherent risk – Session 2).
➢ Whether a risk assessment takes into account controls that address the risk of
material misstatement whereby the auditor would need to test the operating
effectiveness of those controls (control risk– Session 2)

risk
Tests of control –
• Tests of controls are performed to test the operating effectiveness of internal

controls.
Substantive tests –
• Substantive tests are designed to detect misstatements in the financial

statements.

risk
• If the auditor tests controls and obtains sufficient appropriate evidence

about the operating effectiveness of these controls, then the auditor could do
a limited amount of substantive testing.
• If the auditor does not get sufficient evidence by performing tests of controls
and hence concludes that the controls are not effective, then the auditor
would proceed and perform an extensive amount of substantive procedures.

risk
It is possible to perform tests of controls as part of the interim audit and if the
auditor has done this they need to consider:
• Any changes to controls subsequent to the interim testing; and
• Determine additional audit evidence to be obtained for the remaining

period (from interim to the year-end).

risk
Audit
Strategy
Controls effective,
less substantive
testing
Substantive Rely on
Testing Controls Controls not effective,
extensive substantive
testing
Analytical Tests of
Procedures Detail

ISA 500 – Audit Evidence
– Session 3.4
ISA 500 – Audit evidence
• Audit Evidence is anything that the auditor will use and rely upon in forming
his/her opinion
• Audit evidence is needed to support the audit opinion; and
• Audit evidence must be sufficient and appropriate.

Sufficient –
• How much evidence is needed?
• Depends on auditors judgment
Appropriate –
• Refers to relevant and reliable evidence
• Depends upon nature of transaction or balance being tested AND the
assertion being tested. Persuasive not conclusive (opinion, not certificate)
• Not absolute assurance on F/S
• Procedures are designed to reduce risk NOT eliminate it

Financial statement assertions (ISA 315)
Transactions during year Year end balances

Occurrence (O) Existence (E)
Accuracy (A) Rights & obligations (R/O)
Cut-off (C/O) Valuation, accuracy & allocation (V)
---------- Completeness (C) ----------
---------- Classification & Presentation (C/P) ----------

Transactions during year Year end balances

• Occurrence – did the transaction actually take • Existence – do the assets or liabilities actually
place? exist?
• Completeness – are all transactions or • Rights and obligations – does the client own
balances that should be included in the or have other rights over the assets and have a
financial statements, actually included? genuine obligation to pay liabilities?
• Accuracy – are the amounts correct? • Valuation – are assets or liabilities included at
appropriate amounts?
• Cut off – are transactions accounted for in the
correct period? • Allocation – are account balances included in
appropriate accounts?
Both transactions and year end balances
• Completeness – are all transactions or balances that should be included in the financial statements,
actually included?
• Classification and presentation – are items in the financial statements disclosed under appropriate
headings and in such a way that they can be readily understood by readers?
The assertions are important because they have an impact on how the auditor
gathers evidence. Remember that the audit evidence required depends on both:
• the nature of the item being tested; AND
• the assertion being tested

This can all be simplified down to four key questions that the auditor needs to answer:
1. Should it be in the accounts at all? 3. Are there any more?
• Occurrence • Completeness
• Existence 4. Is it disclosed properly?
• Rights and obligations
• Classification
• Cut-off
• Allocation
2. Is it included at the right value? • Presentation
• Accuracy
• Valuation

ISA 500 – AUDIT EVIDENCE
Reliable evidence
Factors to consider:
• Obtained directly by auditor vs indirectly
• Documentary vs. Oral
• Original vs. copies
External Generated External Generated Internally Generated Internally Generated

documents directly to documents held by documents circ. documents not circ.
auditor client externally externally
Most Reliable Least Reliable

ISA 500 – AUDIT EVIDENCE
External information source
• External individual or organisation
• Information is suitable for use by a broad range of users
• Not management’s expert, service organisation, or auditor’s expert
Factors to consider for the relevant and reliability of such information:

• Nature and authority of the source (e.g. • Controls in place to address the relevance
Central Bank or government); and reliability;
• Ability of client (other parties) to • Does the source accumulate market
influence the information obtained; information or “set” market information;
• Competence and reputation of the • Information is suitable for use;
source; • Alternative information that may contradict the
• Past experience with the reliability of the information used;
information; • Nature and extent of disclaimers or other
• General market acceptance by users of restrictive language; and
the relevance and/or reliability; • Methods, models, controls, assumptions etc.
in the production of the data.
Methods of obtaining audit evidence –

• Inspection of records or documents (internal or external such as invoices or in an
electronic form). Inspection of tangible assets
• Observation (looking at procedure/process being performed by others – staff counting
inventory)
• Inquiry (seeking information from knowledgeable persons but needs to be
corroborated)
• Confirmation (direct confirmation to the auditor by a 3rd party such as bank
confirmation)
• Recalculation (checking the mathematical accuracy of documents )
• Re-performance (involves the auditors execution of procedures that were originally
performed by the client)
• Analytical procedures (analysing plausible relationships between financial and non
financial data)

Thank you

AUDIT CAP2 Session 3 2021_2022

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AUDIT CAP2 Session 3 2021_2022

Uploaded by

Copyright:

Available Formats

CAP 2 Auditing &

3.1 ISA 300 – Planning an audit of financial statements

ISA 315 – Identifying and assessing the risk of material

3.3 ISA 330 – The auditor’s response to assed risk

3.4 ISA 500 – Audit evidence

Understand the interaction Gain and understanding of

Gain an ability to develop Understand how evidence is

© Chartered Accountants Ireland

Planning an audit involves establishing an overall strategy and from there

© Chartered Accountants Ireland

• Perform procedures regarding the continuance of the client relationship.

• Establishing an understanding of the terms of engagement as per ISA 210.

• Evaluating compliance with relevant ethical requirements.

© Chartered Accountants Ireland

• Scope of audit (reporting standards, IASs?)

• The timing (fieldwork, reporting deadlines etc.)

• The direction (assessment of high-risk areas, materiality, site visits, etc.)

© Chartered Accountants Ireland

Scope – Consider and document the following areas:

• Financial reporting framework for the financial statements?

• International Accounting standards?

• Industry specific or other special reporting requirements?

• Listed companies vs. private companies vs. charities etc.

• Other regulated businesses such as banks and insurance companies.

• Other factors which influence the overall approach to the audit?

© Chartered Accountants Ireland

Timing – Assess required timing including:

• Interim AND final audit visits

© Chartered Accountants Ireland

• Preliminary assessment of materiality

• Preliminary identification of high-risk areas

• Preliminary identification of material components and account balances

© Chartered Accountants Ireland

Establish the overall strategy -

• Reporting objectives of communications that are required;

• Any other significant factors in the auditor’s judgement; and

• Allocate necessary resources to perform the engagement.

© Chartered Accountants Ireland

The audit plan –

• Nature, timing and extent of risk assessment procedures;

• Any other procedures which are required to comply with ISA’s

© Chartered Accountants Ireland

Planning needs to consider the following matters –

• Analytical procedures to be applied

• Involvement of experts, if any

• Obtaining an understanding of the legal and regulatory framework

• The performance of other risk assessment procedures

© Chartered Accountants Ireland

• Interim / final audit?

• Substantive tests or controls reliance (with reduced substantive testing?)

• Analytical review or tests of detail?

Each audit is different - tailor your strategy

© Chartered Accountants Ireland

Planning Execution of Audit

© Chartered Accountants Ireland

© Chartered Accountants Ireland

© Chartered Accountants Ireland

© Chartered Accountants Ireland

• Objectives of an audit • Audit Premise

• Sufficient appropriate audit evidence (covered more later)

© Chartered Accountants Ireland

© Chartered Accountants Ireland

• In order to perform an efficient audit, an auditor needs to understand the risks

© Chartered Accountants Ireland