Updated: Dec 17, 2022
Planning an audit is one of the most integral parts of the audit.
Without a sufficient planning programme on the auditor's part, there is a significant risk that a material misstatement (or many material misstatements) will be missed.
This will lead to the auditor expressing an inaccurate audit opinion, in addition to additional implications.
Planning occurs before the beginning of an audit engagement and should under no circumstances be viewed as a component of the audit that can stand on its own.
The objectives of the auditor's planning work are laid out in ISA 300 Planning an Audit of Financial Statements.
These objectives include establishing an overall audit strategy and developing an audit plan to reduce audit risk (the risk that the auditor will form an inappropriate opinion on the financial statements) to an acceptably low level.
During planning, the audit engagement partner should be included with all the other audit engagement team members.
At the beginning of the planning work, there is typically a discussion that involves the engagement team.
During this discussion, the team will look at the completion side of the previous audit, review unadjusted errors, discuss any control deficiencies that they noticed during the previous year's detailed audit work, and provide a summary of the matters that were discussed with management and, where applicable, those charged with governance during the previous audit and at the audit clearance meeting.
The audit planning process is referred to as a "continuous and iterative process" in the ISA 300 standard.
This means that when audit planning is completed at the start of an engagement, it is not merely forgotten. As the audit goes on, the audit plan might need to be adjusted to accommodate new information.
While preparing the detailed audit, the audit senior determined that there was a minimal risk of making a material misrepresentation concerning the cash in the bank.
During the tests of control performed on the bank reconciliation statements, it was discovered that the financial accountant had not had time to complete the bank reconciliations for nine of the twelve months that comprised the financial year.
This was not brought up during the original conversations with the client, and in the past audits, the bank reconciliation statements had always been made as part of the month-end routine.
However, this issue was not addressed.
In this scenario, the audit senior should revisit the planning section relating to cash and bank and amend the audit plan accordingly to consider that tests of control have revealed weaknesses, which could result in the financial statements containing a material misstatement (the bank reconciliations not being completed each month. Hence errors and omissions may not have been spotted during this timeframe).
When it comes to this specific audit area, the senior auditor should consider raising their original risk rating from low to at least medium or even high.
When it comes to this specific audit area, the senior auditor should consider raising their initial risk assessment from low to at least medium or even high.
The above example illustrates a significant event that occurred during an audit assignment, meaning that the original audit plan needs to be changed.
When an auditor commences an audit, ISA 300 requires certain procedures to be carried out:
Perform procedures required by ISA 220 Quality Control for an Audit of Financial Statements regarding the continuance of the client relationship and the specific audit engagement.
Evaluating compliance with relevant ethical requirements, including independence, in accordance with ISA 220.
Establishing an understanding of the terms of the engagement, as required by ISA 210 Agreeing on the Terms of Audit Engagements.
By carrying out the procedures described above, the auditor ensures that the audit can be carried out without compromising the integrity of the audit, as well as ensuring that sufficient resources and technical competencies are available so that the audit can be carried out in the most effective manner possible.
Because the auditor will not have previous experience with the audit engagement, planning activities for a new audit engagement will often be more in-depth than planning activities for a recurring audit engagement.
This is because the auditor will need to develop an understanding of the entity and the environment in which it operates to comply with the provisions in ISA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment.
Initial engagements will also include the process of designing additional processes to be carried out in line with ISA 510 Initial Audit Engagements—Opening Balances. These additional procedures will be related to opening balances.
ISA 300 requires the auditor to undertake activities that will:
Establish the overall audit strategy for the engagement; and
Develop an audit plan.
In establishing the overall audit strategy, the auditor shall:
Identifying the characteristics of the audit engagement that define its scope;
Determining the reporting objectives of the engagement and planning the timing and nature of the audit communications;
Determining the factors that, in the professional opinion of the auditor, are regarded as being of "significant" importance and on which the audit team should focus the majority of their attention;
Considering the results of the preliminary audit engagement activities and determining whether knowledge has been gained;
Determining the nature, timing and extent of resources needed to perform the audit engagement.
One overarching concept in ISA 300 is the need for audit planning to include detailed responses to the detailed responses risks identified throughout the process of gaining knowledge of the audit client.
When compared to an entity that buys and sells things on credit, and pays and receives money electronically, of course, the risk level of cash in a cash-based business, for instance, is likely to be significantly higher.
The auditor shall update and change the overall audit strategy and the audit plan as necessary during the course of the audit.
1. Identification of the characteristics of the audit engagement, which defines its scope
The characteristics of an engagement will determine the scope of an audit because each audit will have its own unique nature and level of risk.
For instance, the scope of an audit conducted on a group will be significantly broader than an audit conducted on an individual, stand-alone company.
This is because considerations will need to be made about the locations and components of the group.
Additionally, the financial reporting framework will define the scope of the audit and the reporting requirements that are unique to the industry.
The necessity for any reconciliation to another financial reporting system, such as US GAAP, should also be considered by auditors.
2. Determining the reporting objectives of the engagement
Certain audited entities will be required to have certain reporting procedures carried out, for example, due to rules regarding Corporate Governance or certain industry needs.
The auditor must consider the nature of any further communications required over the audit and the important dates for any anticipated interactions with management and those charged for governance.
3. Considering factors that are significant in directing the efforts of the audit team
The determination of appropriate materiality levels and the preliminary identification of areas that may involve greater risks of material misstatement are both included in this step.
Not only that, but the audit plan should also take into consideration quality control issues such as the following:
How resources are managed and supervised;
The timing of audit team briefing and debriefing meetings;
How and when the audit work will be reviewed by the audit manager and the audit engagement partner; and