OVERVIEW
Objective
¾
To describe the process of establishing the audit strategy and plan – the objectives, scope and critical aspects of an audit.PLANNING [ISA 300]
¾ Scope
¾ Objectives
¾ Planning cycle
¾ Planning activities
THE AUDIT STRATEGY PRELIMINARY
ENGAGEMENT ACTIVITIES
¾ Rational
¾ Basic approach
THE AUDIT PLAN
¾ Rationale
¾ Content
¾ Changes to planning decisions
DOCUMENTATION
¾ Audit strategy
¾ Audit plan
¾ Changes to the audit strategy and audit plan.
MANAGEMENT COMMUNICATION ¾ Rationale
¾ Establishing the strategy
¾ Ascertaining and planning resources
¾ Timetable
DIRECTION, SUPERVISION AND REVIEW ¾ Direction
¾ Supervision
1
PLANNING
[ISA 300]
1.1
Scope
¾
Audit work should be planned so that the audit will be performed in an effective manner. Planning entails developing: the overall audit strategy setting the scope, timing and direction of the audit; and
a detailed approach for the nature, timing and extent of audit procedures in order to reduce audit risk to an acceptable low level – the audit plan.
¾
The engagement partner and other key engagement team members must be involved in planning the audit, including any discussions among other engagement team members concerning developing the strategy and plan. The engagement partner must take full responsibility for the audit strategy and plan.1.2
Objectives
To devote appropriate attention to important areas
To identify potential problems and resolve on a timely basis
To organise and manage the engagement in an effective and efficient way
To assist in
assigning, directing supervising and reviewing audit work
¾
Audit planning sets the tone and direction of the audit. It ensures that the right resources are allocated to high risk areas at the appropriate time.¾
Basically, the auditor requires a thorough understanding of the entity, its environment and the risk of material misstatement within the financial statements to effectively plan (see Session 9)1.3
Planning cycle
¾
Planning is not just the initial phase of an audit, but a continuing process that will begin shortly after the completion of the previous audit and continues until the completion of the current audit engagement.¾
For example: When a final audit is completed, planning for any interim audit of the next audit cycle will commence.
Inventory observation procedures, continuous (perpetual) or year end, and other audit procedures that will be more efficient and effective to carry out at or before the year end (e.g. non-current asset inspections, circularisation).
Re-assessment of the audit strategy and plan to take into account errors and other factors that arise during audit procedures (e.g. re-assess risk and materiality).
1.4
Planning activities
¾
Planning activities include: Initial evaluation of the ability to continue to carry out the audit of the client (referred to as “preliminary engagement activities”). For example, client relationship, ethical requirements, up to date and relevant engagement letter.
Developing the overall audit strategy (scope, timing and direction of the audit) by considering, for example:
−
the reporting framework−
governance procedures−
reporting objectives−
key dates−
the nature of the business−
changes within the business environment,−
financial statement risk−
material areas−
operating effectiveness of internal control Developing the detailed audit plan to:
−
show the nature, timing and extent of audit procedures to enable the auditor to understand the entity and its environment, including control procedures;−
assess the risks of material misstatement in the financial statements; and−
enable sufficient, appropriate audit evidence to be obtained on which to base the audit opinion. Establishing the resources required in terms of, for example, audit team members, their experience, the use of external experts and time budgets.
Changing, as necessary, the audit strategy and the audit plan as the audit progresses.
Direction, supervision and review of the audit team (which will depend on the nature of the audit, the assessed risk of material misstatement and the experience of each audit team member).
Documentation of the strategy, audit plan, audit work, results and conclusions arising from that work and the overall conclusion.
¾
The audit plan begins by planning the risk assessment procedures and, once these procedures have been performed, is updated and changed to reflect the further audit procedures needed to respond to the results of the risk assessments.2
PRELIMINARY ENGAGEMENT ACTIVITIES
2.1
Rationale
¾
Performing preliminary engagement activities helps to ensure that the auditor has considered events or circumstances that may adversely affect their ability to perform the audit engagement.¾
These activities help the auditor plan to ensure that: the necessary independence and ability to perform the engagement is maintained;
there are no issues with management integrity that may affect the continuation of the engagement;
there are no misunderstandings with the client regarding the terms of the engagement.
2.2
Basic approach
¾
At the end of the current audit, as part of the audit completion procedures, the auditor confirms that there were no matters arising during the audit to cast doubt over his ability to conduct the audit and sign the audit report, (e.g. independence, technical competence).¾
This approach is ”rolled forward” to the planning of the next audit assignment. This includes consideration of any factors arising during the last audit, and since thecompletion of that audit, that would cast doubt on the ability to re-accept appointment (e.g. loss of key expertise that was specific for that client, change in integrity of
management).
¾
In some jurisdictions, the auditor is required to put himself forward for re-appointment at the entity’s annual general meeting. To do so, he must be able to demonstrate that he has considered his ability to continue to act as auditor to the entity.¾
Preliminary activities include: re-assessing the client relationship and integrity of the entity’s management, eg do they wish to continue to act for that client;
evaluating compliance with ethical requirements, including independence, of the firm, partners and proposed assignment staff;
reviewing the terms of the engagement to ensure that they are up to date and reflect any changes in the entity’s circumstances, business, legal or regulatory environment (e.g. new reporting requirements under the entity’s operating
¾
Whilst the planning ISA refers to preliminary engagement activities, changes in client continuance and ethical requirements, including independence, may occur throughout the performance of the audit engagement.¾
The impact on the ability of the auditor to continue with the engagement or the need for additional safeguards, must always be considered.3
THE AUDIT STRATEGY
3.1
Rationale
¾
The overall audit strategy sets the scope, timing and direction of the audit, and helps guide the development of the more detailed audit plan.3.2
Establishing the strategy
¾
Determine the scope of the audit engagement, eg: the financial reporting framework used;
industry-specific law and regulation requirements; governance requirements;
locations of the components of the entity (may have different requirements).
¾
Ascertain the reporting objectives, timing of the audit and communications required, eg: deadlines for interim and final reporting;
key dates for expected communications with management and those charged with governance.
¾
Establish the direction of the audit, eg: determination of appropriate materiality levels;
preliminary identification of areas where there may be higher risks of material misstatement;
preliminary identification of material components and account balances;
evaluation of whether the auditor may plan to rely on the effectiveness of internal control;
identification of recent, industry, financial reporting or other relevant developments impacting upon the entity.
¾
In developing the audit strategy, the auditor also considers the results of preliminary engagement activities and, where practicable, experience gained on other engagements performed for the entity.Example 1
Solution
¾
¾
¾
¾
¾
¾
¾
¾
¾
3.3
Ascertaining and planning resources
¾
The process of establishing the audit strategy helps the auditor to ascertain the nature, timing and extent of resources necessary to perform the engagement, eg; the use of appropriately experienced team members for high risk areas or the involvement of experts on complex matters;
the number of team members assigned to observe the inventory count at material locations;
the hours to allocate to the audit of high risk areas, material areas, the planning process itself, control testing, review and completion;
when these resources are deployed at interim audit (e.g. pre year end
circularisation), at the year end (e.g. inventory observation) and final audit; how such resources are managed, directed and supervised. For example:
−
timing of team briefing and debriefing meetings;−
timing and location of senior, manager and partner reviews of the audit process; and3.4
Timetable
¾
A “traditional audit” is generally considered to have three discrete phases: interim, year-end and final.1st January
Financial statements
issued End of
reporting period 31st Dec. Interim visit
– eg tests of controls
Audit planning (including preliminary
analytical procedures)
Substantive procedures – year end and final audits Prior year audit
completion
¾
However, a more proactive approach to providing client services would be to regard the audit as just one part of an on-going client service process, e.g. continuously updating the understanding of the entity, continuously reacting to changes in the entity’s environment, continuously advising the client. Audit planning is always ongoing as part of the overall client service process.¾
In addition, with embodied monitoring systems, on-line trading and other continuous computer systems, the effectiveness of controls may need to be continuously assessed, i.e. continuous auditing.3.4.1
Interim audit
¾
Typically concentrates on documenting systems, evaluating and testing controls (e.g. over sales, purchases, wages cycles).¾
One of the advantages of conducting an interim audit is that it should reduce time pressure at the final audit. Also, client’s staff may be less busy (than when they, too, are meeting reporting deadlines).¾
Any “gap” period between the interim audit and year end may be supplemented by the extension of tests of control and/or the use of analytical procedures.3.4.2
Year-end
¾
For clients holding material amounts of inventories (e.g. retailers, manufacturers) there will usually be a physical counting of inventory at the year end. This must be attended by the auditor. Where a year-end count is not practicable it may be conducted before the end of the reporting period and supplemented with “roll forward” tests (see Session 23).¾
Bank confirmation letters (see Session 25) will be organised shortly after the year end to ensure replies are received before the final audit. Other external confirmations may also be organised (eg receivable circularisation sent with the client’s month end statements, see Session 24) to ensure replies received before the final audit.3.4.3
Final audit
¾
Procedures are mainly of a substantive nature (analytical procedures and tests of detail) with an emphasis on existence and valuation. Tests on items selected at the year end are followed up (e.g. confirming recoverability of trade accounts receivable).¾
Where there is a tight year end reporting deadline, eg one month after the year end, some final audit procedures (eg analytical review, receivables and payables) may be carried out just prior to the year end (eg one month before) and “rolled forward” to the year end.4
THE AUDIT PLAN
4.1
Rationale
The auditor should develop an audit plan for the audit in order to reduce audit risk to an acceptably low level.
¾
The audit plan should be developed once the audit strategy has been established. It will address the various matters identified in the audit strategy, taking into account the need to achieve the audit objectives through the efficient use of the auditor’s resources.¾
It is more detailed than the audit strategy and includes the nature, timing and extent of audit procedures to be performed by the engagement team members in order to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.¾
In other words, often referred to as the audit work programme.4.2
Content
¾
A description of the nature, timing and extent of planned risk assessment procedures. These procedures must be sufficient to assess the risks of material misstatement in accordance with ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment (see Session 9).¾
A description of the nature, timing and extent of planned audit procedures at theassertion level for each material class of transactions, account balance, and disclosure, as determined under ISA 330, “The Auditor’s Procedures in Response to Assessed Risks” including;
audit procedures, if required, to test the operating effectiveness of controls; and the nature, timing and extent of planned substantive procedures.
¾
Appendix 3 contains examples of various work programmes.4.3
Changes to planning decisions
¾
Planning is a continuous process. The results of the interim audit will impact the plan for the year end work, the results of which (together with the interim audit) will impact the final audit strategy and plan.¾
The auditor will also need to change the audit strategy and audit plan to take into account events as they unfold, for example: unexpected events (e.g. loss of a key member of the entity’s management team);
changes in the entity’s environment (e.g. a regulator’s report requiring changes to be made to the entity’s procedures); and
unexpected results from audit procedures (e.g. the results of substantive
procedures contradict the evidence obtained through the testing of the operating effectiveness of controls).
¾
As a result of such events, materiality and financial statement risk, for example, may need to be re-assessed and the planned nature, timing and extent of audit procedures reconsidered.5
DIRECTION, SUPERVISION AND REVIEW
¾
The nature, timing and extent of the direction and supervision of engagement team members and the review of their work must be planned.¾
The nature, timing and extent of direction and supervision is based on the assessed risk of material misstatement and the level of experience of the audit team member.5.1
Direction
¾
Direction of the audit staff by, for example, the audit engagement partner/manager covers, for example: individual team member responsibilities;
the nature of the entity’s business and its environment; risk-related issues;
problems that may arise;
detailed approach to the performance of the audit; and the administration of the audit.
5.2
Supervision
¾
Supervision covers, for example: ensuring individual audit team members have sufficient direction to carry out their responsibilities, e.g. by the audit senior as each team member starts a new audit section;
ensuring that the audit plan is being adhered to by the audit team members;
addressing significant issues as they arise during the audit, e.g. by the audit senior; and
informing senior members of the audit team when their knowledge and experience will expedite an appropriate solution, e.g. audit senior to audit manager/partner; providing appropriate, timely feedback to senior members of the audit team.
5.3
Review
¾
Review responsibilities are determined on the basis of the firm’s quality control policy. Generally, more experienced team members, including the engagement partner, review the work performed by less experienced team members: Senior reviews the work of assistants; Manager reviews the work of the senior; Engagement partner reviews the overall audit.
6
DOCUMENTATION
The auditor should document the overall audit strategy and the audit plan, including any significant changes made during the audit engagement.
6.1
Audit strategy
¾
Documenting the overall audit strategy records the key decisions considered necessary to properly plan the audit and to communicate significant matters to the engagement team.¾
For example, the overall audit strategy may be summarised in the form of a planning memorandum that contains key decisions regarding the overall scope, timing and conduct of the audit.6.2
Audit plan
¾
The documentation of the audit plan must be sufficient to demonstrate the planned nature, timing and extent of: the risk assessment procedures (see Session 9);
the audit procedures (e.g. tests of controls, substantive tests, analytical review procedures, going concern, review and completion) to be carried out on each material class of transaction, account balance, and disclosures in response to the assessed risks; and
¾
Standard pre-printed audit programs and audit completion checklists are often used. However, such programs and checklists must be tailored to suit each client’scircumstances.
6.3
Changes to the audit strategy and audit plan
¾
When the original audit strategy and audit plan are updated the reasons for the changes and the auditor’s response to the events, conditions, or results of audit procedures that resulted in such changes, must be documented as part of updating the strategy and plan.¾
For example, when the testing of control procedures is no longer considered necessary, or additional audit tests are added to the work programme because of the discovery of a material misstatement, the reasons for these changes must be documented.¾
Basically, the audit file has to support the audit opinion.7
COMMUNICATION WITH THOSE CHARGED WITH
GOVERNANCE AND MANAGEMENT
¾
The auditor will usually discuss elements of planning with those charged with governance and the entity’s management.¾
The discussions may be a part of the overall communications required to be made to those charged with governance of the entity (in accordance with regulatoryrequirements) or may be made to improve the effectiveness and efficiency of the audit.
¾
Discussions with those charged with governance include the overall audit strategy and timing of the audit. Any expected limitations or additional requirements would also be discussed (see Session 3).¾
Discussions with management are essential to help the conduct and management of the audit engagement, e.g. to coordinate some of the planned audit procedures with the work of the entity’s personnel, agree dates for client deliverables.¾
Although these discussions often occur, the overall audit strategy and the audit plan remain the auditor’s responsibility. When discussions with management of matters included in the overall audit strategy or audit plan occur, care is required in order not to compromise the effectiveness of the audit.FOCUS
You should now be able to:
¾
identify and explain the need for planning an audit;¾
identify and describe the need to plan and perform audits with an attitude of professional scepticism;¾
identify and describe the contents of the overall audit strategy and audit plan;¾
explain and describe the relationship between the overall audit strategy and the audit plan;¾
develop and document an audit plan; andEXAMPLE SOLUTION
Solution 1 — Audit strategy
¾
Scope Reliance on the work of internal auditors.
The entity’s use of service organizations and how the auditor may obtain evidence concerning the design or operation of controls performed by them.
Audit evidence obtained in prior audits, for example, audit evidence related to risk assessment procedures and tests of controls.
The potential use of computer-assisted audit techniques and the availability of data from the client’s systems.
The use of reviews of interim financial information and the impact on the audit of the information obtained during such reviews.
The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity.
The availability of client personnel and data.
¾
Timing of the audit The entity’s timetable for reporting at interim and final stages.
The expected nature and timing of communications among engagement team members, including the nature and timing of team meetings and timing of the review of work performed.
The organization of meetings with management and those charged with governance to discuss the nature, extent and timing of the audit work.
¾
Communications Discussions with management (and those charged with governance) identifying the type and timing of reports (written and oral) to be issued, e.g.:
−
the auditor’s report;−
management letters; and−
communications to those charged with governance. Discussions with management identifying feedback required throughout the engagement and the expected deliverables.
¾
Audit direction Identifying material components, account balances and audit areas where there is a higher risk of material misstatement.
The impact of the assessed risk of material misstatement at the overall financial statement level on direction, supervision and review.
The selection of the engagement team, the assignment of audit work to the team members and the engagement budgeting.
Results of previous audits that involved evaluating the operating effectiveness of internal control, including the nature of identified weaknesses and action taken to address them.
Evidence of management’s commitment to the design and operation of sound internal control (including evidence of appropriate documentation of such internal control) and the importance attached to internal control throughout the entity to the successful operation of the business.
Volume and nature of transactions, which may determine whether it is more efficient for the auditor to rely on internal control.
Significant business developments affecting the entity, including changes in information technology, business processes and key management.
Significant industry developments, e.g. changes in industry regulations and new reporting requirements.
Significant changes in the financial reporting framework, e.g. changes in accounting standards.
