What you want to also realize is that the audit planning process, although the bulk of it will occur within the first, maybe second quarter, for a public company, it is an ongoing process throughout the course of the year. So that if something does emerge in quarter three or quarter four, you have to be ready to adjust your audit process as a result of that, continuous process. The scope of the audit, most of the audits we talk about in this class are financial statement audits, so as subject matter, we're not really too worried about how well the company is operating. However, how well the company is operating will in turn translate into financial performance, okay. So you're not going to have a report about hey, we were looking at J.C Penny's, for example, inventory warehouse management process. This is great and we're going to tell the financial statement users. No that's not the point, but you do want to look at their inventory product management processes as a basis for forming expectations for how great, in terms of financial statement performance, their gross margins will be on their product sales, okay, scope of the audit. And we'll talk a little bit more about this, but this will be what we anticipate performing. Are we going to mostly test controls and see if they're working, in order to have a justifiable basis for assessing control risk to be low? Or are we going to drive down detection risk more with substantive testing? We'll talk more about those throughout the course. Now one acronym I want you to remember is the NET of tests. Basically, the nature, extent, and timing of audit test to be performed. Really, here's the deal. As risk of material misstatement is higher, that is as a combination of inherent risk and control risk are higher, that means your detection risk must be lower. You get your detection risk lower, by either having more invasive nature of tests. So instead of just inquiring of management, actually after they tell you the answer, say, great I like your answer. Can you get me some documentary support for that answer. And then they have to get you the documentary support, you see. Or maybe you can say, well can I go and see you get this product shipment that you talked about, and you described how your products are shipped. Can we just go observe the product being shipped? Another thing you can change is the extent. Obviously, the higher that risk of material misstatement and the lower you need to get the detection risk, you would do more extensive audit procedures. So more versus less invasive nature, higher versus lower extent. What can you do with timing? Well, what do you do with timing is later in the fiscal year you go. That means you're more worried about misstatement risk and sometimes, you'll even wait til after the end of the year to do your audit test. If you think about this, suppose a calendar of your company at 12/31 they have a recording of accounts receivable, that means as if the end of the year, they say a bunch of customers owe us money. Well the best way to see whether the customers owe you money, that company money, is to go beyond the end of the year into January and see if customers are in fact paying money. Because there's a lag between the end of the year and the audit report date of maybe six weeks, you have time in between the year in period and the audit report period to do more audit tests. The more worried you are about misstatement risk, the more of your tests will be after year end. A little less worrisome place, would be right in that fourth quarter and if you're not really worried at all, you can do most of your tests in the second or third quarter and let's do a few roll forward tests later on. So as an auditor, you develop an overall audit strategies. You have to step back and have, what's called, a professionally skeptical mindset. What I mean by that, is that you need to have a mindset that's actively questioning management's assertions. You can't just take their word for it, and many times you cannot just take documentation that has only been generated by, and then handed to you by that company. Sometimes you want documentation that originates outside of the company you're auditing, like say a customer or maybe a bank. If your client says we have billions in the bank at First Federal, go to First Federal and get the evidence from them. This is professional skepticism, a questioning mindset. You're not presuming dishonest behavior by management, but you're asking management to sort of show me. In some sense, I like to tell students, that auditors...in some sense, if you understand each state has nicknames. The nickname of the state of Missouri in the United States is the show me state. So, Illinois is Land of Lincoln. But in Missouri they have the show me state. In some sense auditor should be show me that, show me. If that's a good answer, the answer makes sense but show me the documentary support. That's a professionally skeptical mindset and an auditor...it's an art form to be exercising this in a way that doesn't make management upset at you but also makes you do your job in a way that is having the public interest at heart. If you're not professionally skeptical enough, you probably will fail at this next thing that you need to do and that is, you must gather sufficient, that's extent, appropriate, and that's going to be largely nature. So, sufficient appropriate audit evidence support an opinion about the financial statements. You also will be considering the strength of and determining how extensively to rely on management's internal controls for various components of an audit. If you want to look at more information and certainly, I would encourage you to take a look at the document on which these slides are based, which is the financial statement audit. It's a publication for the Center for Audit Quality and you can get it there at the URL.