Audit Planning Memos

Enabling Skills Chapter 8: Audit Issues

Lesson 1: Developing Audit Planning Memos

• Enabling Competencies:
  • Solving problems and making decisions
  • Communicating
• Learning Outcomes:
  • Identify the steps of the RAMP tool used for developing audit planning memos.
  • Describe the risk step in developing audit planning memos.
  • Describe the approach step in developing audit planning memos.
  • Describe the materiality step in developing audit planning memos.
  • Describe the procedures step in developing audit planning memos.
  • Apply the steps for approaching an audit planning memo to a scenario.
• An audit planning memo generally encompasses four steps, remembered using the acronym RAMP:
  1. Risk
  2. Approach
  3. Materiality
  4. Procedures

8.1 Risk

• The first step in the audit plan is to assess the Overall Financial Statement Level (OFSL) risk.
  • This is the risk of material misstatement for the financial statements as a whole.
  • Analyze the likelihood that there may be errors in those statements prior to the auditor performing their work.

8.1.1 Identify Case Facts

• In analyzing OFSL risk, identify case facts that impact risks that are pervasive to the financial statements (F/S).
  • This may include factors that increase or decrease risk.
  • Examples:
    • Increasing factor: A new bank loan with covenants attached for the audit client.
    • Decreasing factor: The client has improved their control environment by implementing segregation of duties.
• Identify factors that increase and decrease risk, noting it's likely to have more factors that increase risk.

8.1.2 Explain Why the Case Fact Is a Risk

• For each risk factor identified, clearly explain why each factor could result in an error that affects the engagement.
  • In the case of a financial statement audit, explain how the factors could result in a material misstatement in the F/S:
    • Factors that increase the risk of material misstatement:
      • New bank covenants may increase the likelihood of management manipulating the financial statements to meet the covenants.
    • Factors that decrease the risk of material misstatement:
      • Establishing segregation of duties in the accounting department will decrease the likelihood of fraud and errors, as a second person will be involved in each transaction.
• When there are relevant case facts to support both, you should balance your discussion with increasing and decreasing factors.

8.1.3 Conclude

• Risk assessment should conclude on OFSL risk.
• Business risks are only relevant if they impact the likelihood of errors in the financial statements.
  • For example, a client in a declining industry is only relevant to the auditor if you link it to management’s bias to hide its decline from creditors.
• Unless specifically asked, you do not need to separate out your OFSL risks into categories (inherent, control, fraud).
  • However, thinking about these categories as you identify risks may help to ensure more breadth in your analysis.

8.2 Approach

8.2.1 Combined Versus Substantive

• Two general audit approaches:
  • Substantive approach
  • Combined approach
• The audit approach selected is based on two main factors:
  1. Control risk assessment
  2. Efficiency for the audit

8.2.1.1 Identify Case Facts

• In determining the approach, consider case facts that discuss:
  • The control environment
  • The nature of the business
• Example: The entity you are auditing is a grocery retailer, and there are currently control weaknesses around the handling of cash.

8.2.1.2 Analyze the Case Facts

• Discuss the impact of the identified case facts on the audit approach.
• In the example of the grocery retailer, you could include the following:
  • The entity is a grocery retailer and therefore has a large number of small transactions; this would make a combined approach more efficient.
  • Given that you know there are weaknesses in the collection of cash, you will need to make sure that substantive procedures are conducted in all accounts where this would be an issue, such as revenue.

8.2.1.3 Conclude

• Arrive at a clear conclusion on the approach you will take.
• Your recommendation should be based on the ability to rely on controls and whether it is efficient to do so.
• Example conclusion: “We should document and test controls in areas where they are operating effectively and efficiencies would be gained, such as inventory. For areas where controls are not effective, we should perform substantive tests, such as revenue.”

8.2.2 Other Considerations

• Watch out for triggers in a case that would suggest more pervasive impacts on the audit approach.
  • Examples:
    • There is a new audit client that has been audited by a predecessor auditor.
    • There is a new audit client that has never been audited before.
    • There are changes in the control environment, such as a new IT system.
    • There are changes in the business, such as a new division or geographical expansion.
• Address how these could affect your approach by explaining how they could potentially impact the financial statements and what you will do to address these risks in your audit.
• Consider if there is anything new in the current year that would make this audit more challenging than normal, and address the impact of this in your approach.

8.3 Materiality

8.3.1 Users

• The concept of materiality recognizes that transactions, amounts, and certain types of errors, either individually or in the aggregate, directly influence the relevance and reliability of information for decision-making purposes.
  • The concept of materiality is therefore completely focused on the needs of the users.
• Your first step in determining materiality should be to consider who the users are.
• A good setup when assessing materiality in a case is to list the users with bullets and then use sub-bullets below to define each user’s objectives.

8.3.2 Benchmark

• Once you understand who your users are and what their objectives are, you should select a benchmark for materiality that reflects that.
• Examples:
  • A lender is usually focused on repayment of debt and will therefore prefer materiality based on income as a proxy for the client’s ability to repay debt.
  • Management may have a bonus tied to specific performance indicators, and materiality set on those indicators would make the most sense for them.
• Conclude on the benchmark and percentage with reference to the users’ objectives.
• For profit-oriented entities, most users will be focused on profits, so net income before tax will therefore likely be the appropriate benchmark.
  • If selecting another benchmark, make sure you have good support as to why net income is not appropriate.
  • If a profit-oriented entity is in a loss position, a more appropriate benchmark for the users would be revenue or assets.
• For a not-for-profit entity, expenses are often a benchmark that users are primarily concerned about.

8.3.3 Calculation

8.3.3.1 Normalizations and Errors

• After selecting an appropriate base for materiality, the auditor must determine, based on their understanding of the client, if there are any unusual or non-recurring items that may need to be normalized or adjusted for.
• Examples of normalizing items that may impact net income as a materiality base include:
  • Unusual or non-recurring revenue or expenses
  • Special management bonuses
  • Unusual gains or losses on the disposition of property, plant, and equipment
• Additionally, if there are any known errors identified in the client’s numbers, these should also be corrected prior to calculating materiality.
  • Therefore, in a case, if you have financial reporting adjustments, the adjustments should be calculated prior to calculating materiality.
• Once the adjusted and normalized base is determined, the threshold is applied.
• After you have calculated overall materiality, you should conclude on it in your memo, rounding down to the nearest hundred or thousand as appropriate for the needs of the users.

8.3.3.2 Performance Materiality

• Performance materiality (PM) is auditor focused.
  • When setting PM, the practitioner considers the amount of audit work required to ensure that the identified and potential unidentified misstatements will not exceed overall materiality.
  • PM provides a buffer for possible undetected misstatements.
• Conclude on your threshold for PM, calculate an amount based on your OFSL materiality and threshold, and make a conclusion.

8.3.3.3 Specific Materiality

• Specific materiality (SM) is a separate materiality set for accounts that users are particularly concerned about.
  • This is typically indicated by very specific case facts (such as a bank loan capped at a percentage of the inventory balance).
• SM is determined in the same manner as OFSL materiality but at an individual account level.
  • This materiality is not often required, but you should watch for instances where the case triggers its necessity.
• If you set an SM, you would also set a specific performance materiality (SPM) at a lower level based on the risks to the auditor.
• While risk should never impact overall materiality, it should be considered in setting PM and SPM.

8.4 Procedures

8.4.1 Identify Specific Assertion Level Risks

• The “Risk” section above looked at risks at the OFSL. This section will focus on identifying (and developing procedures to address) specific assertion level risks.
• In a case, specific account risks arise primarily from financial reporting (FR) issues.
  • For example, if you determine that the client has been recognizing revenue too early, then there is an audit risk related to overstatement of revenue (occurrence and cut-off of revenue).
• Analyze the FR issues first (if there are any) and then discuss the audit implication of each.
• Other common triggers related to assertion level risks may include:
  • New transactions during the year
  • The implementation of new systems or business processes during the year
  • Unusual or unexpected changes arising from the prior year
  • Possible control issues
  • Noted significant variances or changes in ratios between years
• Once you have identified the areas of specific assertion level risk, you need to explain why there is a risk, linking back to relevant case facts as support. Identify the impacted assertion(s).

8.4.2 Designing an Audit Procedure

• Develop one or more audit procedures to address the risk.
• Procedures must be specific, detailed, and related to the risk identified.
  • A procedure should involve all the steps necessary to sufficiently test the related account and assertion, and the steps should be clear enough that a junior audit team member could read the audit procedure, perform it with little or no supervision.
  • Include an explanation of how the procedure would test the related risk.
• Procedures should be relevant to the information provided in the case. Aim for quality over quantity of procedures.
• In designing an audit procedure, you must check support for the number that you are concerned with.
  1. Explain what could be wrong in the financial statements and why.
  2. Obtain a piece of documentation from the client that supports the balance you are looking at (accounts receivable detail, asset valuation, revenue listing, and so on).
     • Test that documentation by comparing it with support (recalculate, vouch to invoices, inspect terms, and so on).
• Your description of the procedure needs to include a combination of the description of documents you will obtain and the work you will do over those documents. It should include these elements:
  • Verb: What do you want someone to do? Start with the wording of the evidence gathering techniques, such as recalculate, inspect, or inquire. Recall that the methods of gathering evidence CIIROAR can be used.
  • Population: Be clear from which population the sample is being selected (for example, a sample of outstanding receivables over 90 days old).
  • Document: Be clear about what documents you want the sample agreed to; for example, agree outstanding accounts receivable to post-year-end cash receipts recorded in the bank account in the general ledger. If you are not sure what the relevant documents should be, you can initially just refer to supporting documentation.
  • Purpose: Describe the purpose of the procedure; that is, what should the audit team member performing the procedure be looking for?
• Example of an audit procedure: Obtain (verb) the capital asset subledger, select a sample of capital asset additions during the year (population), and inspect the corresponding invoice for those additions (document) to determine whether the additions are capital in nature (purpose).
• In deciding where to select a sample from, keep the affected assertion in mind:
  • If testing for overstatement (existence/occurrence), the sample should be selected from the general ledger and then vouched to supporting documentation (such as an invoice).
  • If testing for understatement (completeness), the sample should be selected from the supporting documentation (such as an invoice) and then traced to the general ledger.
• Use the acronym RAP (Risk, Assertion + account, and Procedure) to remember the required elements in an audit procedure discussion and achieve depth in your analysis. You can use the tools above to write your procedure (P) here.