AUDIT AND ASSURANCE: CONCEPTS AND APPLICATIONS 1

Audit Planning, Risk Assessment and Internal Control Part 1

Audit Planning, Risk Assessment and Internal Control Part 1 - Introduction

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—2
CONFIDENTIAL – INTERNAL USE ONLY
Whiteboard Question
What is our objective as auditors?

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—3
CONFIDENTIAL – INTERNAL USE ONLY
Audit Planning, Risk Assessment and Internal Control Part 1 - Introduction

Audit Planning Procedures

The objective the auditor is to plan and perform the audit

to obtain reasonable assurance about whether the
financial statements are free of material misstatement,
whether due to error or fraud.

Primary objective and The role of the auditors includes a commitment to

role of the auditor adhering to professional standards and exercising
sound professional judgment, objectivity and
skepticism.

It is important to have a basic understanding of these concepts.

Having a big picture understanding of an audit will assist you in
gaining an understanding of some of the tasks and assignments
auditors will be given and how they relate to the overall audit.

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—4
CONFIDENTIAL – INTERNAL USE ONLY
 Audit Planning, Risk Assessment and Internal Control Part 1 - Introduction
Audit Planning Procedures
• Benefits of adequate audit planning

− Appropriate attention is devoted to important areas

Role and − Potential problems are identified and resolved on a timely basis
Timing of
Planning − Proper organization and management of the audit engagement leading to an effective and efficient performance

− Assistance in coordinating work done by other auditors and experts

− Assistance in facilitating direction, supervision and review

• The nature and extent of planning will vary according to:

Nature − Size and complexity of the entity

and Extent
− Previous experience with the entity of key engagement team members
of
Planning − Changes in circumstances that occur during the audit engagement
− Timing of the appointment of independent auditors

Planning is not a discrete phase of an audit, rather a continual and iterative process that often begins shortly after (or in
connection with) the completion of the previous audit and continues until the completion of the current audit
engagement.
© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—5
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Risk Assessment Procedures

The auditor shall:

Identify risks throughout the Introduction to Risk Assessment: Understand the

process of obtaining Entity and its Internal Control Consider the
understanding of the entity and
Relate the identified risks to likelihood that
its environment, including
what can go wrong at the risks could result
relevant internal controls that
assertion level and consider in a material
relate to the risks and considers
whether the risks are of misstatement in
the classes of transactions,
magnitude that could result in a
account balances and the financial
material misstatement; and
disclosures in the financial statements.
statements

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—6
CONFIDENTIAL – INTERNAL USE ONLY
 Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Risk Assessment Procedures
The risk assessment procedures shall include the following:

Analytical procedures
Introduction to Risk Assessment: Understand the
Entity and its Internal Control

Inquiries of management, and of others

within the entity who in the auditor’s
Observation and inspection

judgement may have information that is

likely to assist in identifying risks of material
misstatements due to fraud or error.
© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—7
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Risk Assessment Procedures
MATERIALITY

Information is material if its

omission or misstatement could
influence the economic decisions of
users taken on the basis of the
financial statements.

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—8
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Risk Assessment Procedures
MATERIALITY PROVIDES JUDGEMENT FOR:

Determining the Determining

nature, timing and the nature,
extent of risk timing and
assessment extent off
procedures further audit
procedures

Identifying
and assessing
the risk of
material
misstatement

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—9
CONFIDENTIAL – INTERNAL USE ONLY
 You can now take a 10-minute break.

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—10
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Internal Control Consideration and Responses
to Assessed Risks

ACCOUNTING AND INTERNAL CONTROL SYSTEMS

Accounting system – a series of tasks and records of an entity by which transactions are processed as a means of maintaining
financial records

Internal control system – all the policies and procedures (internal controls) adopted by the management of an entity to assist in
management’s objective of ensuring as far as applicable:

- Orderly and efficient conduct of its business, including adherence to management polcies
- Safeguarding of assets
management’s - Prevention and detection of fraud and error
objective
- Accuracy and completeness of the accounting records
- Timely preparation of reliable financial information

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—11
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Internal Control Consideration and Responses
to Assessed Risks

INTERNAL CONTROL – Is the process. Effected by those charged with governance, management, and other personnel, designed to
provide reasonable assurance regrading achievement of their objectives:
- effectiveness and efficiency of operations
- reliability of financial reporting
- compliance with applicable laws

Process flow diagram:

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—12
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Internal Control Consideration and Responses
to Assessed Risks

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—13
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Internal Control Consideration and Responses
to Assessed Risks

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—14
CONFIDENTIAL – INTERNAL USE ONLY
Learning Resource
Audit Planning, Section
Risk 1
Assessment and Internal Control Part 1 - Introduction
Internal Control Consideration and Responses
to Assessed Risks

Understand the components of internal control and the entity’s flows of transactions

We are required to obtain an understanding of internal control relevant to the audit. Relevant controls may exist
within each of the following components of internal control (CRIME):
• The control environment
• The entity’s risk assessment process;
• The information system, including the related business processes, relevant to financial reporting, and
communication;
• Control activities; and
• Monitoring of controls.

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—15
CONFIDENTIAL – INTERNAL USE ONLY
What Questions Do You Have?

© 2021. For information, contact Deloitte Global. Jump In—Risk Assessment and Internal Control Part 1—16
CONFIDENTIAL – INTERNAL USE ONLY