Planning Master Class

The objective and general principles of planning an audit engagement.

1. Purpose of Planning

Audits are complex and potentially risky, making planning essential. According to ISA 300, the objective is to plan the audit so it is performed in an effective and efficient manner. Planning helps auditors devote attention to important areas, resolve potential problems, and reduce the risk of issuing an inappropriate audit opinion.

Strategic Maneuvering: The "Why" of Auditing

Exam questions often test your understanding of why auditors do what they do. Explaining the benefits of planning—such as increasing efficiency, selecting the right team, and reducing risk—shows a deeper understanding than simply stating what a plan contains.

2. Audit Strategy vs. Audit Plan

The planning process involves two key documents: the audit strategy and the audit plan.

The Audit Strategy: This sets the scope, timing, and direction of the audit. It is a high-level document that outlines the overall approach. It determines the resources needed and when they should be deployed.

The Audit Plan: This is a more detailed, specific document that describes the nature, timing, and extent of the audit procedures to be performed. It's the operational guide for the audit team, detailing who does what, when, and how.

3. Interim and Final Audit

Audits can be performed in two stages to improve efficiency and risk management. The interim audit takes place before the year-end, while the final audit occurs after the year-end. This is particularly useful for larger, more complex clients.

Work Performed

  • Interim Audit: Auditors document and test internal control systems, perform transaction testing for the year to date, and assess risks for the final audit.
  • Final Audit: Auditors focus on year-end balances, journals, and completion procedures like going concern reviews and subsequent events testing.

4. Fraud and Error (ISA 240)

A misstatement can be caused by either fraud (intentional) or error (unintentional). The primary responsibility for preventing and detecting fraud lies with management. The auditor's role is to obtain reasonable assurance that the financial statements are free from material misstatement, regardless of its cause.

Exam Focus: Auditor vs. Management Responsibility

Do not confuse the auditor's responsibility with management's. Management's role is prevention and detection through internal controls. The auditor's role is to assess the risk of fraud and respond with appropriate audit procedures. You are not responsible for detecting every fraud.

5. Quality Control (ISA 220) and Documentation (ISA 230)

Quality Control: ISA 220 requires audit firms to have a system of quality control. The **engagement partner** is ultimately responsible for the overall quality of the audit. For listed companies, an **Engagement Quality Control Review (EQCR)** is mandatory to provide an objective review of the audit work before the report is issued.

Audit Documentation: ISA 230 requires auditors to prepare and maintain documentation (working papers) that provides evidence of the audit work performed and the conclusions reached. This documentation should be sufficient for an experienced auditor to understand the audit without prior knowledge of the client.

Test Your Understanding Questions and Solutions

Test your understanding 1

You have recently been assigned as audit senior for the audit of Rock Co for the year-ending 31 August 20X5. Your firm has audited this company for a number of years but this is the first year you will have worked on this audit. Rock Co is a company listed on a stock exchange. Rock Co is engaged in the wholesale import, manufacture and distribution of basic cosmetics and toiletries for sale to a wide range of stores, under a variety of different brand names.

Required:

(a) Describe the procedures you will perform in order to obtain an understanding of Rock Co. (10 marks)

(b) You are now nearing the completion of the audit of Rock Co. You have been asked to perform a review of the audit file before it is passed to the audit manager and the audit engagement partner for their review. You have been asked to concentrate on the proper completion of the audit working papers. Some of the audit working papers have been produced electronically but all of them have been printed out for you. Describe the types of audit working papers you should expect to see in the audit file and the features of those working papers that show that they have been properly completed. (10 marks)

Solution:

(a) Procedures to obtain an understanding:

  • Review prior year working papers and speak with the previous audit manager.
  • Enquire with management about any significant changes to the business.
  • Perform analytical procedures on financial statements to identify unusual trends.
  • Review systems documentation and perform a walkthrough test to understand internal controls.

(b) Types and features of working papers:

Types: Systems documentation, constitutional documents, audit planning memos, audit programs, lead schedules, external confirmations, and the written representation letter.

Features: Each working paper should be clearly referenced, include the preparer's and reviewer's signatures and dates, state the objective of the work, and document the work performed and conclusions reached.

Test your understanding 2

You are the audit manager responsible for planning the audit of Rottnest Co. During the planning of the audit you have identified an increased risk of material misstatement due to fraud. The audit strategy and audit plan reflect this increased risk.

(1) Which of the following statements regarding fraud is TRUE?

A The auditor may not detect all material fraud in the financial statements but this won't necessarily mean the auditor has been negligent due to the nature of fraud and the likelihood of concealment

B The auditor must detect all material fraud in the financial statements

C The auditor must detect every fraud in the financial statements

D The auditor is not responsible for detecting fraud as this is management's responsibility

(2) If material misstatement as a result of fraud is detected during the audit, and is not corrected by management, how will this be communicated to the shareholders?

A The auditor must send a letter to the shareholders informing them of the fraud

B The auditor must speak at the annual general meeting and specifically inform them

C The auditor will report it to the police and the police will notify the shareholders

D Through the auditor's report as the opinion will be modified

(3) Which of the following procedures must the auditor perform to respond to the risk of fraud?

(i) The auditor must obtain written representation from management confirming they have disclosed all known and suspected frauds to the auditor.

(ii) The auditor must incorporate an unpredictable element into the design of their audit procedures.

(iii) The auditor must test year-end journal entries and estimates which may be used to manipulate the financial statements.

A (i) and (ii) only

B (i) and (iii) only

C (ii) and (iii) only

D (i), (ii) and (iii)

(4) Which of the following statements is TRUE in respect of the audit plan?

A The audit plan sets out the scope, direction and framework for the audit

B The audit plan contains the detailed audit procedures designed to obtain sufficient appropriate evidence including the objective of each procedure and the sample size to be tested

C The plan includes preliminary engagement activities such as materiality and risk assessment

D The audit plan is developed before the audit strategy

(5) Which matters will NOT be included in the audit strategy?

A Risk assessment and materiality

B Communications with the client

C Specific audit procedures to respond to the risks assessed

D The need for professional scepticism

Solution:

  • (1) A: Due to the nature of fraud and concealment, auditors cannot guarantee all material fraud will be detected.
  • (2) D: Misstatements, including those from fraud, are communicated to shareholders through a modified opinion in the auditor's report.
  • (3) D: All three are mandatory procedures for the auditor to respond to the risk of fraud under ISA 240.
  • (4) B: The audit plan is the detailed document containing specific procedures, while the audit strategy is the high-level framework.
  • (5) C: Specific audit procedures are part of the detailed audit plan, not the high-level audit strategy.