Chapter-three

Planning and Conducting the Audit

 Introduction

Financial statement audit includes accepting the audit engagement; planning the audit, review of internal
controls of the client, performing audit tests and reporting the findings. In each phase, the auditor should be
aware of the environment including the impact of regulation, public expectation, and the need to comply
with professional standards. The general auditing standards apply to all phases, field work standards apply
to planning the audit and performing audit tests, and reporting standards apply to reporting the findings.
Objectives
After studying this chapter, you will be able to:
 Describe the pre-engagement activities of an auditor
 Discuss the importance of planning an audit
 Describe the importance of audit program and
 Describe the audit risk and its components
3.1 Meaning and purpose of Audit planning
Planning means to think in advance before work is performed. It involves making decisions about the
work to be carried out. Audit planning requires making decisions about whether to accept a client for
audit in the first place and this is called pre-engagement planning. Once the engagement is accepted,
audit planning involves making decision about specific steps that help to determine an overall audit
strategy and this is called engagement planning.
Adequate planning and supervision is the first and the important auditing standards of field work. An
audit plan is a broad overview of an audit engagement prepared in the planning stage of the engagement.
The first standard of field work states: “The work is to be adequately planned and assistants, if any, are
to be properly supervised.” The concept of adequate planning includes investigating a client before
deciding whether to accept the engagement, obtaining an understanding of the client’s business
operations, and developing an overall strategy to organize, coordinate and schedule the activities of the
audit staff.
3.2 Importance of Audit planning
Auditors have to plan their audit work carefully before simply entering in to it. Audit panning is
required because it helps the auditors:
 To weight the risks and rewards of taking on a new client in the case of pre-engagement
planning
 To obtain knowledge of the nature of the client’s business so that appropriate attention is
devoted to important areas of the audit.
 To identify the potential problems in advance and deal with them effectively.
 To ensure that sufficient and competent evidence is obtained
Page 1 of 10
  To complete the work expeditiously by controlling costs and to meet important dead lines
 To properly assign work to assistants and coordinate work carried out by other auditors and
experts.
Although the audit plan differs in form and content among public accounting firms, a
Typical audit plan includes the following:
 Description of the client company-its structure, business and organization
 Objective of the audit (audit for shareholders, special purpose audit etc.)
 Nature and extent of the other services
 Timing and scheduling of the audit work
 Work to be done by the client’s staff
 Staffing requirement during the engagement
 Target dates for completing major segments of the engagement
 Any special problems to be resolved in the course of the engagement
 Preliminary judgments about materiality level for the engagement.
Accepting the Audit Engagement
This is the first phase in the audit panning and it involves a decision to accept or decline the opportunity
to become the auditor for the new client or to continue as an auditor for an existing clients. The auditors
should investigate the history of the prospective client, including such matters as the identities and
reputations of the directors, officers and major shareholders, its financial statements. The auditor can
find the information about the client by communicating with predecessor auditors, making enquiries of
other third parties and consulting the client’s legal cause. Thus a decision to accept the audit
engagement should not be taken lightly as it has a bearing on the quality of the audit.

The following steps should be considered in accepting the audit engagement. These are:
Evaluate the integrity of management-An auditor accepts an audit engagement only when reasonable
assurance exists that the client’ management can be trusted. Sometimes when an auditor accepts a new
client, the auditor will be replacing another auditor. In addition to his knowledge about the client’s
management the successor auditor can seek information, regarding this matter from the predecessor
auditor.
Identify special circumstances and unusual risks-The intended users of the audited financial
statements and prospective clients legal and financial stability should be understood.
Competence to perform the audit-Auditors should determine whether they have the professional
competence to complete the engagement in accordance with GAAS. If the auditors are not familiar with
the potential client’ business they should decline the offer.

Page 2 of 10
 Evaluate Independence-The auditor must evaluate whether there are circumstances that would impair
its independence with respect to the client.
Obtaining the Engagement-After the auditors have collected the necessary information on the
potential client, they will be in a position to assess the various risks involved with the audit and
determine whether to attempt to obtain the engagement. After accepting the engagement, the auditor
should document arrangements made with the client and clarify matters that may be misunderstood. The
preliminary understandings with the client should be summarized by the auditors in an engagement
letter, making clear the nature of the engagement and limitations on the scope of the audit work to be
performed by the client’s staff, schedule dates for performance and completion of examination and the
basis for computing the auditor’s fee.
Obtaining an understanding of the clients’ Business-After the engagement is accepted the auditors
must obtain a detailed understanding of such factors as the client’s financial position and operating
results, organizational structure, product lines and methods of production and distribution. This will help
the auditors to evaluate the appropriateness of the accounting principles in use or the reasonableness of
the many estimates and assumptions embodied in the client’s financial statements.
Developing an overall audit strategy- After obtaining the knowledge of the client’s business, the
auditor should formulate an overall audit strategy for the upcoming engagement. The best audit strategy
is the approach that results in the most efficient audit.
Designing Audit program- An audit program is a detailed list of audit procedures to be performed in
the course of the examination. An audit program is designed to accomplish certain objectives with
respect to each major account in the financial statements.
An audit plan is an overview of the engagement, outlining the nature and characteristics of the clients’
business operations and the overall audit strategy. Whereas, audit program is a detailed outline of the
auditing work to be performed, specifying the procedures to be followed in verification of each item in
the financial statements and giving the estimated time required. An audit program serves as a useful tool
both in scheduling and in controlling audit work. It indicates the number of persons required and the
relative proportions of senior and staff assistant hours needed and it enables supervisors to keep
currently informed on the progress being made.
The inclusion of detailed audit instructions in the program gives assurance that essential steps in
verification will not be overlooked. These written instructions enable inexperienced auditors to work
effectively with less personal supervision than would otherwise be required
Audit programs are considerably more detailed than audit plans. The audit plan outlines the objectives
of the engagement, whereas the audit program lists the specific procedures that must be performed to
accomplish these objectives.
An engagement letter is a formal letter sent by the auditor to the client at the beginning of an engagement.
The letter normally includes the following matters:

Page 3 of 10
Scope- a description of the services to be provided, particularly whether there is to be an audit in
accordance with generally accepted auditing standards or a more limited accounting services are to be
provided, and whether additional services are to be provided such as preparation of the tax returns or tax
planning
Responsibility-an explanation of the relative responsibilities of management and the auditor for assuring
that financial statements are with all material respects, in conformity with generally accepted accounting
principles and other matters that often raise questions of responsibility such as fraud, illegal acts,
deficiencies in the design or operation of the internal control structure and related party transactions.
Procedural arrangements-this is a specification of the schedules to be prepared by the client, the method
and frequency of billing the auditor’s fee and similar matters are included.

Page 4 of 10
A sample engagement letter

Alex, Aster and Abay (AAA) company

Certified public accountants, Gondar
September,1,2008
Chairman Audit committee
XY Corporation
Nekemt
Dear Ato Mulugeta
This letter is written to conform our arrangements for our audit of the financial statements of XY
corporation for the year ended June 30, 2008

Our examination will be performed in accordance with generally accepted auditing standards and
will include all procedures which we consider necessary to provide a basis for expression of our
opinion as to the fairness of the financial statements. Our examination will include procedures to
obtain an understanding of the company’s internal control.
An examination performed in accordance with generally accepted auditing standards is designed to
provide reasonable assurance of detecting errors and irregularities which would have a material effect
upon the financial statements. However, such examination cannot be relied upon to disclose all errors
and frauds. Your management is primarily responsible for the financial statements and for adopting
sound accounting policies and for maintaining an adequate and effective system of accounting, for
safeguarding assets and for devising an internal control structures that will help to assure the
preparation of the proper financial statements.
Our examination is scheduled for performance and completion as follows:
Begin field work-------------------------September, 25,2008
Delivery of internal control letter------November,15,2008
Completion of field work---------------December, 28,2008
Delivery of audit report-----------------January 12, 2009
Our fees for this examination will be based on the time spent by various members of our staff at our
regular rates, plus direct expenses. We will notify you any circumstances we encounter that could
significantly affect our initial fee estimate of Br 38,000.
In order for us to work as efficiently as possible, it is understood that your accounting staff will
provide us with as much information and assistance as we need.
If these arrangements are in accordance with your understanding, please sign this letter in the space
provided and return a copy to us at your earliest convenience.

Truly yours!
Alex Aster Abay
Accepted By:____________
Date:__________________

Page 5 of 10
 Designing Audit program
After the audit plan has been prepared, a detailed written audit program describing the various steps and
procedures, which are needed to implement the audit plan, should be developed. An audit program lists
the audit procedures to be applied in an audit in the given circumstances along with proper instructions.
Thus, an audit program contains the description of the specific audit procedures to be performed in
respect of different aspects to be covered.
An audit program may be formulated at all stages of audit engagement. At the first stage, it may list the
procedures required to gain sufficient knowledge of the client. At the second stage an audit program
focusing on the compliance procedures required to study and evaluate the relevant internal controls
might be developed. Finally it may list the substantive procedures useful to decide and carry out based
on the knowledge of the client’s business and the results of his compliance procedures.
In conducting an audit of any organization, there are certain essential elements that should be kept in
mind while formulating audit program. These essential elements of audit program are:
 Study the relevant legal requirements
 Familiarization with other aspects of the enterprise under audit.
 Analytical review of past performance
 Study and evaluation of internal control
 Examination of arithmetical accuracy or accounting records
 Inspection of documentary evidence and application of other substantive procedures
 Analyzing and review of financial statements and
 Finalization of audit reports
Advantages of audit program:
Provides a coordinated view of the total audit: to develop an audit program, auditors need to consider all
aspects of the audit in a coordinated manner. In the absence of a written audit program, the auditor may not
cover all aspects adequately or even important aspects of the audit may be forgotten. It through an audit
program that you can plan how you would gather sufficient evidence in a specific situation
Provide a valuable tool for manpower planning: In any organization while conducting audits there are
persons with different skills and experience. They have to be assigned on various audits in such a manner
that the audits are performed effectively, the time schedules are met , and the costs are minimized. If you
prepare written audit programs for all audits, you can identify the nature of skills and experience that would
be required for various audits.
Provides clear instructions: A written audit program provides clear instruction to all personnel involved in
an audit.
Minimize costs and misunderstandings: A clear listing various steps and procedures can minimize the
cost and misunderstandings of the audit personnel during the audit process.

Page 6 of 10
Serves as a basis for planning future audits: The written audit program and the observation of the audit
personnel provide a valuable basis of planning the audit in succeeding years. In many situations, auditors
prepare the audit program for the current year by making appropriate modifications in the audit program of
the previous year.
3.3 Materiality and Audit risk
In planning the audit, the auditors must consider carefully the appropriate levels of materiality and audit
risk. Materiality for planning purpose is the auditor’s preliminary estimate of the smallest amount of
misstatement that would probably influence the judgment of a reasonable person relying upon the financial
statements.
Materiality and audit risk need to be considered at the financial statement level as a part of general
planning and at the account balance or transaction class level in planning audit procedures for a specified
balances or classes.
The term materiality is used both often in accounting and auditing. The underlying concept is always
essentially the same-it is the criterion for distinguishing the trivial from the important. It refers to the
magnitude of the omission or misstatement of accounting information that makes it probable that the
judgment of a reasonable person relying on the information would have been changed or influenced by the
omission or misstatement.
Audit risk is the risk that the auditor may unknowingly fail to appropriately modify his/her opinion on
financial statements that are materially misstated. This means that the auditor will fail to qualify an audit
report that he should have qualified.
There is always the risk that an auditor provides a wrong audit opinion. This arises when there is a material
error in the financial statements, which was not corrected before the accounts were published and to which
the auditor did not refer in the audit report.

An audit risk can only happen if three things have happened in sequence. Firstly, a material error needs
to have occurred. Secondly, the error needs to have not been detected by the client’s system of internal
control. Thirdly, the auditor must have failed to find the error in the course of his substantive testing or
analytical review procedures.
It is only when all of these conditions are fulfilled simultaneously that the auditor will give an inappropriate
opinion on a set of financial statements, and the audit risk will materialize. The chances that the three
conditions will occur are Inherent risk, control risk and detection risk respectively. In other words audit risk
is composed of inherent risk, control risk and detection risk
Inherent risk: refers to the possibility of a material misstatement occurring in an account assuming that
there are no related internal controls. Inherent risk exists independently of the audit of financial statements.
Thus the auditor cannot change the actual level of inherent risk. However, the auditor can change the
assessed level of inherent risk.

Page 7 of 10
Control risk: is the risk that a material misstatement will not be prevented or detected on a timely basis
by the company’s internal control. Effective internal controls over an assertion reduce control risk.
Control risk can never be zero because internal controls cannot provide complete assurance that all
material misstatements will be prevented or detected. Like inherent risk, the auditor cannot change the
actual level of control risk for an assertion.
Detection risk: is the risk that the auditor’s procedures will lead them to conclude that a material
misstatement does not exist in an account balance, when in fact the account is materially misstated.
Detection risk is a function of the effectiveness of auditing procedures and of their application by the
auditor.
Unlike inherent and control risk, the auditor can change the actual level of detection risk by varying the
nature, timing and extent of substantive tests performed on assertion. Applying more effective audit
procedures, use of larger samples, adequate planning and adherence to quality control standards result in
lower levels of detection risk.
Note that while the detection risk related directly to the effectiveness of the auditor’s procedures,
inherent risk and control risk are functions of the client and its environment.
In planning the audit the auditors must assess the extent of inherent risk and control risk for each
material financial statement account and then plan sufficient audit procedures to reduce detection risk to
the appropriate level
The lower the assessment of inherent and control risks, the higher is the acceptable level of detection
risk. Thus the auditor controls the audit risk by adjusting detection risk according to the assessed levels
of the inherent and control risks.
3.4 Audit Sampling
Once the auditor has decided which procedures to select and when they should be performed, it is still
necessary to determine the appropriate number of items to sample from the population and which ones
to choose. As business entities have evolved in size, auditors increasingly have had to rely upon
sampling procedures as the only practical means of obtaining audit evidence. This reliance upon
sampling procedures is one of the basic reasons that audit reports are regarded as expression of opinion,
rather than absolute certifications of the fairness of the financial statements.
Representative samples
Whenever auditors select a sample from the population, the objective is to obtain a representative one. A
representative sample is one in which the characteristics in the sample are essentially the same as those
of the population. Auditors can increase the likelihood of the sample being representative by using care
in its design, selection and evaluation. To reduce sampling risk, the sample size should be increased and
the appropriate method of selecting sample items from the population should be followed.
Major decisions related to sampling are:

Page 8 of 10
 I) Determining the appropriate number of items to sample from the population, and
II) Determining which ones to choose.
Statistical and Non -statistical sampling
Audit sampling methods can be divided in to two broad categories: statistical and non-statistical.
Sampling, whether statistical or non-statistical (judgmental) is the process of selecting a group of items
(called the sample) from a large group of items called the population or field and using the
characteristics of the sample to draw inferences about the characteristics of the entire population of
items. The underlying assumption is that the sample is representative of the population, meaning the
sample will possess essentially the same characteristics as the population.
Basic to audit sampling is sampling risk. Sampling risk is the risk that the auditor’s conclusion based on
the sample might be different from the conclusion they would reach if they examined every item in the
entire population.
In non-statistical sampling, the auditor doesn’t quantify sampling risk. Instead, the auditor selects
sample items and conclusions are reached about population on a judgmental basis. A sample is said to
be non-statistical (or judgmental) when the auditors estimate sampling risk by using professional
judgment rather than by using statistical techniques.
Statistical sampling differs from non-statistical sampling because it applies mathematical models to
quantify or measure sampling risk in planning the sample and evaluating the results.
Sampling risk is reduced by increasing the size of the sample. When the sample size is 100 percent of
the population, the sample is by definition perfectly representative, and sampling risk is eliminated
entirely. Large samples however, are costly and time-consuming. A key element in efficient sampling is
to balance the sampling risk against the cost of using larger samples.
Auditors may also draw erroneous conclusions because of non-sampling errors. These are the errors due
to the factors not directly caused by the sampling.
For example-failure to apply appropriate audit procedures or failure to recognize errors in the
documents or transactions results in non-sampling errors. The risk pertaining to non-sampling errors is
referred to as non-sampling risk. Non sampling risk can generally be reduced to low levels through
effective planning and supervision of audit engagements and through implementation of appropriately
designed quality control procedures.
Non-statistical (Judgmental or non-probabilistic) sample selection methods.
These methods include:
Directed sample selection: The selection of each item in the sample is based on some judgmental criteria
established by management.
Block-sample selection: it is the selection of several items in sequence. Once the first item in the block is
selected, the remainder of the block is chosen automatically.

Page 9 of 10
Haphazard sample selection: In this method, the auditor goes through a population and selects items for
the sample without regard to their size, source or other distinguishing characteristics.

Statistical (Probabilistic) sample selection methods.

Statistical sampling is the use of mathematical measurement techniques to calculate formal statistical
results. The primary benefit of statistical methods is the quantification of the sampling risk. Statistical
methods include:
Simple random selection method: In this method, every element of the population has an equal chance of
consisting the sample. Simple random sampling is used to sample populations that are not segmented for
audit purpose. It is simply the method of selecting items for inclusion in a sample
Systematic sample selection method: This technique involves selecting every n-th item in the population
following one or more random starting points. The interval should be calculated based on size of the
interval, and then items for the sample are selected. The interval is determined by dividing the population
size by the number of sample items desired.
Stratified sample selection method: Stratification is the technique of dividing a population in to relatively
homogeneous subgroups called strata. These strata then may be sampled separately; the sample results may
be evaluated separately; or combined to provide an estimate of the characteristics of the total population.

Page 10 of 10