The audit plan is a key procedure undertaken by the appointed auditor during an audit of financial statements. During this phase of the financial audit process, the auditor must develop a comprehensive understanding of the operations, structure, and environment of the client entity. This knowledge is required for the auditor to be reasonably able to identify certain transactions, events, and practices that may influence their independent judgements and conclusions regarding the entity’s financial statements.
When conducted in accordance with the auditing standards and best-practice procedures set by peak bodies and regulators, the audit plan phase of an audit of financial statements includes the following activities:
- Understanding the client entity in terms of it’s structure, operations, environment, and other relevant factors.
- Assessing the entity’s internal and key control systems, which will be used to examine assertions made in the financial statements.
- Calculating the risk of misstatements based on preliminary analytical reviews.
- Developing audit programs that reflect these initial assessments of risk and key control systems. and documenting the planned approach to the audit of the entity’s financial statements in an audit plan document.
- Ensuring that all activities relating to the audit plan are documented in the proposed audit plan, which will be modified and updated over the course of the engagement as required
The Australian auditing standard ASA 300 (Planning an audit of a financial report) requires the appointed auditor to conduct the audit plan in a standardised fashion, and to ensure that all work performed on the audit plan is documented. The size and complexity of an audit plan will reflect the overall scope and nature of the client entity and the work involved in performing an audit of their financial statements. Therefore, as a reflection of the differences between entities with a financial audit reporting requirement, this component of the audit process will vary in the time taken to perform the required work and to prepare a proposed audit plan.
The Australian Auditing Standards require an appointed auditor to understand the entity under audit, and its environment, so that any relevant risks of material misstatements may be identified and assessed. Information obtained by the auditor in their attempts to adequately understand the entity will be documented and compiled in the proposed audit plan. The following are examples of information required to satisfy the auditing standards, and therefore the entity’s reporting requirements, though bear in mind that these are examples only:
- The nature of the client entity, including its accounting practices and policies, as well as its regulatory and industry environment.
- Strategies, objectives, and related risks.
- Internal control systems, staffing, budgets, assets.
- Understanding of critical audit objectives, reporting deadlines, and other responsibilities that relate to the audit of financial statements.
- Measurements and reviews of performance.
To comply with the auditing standards and deliver an auditor’s report that meets an entity’s requirements, the auditor will also need to consider the appropriateness of these requirements for the entity’s business. For example, is the entity’s financial reporting procedure consistent with industry policies and standards? Do these practices reflect the entity’s business operations, investment activities, ownership / governance arrangements, as well as it’s structure and financing? What accounting policies are in place, for example, the accounting methods used for unusual or significant transactions? Are there any new standards for financial reporting, or other laws / regulations that affect the entity and have appropriate changes in accounting policy been made? It is from this perspective that the appointed auditor is required to approach the task of understanding the client entity to maintain compliance with the auditing standards.
Analytical procedures are a key feature of the audit process that is first performed during the audit plan phase. To gain an understanding of what is reflected in the entity’s financial statements, and to draft a proposed audit plan, analytical procedures are performed by the auditor to test basic assertions made in the financial statements. Such basic assertions include what has and has not changed in regard to the entity’s financial position, including the direction and value of any changes. Analytical procedures are used to identify trends and areas of particular importance within the relevant financial information so that the auditor may adjust the scope and nature of the audit so that possible audit risks are reduced to an acceptably low level.
At this phase of the audit process, the auditor is not required to corroborate figures as part preliminary analytical procedures. Instead, the auditor is conducting a preliminary investigation of the entity’s financial information to identify any gaps or inconsistencies in their knowledge of the entity and its activities during the period under audit. The aim of the audit plan, including preliminary analytical procedures and risk assessment activities, is to minimise what is called audit risk.
Audit risk is the possibility that the auditor reaches an inappropriate conclusion and forms an opinion that fails to reflect the real or possible presence of a material misstatement in the financial statements. Independent auditors are required to conduct each audit engagement so that reasonable assurance may be delivered to the users of the financial statements, therefore, auditors are obligated to reduce the audit risk to a level deemed acceptable for assurance purposes. This obligation to reduce audit risk is reflected in the audit plan phase of the audit process, as this phase will vary in its complexity and the time it consumes in accordance with the level of audit risk involved in the engagement.