4. Planning An Audit (Basics)

Question 1

Key considerations for audit strategy (OBT)?

Answer 1

1. The entity and its environment
2. Materiality
3. Preliminary analytical procedures
4. Risk assessment
5. Audit approach
6. Coordination of the audit (timing, team, locations, budgets and deadlines).

Question 2

What should an audit plan include?

Answer 2

Nature, extent and timing of:
1. Risk assessment
2. Further audit procedures (assertion level)

Question 3

Audit plan: Why can’t individual account balances be audited at the start?

Answer 3

Haven’t completed (detailed) risk assessment procedures yet

Question 4

Can the audit plan be changed?

Answer 4

Yes

The audit plan should be modified where necessary in response to new information,
or the results of audit testing carried out

Question 5

4 ways an understanding of the entity is obtained?

Answer 5

1. Firm
   Partner
   Manager briefing
   Industry experts
   Last year’s team
2. Client
   Discussion
   Observation
   Website/brochures
   Analytical procedures
3. Me
   Past experience
4. Other
   Industry surveys
   Credit reference
   agencies
   Companies House
   Internet search

Question 6

Understanding the entity and environment: Environment examples

Answer 6

Laws and regulations
Industry conditions (e.g.
competition, technology,
seasonality)
Data protection regulations
(e.g. GDPR)

Question 7

Understanding the entity and environment: Entity examples

Answer 7

Operations
Ownership and governance
Investments
Structure and finance
Accounting policies
Objectives and strategies
System of internal control
Use of outsourcing
Applicable financial reporting framework

Question 8

Understanding an entity’s accounting policies: Where should attention be paid?

Answer 8

1. Methods applied to unusual transactions
2. Controversial areas/emerging issues
3. Environment changes
4. New financial reporting standards/laws and regulations

Question 9

Understanding the entity: Climate risks to consider

Answer 9

1. Business model/supply chain
2. Industry
3. Regulation (climate laws)

Question 10

Is materiality a matter of professional judgement?

Answer 10

Yes

Question 11

Materiality percentages: What can be used?

Answer 11

1. Revenue
2. Profit before tax
3. Total assets
4. Gross profit
5. Net assets
6. Profit after tax

Question 12

Materiality percentages: Revenue

Answer 12

(0.5-) 1%

Question 13

Materiality percentages: Profit before tax

Answer 13

5%

Question 14

Materiality percentages: Total assets

Answer 14

(1-) 2%

Question 15

Materiality percentages: Gross profits

Answer 15

(0.5-) 1%

Question 16

Materiality percentages: Net assets

Answer 16

(2 - ) 5%

Question 17

Materiality percentages: Profit after tax

Answer 17

(5-) 10%

Question 18

Things that are material by nature

Answer 18

1. Misleading descriptions
2. Critical points
   E.g. profit to loss threshold
   company size
3. Transactions with directors
4. Related party transactions

Question 19

Why have PM?

Answer 19

To reduce aggregate small misstatements Could become material

Question 20

Can climate disclosures be material?

Answer 20

Yes
(If important to users)

Question 21

When MUST analytical procedures be used?

Answer 21

1. Planning
2. Forming overall conclusion

Question 22

When CAN analytical procedures be used?

Answer 22

As a substantive procedure

Question 23

Analytical procedures: Limitations

Answer 23

1. Require good knowledge/experience
2. Require experienced staff
3. Depends on reliability of source data

Question 24

Analytical procedures: Steps

Answer 24

1. Understand the business
2. Develop an expectation
3. Compare to actual

Any unexpected variations = risk

Question 25

Can you use ratios in APs?

Answer 25

Yes

Question 26

Ratios: Performance

Answer 26

1. Gross profit margin 2. Operating margin 3. ROCE

Question 27

Ratios: Short-term liquidity

Answer 27

1. Current 2. Quick

Question 28

Ratios: Solvency

Answer 28

1. Gearing 2. Interest cover

Question 29

Ratios: Efficiency

Answer 29

1. Tr Re Coll Period 2. Inv hold period 3. Tr Pay payment period

Question 30

Ratios: Gross profit margin calculation

Answer 30

Gross profit/Revenue * 100

Question 31

Ratios: Operating margin calculation

Answer 31

Operating profit/Revenue * 100

Question 32

Ratios: ROCE calculation

Answer 32

Operating profit/(Equity + debt) * 100

Question 33

Ratios: Current ratio calculation

Answer 33

Current assets/Current liabilities

Question 34

Ratios: Quick ratio calculation

Answer 34

(Current assets - inventory)/Current liabilities

Question 35

Ratios: Gearing ratio calculation

Answer 35

Net debt/equity

Question 36

Ratios: Interest cover calculation

Answer 36

Profit before interest payable/Interest payable

Question 37

Ratios: TR Coll Per calculation

Answer 37

TR/Revenue * 365

Question 38

Ratios: Inv hol per calculation

Answer 38

Inv/COS * 365

Question 39

Ratios: TP pay per calculation

Answer 39

TP/Purchases * 365

Question 40

Ratios: Purpose: GPM

Answer 40

Assess profitability before taking overheads into account

Question 41

Ratios: Purpose: Operating profit

Answer 41

Assess profitability after taking overheads into account

Question 42

Ratios: Purpose: ROCE

Answer 42

Measure how effectively resources are used to generate profit

Question 43

Ratios: Purpose: Current ratio

Answer 43

Assess ability to pay current liabilities from current assets

Question 44

Ratios: Purpose: Quick ratio

Answer 44

Assess ability to pay current liabilities from reasonably liquid assets

Question 45

Ratios: Purpose: Gearing ratio

Answer 45

Assess reliance on external finance

Question 46

Ratios: Purpose: Interest cover

Answer 46

Assess ability to pay interest charges

Question 47

Ratios: Purpose: TR coll per

Answer 47

Assess average time taken to collect cash from credit customers

Question 48

Ratios: Purpose: Inv hol per

Answer 48

Assess average length of time inventory is held

Question 49

Ratios: Purpose: TP pay per

Answer 49

Assess average time taken to pay suppliers

Question 50

*Business risk* definition (OBT)

Answer 50

Could adversely affect *objectives and strategies*

Question 51

Who should manage business risk?

Answer 51

Directors

Question 52

What type of business risk are auditors interested in?

Answer 52

If impacts FS

Question 53

3 types of business risk?

Answer 53

1. Financial 2. Operational 3. Compliance

Question 54

Business risks associated with climate change?

Answer 54

Non-compliance Sector risks (agriculture, supermarkets) Investor loss Lack of evolution Extreme climate events

Question 55

Who's impact to consider when something happens to a client?

Answer 55

1. FS 2. Business (+related audit) risks 3. Going concern

Question 56

Audit risk definition?

Answer 56

Wrong *opinion* on FS

Question 57

What 2 things does audit risk comprise of?

Answer 57

1. Material misstatement 2. Detection

Question 58

What are the 2 risks of material misstatement

Answer 58

1. Inherent risk 2. Controls risk

Question 59

What are the 2 detection risks?

Answer 59

1. Sampling risk 2. Non-sampling risk

Question 60

Audit risk calculation:

Answer 60

Inherent risk TIMESED BY Control risk TIMESED BY Detection risk

Question 61

Risk of material misstatement: Timing

Answer 61

BEFORE audit commences

Question 62

Risk of material misstatement: 2 levels

Answer 62

1. Overall FS E.g. lack of skilled personnel, control deficiencies, past misstatements 2. Assertion-level (inherent and control risk)

Question 63

2 things risk assessment procedures help understand?

Answer 63

1. Entity and environment 2. FR Framework & accounting policies

Question 64

What is inherent risk?

Answer 64

The susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material (either individually or when aggregated with other misstatements) before consideration of any related controls

Question 65

Three levels of inherent risk

Answer 65

1. Industry level 2. Entity level 3. Balance level

Question 66

Control risk definition

Answer 66

Misstatement is not prevented/detected/corrected by *entity's* controls

Question 67

What is detection risk?

Answer 67

Procedure performed *by auditor* does not detect a misstatement that could be material

Question 68

What is detection risk made up of?

Answer 68

1. Sampling risk 2. Non-sampling risk

Question 69

Detection risk: What is sampling risk?

Answer 69

Different result form sample as would have been gained if whole population tested

Question 70

Detection risk: What is non-sampling risk?

Answer 70

Risk of drawing the wrong conclusion (from reasons not sampling risk) E.g. 1st year audit Undue time pressure (Poor risk assessment by auditor)

Question 71

Significant risk definition

Answer 71

Inherent risk close to upper end e.g. Subjective transactions (multiple accounting treatments) High estimation uncertainty/complex models Complex data collection/processing Complex calculations Differing accounting interpretations Accounting changes from business changes (mergers & acquisitions)

Question 72

Risk factors common to most audits

Answer 72

1. Management override 2. Journals 3. Revenue recognition 4. Cyber security

Question 73

Journals: Which types shoudl be selected?

Answer 73

Unusual items Round numbers Unusual people Outside hours Suspense acocunts

Question 74

Revenue recognition risk higher when?

Answer 74

Management reward linked to revenue/profit

Question 75

OBT: How should auditor reduce audit risk?

Answer 75

1. Overall responses to FS level risks 2. Perform procedures at assertion level

Question 76

Responding to risks: Overall responses examples

Answer 76

Emphasis to staff the need to maintain professional skepticism Assign extra or more experienced staff Use the work of experts, internal auditors or other auditors Change the nature, timing and extent of supervision and review during the audit Incorporate more unpredictability into audit procedures Change the audit strategy.

Question 77

Responding to risks: Assertion level examples

Answer 77

Adjust nature, extent and timing Consider climate risks

Question 78

What needs to be done if auditor relying on work of others E.g. internal audit

Answer 78

3P is assessed: 1. General assessment 2. Specific assessment

Question 79

3P assessment: General assessment

Answer 79

Is 3P *competent* and *independent*?

Question 80

3P assessment: Specific assessment

Answer 80

Is the specific piece of work *suitable*?

Question 81

OBT: What needs to be documented?

Answer 81

Audit team discussions/decisions Elements of the auditor’s understanding Evaluation of identified controls Risks (at both the financial statement and assertion levels) Responses to address risks of material misstatement at the financial statement level Results of audit procedures/conclusions Previous audit work relied upon (and why it is appropriate) How the financial statements agree/reconcile with accounting records.

Question 82

Cyber security definition

Answer 82

Protecting Systems, networks and data In cyberspace Unauthorized modification, disclosure and destruction Information system from failure

Question 83

Why is cyber security a key risk?

Answer 83

Increasing use of tech Constantly evolving risk

Question 84

Some key cyber risks

Answer 84

Hacking Theft of funds (fraud) Sabotage Viruses, malware, corruption DOS attacks

Question 85

Some big data risks

Answer 85

Reputational damage Legislation breaches Misstatement

Question 86

General procedures IT controls should address

Answer 86

1. Prevention 2. Detection 3. Deterrence 4. Recovery

Question 87

Some IT security controls

Answer 87

Business continuity System access control Systems development and maintenance Physical and environmental security Compliance Personal security Security organization Computer and network management Asset classification and control Security policy

Question 88

IT controls: System development and maintenance

Answer 88

Should ensure projects etc. don't detriment security

Question 89

IT controls: Computer and network management

Answer 89

Protection from viruses Protection of info esp when exchanged with other organizations

Question 90

IT controls: Assist classification and control

Answer 90

Assign 'ownership' of info assets

Question 91

Benefits of cloud computing

Answer 91

Cost savings

Question 92

Detriments of cloud computing

Answer 92

Lack of control: 3P doesn't have adequate security (Auditor should assess 3P controls)