Anda di halaman 1dari 24

Planning the

external audit
The audit committee guide series

Effective audit
committees are critical
to the quality of financial
reporting and the proper
conduct of business. This
guide is one of a series
that is meant to help audit
committees meet their
oversight and fiduciary
Trent Gazzaway, National Managing Partner
of Audit Services

2 Role of the external auditor
3 Audit planning
4 Financial statement assertions
6 Designing audits
7 Judging materiality
9 Assessing audit risk
10 Evaluating risk of
material misstatement
11 Overseeing plan and team
12 Performing audit tests
13 Using the work of others

The audit committee guide series

has been adapted from The Audit
Committee Handbook, Fifth Edition,
published by John Wiley & Sons
and available for purchase at www.
and through major online booksellers
and bookstores nationwide.

14 Evaluating the audit plan

15 More guidance
17 Grant Thorntons audit services
20 Suggested reading
21 Offices of Grant Thornton LLP

When it comes to an external audit, the audit committee has responsibility to

ensure auditors work is done right and with integrity.
In the U.S., the audit committee is charged with overseeing the integrity of the
financial reporting process and the external auditor. To fulfill these responsibilities,
audit committee members must be prepared to evaluate and oversee both the
external audit plan and the external auditor. That responsibility extends to
appointing, compensating and overseeing the work of any registered public
accounting firm employed by the company. During the audit engagement,
external auditors report directly to the audit committee.
To fulfill their duty to oversee the external audit function, audit committee
members must be familiar with how auditors consider management assertions
contained in the financial statements, and the planning process auditors go through
prior to issuing an opinion. The remainder of this issue of the audit committee
guide series summarizes the audit planning process and provides some attributes
that audit committee members may look for in an effective audit plan.

How will financial reform impact your company?

The regulatory landscape is changing for companies and their audit committees. Visit to read about the Dodd-Frank Act and how it may affect
your company.

Planning the external audit 1

Role of the external auditor

External auditors are independent audit professionals who audit the financial
statements of a company, legal entity or organization. They are expected to
express an opinion on whether an entitys financial statements are free of material
misstatements and are a true and fair representation of actual financial position.
The external auditors primary responsibilities are to:
1. identify items that have a reasonable possibility of causing the financial
statements to be materially misstated;
2. design and execute tests to determine whether such misstatements
have occurred; and
3. in certain public company audits, test the effectiveness of internal control
over financial reporting.1

Applicable to companies subject to Section 404(b) of the Sarbanes-Oxley Act of 2002.

2 Planning the external audit

Audit planning

Audit planning is a three-step iterative process undertaken by the external auditor,

and evaluated by the audit committee, each audit cycle. Audit planning, as defined
in International Standards on Auditing (ISA) No. 300, includes:
1. obtaining an understanding of the entity, its environment and its internal
control system;
2. assessing the risk of material misstatement in the financial statements; and
3. designing audit procedures commensurate with the assessed level of risk.
Audit Process Flow

Planning the external audit 3

Financial statement assertions

When management issues financial statements, it makes assertions regarding the

recognition, measurement, presentation and disclosure of information in those
financial statements. Assertions identify the most important elements of a given
financial reporting line item or disclosure.
In the planning phase, when the auditor is designing the tests that will be used
during the audit, assertions allow the auditor to focus on what is most important to
financial statement users. For example, an auditor will focus on the existence of
cash rather than the valuation of cash. Likewise, an auditor will focus on items
that potentially could be understated rather than those that may be overstated.
Although terminology may differ, auditors generally will consider the following
assertions, separated into three categories:

1. Occurrence Transactions took place.

2. Completeness Transactions that should have been recorded have
been recorded.
3. Accuracy Transaction amounts and other data have been recorded
4. Cutoff Transactions have been recorded in correct accounting period.
5. Classification Transactions have been recorded in proper accounts.

4 Planning the external audit

Account balances

1. Existence Assets, liabilities and equity interests exist.

2. Rights and obligations The entity has rights to assets and is obligated for
3. Completeness All assets, liabilities and equity interests that should have been
recorded have been recorded.
4. Valuation and allocation Assets, liabilities and equity interests are included
and adjustments are recorded appropriately in the financial statements.
Presentation and disclosure

1. Occurrence, rights and obligations Disclosed transactions have occurred and

pertain to the entity.
2. Completeness Disclosures that should have been included have been
3. Classification and understandability Financial information is presented and
described appropriately, and disclosures are expressed clearly.
4. Accuracy and valuation Information is disclosed fairly and at appropriate

Financial statements represent a complex and interrelated set of assertions. Auditors generally
test assertions in three areas transactions and events, account balances, and presentation
and disclosure.

Planning the external audit 5

Designing audits

It is not possible to design a practical audit that eliminates all risk of misstatement.
Auditors must design audits to focus on areas that have the highest likelihood of
containing material misstatements, and use methodologies that provide reasonable
assurance that misstatements do not exist.2 To do so, auditors consider two key
factors in planning and executing audits: materiality and audit risk.

Statement on Auditing Standard No. 1, par. 2 states, The auditor has a responsibility to plan and perform the audit
to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether
caused by error or fraud.

6 Planning the external audit

Judging materiality

Materiality is used to evaluate audit findings and determine whether any

uncorrected errors render financial statements materially inaccurate. Both
quantitative and qualitative measures are used to judge materiality. Quantitative
materiality is calculated as a percentage of a meaningful financial statement number,
such as pretax net income or total assets. Auditors then use a fraction of that overall
materiality number to design their tests. This fraction of overall materiality is called
the tolerable error. It represents the maximum undetected error that the auditor
is willing to accept or tolerate in the samples he or she selects for testing.

Materiality, or the degree to which a reasonable person might be influenced by an omission or

misstatement, affects the scope of an audit, such as the financial accounts and disclosures on which
to focus, as well as the locations, subsidiaries or divisions to include in the audit.

The presence of qualitative risk considerations may cause the auditor to adjust
testing scopes. They might also influence the auditors conclusions about the
significance of an identified error that might, in purely quantitative measures,
be considered immaterial.

Planning the external audit 7

Exhibit 1 lists some qualitative factors that auditors might consider.

Exhibit 1: Qualitative factors that may influence the determination of materiality

Qualitative considerations may include:
The potential effect of the misstatements on trends, especially trends in profitability
A misstatement that changes a loss into income or vice versa
The potential effect of the misstatement on the entitys compliance with loan covenants,
other contractual agreements, and regulatory provisions
The existence of statutory or regulatory reporting requirements that affect materiality thresholds
A change masked in earnings or other trends, especially in the context of general economic and
industry conditions
A misstatement that has the effect of increasing managements compensation, for example, by
satisfying the requirements for the award of bonuses or other forms of incentive compensation
The sensitivity of the circumstances surrounding the misstatement, for example, the implications
of misstatement involving fraud and possible illegal acts, violations of contractual provisions such
as debt covenants, and conflicts of interest
The significance of the financial statement element affected by the misstatement, for example,
a misstatement affecting recurring earnings as contrasted to one involving a nonrecurring
charge or credit, such as an extraordinary item
The effects of misclassifications, for example, misclassification between operating and
nonoperating income or recurring and nonrecurring income items, or a misclassification between
fund-raising costs and program activity costs in a not-for-profit organization
The significance of the misstatement relative to reasonable user needs, for example:
Earnings to investors and the equity amounts to creditors
The magnifying effects of a misstatement on the calculation of purchase price in a transfer
of interests (buy-sell agreement)
The effect of misstatement of earnings when contrasted with expectations
Copyright 2010. American Institute of Certified Public Accountants. All rights reserved.
Used with permission.

8 Planning the external audit

Assessing audit risk

Audit risk is the risk that the auditor may unknowingly fail to modify his opinion
on financial statements that are materially misstated. It relates to (1) the risk that
the financial statements prepared by management are materially misstated (material
misstatement risk) and (2) the risk that the auditor will not detect such material
misstatement (detection risk). Misstatement risk and detection risk are inversely
related. The greater the material misstatement risk, the less the detection risk the
auditor can accept. Conversely, the lower the material misstatement risk, the
greater the detection risk acceptable by the auditor.3
When audit risk is high, external auditors design audits with more extensive
testing, less reliance on the work of others and less interim work. As that risk
diminishes, auditors rely less on extensive testing and more on the work of others,
and perform more interim work during the audit cycle.

SAS No. 107, par. 25 (New York: AICPA, 2006); and ISA 200, par. A42 (New York: IFAC 2009).

Planning the external audit 9

Evaluating risk of material


The auditor evaluates a companys risk of material misstatement by evaluating:4

Inherent risk (natural risk irrespective of internal controls). Some examples
of inherent risk considerations include: volume, complexity, susceptibility
of an asset to theft, estimates, and industry circumstances. 5
Control risk (risk that the internal control system will not prevent or detect
a material misstatement). Some factors that influence inherent risk can also
impact control risk (complexity, judgment required, susceptibility to fraud).
Other control risks include the nature of operations, changes in operations
and environmental factors.6


Ibid., SAS No. 107, par. 21; and ISA 200, par. 13(n).
See the AICPA Audit Guide: Assessing and Responding to Audit Risk in a Financial Statement Audit, par. 2.10.
See COSO, Guidance on Monitoring Internal Control Systems, vol. 2, par. 58.

10 Planning the external audit

Overseeing plan and team7

The auditor must adequately plan the work and must properly supervise
any assistants.8 Accordingly, the audit committee might ask the auditor-incharge about:9
The experience, training and amount of resources assigned to specific
audit areas.
When such resources are to be assigned, and how much time they are
expected to incur.
How resources are to be managed, directed and supervised, such as:
When and how often team briefing and debriefing meetings are
expected to be held.
Whether the auditor will utilize a concurring reviewer or other form
of engagement quality review. Every audit of a company listed on a
U.S. exchange must include a concurring partner (or equivalent)
quality review.


Ibid., par. 15. See also ISA 220, par. 1415.

Statement on Auditing Standards No. 108, par. 1. New York: AICPA, 2006.
Ibid., par. 15. See also ISA 220, par. 14-15.

Planning the external audit 11

Performing audit tests

Auditors perform two different types of audit tests: tests of controls and
substantive procedures.
Tests of controls are designed to evaluate the effectiveness of the internal control system in
preventing or in detecting and correcting errors before they result in a material misstatement in
the financial statements. Tests may include:
a walkthrough, from beginning to end, of one or more transactions; and
selecting samples of controls at a point in time, or over time, and observing or reperforming
them to obtain evidence that they operate effectively.
Audit committee considerations: The audit committee should know whether internal control areas exist
that the auditor does not believe are effective enough to warrant any level of audit reliance. Such areas
may lead to errors in internal reports used for decision-making purposes.
Substantive procedures are designed to detect material misstatements at the assertion level by
testing the output from the financial reporting process. Procedures consist of:10
tests of details, which may include inspection, observation, external confirmation, recalculation,
and/or inquiry11 on a sample of transactions or accounts; and
substantive analytical procedures,12 which may range from simple comparisons to complex
analyses using advanced statistical techniques. Examples may include analyzing financial trends
over time, comparing financial ratios (e.g., gross margin percentages) to established expectations,
and comparing financial and non-financial information (e.g., payroll costs and number of
Audit committee considerations: If an auditors substantive procedure discovers a material error,
it is because the internal control system did not. Substantive procedures are performed for each
material class of transactions, account balance and disclosure.


See ISA 500, par. A14-A22, and SAS No. 110, par 11.
See ISA 315, par. A67, and SAS No. 110, par. 29.
Audit committee members may hear auditors talk about planning analytics. While planning analytics employ the
same tools as substantive analytical procedures, auditors perform them for a different purpose. Auditors use planning
analytics early in the audit cycle to help identify inherent and control risks. They employ substantive analytical procedures
(which usually are more comprehensive than planning analytics) throughout the audit cycle to determine whether material
misstatements have occurred.

12 Planning the external audit

Using the work of others

External auditors often can enhance the efficiency and effectiveness of their
audits by using the work performed by others. Most standards that govern
this topic relate to using the work performed by the internal audit functions.13
In the U.S., however, the PCAOB has expanded that potential use to include
the work of company personnel (in addition to internal auditors), and third
parties working under the direction of management or the audit committee
when gathering evidence about the effectiveness of internal control over financial
reporting.14 Audit committee members should understand the extent to which
auditors plan to use the work of others,15 and question whether auditors have
considered the following:
The nature, scope and adequacy of work performed by others
The assessed risks of material misstatement
The degree of subjectivity in evaluating audit evidence gathered
by others to support relevant assertions
The objectivity and technical competence of others
Whether the others work is carried out with due professional care
Whether effective communication is likely to occur between others
and the external auditor
The expected effect of the work of others on the nature, timing,
or extent of the external auditors procedures


See ISA 610 and SAS No. 65.

See PCAOB Auditing Standard No. 5, par. 17.
See ISA 240, par. A14.

Planning the external audit 13

Evaluating the audit plan

Audit committee members will want to be confident that the external audit plan:
1. covers all risks that have a reasonable possibility of materially affecting the
financial statements;
2. focuses on the effectiveness of the internal control systems ability to mitigate
those risks, with minimal time spent on controls whose failure likely would be
immaterial, or detected and corrected by other controls;
3. takes appropriate advantage of the work performed by others, especially that
of internal audit, but does not place unwarranted reliance on such work; and
4. focuses appropriately on areas where the risk of fraud is meaningful.

14 Planning the external audit

More guidance

Auditors and audit committee members may find Exhibit 2 to be helpful in

planning the audit and in tracking progress. The Audit Committee Handbook,
Fifth Edition, contains more detailed guidance and is available for purchase at and through major online booksellers
and bookstores nationwide.
Exhibit 2: Example audit planning schedule



10 11 12



to Date


Phase I Planning, risk

assessment and control design
Integrated audit planning
Review and comment on clients
entity-level risk assessment and
project plan (i.e., determine
locations for testing)
Identify significant accounts/
cycles and critical assertions
Update entity-level control
Update activity-level control
Evaluate control design
effectiveness and note key
Execute walkthroughs of
identified (and potentially key)
Follow up on previous
recommendations for
Planning the external audit 15




10 11 12



to Date



to Date


Phase II Tests of controls

and preliminary financial
statement testing
Identify key controls
Review managements testing
Finalize testing strategy
for key controls
Evaluate competence
and objectivity of clients
control testers
Determine possible
use of others work
Determine controls to test
and testing procedures
Execute and document tests
of controls (including review
of work of others)
Quarterly financial
statement reviews




10 11 12


Phase III Final testing,

evaluate results and wrap up
Evaluate and document
Make recommendations
for improvements
Annual audit procedures
Communicate and report results
Draft opinion
Complete review
and documentation
Issue opinion

16 Planning the external audit

Grant Thorntons audit services

Credible, timely and relevant financial information is fundamental to promoting

confidence in a company. Audit committees, as well as management, play a
unique role in establishing and maintaining that confidence. Because audit
committee members must rely heavily on both internal and external auditors
being independent and candid, finding the right auditors is paramount to the
audit committees oversight role.
Grant Thornton provides audit solutions that offer real value to todays
dynamic global organizations. For over 80 years, we have served a wide range
of private and public clients across Americas heartland. With Grant Thornton,
you get:
access to industry specialists and technical resources;
local support from our 52 U.S. offices and access to the global resources
of Grant Thornton International Ltd member and correspondent firms
in more than 100 countries;
a high level of partner involvement and personalized service;
experienced professionals who have the leadership and communications
skills to deliver constructive feedback on complex issues; and
quality services delivered consistently with state-of-the art tools.

Planning the external audit 17

Contact us for help with either your internal or external audit needs
Warren Stippich
Trent Gazzaway

Partner and National Governance,

Risk and Compliance Solution Leader
T 312.602.8499

18 Planning the external audit

National Managing Partner

of Audit Services
T 312.602.8034

Subscribe to Grant Thornton publications at

Receive relevant white papers and timely updates on industry issues and the regulatory environment.
CorporateGovernor white paper series
Ensure your public company is run well and in accordance with applicable laws and regulations. Explore
a range of topics from fraud prevention and detection to financial reporting control and SOX compliance:
Enterprise risk management: Creating value in a volatile economy
discusses why implementing an enterprise risk management (ERM) program
can benefit companies in a down economy and how ERM can help enhance
business strategy.

Hear that whistle blowing! Establishing an effective complaint-handling

process addresses an important mandate of the Sarbanes-Oxley Act: the
requirement that audit committees establish procedures for receiving,
documenting and handling complaints related to accounting and auditing matters.

Fraud in the economic recovery

As companies pick up the pieces following a bruising bout of the economic
blues, they need to be on the lookout for fraud. From heightened fraud risk to
due diligence strategies for companies purchasing distressed assets, this
CorporateGovernor white paper provides a sound overview of fraud prevention
in todays economic environment.

Timely updates
Tailored to management, boards and audit committees of mid-cap public companies, these updates
help you stay abreast of issues that affect the marketplace and your business.
Boardroom awareness: Service organization reports in transition
to new U.S. and international standards
In this issue of CorporateGovernor newsletter, Grant Thornton advisory
professionals discuss the new service organization reporting standards that are
set to replace Statement on Auditing Standards No. 70 (SAS 70) by mid-2011.

Information overload: How to make data analytics work for the internal
audit function
Learn how your internal audit department can effectively use data analytics to
add value to your organization.

Planning the external audit 19

Suggested reading

The Audit Committee Handbook, Fifth Edition (Wiley, 2010,

ISBN: 978-0-470-56048-8, U.S. $95.00).

The Audit Committee Handbook is co-authored by Grant Thornton LLP

audit committee experts R. Trent Gazzaway, national managing partner of Audit
Services, and Robert H. Colson, retired partner in Public Policy and External
Affairs, along with Louis Braiotta Jr., professor of accounting at SUNY
Binghamtons School of Management, and Sridhar Ramamoorti, principal at
Infogix Advisory Services. The Audit Committee Handbook provides practical,
in-depth guidance on all audit committee functions, duties and responsibilities.
This latest edition features regulatory updates, new chapters on audit planning
and oversight, heightened focus on fraud risk, and broad international coverage.
The Audit Committee Handbook is available at
ACHandbook and through major online booksellers and bookstores nationwide.
The Anti-Corruption Handbook: How to Protect Your Business in the Global
Marketplace (Wiley, 2010, ISBN: 978-0-470-61309-2, U.S. $75.00)

Todays demanding marketplace expects CFOs, auditors, compliance officers

and forensic accountants to take responsibility for fraud detection. These
expectations are buoyed by such legislation as the Foreign Corrupt Practices
Act, which makes it a crime for any U.S. entity or individual to obtain or retain
business by paying bribes to foreign government officials. Written by William P.
Olsen, the practice leader of Anti-Corruption Services at Grant Thornton LLP,
The Anti-Corruption Handbook provides guidelines addressing the challenges of
maintaining business integrity in the global marketplace.

20 Planning the external audit

Grant Thornton LLP offices

National Office
175 W. Jackson Blvd., 20th Floor
Chicago, IL 60604-2687
Washington National Tax
1250 Connecticut Ave. NW,
Suite 400
Washington, DC 20036-3531
Los Angeles
San Diego
San Francisco
San Jose
Woodland Hills




Fort Lauderdale




Oakbrook Terrace 630.873.2500














North Carolina


South Carolina


New York
Long Island



Kansas City
St. Louis

New Jersey

Oklahoma City


San Antonio


Salt Lake City






Washington, D.C.
Washington, D.C. 202.296.7800


Planning the external audit 21

Grant Thornton LLP

All rights reserved
U.S. member firm of Grant Thornton International Ltd
The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest
quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of
Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd
and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity.
In the U.S., visit Grant Thornton LLP at