top of page
  • Writer's pictureCCS

How does the Auditor plan for an Audit of Financial Statements?

Updated: Dec 17, 2022

Planning an audit is one of the most integral parts of the audit.

Without a sufficient planning programme on the auditor's part, there is a significant risk that a material misstatement (or many material misstatements) will be missed.

This will lead to the auditor expressing an inaccurate audit opinion, in addition to additional implications.

Planning occurs before the beginning of an audit engagement and should under no circumstances be viewed as a component of the audit that can stand on its own.

The objectives of the auditor's planning work are laid out in ISA 300 Planning an Audit of Financial Statements.

These objectives include establishing an overall audit strategy and developing an audit plan to reduce audit risk (the risk that the auditor will form an inappropriate opinion on the financial statements) to an acceptably low level.

During planning, the audit engagement partner should be included with all the other audit engagement team members.

At the beginning of the planning work, there is typically a discussion that involves the engagement team.

During this discussion, the team will look at the completion side of the previous audit, review unadjusted errors, discuss any control deficiencies that they noticed during the previous year's detailed audit work, and provide a summary of the matters that were discussed with management and, where applicable, those charged with governance during the previous audit and at the audit clearance meeting.

The audit planning process is referred to as a "continuous and iterative process" in the ISA 300 standard.

This means that when audit planning is completed at the start of an engagement, it is not merely forgotten. As the audit goes on, the audit plan might need to be adjusted to accommodate new information.


While preparing the detailed audit, the audit senior determined that there was a minimal risk of making a material misrepresentation concerning the cash in the bank.

During the tests of control performed on the bank reconciliation statements, it was discovered that the financial accountant had not had time to complete the bank reconciliations for nine of the twelve months that comprised the financial year.

This was not brought up during the original conversations with the client, and in the past audits, the bank reconciliation statements had always been made as part of the month-end routine.

However, this issue was not addressed.

In this scenario, the audit senior should revisit the planning section relating to cash and bank and amend the audit plan accordingly to consider that tests of control have revealed weaknesses, which could result in the financial statements containing a material misstatement (the bank reconciliations not being completed each month. Hence errors and omissions may not have been spotted during this timeframe).

When it comes to this specific audit area, the senior auditor should consider raising their original risk rating from low to at least medium or even high.

When it comes to this specific audit area, the senior auditor should consider raising their initial risk assessment from low to at least medium or even high.

The above example illustrates a significant event that occurred during an audit assignment, meaning that the original audit plan needs to be changed.

Preliminary Activities

When an auditor commences an audit, ISA 300 requires certain procedures to be carried out:

  • Perform procedures required by ISA 220 Quality Control for an Audit of Financial Statements regarding the continuance of the client relationship and the specific audit engagement.

  • Evaluating compliance with relevant ethical requirements, including independence, in accordance with ISA 220.

  • Establishing an understanding of the terms of the engagement, as required by ISA 210 Agreeing on the Terms of Audit Engagements.

By carrying out the procedures described above, the auditor ensures that the audit can be carried out without compromising the integrity of the audit, as well as ensuring that sufficient resources and technical competencies are available so that the audit can be carried out in the most effective manner possible.

Planning Activities

Because the auditor will not have previous experience with the audit engagement, planning activities for a new audit engagement will often be more in-depth than planning activities for a recurring audit engagement.

This is because the auditor will need to develop an understanding of the entity and the environment in which it operates to comply with the provisions in ISA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and its Environment.

Initial engagements will also include the process of designing additional processes to be carried out in line with ISA 510 Initial Audit Engagements—Opening Balances. These additional procedures will be related to opening balances.

ISA 300 requires the auditor to undertake activities that will:

  • Establish the overall audit strategy for the engagement; and

  • Develop an audit plan.

Audit Strategy

In establishing the overall audit strategy, the auditor shall:

  1. Identifying the characteristics of the audit engagement that define its scope;

  2. Determining the reporting objectives of the engagement and planning the timing and nature of the audit communications;

  3. Determining the factors that, in the professional opinion of the auditor, are regarded as being of "significant" importance and on which the audit team should focus the majority of their attention;

  4. Considering the results of the preliminary audit engagement activities and determining whether knowledge has been gained;

  5. Determining the nature, timing and extent of resources needed to perform the audit engagement.

One overarching concept in ISA 300 is the need for audit planning to include detailed responses to the detailed responses risks identified throughout the process of gaining knowledge of the audit client.

When compared to an entity that buys and sells things on credit, and pays and receives money electronically, of course, the risk level of cash in a cash-based business, for instance, is likely to be significantly higher.

The auditor shall update and change the overall audit strategy and the audit plan as necessary during the course of the audit.

1. Identification of the characteristics of the audit engagement, which defines its scope

The characteristics of an engagement will determine the scope of an audit because each audit will have its own unique nature and level of risk.

For instance, the scope of an audit conducted on a group will be significantly broader than an audit conducted on an individual, stand-alone company.

This is because considerations will need to be made about the locations and components of the group.

Additionally, the financial reporting framework will define the scope of the audit and the reporting requirements that are unique to the industry.

The necessity for any reconciliation to another financial reporting system, such as US GAAP, should also be considered by auditors.

2. Determining the reporting objectives of the engagement

Certain audited entities will be required to have certain reporting procedures carried out, for example, due to rules regarding Corporate Governance or certain industry needs.

The auditor must consider the nature of any further communications required over the audit and the important dates for any anticipated interactions with management and those charged for governance.

3. Considering factors that are significant in directing the efforts of the audit team

The determination of appropriate materiality levels and the preliminary identification of areas that may involve greater risks of material misstatement are both included in this step.

Not only that, but the audit plan should also take into consideration quality control issues such as the following:

  • How resources are managed and supervised;

  • The timing of audit team briefing and debriefing meetings;

  • How and when the audit work will be reviewed by the audit manager and the audit engagement partner; and

  • Whether there is a need for an engagement quality control review.

4. Considering the results of preliminary audit engagement activities

The assessment of initial levels of materiality and the risks that have been discovered in connection to issues such as fraud or important events that have taken place at the company since the previous audit was performed (for example, a significant restructuring) will be the focus of this portion of the audit plan.

The auditor will also be concerned about the operating effectiveness of internal control at the most recent audit, as well as whether or not it is possible to rely on internal controls during the preliminary stage of the audit or if the audit should be of a more substantive nature.

Reviewing a business plan, management accounts or cash flow projection are all examples of non-audit services that the audit firm may have conducted for the customer who requested the audit.

These services might be of assistance in the process of formulating an audit approach.

5. Determining the nature, extent and timing of resources needed to perform the audit engagement

When the resources available to the audit team are distributed properly, the audit will be carried out effectively.

This not only includes members of the team who possess the necessary skills, competence, and expertise to carry out the audit, but it also includes the allocation of external specialists (for example, an actuary or a building valuer) for high-risk areas of audit engagement.

This is an important aspect of effective risk management. When time is important, and the deadline is quite short, more resources will need to be committed to guaranteeing that all audit processes are carried out in compliance with ISAs and that the audit work can be evaluated in time to meet the set deadlines.

Following the creation of the audit strategy, the subsequent step in the auditing process is developing the detailed audit plan, which is used to handle the numerous issues discovered during the production of the audit strategy.

Important point
The audit strategy and the audit plan are closely interrelated as changes in one may result from changes to another. Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan. 
The Audit Plan

The audit plan is more detailed than the audit strategy. It will document the nature, timing and extent of audit procedures which are to be performed by the audit engagement team to obtain sufficient appropriate audit evidence, which will serve to reduce audit risk to an acceptably low level.

The auditor shall develop an audit plan that shall include a description of:

  1. The nature, timing and extent of planned risk assessment procedures, as determined under ISA 315.4

  2. The nature, timing and extent of planned further audit procedures at the assertion level, as determined under ISA 330.5 The Auditor's Responses to Assessed Risks.

    1. The plan for further audit procedures reflects the auditor's decision on whether to test the operating effectiveness of controls and the nature, timing and extent of planned substantive procedures.

  3. Other planned audit procedures that are required to be carried out so that the engagement complies with ISAs (such as using an auditor's expert to value a complex financial instrument).

Direction, Supervision and Review

The auditor is responsible for planning the nature, time, and scope of providing direction and supervision to the audit engagement team members and reviewing the work they have completed.

It is abundantly clear that in the absence of competent review mechanisms, there is a high risk that the audit evidence collected will neither be sufficient nor appropriate to comply with ISA 500 Audit Evidence requirements.

The review component is also crucial when younger staff members are included on the audit engagement team.

In this regard, the audit engagement partner will ensure that such team members are not involved in the more challenging or controversial aspects of the audit.

There is no such thing as a "blanket approach" to planning the direction, supervision, and review of an audit engagement.

This means that the same procedures cannot be applied to every audit that the firm carries out, and the auditor will need to consider various factors that will dictate the nature, timing, and extent of the process of planning the direction, supervision, and review of the audit engagement.

Some examples of these factors include the following:

  • The size and complexity of the entity.

  • The area of the audit.

  • The assessed risks of material misstatement. Where the assessed risk of material misstatement increases, the auditor will ordinarily increase the extent and timeliness of the direction and supervision of engagement team members who will involve the auditor in performing a more detailed review of the work.

  • The capabilities and competence of the individual team members performing the audit work.


Kenny is an approved company auditor and operates his business on his own.

He is in the process of conducting an audit of Bat Baling Equipment Inc., which is a pretty small firm with reasonably straightforward internal controls.

After carrying out his plans in line with the ISAs in the 300 series, he is expected to sign the auditor's report and finish the files within the next week.

Because he is a sole practitioner, he does not have another partner who is accessible to evaluate his audit files.

As a result, he is uncertain whether his audit files would stand up to scrutiny.

It's possible that a sole practitioner is responsible for carrying out the audit in some instances (this is fairly commonplace). Because of this, the question of direction, supervision, and review will not be relevant in this scenario because he will already be aware of the material issues.

However, Kenny must remember that the audit must be carried out in accordance with ISAs. As a result, he should consider the necessity of consulting with other auditors with the appropriate level of experience, and he should also consider the necessity of having his files reviewed by an independent party either before or after the auditor's report has been signed.


To demonstrate that the audit procedures have been carried out in accordance with the ISAs and that sufficient appropriate audit evidence has been obtained to enable the audit engagement partner to base their conclusions, it is essential to have adequate audit documentation.

This is true not only for the planning section of the audit file but also for all other areas.

The overall audit strategy must contain a record of the key decisions necessary to plan the audit properly.

Documentation is required for any substantial modifications made throughout the audit engagement, as well as the rationale for any significant changes.

Auditing firms frequently use standard audit programmes; nonetheless, they must refrain from using a "check box" approach while completing these audit programmes.

An audit planning memorandum, which details the audit's overall scope, timing, and conduct, is something the auditor can consider using.

In whatever form the auditor chooses to document such matters, the auditor must consider:

  • The size and complexity of the audit client

  • Materiality

  • The extent of other documentation

  • Circumstances of the specific audit engagement.

Discussing matters with management and/or those charged with governance

The auditor will usually discuss the overall audit strategy and the timing of the audit, together with any potential limitations or additional requirements.

These conversations often take place to make the execution and administration of the audit engagement easier.

The overall audit strategy and the audit plan are both the auditor's responsibilities, which is something that auditors need to keep in mind at all times.

When auditors undertake meetings with management and/or those charged with governance, they should be careful not to delve so in-depth that audit processes become too predictable.

This is something that auditors should keep in mind.

This may have a negative impact on the efficiency of the audit as a whole.

Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.

Keep in touch with us so that you can receive timely updates |


1. Website ✍️ 2. Telegram ✍️ 3. Facebook ✍

271 views0 comments

Recent Posts

See All
bottom of page