. 42
( 82 .)


Analysis of Audit Planning and the Committee 207

Exhibit 6.4 Risk Factors Relating to Misstatements Arising from Misappropria-
tion of Assets

A. Personal financial obligations may create pressure on management or employees
with access to cash or other assets susceptible to theft to misappropriate those assets.
B. Adverse relations between the entity and the employees with access to cash or other
assets susceptible to theft may motivate those employees to misappropriate those
assets. For example, adverse relationships may be created by the following:
• Known or anticipated future employee layoffs
• Recent or anticipated changes to employee compensation or benefit plans
• Promotions, compensation, or other rewards inconsistent with expectations

A. Certain characteristics or circumstances may increase the susceptibility of assets to
misappropriation. For example, opportunities to misappropriate assets increase when
there are the following:
• Large amounts of cash on hand or processed
• Inventory items that are small in size, of high value, or in high demand
• Easily convertible assets, such as bearer bonds, diamonds, or computer chips
• Fixed assets that are small in size, marketable, or lacking observable identification
of ownership
B. Inadequate internal control over assets may increase the susceptibility for
misappropriation of those assets. For example, misappropriation of assets may occur
because there is the following:
• Inadequate segregation of duties or independent checks
• Inadequate management oversight of employees responsible for asstes, for
example, inadequate supervision or monitoring of remote locations
• Inadequate job applicant screening of employees with access to assets
• Inadequate recordkeeping with respect to assets
• Inadequate system of authorization and approval of transactions (for example, in
• Inadequate physical safeguards over cash, investments, inventory, or fixed assets
• Lack of complete and timely reconciliations of assets
• Lack of timely and appropriate documentation of transactions, for example credits
for merchandise returns
• Lack of mandatory vacations for employees performing key control functions
• Inadequate management understanding of information technology, which enables
information technology employees to perpetrate a misappropriation
• Inadequate access controls over automated records, including controls over and
review of computer systems event logs.

Risk actors reflective of employee attitudes/rationalizations that allow them to justify
misappropriations of assets are generally not susceptible to observation by the auditor.
Nevertheless, the auditor who becomes aware of the existence of such information should
consider it in identifying the risks of material misstatement arising from misappropriations
of assets. For example, auditors may become aware of the following attitudes or behavior
of employees who have access to assets susceptible to misappropriation:
• Disregard for the need for monitoring or reducing risks related to
misappropriations of assets.

208 An Overview of Audit Planning

Exhibit 6.4 (Continued)

• Disregard for internal control over misappropriations of assets by overriding
existing controls or by failing to correct known internal control deficiencies
• Behavior indicating displeasure or dissatisfaction with the company or its
treatment of the employee
• Changes in behavior or lifestyle that may indicate assets have been

Management incentive plans may be contingent upon achieving targets relating only to certain
accounts or selected activities of the entity, even though the related accounts or activities may not be
material to the entity as a whole.
Source: Reprinted with permission from Statement on Auditing Standards No. 99, “Consideration of
Fraud in a Financial Statement Audit.” Copyright (c) 2002 by the American Institute of Certified
Public Accountants, Inc.

b. Resources available for each plan
Based on their discussions with the independent auditors, the director of in-
ternal auditing, and other senior management officers, the audit directors
should be familiar with the overall purpose and objectives of each audit
segment of the total corporate audit plan. Of particular importance to the
committee is assurance of a coordinated plan consistent with the overall
auditing goals of the organization. Such assurance may be obtained
through a well defined and documented general statement of auditing ob-
jectives. Subsequent to the committee™s review, the audit objectives and
any other relevant information should be formalized into a written corpo-
rate document. This corporate document, along with the audit committee™s
recommendations, should be presented to the board of directors for its ap-
proval. Such board approval establishes a formal audit policy.
3. Based on the audit policy, the internal and external auditing groups should de-
velop appropriate audit plans that are consistent with the entity™s auditing
goals. Obviously, the audit directors are not responsible for the preparation of
the comprehensive corporate audit plan. However, they must assure themselves
that the plan is consistent with the organization™s policy. Thus the appropriate
internal and external auditing plans will be consolidated into the overall cor-
porate audit plan. Subsequent to the committee™s review, the corporate audit
plan should be formalized into a written document. This particular document
will be used as a reference guide for future audits.
4. Review and appraise the corporate audit policy and plan annually. In order to
guard against obsolescence, the audit committee should review and revise the
audit policy and plan on a regular periodic basis.

Chapter 7 discusses the preceding steps along with other aspects of the commit-
tee™s role.
Benefits of Audit Planning 209

Assurance of an Effective Audit Plan
Clearly, the audit committee wishes to obtain maximum auditing services at a rea-
sonable cost. William S. Albrecht observes that one large accounting firm reported
that its audit fees have increased “over 50 percent in the last four years” and an-
other firm™s increased “40 percent.”14 Consequently, a sound corporate audit plan
coupled with the committee™s auditing strategy enhances the entity™s opportunity
to minimize audit costs and maximize on auditing services. Audit planning real-
izes a number of benefits:

1. It facilitates the effective allocation of resources to the audit function.
2. Inherent in the audit planning process is the psychological benefit of inducing
the parties involved to think ahead and thus anticipate potential problems or
3. Communication and cooperation among the auditing groups and management
is enhanced since the audit committee coordinates their efforts toward the
goals of the audit.
4. Since the board of directors expects the audit committee to monitor the audit
function, audit planning provides assistance to the committee in accomplishing
its task.
5. The audit committee can assess the effectiveness of the audits since the preau-
dit plan can be compared with the actual results of the audits.
6. Through a review of the audit plan, the committee develops confidence in han-
dling problem areas.

Furthermore, the audit committee™s review of the overall plan of the audit provides
valuable information, such as:

• A summary of the company™s financial reporting requirements and the time-
table for meeting those requirements
• An understanding of the relationship between the company™s system of inter-
nal accounting control and the scope of the audit
• The effect of accounting and auditing pronouncements and of SEC and other
regulatory requirements on the scope of the audit

William S. Albrecht, “Toward Better and More Efficient Audits,” Journal of Accountancy 144, No. 6
(December 1977), p. 48. With respect to audit costs, “The audit committee should consider whether,
and the extent to which, the actual costs of an audit exceed the estimated costs. When cost overruns are
significant, the committee should seek satisfactory explanations for the variance. The committee
might also wish to consider whether the presently engaged auditors have offered suggestions for man-
agement action that can reduce audit costs without diminishing audit effectiveness” (p. A-25). See
Daniel J. McCauley and John C. Burton, Audit Committees 49 (Washington, DC: C.P.S., Bureau of
National Affairs, 1986).
Also see Glenn E. Sumners and Barbara Apostolou, “Preparation Can Cut Audit Fees,” Financial
Manager 3, No. 1 (January/February 1990), pp. 46“49. The reader may wish to consult Chapter 4,
which discusses the legal position of the audit committee and fraudulent financial reporting.
210 An Overview of Audit Planning

• The extent to which the external auditor uses the work of internal auditors in
establishing the scope of his or her examination
• Changes in the company™s organization, operations, or controls that have
caused the external auditor to change the scope of his or her examination
• The degree of audit coverage, such as locations to be visited and the extent of
procedures such as inventory observation, receivable confirmation, and so on
• The extent to which auditors other than the principal auditor are used
• Any potential problems that might cause the auditor to qualify his or her opinion
• Accounting principles management has selected for new transactions and the
auditor™s evaluation of those principles15

An Overview
The corporate audit plan should be designed to give consideration to these factors:
(1) financial disclosures, (2) operational efficiency, (3) compliance with corporate
policies, and (4) compliance with laws. Thus the overall audit plan should include:

1. Statement of the proposed year-end and interim financial audits (see Exhibit
2. Statement of the proposed operational audits
3. Statement of the proposed internal compliance audits
4. Statement on the status of the external compliance audits

To develop these statements effectively, it is necessary to review the essential
segments of the overall audit plan. Because such a plan should be comprehensive,
the following segments provide a useful framework:

• Financial audit segment
• Operational audit segment
• External compliance audit segment
• Internal compliance audit segment

The next discussion elaborates on each type of nongovernment audit within
each auditing segment.

The financial audit is concerned principally with the audit of
Financial Audits
the entity™s financial statements. Such an audit is conducted by the independent
auditors who express their opinion on the fairness of the financial statements. As
discussed in Chapter 5, the independent auditors conduct their examination in ac-

American Institute of Certified Public Accountants, Audit Committees, Answers to Typical Questions
About Their Organization and Operations (New York: AICPA, 1978), pp. 15“16.
Components of the Corporate Audit Plan 211

Exhibit 6.5 Types of Government Audits and Attestation Engagements

2.01 This chapter describes the types of audits and attestation engagements that audit or-
ganizations perform, or arrange to have performed, of government entities, pro-
grams, and federal awards administered by contractors, nonprofit entities, and other
nongovernment entities. This description is not intended to limit or require the
types of audits or attestation engagements that may be performed or arranged to be
performed. In performing work described below in accordance with generally ac-
cepted government auditing standards (GAGAS), auditors should follow the ap-
plicable standards included and incorporated in chapters 3 through 8. This chapter
also describes nonaudit services that audit organizations may provide, although
these services are not covered by GAGAS.
2.02 All engagements begin with objectives, and those objectives determine the type of
work to be performed and the auditing standards to be followed. The types of work,
as defined by their objectives that are covered by GAGAS, are classified in this doc-
ument as financial audits, attestation engagements, and performance audits.
2.03 Engagements may have a combination of objectives that include more than one
type of work described in this chapter or may have objectives limited to only some
aspects of one type of work. Auditors should follow the standards that are applica-
ble to the individual objectives of the audit or attestation engagement.
2.04 In some engagements, the applicable standards that apply to the specific audit objec-
tive will be apparent. For example, if the audit objective is to express an opinion on
financial statements, the standards for financial audits apply. However, for some en-
gagements, there may be overlap between the applicable objectives. For example, if
the objectives are to determine the reliability of performance measures, this work can
be done in accordance with either the standards for attestation engagements or for
performance audits. In cases where there is a choice between applicable standards,
auditors should consider users™ needs and the auditors™ knowledge, skills, and expe-
rience in deciding which standards to follow. Auditors should apply the standards that
are applicable to the type of assignment conducted (the financial audit standards, the
attestation engagement standards, or the performance auditing standards).

Financial Audits
2.05 Financial audits are primarily concerned with providing reasonable assurance about
whether financial statements are presented fairly in all material respects in conformity
with generally accepted accounting principles (GAAP),a or with a comprehensive
basis of accounting other than GAAP. Other objectives of financial audits, which pro-
vide for different levels of assurance and entail various scopes of work, may include:
a. providing special reports for specified elements, accounts, or items of a financial
statement; b
b. reviewing interim financial information;
c. issuing letters for underwriters and certain other requesting parties;
d. reporting on the processing of transactions by service organizations; and:
e. auditing compliance with regulations relating to federal award expenditures and
other governmental financial assistance in conjunction with or as a by-product
of a financial statement audit.
2.06 Financial audits are performed under the American Institute of Certified Public
Accountants™ (AICPA) generally accepted auditing standards for field work and

212 An Overview of Audit Planning


. 42
( 82 .)