The audit plan

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Executive summary

It is important that audit activity is implemented on a risk based basis. Through continuous measurement and the assessment of the risks that audit team may be exposed to, areas of high risk shall be determined and accordingly the audit plan and program shall be prepared. The audit activity shall be implemented in accordance with this plan and program.

Audit's main objective is to express an opinion whether the financial statement is fairly stated in accordance with AASB and other statutory regulations. Besides that, audit also provides assurance and help management in measuring, evaluating and improving the controls and systems to achieve Solace's objectives. Such a way can be realized by good audit plan and program in addressing specific issue and risk.

However, the foundation and continuance of the internal controls are still the management's responsibility.


SOLACE Limited is a limited company primarily engages in the activity of providing private tutoring services.

As this entity is listed on the Australian Stock Exchange and has a separation of management from economic interest and therefore it is likely that this entity is a reporting entity in accordance with SAC 1.

SOLACE Ltd is a company and as such must abide by the corporations law.

This general purpose financial report which has been prepared on an accrual basis in accordance with Australian Accounting Standards (including AASB interpretations), the Financial Management Act 1994 AASB Interpretations and other authoritative pronouncements of the AASB, the guidelines of the Department of Education, Employment and Workplace Relations (DEEWR) and with the Public Finance and Audit Act 1983, the Public Finance and Audit Regulation 2005.

Compliance with International Financial Reporting Standards (IFRS)

The financial statements and notes of the Solace Limited comply with Australian Accounting Standards, some of which contain requirements specific to not-for-profit (NFP) entities that are inconsistent with IFRS requirements.

Accept client and perform initial audit planning

Signing Letter of Engagement (ASA 300) and Terms of Engagement, which consist of:

a. Auditors Contact Detail: including name, address, telephone (work) and mobile

b. Auditee Contact Detail: contact person, address, telephone (work) and mobile

c. Location to be audited

d. The scope of the audit

Includes the following matter:

    · Standards, codes & legislation
    · Size of business (number of sites and employees)
    · Industry
    · Type of products
    · Processing technologies
    · Hours of operations
    · List of Auditor Team

e. The scheduled time and proposed duration of the audit, including desk audit, site audit and delivery of final report

f. Date for receipt of desk audit documentation and time frame for review of documentation

g. The preliminary agenda for the site audit

h. Proposed date for completion of follow up actions

i. Statements of confidentiality, OHS compliance and other business criteria

j. Reasons for termination of audit

k. Actions or recourse in case of disagreement

Understand the client's business and industry


The private tutoring industry is a growing sector of the education and training industry and school teachers are regularly approached to work in private tutoring or coaching "colleges". Other teachers establish themselves as tutors in private practice working through an agency or as "sole traders".

Industry and external environment

    * Identify issues for specific industry

Read relevant audit alerts (from AASB, AUASB or CPA Australia Journal and Publications)

Obtain knowledge of particular facts

Identify major competitors in the industry (such as: GEOS Queensland College -, Cengange Education -, Box Hill Institute -, etc)

Read industry publications

Consider impact of common economic factors

Understand IT issues

    * Identify inherent risks - very nature of what is done, such as handling cash, handling government contributions and student fee vs total enrollments, etc
    * Know unique accounting principles/policies/practices (AASB)

Review permanent and last year's current file

Read industry audit guides

Read regulatory guides and other documents.

Solace's operations and processes

    * Major source of Revenue and financing : Government contributions, HELP-HECS, Student fees & charges and fee for service
    * Tour facilities and operations
    * Identify major customers and suppliers
    * Solace is positioned in the life-cycle of the business
    * Identify related parties: permanent file, affiliated companies, principal owner, or other party that influences.
    * Identify joint ventures and strategic alliances
    * Evaluate use and quality of information technology (Pollock, 2003)

Solace's management and governance

    * Understand organizational structure, board of directors, audit committee
    * Understand management philosophy and operating style
    * Read code of ethics
    * Read corporate charter and bylaws
    * Read minutes of meetings of board of directors (Pollock, 2003)

Solace's strategies and objectives

    * Understand commitment to design a system which attest the effective and efficient of operation and comply to laws and regulations
    * Understand methodology and commitment for presenting reliable financial reporting

Solace's performance and measurement

    * Key indicators for evaluating progress to achieve its objectives

Assess client business risk

Assess client business risk (the risk that the client will fail to achieve its objectives)

Conditions and events that may indicate the existence of business risks:

    * New locations.
    * Significant changes in the entity (e.g., acquisitions and reorganizations) or industry
    * Significant changes in the IT environment.
    * Significant new products, services, or lines of business.
    * High degree of complex regulation
    * Operations in areas with unstable economies.

Out of the above conditions, we should still consider five basic risk categories (Financial Risks, Technical Risks, Managerial Risks, Behavioral Risks and Legal Risks)

Evaluate management controls affecting business risk

Review minutes of department head meeting and other control methods.

Potential Risk in Private tutoring industry such as conflict of interest and corruption risk can be minimize by effective supervision with honesty and transparency and corruption risk management with the impartiality, integrity and openness of management characteristics

Assess risk of material misstatements

Evaluate the material misstatement and differentiate between error and fraud. While Errors are unintentional misstatements (mistakes), Fraud usually come in the form of fraudulent financial reporting (Alteration, Manipulation, or falsification of accounting records, misrepresentation in, or intentional omission from, the financial statements transaction or intentional misapplication of accounting principles) or misappropriation of assets (stealing assets, paying for goods and services not received, embezzling cash received, etc).

Perform preliminary analytical procedures

Acceptable Audit Risk (AAR)

Factors to consider in setting AAR (Leung et al, 2007):

    * The occurrence in the financial statement item of related party transactions
    * Management integrity
    * The existence of specific statutory requirements
    * External users' reliance on financial statements (distribution, size, liabilities)
    * The amount of the financial statement items
    * Likelihood of financial difficulties (liquidity, profits, financing, nature of operations, management competence)

After considering the above factors, target AAR for Solace would be 5%

Inherent Risk (IR)

Factors to consider in setting IR (Gay and Simnett, 2005):

    * Nature of the education business
    * Results of previous audits
    * Non-routine transactions
    * Factors related to fraudulent financial reporting
    * Initial versus repeat engagement
    * Makeup of population
    * Related parties
    * Susceptibility of assets to misappropriation
    * Judgment required to correctly record account balance

Understand internal control and assess control risk

Understand Internal Controls

Purpose to Assist in Planning the Audit by (Pollock, 2003):

a) Identifying type of potential misstatements.

b) Recognizing likelihood of misstatements occurring.

c) Client enquiry and review documents, records, reports, and prior year working papers

d) Observe control related activities

e) Determining the nature, timing, and extent of tests to be performed.

f) Considering audibility of financial statements.

g) Perform walkthrough

Assessment of Control Risk (CR)

Identifying Internal Control Weaknesses

a) Identify Transaction Related Audit Objectives (TRAO) that applies to type of transaction.

b) What's the potential misstatement?

c) What key controls are missing which assure the TRAOs being fulfilled?

d) Consider compensating controls.

e) Identify key controls that Solace has for TRAO under consideration.

f) Identify weaknesses.

Evaluating absence of internal controls (control deficiency and material weakness)

After that, then make a decision on an initial estimate of CR. The points should be considered are:

    1. CR is never zero (inherently human, collusion always possible)
    2. If 100% then go straight to substantive testing

a) Do not apply policies and procedures

b) Internal controls not effective at all

c) Evaluating internal controls inefficient

Publicly-traded company (like SOLACE Ltd) - assume low CR, with intent to support through tests of controls.

Gather information to assess fraud risk

Gather Information

    * Gather Information from outside sources and internally, such as brainstorming, interviews, analytical procedure, review of prior fraud, review of auditor's management letter, etc)
    * Make inquiries of management and others within the entity to seek their views about the risks of fraud and how they are addressed.
    * Consider other information which may be helpful in identifying fraud and corruption risks

Assessment of Fraud Risk

Using the information gathered to identify fraud and corruption risks

Based on the information gathered, then we should identify the potential fraud occurred with regards to three conditions (fraud triangle):

    * Incentives / pressures (Is there any pressure to meet budgeted amount? is there incentive in order to receive a bonus?),
    * Opportunities;
    * Attitudes / rationalizations

Besides that, auditors should also consider (ASOSAI, 2003) :

    * Auditors' professional judgment (experience and perceptions)
    * Nature of the organization (the size and complexity); For Solace Ltd, consider factors that generally constrain inappropriate conduct by management (audit committee's effectiveness, committee's risk management and internal audit).
    * Characteristics of fraud and corruption risks: (a) the risk type which may exist, (b) risks significance and likelihood, and (c) the extensiveness of the risks related to audited areas, whether the potential risk is extensive to the program and financial statement as a whole or only in particular accounts, assertion, or activities and class of transactions.

A Presumption that improper revenue recognition is a fraud risk

Pay attention on an overstatement of revenues (premature revenue recognition or recording fictitious revenues) or an understatement of revenues (improperly shifting revenues to a later period).

A Consideration of the Risk of Management Override of Controls

Does senior management have the ability to override control? If so, auditor should consider that risk apart from any conclusions regarding the existence of more specifically identifiable risks.

Assessing SOLACE's programs and controls for identifying fraud and corruption

The examples of the programs and controls are:

    * Particular controls designed to reduce particular fraud and corruption risks, for example, controls to address the misappropriation of assets
    * Broader programs designed to prevent, deter and detect fraud, for example, programs to promote a culture of honesty and ethical behavior (ASOSAI, 2003).
    * Auditor should also consider the other programs to reduce the fraud and corruption risks.
    * Assess the likelihood and significance of each potential fraud risk (What controls or compensating controls are in place to address each fraud identified? If fraud did occur in certain area, how significant would it be?

Identifying High Risk Areas

Some of common high risk areas are (ASOSAI Guidelines, 2003):

    * Revenue receipt;
    * Program management;
    * Cash Management;
    * General expenditure (expense reimbursements may be a fraud risk area as it is difficult to determine if expenses submitted could be for personal benefit);
    * Contracts of service/ procurement;
    * Inventory management;
    * Sanctions/Clearance;
    * Other areas with public interface

After all the above steps, the next step would be:

    * Determine how and where internal control can be strengthened (Adequate documents and records, Proper authorization of transactions and activities, Independent checks on performance, Physical control over assets and records and Adequate separation of duties)
    * Follow up and monitor any changes in internal control systems

Develop overall audit plan and audit program

Pre-Audit Meeting Program

    * Prepare a detail of bank accounts, investments, and debt by financial institution
    * Review the nature and timing of preliminary and final audit works.
    * Focused on unusual activities during the financial year
    * Review internal and external factors affecting the business
    * Review and verify the accounting and computer operations for flow of transaction and controls, change in workforce and technology.
    * Review procedures relating to audit adjustments and the process and approval from these entries
    * Provide a list of solicitor retained or from whom services were received
    * Maintain a board minutes documents to provide to the auditors
    * Review the aspects of sampling from transactions (disbursements, payroll, sales, receipts) or year-end balances (accounts receivable and accounts payable).
    * Develop and plan audit program for key potential risk accounts (see below explanations)

a) Reconciliation

b) Student Fee, Fee for Service and Government Contributions - and related expense

c) Cash and Cash Equivalent

d) Fixed Assets (Property, Plant and Equipment)

e) Receivable

f) Payable, Provisions and Other Liabilities

g) Operational Expense (Employee Benefits, Repairs & Maintenance and Other Expenses)

    * Set out a time schedule (including activity budget) and indicating person in charge (assign for trainee/junior auditor, senior auditor, team leader/manager and audit partner) in each of audit program.

Audit Plan Summary

Audit Program for Reconciliation

a) Attest and examine internal controls

b) Execute the reconciliation for yearly gross income, tax accrual and tax collected

Audit Program for Key Potential Risk Accounts

a) Attest and examine internal controls. Review reporting methods and determine if taxes are paid on appropriate categories of accounts.

b) Detail all accounts transactions over $167,250. Develop a sampling procedure for transactions under $167,250 dollar amount.

c) Detail all related transactions and develop a sample to test detail flow procedure, for example:

    * Verify and cross check the amount of student fee and fee for service received compare with the amounts of student enrollments
    * Verify and cross check all the expenditure using government contributions

d) Identify all sources of revenue and expenses

e) Conduct Physical Examination (if applicable, for example for fixed assets audit program)

f) Provide copy of related documents (such as invoices, building or land legal documents, etc) for review by the auditor.

g) Prepare a schedule of detailed transactions where tax were not paid / received or supported by a valid resale/exemption certificate.

h) Identify extraordinary transactions and review the status of the audit on related accounts.

i) Develop a sample for all accounts transactions under $167,250 and discuss about planned sampling approach.

j) Review transactions for taxability.

k) Plan a schedule for adjustments (if applicable)

l) Have all supporting documentation and invoices available for the auditor to review and test the audit procedures used with regard to the regulations and tax decisions made.

Specific Audit Program

Besides the application of general audit program above in each account, there are several particular audit programs to be applied for specific accounts (usually apply before develop a sample):

A. Cash and Cash Equivalent

a) Separate between bank balance, cash and other non-bank balance

b) Perform a test for reconciliation of bank balance and cash to summary records and financial statements. The test for bank reconciliation including test for unpresented cheque and undeposited fund.

c) Send bank confirmation letters

B. Receivable

a) Separate between current and non current for receivable

b) Identify similar receivable populations and develop a procedure for each group and differentiate between tax and non-tax received items.

c) Send confirmation letter to customer about the receivable balance

C. Payable, Provisions and Other Liabilities

a) Separate between current and non current for payable, provisions and other liabilities

b) Identify similar payable populations and develop a procedure for each group and differentiate between tax and non-tax paid items.

c) Send confirmation letter to creditor about the payable balance

D. Operational Expense

a) Identify similar expenses populations and develop a procedure for each group and differentiate between tax and non-tax paid items.

b) Detail all employee benefits (payroll) and develop a sample to test detail flow procedure for payroll (cross check a sample for potential fraud)

NOTE : For all the audit program, never done test of control if it is proven that the internal control is unreliable (High Control Risk)


Summary of Audit Plan approach are:

    * Conduct the test of control (if applicable) and substantive test to identify risk areas;
    * Performance of a risk assessment to gauge the degree of risk or materiality level associated with a particular area;
    * Risk is categorized and rated in accordance with; corporate importance, corporate sensitivity, inherent risk and control risk;
    * Calculation of the audit risk index and classified as high, moderate or low in each audit areas;
    * Audit resources are focused on the areas of highest risk (with regard to fraud risk).
    * We used cumulative knowledge of the organisation from previous Audit work to identify areas that would benefit from Audit coverage
    * The Audit Needs Assessment also identified areas of coverage that do not appear as high priority risks, but where Audit can provide tangible input to assurance, such as:

Areas of concern flagged by management or the Audit Committee

Emerging issues; and

Need for ongoing assurance in relation to key aspects of internal control

    * After we have done the audit program and proven that the financial report presented fairly in all material respect in accordance with AASB, financial information complies with relevant statutory and other requirements and consistent with auditor's understanding of the entity and its environment, hence Audit committee can issue an audit report with unqualified audit opinion.
    * Develop overall audit plan and audit program


AICPA, Fraud and the Financial Statement Audit: Auditor Responsibilities Under New SAS, 2004

Arens, A.A., Best, P.J., Shailer, G.E., Fiedler, B.A., Elder, R. and Beasley M., 2007, Auditing and Assurance Services in Australia - An Integrated Approach, 7th edition, Pearson/Prentice Hall, Sydney

ASOSAI, ASOSAI Guidelines for Dealing with Fraud and Corruption, 2003

Auditing and Assurance Standard Board (AUASB) Website -

- ASA210 Terms of Audit Engagements

- ASA220 Quality Control for Audits of Historical Financial Information

- ASA230 Audit Documentation

- ASA250 Consideration of Laws and Regulations in an Audit of a Financial Report

- ASA300 Planning an Audit of a Financial Report

- ASA315 Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement

- ASA320 Materiality and Audit Adjustments

- ASA330 The Auditor's Procedures in Response to Assessed Risks

- ASA520 Analytical Procedures

Australian Accounting Standard Board (AASB) Website -

Box Hill Institute Website -

Cengange Education Website -

Department of Education and Training Website (,,,,, )

Gay, Grant E and Simnett, Roger., 2005, Auditing and Assurance Services in Australia, 3rd edition, Mc Graw Hill, Sydney

GEOS Queensland College Website -

Leung, Philomena, Coram, Paul and Cooper, Barry J., 2007, Modern Auditing and Assurance Services, 3rd edition, John Wiley, Milton, Queensland

Monash University Website (

Office of the Auditor General of Canada, Wrongdoing and Fraud Audit Guidance, 2005

Pollock, Kathy., 2003, 'Internal Controls' and 'Materiality' in Professional Auditing from

Qureshi, Anique Ahmed; Levine, Marc H.; Dauber, Nick A, 2008, The Complete Guide to Auditing Standards, and Other Professional Standards for Accountants, John Wiley & Sons, Inc, Milton, Queensland

University of Melbourne Website (