Chapter 6

Planning, understanding the

entity and evaluating
business risk

1-1

Learning objectives
6.1 Explain why the decision to accept a client is important and
describe the primary features of client acceptance and
continuance, including the purpose and content of an audit
engagement letter.
6.2 Describe the decisions made by an auditor in preparing an
audit plan, the knowledge on which the decisions are based
and the procedures used to obtain that knowledge.
6.3 Explain how an auditor develops an overall audit strategy and
prepares an audit plan.
6.4 Describe the process of assigning and scheduling audit staff.
6.5 Identify the important aspects of the auditors understanding
of an entity and its environment.
6.6 Assess entity business risk.
6.7 Outline the types and uses of analytical procedures and
distinguish those that are useful in obtaining an
understanding of an entity and assessing business risk.

1-2

Client acceptance and continuance

APES 320 and ASQC 1 (ISQC1) require an

audit firm, as part of its quality control, to

establish policies for:
Investigating potential clients and
acceptance of an engagement
Periodically reviewing continuance of clients.
Policies and procedures for client acceptance

and continuance are important as an audit

firm will want to avoid association with a client
whose management lacks integrity
1-3

Steps in accepting an audit

1-4

Acceptance and continuance evaluation

procedures

Procedures carried out before accepting

a new client or continuing with an existing

client include:
Obtaining and reviewing available financial

information regarding the client

Making inquiries of third parties such as solicitors
and bankers
Communicating with previous auditor
Evaluating the firms independence and ability to
serve the client, including technical skills and
knowledge of industry and personnel
Ensuring accepting engagement will not violate
1-5
the code of Ethics.

Communication with previous auditor

Communication assists in ensuring that the interests of

shareholders, the incoming auditor and existing auditor

are protected. It allows the existing auditor to advise
the prospective auditor of any professional matters they
should be aware of before accepting the engagement.

APES 110 requires that:

The nominated incoming auditor should ask the clients

permission to communicate with the previous auditor

If the permission is refused, normally decline nomination
If permission is granted, the nominated auditor asks the
previous auditor in writing for all information necessary
to decide whether nomination should be accepted.
1-6

Engagement letters

After accepting the appointment, ASA

210/ISA 210 and APES 305.3.1 requires

that the auditor and entity to agrees on
terms of engagement.
ASA 210.1011/ISA 210.1011 requires

that the agreed terms of the engagement

shall be recorded in an engagement letter.
1-7

Form and content

These letters are from the auditor to the client,

document the arrangements made with the client

and clarify matters that may be misunderstood.

They should include:

The objectives and scope of the audit
The responsibilities of the auditor
The responsibilities of management
Identification of the applicable financial reporting

framework
The form and contents of any reports, and a statement
that there may be circumstances in which a report may
differ from its expected form and content.

Refer to sample at Exhibit 6.1, page 236.

1-8

Initial engagement
For the initial audit engagement, ASA 510/ISA
510 requires that the auditor obtains evidence
that:
The opening balances do not contain material

misstatements
The previous periods closing balances have been
correctly brought forward to the current period
Appropriate accounting policies are consistently applied.

Obtaining sufficient appropriate audit evidence

about opening balances could be facilitated by
reviewing audit working papers of previous
auditor.
1-9

Audit planning
Audit planning standard is ASA 300 (ISA 300).
Adequate audit planning assists the auditor to:
Devote appropriate attention to important areas of the

audit
Identify and resolve potential problems on a timely basis
Organise and manage the audit engagement efficiently
and effectively
Select a capable and competent engagement team
Direct and supervise engagement team members and
review their work
Coordinate work to be done by auditors of components
and experts.
1-10

The nature of audit planning

The planning stage is a very

important stage of the audit and

has two aspects:
1 Audit strategy: sets the scope, direction

and timing of audit, and guides the more

detailed audit plan/program.
2 Audit plan/program: sets out the nature,

timing and extent of audit procedures.

1-11

Major steps in the audit process

In every audit of a financial report there

are certain identifiable stages.

These stages are:
Understanding the entity and its environment
Understanding internal controls
Assessing risks of material misstatement
Developing responses to assessed risks
Performing tests of controls
Performing substantive procedures
Completion and review.

1-12

Overall timing of the engagement

The three phases of the auditplanning, interim
and finalare normally related to the major
stages.
The first four stages outlined on the prior slide constitute the

planning phase of the audit.

The evidence gathering phase, performing tests of controls and
substantive procedures can be performed at either the interim
phase (before year end) or final phase, (after year end).
Some substantive tests (e.g. counting inventory) are usually
best done at balance date others are best done close to
engagement completion, as they depend on evidence collected
in earlier steps.
1-13

Overall timing of engagement (cont.)

1-14

Developing an overall audit strategy

An important aspect of the audit planning

process is obtaining knowledge of the clients

entity, its environment and its business risks, and
through that understanding making judgements
in relation to areas of audit risk and materiality.

Interrelationship between materiality, audit risk

and what constitutes sufficient appropriate audit

evidence impacts on auditors strategy.

Audit strategies can range from a lower

assessed level of control risk approach to a

predominantly substantive approach.
1-15

Range of audit strategies

Lower assessed
level of
control risk

Predominantly
substantive
approach

Audit strategy may be anywhere along this continuum.

1-16

Lower assessed control-risk level

approach
If internal control is well designed and
expected to be highly effective, audit
strategy will include:
Low or medium assessed level of control risks
Extensive understanding of relevant parts of

internal control

Extensive tests of control

Reduced level of substantive audit procedures,

based on planned acceptable level of

detection risk being high or medium.

1-17

Predominantly substantive approach

If the auditor believes adequate controls do

not exist or might be ineffective, or that

testing controls are not cost effective, the
audit strategy will be to:
Use a planned assessed level of control risk of

high.
Plan to obtain a minimum understanding of
internal control.
Plan no tests of control.
Plan extensive substantive audit procedures
based on planned acceptable level of detection
risk of low or medium.
1-18

Impact of business risk assessment on

audit strategy
ASA 315 requires the auditor to determine whether any of the

risks identified is a significant risk, being an identified and

assessed risk of material misstatement that, in the auditors
judgment, requires special audit consideration.

Factors to consider when determining significant risks include:

The risk of fraud.
Risk related to recent significant economic, accounting or other
developments that require specific attention.
Complexity of transactions.
Risk from significant transactions with related parties
The degree of subjectivity in the measurement of financial
information related to the risk.
Whether there are significant transactions that are unusual or
outside the normal course of business for the entity .
1-19

Impact of business risk assessment on

audit strategy (cont.)
Substantial time is spent in gaining an
understanding of the competitive strategy of
management and the risks associated with that
strategy, and on developing an expectation of
what the entitys financial report should look like.
Audit strategy might include:
Increased use of sophisticated analytical procedures
Undertaking tests of controls for routine transactions
Increased substantive testing for non-routine transactions
Reduced detailed substantive testing if financial report is

in accordance with auditors expectations.

1-20

Preparing detailed audit plan or Program

ASA 300/ISA 300 requires the auditor to

develop and document an audit plan/program.

An audit plan or audit program is a detailed

list of audit procedures that need to be

applied to a particular balance or class of
transactions to implement the audit strategy.

ASA 300.A17/ISA 300.A17 notes that auditor

may document audit plan by use of

appropriately tailored (for client) standard
audit programs and checklists.

1-21

Purpose of detailed audit plan/program

A well-prepared audit program

should provide:
Evidence of proper planning of work
Guidance to inexperienced staff
Evidence of work performed
A means of controlling time spent on the

engagement
Evidence of consideration of internal control
in relation to proposed audit procedures.
1-22

Contents of audit program

An audit program will outline the following

characteristics of audit procedures:

Natureparticular audit procedures to use and

particular items to which a procedure will be

applied.
Extentnumber of items to which procedures will

be applied, and number of different tests to be

performed.
Timingappropriate time to perform the

procedure.
1-23

Example of audit program for A/P

1-24

Assigning and scheduling audit staff

Activities include:
Coordinating assistance of entity personnel

in data preparation
Determining the extent of involvement, if

any, of experts, specialists and internal

auditors
Establishing and co-ordinating staffing

requirements.
1-25

Assigning & scheduling audit staff (contd)

In the audit of a complex entity the auditor

may require the assistance of:

Specialists within the auditors own firm
Experts within or serving the clients
organisation, including internal auditors
Independent experts.

Establishing and coordinating staff involves

the selection of competent people, preparing

a time budget and work schedule and
supervising the audit staff.
6-26

Understanding the entity & its

environment

As specified by ASA/ISA 315.11, planning

requires the auditor to gain an

understanding of the entity and its
environment. This knowledge includes:
Industry &related regulations
Nature of the entity including operations,

ownership & governance structure, &way entity is

structured
Entitys selection &application of accounting
policies
Objectives and strategies &related business risks.
6-27

Knowledge of the entitys business

ASA/ISA 315.A1 point out that the auditors

knowledge of the entity can help to:

assess risk and identify problems
determine materiality
consider the appropriateness of accounting policies and

disclosures
identify areas requiring special audit consideration
develop expectations for use when performing analytical
procedures
design audit procedures in response to assessed risks of
material misstatement
evaluate audit evidence.

6-28

Organisational structure
The organisational structure of an entity

divides tasks between individual

employees, groups or departments, and
locations.

The auditor gains this understanding by

examining organisational charts and

reading manuals, making inquiries about
policies and procedures in effect, and
observing the actions of employees and top
management in order to understand the
business purpose of material transactions.
6-29

Operational and legal structure

Operating characteristics include types of products

and services, locations and methods of production,

distribution and compensation.
The auditor gains this understanding by :
Preparing a brief description of the business activities
Undertaking a tour of the entitys physical facilities
Reviewing entitys legal documents
Examining the minutes of the meetings of the entitys board

of directors to find any strategic decisions, transactions and

agreements of the entity
Determining how the identification of related parties occurs.

6-30

Industry &economic conditions

The auditor should have a basic

understanding of industry and economic

conditions, government regulations, changes
in technology and competitive conditions
affecting an entitys operations.

Knowledge of industry specific accounting

practices is particularly important.

Sources of information include trade journals,

industry statistics and the audit firms

knowledge management database.

6-31

Business risk
Business risk can be defined as:
Risk that an entitys business objectives

will not be attained as a result of external

and internal forces brought to bear on an
entity and, ultimately, the risk associated
with the entitys profitability and survival.

6-32

Relationship between client business risk and

global, local and internal environments

6-33

Risk-assessment procedures
ASA/ISA 315.A5-16 identifies a number of
methods of obtaining knowledge of the entity
that include:
Previous experience with entity and industry
Discussions with senior people within the entity
Discussions with internal auditors within the entity
Discussions with other auditors and advisers
Discussions with knowledgeable people such as

industry economists and industry regulators

Review of significant legislation and regulations
Performance of analytical procedures.

6-34

Assessing business risk

The auditor uses entity and industry

information to identify business risks that

may have an effect on the audit.
The assessment of client business risk is
an input into the auditors assessment of
the risk of material misstatement in the
financial report.
According to ASA/ISA 315.10, the
members of the audit engagement team
should discuss the susceptibility of the
entitys financial report to material
misstatement.
6-35

Techniques for assessing business

risk: SWOT analysis
Strengths

Internal aspects that can

improve competitive situation.

Weaknesses Internal aspects, vulnerability to

competitorsstrategic moves.
Opportunities Environmental aspects that can
improve entitys situation relative
to competitors.
Threats

can

Environmental aspects that

undermine entitys
competitive situation.

6-36

Techniques for assessing business

risk (cont.)PEST analysis
Identifies:
Political
Economic
Social
Technological
influences on entity.
6-37

Techniques for assessing business

risk Value-chain approach

Every entity can be viewed as a

collection of value activities that are

performed to design, produce, market,
deliver and support its product.

Through the systematic identification of

these activities, auditors using the

value-chain approach can target
potential strengths and weaknesses for
further evaluation.
6-38

Nonfinancial performance measurement

Many risks more effectively measured

using nonfinancial measures.

Common nonfinancial measures used
include:
Market share
Customer satisfaction
New product success rates
Time-to-market for new products
Warranty rates.

6-39

Auditor response to assessed risks

An auditor should determine overall

responses to assessed risks at the

financial report level, and perform audit
procedures at the assertion level.
Responses at the financial report level
include:
Assigning more experienced staff
Using experts
Providing more supervision
Incorporating unpredictability into

selection of further audit procedures.

6-40

Performing further audit procedures at

the assertion level
In designing further audit procedures an
auditor must consider:
Significance of the risk
Likelihood of misstatement occurring
Characteristics of class of transactions, account

balances or disclosures involved

Nature of the specific controls used by the entity
Whether auditor expects to obtain evidence to
determine if the entitys controls are effective in
preventing, or detecting and correcting, material
misstatement (planned control risk < HIGH).
6-41

Analytical procedures
Analytical procedures involve the use of

ratios, trend analysis and operating statistics

for comparison with internal and external
data.
Can be used at all stages of the audit: e.g. in

planning stage as a form of evidence or as

a final review.
At this stage we concentrate on the use of

analytical procedures in planning the audit.

6-42

Analytical procedures at the planning

stage
The risk analysis approach requires
analytical procedures to be used during the
planning stage
of the audit (ASA/ISA 315.6).
Allows the auditor to understand the

business and identify areas of potential risk,

thereby assisting in the determination of the
nature, timing and extent of audit procedures.
6-43

Analytical procedures used in

planning the audit
Simple procedures: More complex procedures:
Simple comparisons

Time series modelling

Ratio analysis

Regression analysis

Common-size

Financial modelling

statements
Trend statements
Time series analysis

6-44

Analytical procedures most

commonly used in planning
Comparison of current balances in the

financial report with balances of prior periods,

and budgeted amounts (simple comparisons).

Computation of ratios and percentage

relationships for comparison with prior years,

budgets & industry averages (ratio analysis).

Significant variations from expectations

indicate areas requiring investigation.

6-45

Ratio analysis
At the planning stage the auditor is undertaking

ratio analysis on unaudited financial

information, thus any ratios not in accordance
with the auditors expectations will indicate
areas requiring significant audit attention.
These ratios may be compared to:
Industry data:

average ratios in industries listed on the ASX

internal data:
Previous years
Budgets
Segment or division data.
6-46

Ratios commonly used at the

planning stage
1. Short-term liquidity:
Current ratio (current assets to current liabilities)
Quick asset ratio (liquid assets to current liabilities)
Operating cash flow ratio (cash flow from operations

to current liabilities).

2. Activity:
Receivables turnover (net sales to average

accounts receivable)
Inventory turnover (cost of goods sold to average
inventory).
6-47

Ratios commonly used at the planning

stage (contd)
3. Profitability:
Gross profit and net profit ratio (gross profit or net
profit to net sales)
Return on total assets (net profit to total assets)
Return on shareholders equity (net profit to
ordinary shareholders equity).

4. Solvency:
Debt equity ratio (long- and short-term debt to

shareholders equity)
Times interest earned (net profit to annual interest
expense).

6-48

Common-size statements
Express balance sheet components as a

percentage of total assets and income

statement components as a percentage of total
revenue.

6-49

Trend statements
Each item is expressed as a percentage of its

own level from a base year, thus allowing

focus on trend rather than absolute magnitude
of dollar change.

6-50

Data used in analytical procedures

Auditor must consider whether data needed

are easily available and their reliability.

For reliability:

Data from an independent source outside the entity are

generally more reliable than internal data.

Data from a system with effective internal controls are
more reliable than data from a poorly controlled system.
Data audited in the previous year or in the current audit
are more reliable than unaudited data.
Data from a variety of sources that corroborate each
other are more reliable than data from only one source.
Data from the department within the entity that is
responsible for the amount being audited are generally
less reliable than data from another department.
6-51

Plausibility, predictability & precision

of analytical relationships

Relationships in a stable environment are more

predictable than relationships in a changing

environment.
Direct relationships are more predictable than indirect
relationships.
Disaggregated relationships show clearer
relationships than combined or aggregated
relationships.
Relationships involving income statement amounts
tend to be more predictable than relationships
involving only balance sheet accounts (amounts at a
point in time).
Relationships involving transactions subject to
management discretion are less predictable than
6-52
those not subject to such discretion.

Examination of significant fluctuations

The auditor must decide which fluctuations

are significant and, thus, warrant further

investigation.

Thus the audit working papers must show:

Identification of each significant fluctuation
Explanations provided by management

should be considered

The results of work done to corroborate

explanations received.

6-53

Cash flow analysis

Most analytical procedures such as ratio

analysis are based on accrual accounting

numbers. The auditor also gains useful
information by examining the cash flow
information.
There are three components of cash flow:
Cash from operations
Cash from investing activities
Cash from financing activities.

Over an extended period, an entity needs to

generate a positive cash flow if it is to survive.

Cash flow profile of entity is usually quite
6-54
predictable based on its life cycle.

Summary
Before accepting an engagement, an auditor needs to

determine that it can be completed in accordance with

Australian auditing standards and professional ethics.

The auditor should: gain ethical clearance from any previous

auditor; evaluate managements integrity; identify unusual

risks; evaluate auditor independence; and determine whether
the auditor has the required skills and competence.

Engagement letters are issued to confirm engagement terms.

Audit planning includes: obtaining an understanding of the

entity and its environment; assessing client business risk;

completing analytical procedures to identify potential audit risk
areas; determining responses to assessed risks; and
developing audit strategies to obtain sufficient appropriate
audit evidence for significant financial report assertions.

An audit plan or audit program should be developed to reflect

that strategy and schedule audit staff.

6-55