An audit plan is more detailed than the strategy and sets out the nature, timing, and extent of audit procedures (including risk assessment procedures) to be performed by engagement team members to obtain sufficient appropriate audit evidence.
Planning the audit includes establishing the overall audit strategy for the engagement and developing an audit plan, which includes, in particular, planned risk assessment procedures and planned responses to the risks of material misstatement.
Planning is not a discrete phase of an audit but, rather, a continual and iterative process that might begin shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit.
A good plan and actual control of the work as per the plan will prove to be valuable evidence that the audit has been carried out according to generally accepted auditing practices if the plan and controls exercised are adequately documented.
The audit plan should cover mainly the following;
- Determining the scope of the audit;
- Gaining knowledge of the clients accounting system;
- Gaining knowledge of clients internal control system;
- Determining the program of audit, fixing up time schedules and nature and extent of audit procedures to be carried out;
- Manpower planning.
The control of the audit seeks to ensure that the work is carried out as intended.
Auditor exercises control over the quality of audit by effective supervision of the work of his assistants, coordination of work performed by others and adequately documenting the audit matters and manner.
The auditor should develop and document an audit plan that includes a description of:
- The planned nature, timing, and extent of the risk assessment procedures;
- The planned nature, timing, and extent of tests of controls and substantive procedures; and
- Other planned audit procedures required to be performed so that the engagement complies with PCAOB standards.
Role and Timing of Planning
Adequate planning benefits the audit of financial statements in several ways, including the following:
- Helping the auditor to devote appropriate attention to important areas of the audit.
- Helping the auditor identify and resolve potential problems on a timely basis.
- Helping the auditor properly organize and manage the audit engagement so that it is performed effectively and efficiently.
- Assisting in the selection of engagement team members with appropriate levels of capabilities and competence to respond to anticipated risks, and the proper assignment of work to them.
- Facilitating the direction and supervision of engagement team members and the review of their work.
- Assisting, where applicable, in the coordination of work done by auditors of components and experts.
Audit procedures should be discussed with the client’s management, staff and/or audit committee to co-ordinate audit work, including that of Internal audit.
However, all audit procedures remain the responsibility of the external auditors.
Planning the Audit
Audit planning involves the development of an overall strategy or game plan for the expected conduct and scope of the audit. The auditor should plan the audit with an attitude of professional skepticism about such. matters as the integrity of management, errors and irregularities, and illegal acts.
The amount of planning required in engagement will vary with the size and complexity of the client, and the auditor’s knowledge of and experience with the client.
As to be expected, considerably more effort is needed to adequately plan an initial audit than a recurring audit.
Preliminary Engagement Activities
The auditor should perform the following activities at the beginning of the audit:
- Perform procedures regarding the continuance of the client relationship and the specific audit engagement,
- Determine compliance with independence and ethics requirements, and
- Establish an understanding of the terms of the audit engagement with the audit committee.
The nature and extent of planning activities that are necessary depending on the size and complexity of the company, the auditor’s previous experience with the company, and changes in circumstances that occur during the audit.
When developing the audit strategy and audit plan, the auditor should evaluate whether the following matters are important to the company’s financial statements and internal control over financial reporting and, if so, how they will affect the auditor’s procedures:
- Knowledge of the company’s internal control over financial reporting obtained during other engagements performed by the auditor;
- Matters affecting the industry in which the company operates, such as financial reporting practices, economic conditions, laws and regulations, and technological changes;
- Matters relating to the company’s business, including its organization, operating characteristics, and capital structure;
- The extent of recent changes, if any, in the company, its operations, or its internal control over financial reporting;
- The auditor’s preliminary judgments about materiality, risk, and, in integrated audits, other factors relating to the determination of material weaknesses;
- Control deficiencies previously communicated to the audit committee or management;
- Legal or regulatory matters of which the company is aware;
- The type and extent of available evidence related to the effectiveness of the company’s internal control over financial reporting;
- Preliminary judgments about the effectiveness of internal control over financial reporting;
- Public information about the company relevant to the evaluation of the likelihood of material financial statement misstatements and the effectiveness of the company’s internal control over financial reporting;
- Knowledge about risks related to the company evaluated as part of the auditor’s client acceptance and retention evaluation; and
- The relative complexity of the company’s operations.