Audit planning stages?

claire1985 …

Because you say you’re “confused”, I feel bound to go even beyond your specific answers, in a bid to to aid your digestion.

To start with, one of your questions has a little prob, but let me just answer it as to satisfy your ultimate worry….

– “Is the audit strategy before audit planning?” …… AUDIT STRATEGY is just one of the final products/outcomes of AUDIT PLANNING (just like the audit report is the outcome of the overall audit process). It is like a document with comments on it.
– “Risk assessment & understanding of client” … are at the CORE of AUDIT PLANNING. They are the main reason for carrying out the planning because they determine how the future stages (e.g tests) of the audit will be like, and also make review possible. So “Risk assessment & understanding of client” are actually what guide the auditor into drawing his audit strategy and plan. Brief, THERE’S NO “AUDIT PLANNING” after the strategy … that stage has just been passed, and that’s why you even have the strategy!!

NOTE:
Audit planning is a very key part of the general audit process. It is even an ISA requirement for auditors to plan their work and state in their reports that the work had been planned …

Besides the regulatory requirements, WHY are audits necessarily planned? … Because PAPA RU says so (that’s a mnemonic) …

-Potential problems are identified in the process
-Appropriate attention is given to the key areas for the audit, Preparation of a detailed audit approach is realised,
-Preparation of a detailed audit approach (Procedural? …Risk-based?) is achieved.
-Administrative decisions like staffing and time needed for the audit get made.

– Review is made possible.
-Understanding (initial) of the entity and its env are updated and risk assessment is done.

# Stages of audit planning:
I’m not very familiar with this area, but I can assure you that central to audit planning are 2 things:

1-Understanding the entity/client and its environment
2-Risk assessment.

Try to grab other knowledge as to how these are done, and their importance to the audit and auditor. It’s a broad knowledge area, but let me try:

a) -Matters to consider when Understanding the entity are stuff like Internal control of entity, its nature, regulatory and other external factors, financial performance measurement and review, investments, financing, objectives and strategies etc
b) – When you talk about Risk assessment, begin to think of the kinds of risk for the entity (Business risk) and for the auditor (audit risk – check AR=IR X CR X DR.), and their sub-classifications. Auditors will aim to minimise DR (the only risk which they can control) so as to counteract high IR and CR (which are not controllable by them, but withing the responsibility of management and those charged with governance). Generally, because the entity could be under some circumstances such as the setting out to implement new accounting policies, poor morale of employees, rapid growth, new ventures/products, change of director etc, it is susceptible to errors being made (maybe due to non-effective implementation, lack of adequate knowledge in the area etc) and ending up in the FS’s. Also, misstatements may be done due to fraud and painstakingly concealed by the perpetrators such as management/employees. The auditor usually uses professional scepticism, which means that he’s not asserting that the FS’s are faulty (fraud/error), BUT is not also dismissing the possibility!

To assess risks, the auditor usually takes a SORE approach (Mnemonic). I have rearranged to make the mnemonic sound familiar (e.g a point such as “Other relevant information is considered” should be last) …

-Specific fraud risk factors are considered
-Other relevant information is considered,
-Results of Analytical procedures are considered
-Enquiries (about known or suspected fraud) about management and those charged with governance are made.

So risk assessment/evaluation will involve the AEIOU procedures (Mnemonic) ….. Analytical procedures (ratio analysis), Enquiry, Inspection, Observation, and recalcUlation. These will help to identify and access susceptibility and level of risk the entity is exposed to. Materiality will then come in play to set a minimum level which would be deemed by the audit team to be enough to influence the economic decisions of the addressees of the FS’s which (decisions) are based on these FS’s. Setting materiality is a subjective issue, but mostly, it could be set at say a percentage (e.g 0.5-1%) of profit margin or ROI etc. You must know that the materiality is usually on basis of the “relative” rather than the “absolute” effect of misstated figures on the FS’s. E.g. If profits are $40million, a $1000 understatement of inventory may not be considered material. But you also have materiality based on incidence etc. Check those. Note also what auditors deem as “significant risks”. Just try to read these procedures/facts from somewhere. So the auditor tries to reduce the audit risk (AR) [risk that there are material misstatements in the first place (IR), and that he doesn’t detect them (DR)] to an acceptable level, and this planning stage is key. There is usually an audit planning meeting where e.g. the audit partner will check that the planning work was properly done.

Now, note that at the END of the Planning stage, there are 2 main products (documents), and this is where AUDIT STRATEGY comes in.

1) The Audit strategy is a general/OVERALL strategy on how the audit will be carried out (after they have gone through their UNDERSTANDING and RISK ASSESSMENT of the client). From the word OVERALL, you can infer that this document is not detailed.
2) The Audit plan, which is detailed and which carries instructions to the audit team members as to how they will go about the audit in the later stages.

These 2 documents are the property of the auditor, and should be kept in a safe place.
Remember also that it’s a requirement for audits to be DOCUMENTED. There are also many personal benefits (for themselves) classified under Current and Future benefits (we’ll skip that).

# Mnemonic to remember the elements typically present in an Audit Plan/Strategy: MARKSAT

Materiality levels, Analytical procedures (e.g. ratios found), Risk (IR x CR x DR), Knowledge of business, Staffing (number and skills required), Audit approach (procedural or risk based), Timing of the audit.

Note that the BOTS (Mnemonic) – Budgets and fees, Other matters, Terms of engagement and Special audit problems identified – are usually included. So u can extend your mnemonic to MARKSAT BOTS. (Aid memo: Maybe BOTS is a friend of yours whom you’re instructing to MARK the SAT test!)

NB: These (MARKSAT BOTS) will be in form of COMMENTS on the Audit plan/strategy.

I hope that could give you a general idea of this stage of the audit (Planning)! Actually, there is a lot of depth in this area!