Audit planning is a major part of audit work for both internal and external audits. Good audit planning will help the auditor to minimize its risks, improve audit efficiency, and meet its objective at the minimum effort.
Auditors are required to prepare a proper audit plan to ensure that all audit risks are identified and correct audit strategies are deployed to detect all concerning risk areas.
It is essential for the auditor to prepare a good strategic audit plan. If the plan is well prepared, all kind of audit risks is identified and detected.
This will help the auditor to minimize the audit risks of issuing an incorrect opinion to financial statements.
In this article, we will discuss what should auditors do during their audit planning stages and the significant tips for doing the correct audit plan.
We divide the audit plan into two main important parts according to the international standard on auditing: Pre-audit activities and Audit Activities.
In case you want to discover more, ISA 300 is the standard for the planning of audit engagement for your reference. Okay, now let’s start with audit pre-activities.
Before Audit (Pre-audit activities):
Pre-audit activities are also the importance of audit plan and in this stage, as required by the standard, the auditor should:
- Perform client due diligence to make sure that the auditor fully understands the client’s nature of the business, sources of funds, and its major activities. This is to avoid engaging with the client that involved illegal activities or money laundering.
- Perform an understanding of client and firm to ensure that there is a major conflict of interest and independence that could affect audit works. Maintaining audit independence is very important to ensure the quality of audit opinion.
- Consider client integrity before accepting the audit engagements.
- Understand the term and conditions of audit engagement before accepting to avoid any conflict.
At this stage, the auditor requires to establish an overall audit strategy that sets the scope, timing, and audit direction and guides the development of the audit plan.
This is to ensure that the audit plan reflects the scope, and nature of engagement. Here is the list of things that auditors should do during the audit plan.
Identify the Characteristics of Audit Engagement:
The auditor should identify the characteristics of the engagement that define its scope.
For example, Audit the client’s financial statements or review the client’s financial statements for a specific period. This is very important.
Most audit firms document this in the audit engagement letter. If the audit fails to identify this in the audit plan, the audit report that the auditor releases might not the one that the client needs.
Also, the different types of audit engagement might have a different levels of assurance.
For example, reasonable assurance required the auditor to perform their testing detail and much more detail than the review or compile financial statements.
A review engagement is a limited assurance and that means less assurance is provided.
The reasonable assurance engagement might be for the purpose of the statutory requirement or shareholder requirement. Yet, the review engagement is probably for the purpose of bank requests.
Defined Report Requirement:
The audit report is very important and the auditor should identify the objective of using audit reports and the time required.
For example, what is the report using? And probably who going to receive, and access the audit report. This point should also document in the engagement letter.
This is also related to the point above. Let’s say, the company is required by law to have financial statements audited by a CPA firm annually. This engagement is called reasonable assurance engagement.
The timeline of the report is also an important part of the audit plan. If the time is not sufficient, auditors should assess the impact of audit quality as a result of this.
In this planning stage, the auditor should assess if the timeline is sufficient enough for them to perform their work as well as manage their resources.
Negotiating with the client to have enough time for auditing is the best option; however, if the client does not agree then the auditor should consider whether the allowable timeline really adversely affects the quality of the report.
In case, the quality of the audit is impaired to the level that could not accept, then the auditor should consider withdrawing from the engagement.
Assess Conflict of Interest:
Consider if there are any factors that could affect the audit team member’s professional judgment and subsequently the quality of the audit report.
For example, there is a conflict of interest between team members and clients. Team member uses to be staff in Finance Departments or clients is the prospective employer of some of the members.
Normally, auditors request team members to sign on the Independence Confirmation Form or Conflict of Interest Form.
And if there is a conflict of interest, an assessment should perform to identify how seriously it is and the assessment should document and keep properly.
In case, the result of the assessment found the conflict of interest is high, for example, if the team leader of the audit team is the manager of the finance team, then he should not allow leading the team.
And all of his works related to this engagement should review again by other independent managers.
Assess Resource Requirement:
The success of audit engagement and the good quality of audit reports depend significantly on the audit resources. These include the number of audit team members, qualifications, and experiences.
There is a number of questions to be asked when assessing audit resources requirement, for example:
- How many audit team members are required for the engagement?
- Does the team member have experience in auditing such an industry?
- When will the audit work start and when will the report require?
- Where is the client’s office location? And do we need to have a lot of traveling?
There are many other questions to be asked depending on the characteristic of audit engagements.
The audit should also ensure that team members understand the nature of engagement or audit. This is probably done by having a team meeting.
If audit resources are not sufficient to conduct audit engagements, then the auditor should negotiate with the client to extend the timeline so that resources could properly manage, or withdraw from the engagement.
Risk assessment is also one of the most important parts of the audit plan and it is also the requirement of the International Standard of Auditing.
The auditor should perform risk assessments by reviewing from control environments which is the big picture of the control activities of each key process and procedure.
Control over financial reporting is the key area to be reviewed and validated. If the control is not strong enough, the audit approach might be changed.
The auditor should not rely on the control and they should consider reviewing the transaction and event in detail. In such a case, auditors should consider using a substantive approach to audit financial statements.
Fraud assessment is also an important part of this planning and auditors should assess the risks of material misstatement not only because of error but also fraud.
Fraud detection is not the auditor’s primary responsibility but assessing the risks of fraud is part of the auditing requirement.
A risk assessment procedure could be adopted from the COSO framework or other frameworks as necessary.
Audit planning is a critical part of audit work and performing the correct audit plan could be the factor that leads to the success of audit engagement. The key areas to be included in the plan are:
- Conducts proper risks assessments including risks of error and fraud
- Properly assess the resources requirement
- Properly identified the engagement characteristic
- Correctly identified report requirement and timeline
- Properly assess the conflict of interest
Written by Sinra