?AUDIT PLANNING Audit planning procedures are the first and perhaps the most important step in carrying out a successful audit. Without adequate planning, the likelihood of missing a significant risk area or encountering engagement-related problems increases considerably. As baseball great and noted philosopher, Yogi Berra puts it, “If you don’t plan on where you are going, you could end up someplace different! ” All too often the auditor does not give adequate attention to audit planning for a vast array of excuses.
This leads the auditor down the path of using the “same as last year” approach to planning, often referred to as “SALY. ” Using the SALY approach to planning causes the auditor to end up someplace different, as so eloquently stated by Mr. Berra. A meaningful audit plan considers 10 basic steps. If these basic steps are routinely followed, the audit goes much better, resulting in a higher quality audit in the minimal possible time. STEP-1 TALK TO THE CLIENT The auditor discusses the nature of the engagement and the client’s business and industry trends at the onset of planning.
Insights gained from this discussion help the auditor navigate through the remainder of the audit planning procedures. These insights set the stage for an active 2-way communication process that results in a fully engaged auditor AND client throughout the entire process, leading to the completion of a successful audit. STEP 2 GAIN A CLEAR PICTURE OF WHAT HAPPENED DURING THE YEAR Clarity includes the risks that may have changed as a result of what happened during the year. The auditor asks about recent developments in the company that may cause the audit to differ from prior years.
Developments such as mergers, new locations or new product lines may have a significant impact on the audit plan for the current year. Ideally, these discussions take place at the client location. Going on site provides the auditor the opportunity to meet with key employees or new employees and to see for him or herself any changes in the overall operations of the client. STEP 3 PREPARE A COMPLETE LIST OF ITEMS NEEDED FROM THE CLIENT The all too often used “SALY” approach copies the prior year’s list of client-prepared schedules without regard to any changes at the client.
A meaningful audit plan provides an updated list of client-prepared items that considers the following: New schedules because of changed risk profiles at the client New schedules resulting from a change in audit approach Example schedules and templates so the client prepares them in the auditors desired format Insertion of due dates for larger clients, insert the name of a person responsible for the completion of the schedule that has been agreed to by the client STEP 4
OBTAIN A CLEAR UNDERSTANDING OF WHEN THE CLIENT NEEDS THE AUDIT REPORT With this understanding, the auditor establishes a plan to meet that delivery date. Knowing the delivery date is essential during planning because it influences the timing for the client-prepared schedules and allows the auditor to plan for audit steps to be completed in ample time. STEP 5 DEVELOP A PLAN TO COMPLETE ALL OF THE WORK IN THE FIELD Leaving a client location without having all of the fieldwork complete results in the remaining work needing to be wrapped up in the office.
When this occurs, the hours put into the audit can get out of control and can also increase the possibility of delivery delays. The work remaining after the auditor leaves the field is often the most difficult and risky audit areas. The audit team is forced to sort out these difficult areas without the benefit of being at the client location with client staff readily available to assist with questions and supporting documentation. To make matters worse, these remaining areas generally get sorted out at a point in time when the auditor needs to “retool” with client knowledge.
The “retooling” process adds wasted time to the audit and increases audit risk by the simple fact that it is difficult for an auditor to fully retool to effectively complete the difficult area. STEP 6 DEVELOP A PLAN TO MINIMIZE THE NUMBER OF STARTS AND STOPS A solid plan to complete all of the work in the field and with a client who is fully engaged in dialogue with the auditor, the number of starts and stops diminish significantly. Constant starting and stopping adds significant time to the audit AND increassume the review process will catch any issues is more effective and achieves higher audit quality.
STEP 7 MATCH THE EXTENT OF PLANNING WITH THE LEVEL OF CLIENT COMPLEXITY AND RISK Most audit firms use a “one size fits all” or standardized audit approach for every audit. All audits are not the same because all clients are not the same, and the degree of complexity and risk changes with each audit. Standardized audit approaches interfere with planning because the auditor spends more time filling out forms at the expense of effective planning. The audit team customizes and eliminates forms when the audit complexity is low.
In these circumstances, the risks can be more effectively and efficiently explained through an audit risk memo. With the standardized audit approach, audits of this nature tend to be over planned, causing the audit team to question the value of planning and resort to the SALY approach. Larger and more complex audits, on the other hand, tend to be slightly under planned when using standardized audit approaches. Audits of this nature generally have numerous risks that are linked together and most standardized checklist audit approaches do not have an effective process to link the risks together.
STEP 8 PREPARE DRAFTS OF FOOTNOTES FOR NEW ACCOUNTING STANDARDS The issuance of new accounting standards is a common occurrence in the world today. Preparing drafts of footnotes to comply with the new standards allows the auditor and the client to have sufficient time to discuss and understand the new standard and to draft a meaningful footnote. STEP 9 GAIN AN UNDERSTANDING AS TO TIMING AND EXPECTATIONS FOR OTHER SERVICES The client generally expects other deliverables beyond the audit report, such as the management letter and tax returns.
Client service is positively or negatively impacted by the efficient delivery of the complete set of services that meets client expectations. Meeting one deadline is not good enough when one or more other items are delivered late. The best time to understand these expectations is during the planning discussions with the client. The auditor considers those items then and develops a plan to meet or exceed client expectations. STEP 10 PREPARE A TIME SCHEDULE AND STAFFING BUDGET THAT COVERS THE AUDIT FROM BEGINNING TO END Most audit firms schedule staff for fieldwork only.
Planning and wrap up end up occurring in “when there is time mode. ” Planning in this mode perpetuates the SALY approach to planning. Wrap up that isn’t scheduled has the tendency to become the “black hole” in audit hours build up. Scheduling the entire job from start to finish may require a culture shift in the CPA firm but the payback is worth the effort. If the entire process is scheduled, the audit team is set up for success to deliver a high quality audit, to exceed client expectations, and to dramatically reduce time on the audit. How to Design an Audit Plan
Designing an audit plan involves identifying the steps required to ensure accuracy and quality in product or service development. Audits typically determine whether a project outcome meets or exceeds established criteria. Failure to comply with requirements usually triggers a remedial action. Designing an effective audit plan helps a business professional manage risks and control operations. To design an audit program, one must fully understand the requirements, such as the scope operational work project and identify ways to test for compliance. An effective audit program provides
comprehensive guidance to auditors in testing key areas to obtain quantitative data to make an informed recommendation based on the findings. One design should specify your tools techniques, such as questionnaires, observations and flowcharts. Examining previous audit plans generated by your company can give you an excellent head start. 1. Identifying Your Objectives Objectives should be specific, measurable, attainable, realistic and time constrained. For example, design an audit to assess the physical condition of your company’s building on a daily basis to ensure the health and safety of the building’s occupants and customers.
Plan and design your approach for achieving the objective. For example, to assess the maintenance service performed at his building, an effective site manager walks around the facility and records observations, such as the cleanliness of the bathrooms, floors and kitchen operations. 2. Determining the Key Controls for Each Audit Objective Compare the actual condition to the established criteria. For example, to describe the cleanliness of a facility in concrete teams, describe the thresholds or control levels associated with a rating of poor, acceptable and excellent.
Provide examples in your plan. Pictures depicting an acceptable level of cleanliness as contrasted with failing levels of cleaning help everyone comply. 3. Developing Tests for Each Control Perform the tests to ensure they work. If your audit needs to be performed by multiple people, designing your plan must including a strategy for training all personnel so the audit gets conducted in a consistent manner that produces reliable results. Each participant must fully understand how the tests should be conducted. 4. Executing the Audit
Determine your sample size, items to select and timing associated with each test. Then, execute the audit and prepare a report of your findings. Create a document to describe your audit plan design. Use a template or develop your own format. For example, the Microsoft Office Templates website provides access to an internal audit to review computer controls. Using a template, a business professional can record and evaluate key audit areas, tests and results efficiently and consistently. How to Conduct a Quality Audit Simply put, quality audits are performed to evaluate the quality of a system.
It is the job of the auditor to carry out the tasks of the audit, comply with requirements, respect confidentiality and perform due diligence by collecting evidence about system quality. These observations should then be documented and acted upon in order to maintain the integrity both of the process and the audit. Should the process need to be refined, quality auditors must determine the appropriate policy change and how it an be best applied. 1. Review documentation regarding the process being audited. This includes perusing manuals that describe the quality-management system in place. 2. Create a quality audit plan.
This plan should be prepared by the auditor and approved by those being audited before starting. Be sure to include a time line and the location of the audit. Also, provide a list of the documents needed to conduct the audit. 3. Define the scope of the audit. Identify the specific groups to be audited. Objectives of the audit should be clear and aligned to the audit plan. Create a checklist of quality requirements to use in the evaluation. 4. Introduce auditors to auditees. Auditees will be tasked with helping the auditor to research information about the quality requirements to be audited. 5.
Provide senior management with a list of meeting times and dates. 6. Begin the audit. Have a kickoff meeting to mark the start of the audit. The meeting should have audit team members in attendance; clarify scope, goals and schedule; review how the audit will be conducted; and confirm the readiness of the auditee. 7. Interview designated groups and study records. After analyzing the data, try to verify or substantiate through more objective means. Any quality system outliers or nonconformities should be investigated and thoroughly documented. 8. Draw conclusions, discuss results with management and prepare the audit report.
The report should include recommendations, outliers and observations along with the audit plan, a review of all evidence found, conclusions and a rating of the quality of the system. The Timing of Audit Work Choosing the correct timing of audit procedures makes the difference between an audit started and an audit completed. Many businesspeople think of an audit as a process that only happens after year end, but properly planning and timing audit procedures to occur throughout the year can make audits more effective, more efficient and reduce strain on client support personnel. 1.
Year End Procedures One major objective of an audit is to verify year-end account balances. As such, some audit procedures can only be completed at year end. For example, if an auditor found it necessary to confirm a balance of a cash account on the last day of the fiscal year, then that confirmation cannot be completed until the day after fiscal year end, at the earliest. Other financial statement analytic tasks and procedures involving the balance sheet usually must wait until after the company’s financial records close for the year as the information may not be available until after close.
2. Interim For companies that have high transaction counts, auditors may be able to start gaining assurance over income statement accounts during interim testing. Interim testing is usually testing that occurs concurrent with fiscal Q3 review procedures. While the auditor is performing review procedures, he is able to perform detail testing of transactions that the company has already completed. Using this method, provided the auditor has assurance over the company’s system of internal control and information processing, he may be able to complete reduced testing at year end.
This also serves to reduce strain on client personal at the end of the year. 3. SOX Compliance Larger public companies that are required to be in compliance with Section 404 of the Sarbanes-Oxley Act must include an attestation report of the company’s internal control over financial reporting. These “SOX audits,” as they are more commonly known as, are an auditor’s concurrence with management’s opinion that internal control systems are operating effectively as of the balance sheet date. Procedures are completed during quarterly reviews, interim periods and year-end audits to support this assurance.
4. Quarterly Reviews While not technically an audit, accountants perform procedures to assess financial information that is published as part of their client’s quarterly financial filings. These procedures occur after the close of quarterly books and are only reviews of significant events and transactions that occurred during the quarter. Auditors do not attest to the accuracy of the financial statements during these reviews, but only express that they did not encounter any evidence that the company’s financial statements are materially misstated.
Because of the lower level of assurance, these procedures do not take as long to complete as audit procedures. Design of the Audit Programme Having fixed up of the audit scope and gained knowledge over the business, accounting and internal control system, the auditor needs to draw up a plan of action. The plan of action is called audit programme. Professor Meigs defines an audit programme as: “An audit program is a detailed plan of the auditing work to be performed, specifying the procedures to be followed in verification of each item in the financial statements and giving the estimated time required.
” Another writer while dealing with the objects of audit programme states: “An audit programme consists of the procedures undertaken or the particular work done by an accountant in carrying out an audit. It is a description, memorandum or an outline of the work to be done, prepared by an auditor for the guidance and control of the assistants. It provides a guide in arranging and distributing the work and in checking against the possibility of omissions. ” A specimen of such an audit programme is given. 1.
There is a complete programme on the file from which the items to be completed by a particular junior are ticked off and thus the junior knows what he has to do and by what each item is to be completed. 2. In other cases, the senior chalks out a programme for each clerk according to the nature of the client. In this case there is no previous chalked-out programme. 3. In the third case, the senior never prepares a programme in advance but may allow it grow as the work progresses. 4. While preparing the audit programme the auditor should bear in mind two points, viz.
, The points which are common to all audits and the special points relating to the particular audit. The example of the first is the verification of assets while in the second case payment insurance policies, annuities; surrender value, etc. , in the audit of insurance companies. In other words it should be a “Tailor-Made Audit Prograamme. ” Documentation of Audit Strategy 1. Purpose The purpose of determining an audit strategy is to enable the auditor Familiarize himself with the client’s business and organization as well As to obtain a preliminary understanding of the client’s accounting System.
This will entail the preliminary identification of those internal Controls on which he proposes to rely upon. The auditor should then determine and record his audit strategy before Commencing any detailed audit work. In doing so, the auditor will need To identify the optimum balance between, on one hand, relying on Internal controls and reducing the level of his substantive tests, and on The other hand, placing little or no reliance on internal controls and Seeking audit satisfaction from a higher level of validation procedures.
The purpose of making this assessment is to enable the auditor to carry Out the audit in the most effective and efficient manner. Determination of the audit strategy requires a high degree of professional judgement. Consequently, the audit assignment should be carried out by an Experienced staff, with the involvement of the audit partner. In particular, the determination of the audit strategy for a new client will usually require considerably more time and effort than for existing clients, except where the circumstances of existing clients have changed significantly since the last audit.
However, this does not mean that a formal determination of the audit strategy is not necessary for existing clients whose circumstances do not change significantly from year to year. In all cases, a formal record of the audit strategy is essential. The overall strategy should focus on a more efficient and effective audit. 2. Audit Plans and Audit Planning Memorandum In order to ensure a high standard of performance, it is important that the auditor should prepare adequately for his work. Planning for an audit, just like every human Endeavour, is essential for the smooth performance of the audit work and its successful completion.
Planning ahead for an audit work will not only guarantee a valid audit opinion but will also help the auditor to ensure that: (a) The audit objective is established and achieved; (b) The audit is properly controlled and adequately directed at all stages; (c) High risk and critical areas of the engagement are not omitted but that adequate attention is focused on these areas; and (d) The work is completed economically and expeditiously, hence, savings on audit resources. It is important to distinguish between an audit planning memorandum. Audit plan relates to preparations made by the auditor for one specific audit engagement.
While audit planning memorandum is a standing arrangement made by the auditor for the continuing engagement of a particular client. Hence, an audit plan for the audit of one client for one year while audit planning memorandu is a standing plan for the continuing audit of a client from year to year. Points for Consideration in Audit Planning Audit planning requires a high degree of discipline on the part of the auditor. In order to make the planning more meaningful, the auditor shouldtake into consideration the following matters in relation to the audit engagement: (a) Preliminary Work to be Done in Addition to the Real
Audit Work This will include such matters as stocktaking, cash count, debtors’circularisation and review of previous year’s working papers. This will remind the auditor of those matters brought forward from the previous year and any other points to be resolved in the current year or problems anticipated. (b) Changes in Legislation or any Auditing Standards or Guidelines The promulgation of the Companies and Allied Matters Act, Cap. C 20, LFN 2004, brought with it a lot of changes in accounting AUDIT PLANNING AND CONTROL ADVANCED AUDIT AND ASSURANCE and auditing requirements of companies. Such legislations
whether in respect of all companies or particular industrial group, must be reviewed ahead of the engagement in order to determine their effects on the operations or reporting requirements of the enterprise. (c) Analytical Review of Available Management Accounts and Other Management Information that Relate to the Accounts This will assist in establishing valuable ratios and indicators that will guide the auditor. For instance, the computation of the gross profit percentage compared with that of the previous year will provide a good indicator to the auditor of the accuracy and reliability of sales and cost of sales.
(d) Changes in the Business or Management The appointment of a new Finance Controller and the establishment of a new business line or the creation of a new branch are significant changes in the circumstances of the company which will necessitate changes in the existing audit plans. (e) Changes in the Accounting System The introduction of computers such that when a company introduces significant changes in its operating procedures will require a review and evaluation of the system of internal control. (f) Deadlines Established for the Submission of Audit Report
Where a client has set deadlines for its statutory activities such as the annual general meeting, it is important for the auditor to work in line with such programmes. (g) Use of Rotational Testing and Verification In practice, the auditor may not carry out a hundred percent testing or verification of the client’s transactions or segments of the business. Where rotational testing or verification is adopted, it will be necessary for the auditor to determine ahead of the date of the engagement which aspects of the business should be selected for testing or verification.
An example of rotational testing could be applied on the client’s branches to be visited. Points for Consideration in Audit Planning Memorandum Audit planning memorandum should cover the following standing matters which are designed to achieve the desired audit objectives: (a) Terms of Engagement In the case of a new audit engagement, a letter of engagement should be prepared as part of the overall plan of the audit. Even in subsequent visits,the letter of engagement should be reviewed 5
in the light of current circumstances to ensure that all aspects of the work undertaken for the client are covered in the letter especially as they relate to taxation, accountancy, staff development and executive search. (b) Audit Risk Areas The auditor should critically review all the areas of high risk in order to ensure that the planned procedures adequately cover such areas and that competent staff have been assigned to these areas. High risk areas may relate to the nature of the items, such as cash for a retail establishment with numerous collection points and outdoor disbursement locations.
Risk may also relate to a high probability of error as in the case of stocks whose quantities are subject to estimation and are susceptible to pilferage. The risk may also relate to the structure of the organisation especially in cases of joint ownership of an organisation, where the owners are not equally represented in the management. There is therefore the risk of withholding key information from some of the directors. (c) Assets and Liabilities These will require detailed plans since they are of continuing relevance to the financial statements of many years and the
relevant vouchers may not be readily accessible. The plans relating to assets should clearly disclose their history such that current movements may easily be ascertained and adequately verified. These will apply mainly to plant and long term loans. (d) Presence of Internal Auditor Wherever an internal auditor exists in an organisation, the auditor should develop suitable plans to review the technical competence of the internal auditor, his degree of independence and scope and quality of his work in order to determine the extent of reliance to be placed on his work and to identify the areas of work
overlap. (e) The Need for Specialists The auditor should determine ahead of his visit those aspects of the work that may require the services of specialists. This may be internal or external specialists as relates to stocks, specialist valuation for insurance or computer applications. (f) Audit Approach Based on the review of the system of internal control, the auditor should be able to decide on the audit approach to adopt. This will be based on the extent of reliance to be placed on the system of internal control. AUDIT PLANNING AND CONTROL ADVANCED AUDIT AND ASSURANCE
6 (g) Timetable A critical aspect of the audit is the timetable. The auditor should establish plans to ensure that for each year, the audit is completed within any stated deadline for submission of the report. (h) Staffing The auditor should plan for adequate number of staff with the required skill for the audit. The training of audit staff is a long term process which will require that even from the initial appointment of the auditor, he should take steps to train suitable staff in sufficient number to handle the audit of the client. (i) Fees
Based on plans already established in terms of time, staff and materials, the auditor should plan for his fees to cover staff salaries, overhead costs and leave a sufficient margin for the partners’ share of profit and pension scheme. The planned fees must be discussed with the client, if not already agreed. Understanding the Client’s Business The extent of the knowledge gained of the client’s industry and business organisation greatly facilitates the performance of the engagement staff. It is essential therefore that all staff engaged in the audit are encouraged to gain an understanding of the client’s business operations.
Such understanding, in addition to enhancing the overall audit performance, also facilitates communication with client’s staff and in assessing the reliability of representations from management and making judgement regarding the appropriateness of the accounting policies adopted and their disclosure. The auditor may obtain knowledge of the client’s business by: (a) Personal visits to the client’s premises and operating bases and holding discussions with key officials of the company; (b) Reading minutes of meetings and correspondence with the client; (c) Reading internal audit report;
(d) Reading previous year’s audit files and permanent audit files; (e) Reading other materials from within the firm, e. g. management consultancy reports and feasibility reports; and (f) Reading relevant materials relating to the business e. g. trade journals, investment analysis and stockbroker’s report. Other significant factors which should be considered by the auditor to determine the audit strategy are as follows: (a) The auditor’s responsibilities in accordance with the terms of the engagement; (b) The nature of the client’s business; (c) The nature and significance of items in the year’s accounts; and 7
(d) The principal features of the client’s accounting system and the extent and effectiveness of the related internal accounting controls, which may be gained from a preliminary understanding of the system. Consideration of the above factors should enable the auditor determine an appropriate audit strategy which should be set out in writing, in an audit strategy memorandum, which should be approved by the audit partner. However, the auditor should recognise that this strategy may, if necessary as a result of changing factors, be reviewed and revised as the audit progresses.
For existing clients, the auditor should have much of the information he needs to determine his audit strategy in his audit files. Nevertheless, he should still discuss with the clients management whether there have been any changes in the company’s circumstances that might affect his audit approach. The external auditor is appointed to carry out audit in accordance with specific regulatory or statutory requirements, such as the Companies and Allied Matters Act or in accordance with generally accepted auditing standards within the country concerned.
In these circumstances, the terms and conditions will not call for any special consideration when determining the audit strategy. The auditor should, however, consider whether additional responsibilities arise from request by the client’s management or because the client is required to conform to special regulatory or other requirements. Engagement Letter The Auditing Standards Committee of ICAN issued an Auditing Guideline on Engagement Letter in November 1990. The Guideline gives guidance on the procedures to be followed before the commencement of an audit.
The principles contained in the Guideline, which are highlighted below, should also be followed in the case of non-audit engagements. If purely accounting services are provided to a non-corporate client, the engagement letter should specify clearly that these services will be performed without any audit work being carried out. The principles are: (a) The purpose of an engagement letter is to define clearly the extent of the auditor’s responsibilities and so minimise the areas of misunderstanding between the client and the auditor.
It also provides written confirmation of the auditor’s acceptance of his appointment, the scope of the audit and form of his report; (b) It is in the interest of both the auditor and the client that the contents of the engagement letter be agreed. Therefore, the contents of the letter should be discussed and agreed with management before it is sent and preferably prior to the commencement of the audit; (c) The engagement letter should be addressed to the Board of Directors of a client company;
(d) Where the company has subsidiary companies, a separate engagement letter should be sent by the auditor to the Board of Directors of each company in the group which he/she is auditing; (e) Where more than one firm of auditors are involved in the audits of the group, the respective responsibilities of the holding company auditor and the subsidiary companies’ auditors should be clearly defined in the engagement letter; (f) Where there are joint auditors, the audit engagement should be explained in similar terms by each auditor.
The auditors should agree whether a joint letter or separate letters should be sent to the client. Where other services are provided by one of the firms, separate letters would normally need to be sent on the joint audit engagement; (g) The auditor should request confirmation from the Board of Directors that the terms of the engagement letter have been accepted; and (h) Once it has been agreed by the client, an engagement letter will, if it so provides, remain effective from one audit appointment to another, until it is replaced.
However, a revised engagement letter may be necessary to ensure that it continues to reflect the client’s circumstances and if there has been a significant change in the client’s management, a prior discussion and agreement with the client may also be necessary. An engagement letter should contain the following: (a) Responsibilities and scope of the audit; (b) Reference to special arrangements, for example, internal auditors, other auditors, overseas subsidiaries; (c) Representation by Management, if required before the completion of the audit; (d) Irregularities and fraud – the responsibilities of the Management