Planning the Audit
Audit planning is the foundation of every effective audit. A well-planned audit is more likely to identify material misstatements, allocate resources efficiently, and be completed on time. Planning is not a one-time activity—it is an iterative process that begins early and continues throughout the engagement as the auditor gathers new information and reassesses risk.
This section covers the distinction between the audit strategy and audit plan, the nature and organization of audit documentation, the engagement partner's responsibilities, the key factors affecting planning, and the critical concept of financial statement assertions.
Audit planning is governed by AU-C 300 (AICPA) for nonissuers and AS 2101 (PCAOB) for issuers. Both standards require the auditor to plan the audit so that it is performed effectively.
Audit Strategy vs. Audit Plan
Although the terms are sometimes used interchangeably in casual conversation, the overall audit strategy and the audit plan serve distinct purposes.
Overall Audit Strategy
The audit strategy is the high-level roadmap for the engagement. It sets the scope, timing, and direction of the audit and guides the development of the more detailed audit plan. Key elements include:
- Scope of the audit — Which entities, locations, or components are covered?
- Reporting objectives — What type of opinion does the auditor expect to issue?
- Timing — When will fieldwork occur? What are the interim and year-end dates?
- Significant factors — Known risks, industry conditions, or changes in the entity that will influence the audit approach
- Resource allocation — How many staff members are needed? What level of expertise is required? Will specialists be used?
Audit Plan
The audit plan is more detailed than the strategy and translates the strategy into specific procedures. It describes:
- The nature, timing, and extent (NTE) of planned risk assessment procedures
- The nature, timing, and extent of planned further audit procedures (tests of controls and substantive procedures) at the assertion level
- Any other planned procedures required by auditing standards
Think of the audit strategy as the "what and why" and the audit plan as the "how." The strategy decides the direction; the plan fills in the details. Both must be documented, and both may be updated as the audit progresses.
Example: The engagement partner at Gies Co.'s audit firm develops the overall audit strategy: the audit will cover all five operating segments, fieldwork will begin October 15 with interim testing and conclude in February after year-end procedures, and two staff members with industry expertise will be assigned due to the complexity of the entity's revenue arrangements. The audit plan then details the specific procedures—such as testing revenue cutoff, vouching receivables, and performing inventory observations—for each segment.
Audit Documentation
Audit documentation (also called working papers or workpapers) is the written record of procedures performed, evidence obtained, and conclusions reached during the audit. Documentation serves multiple purposes: it supports the auditor's opinion, provides evidence of compliance with standards, facilitates supervision and review, and creates a record for future reference.
Current File vs. Permanent File
Audit documentation is typically organized into two categories:
| File Type | Contents | Examples |
|---|---|---|
| Current file | Documentation specific to the current year's audit | Lead schedules, trial balance, audit programs, confirmations, analytical procedures, management representation letter, adjusting journal entries |
| Permanent file | Information of continuing significance that carries over from year to year | Articles of incorporation, bylaws, organizational charts, long-term contracts, prior-year engagement letters, chart of accounts, internal control documentation |
Example: BIF Partners is auditing Kingfisher Industries. The permanent file includes Kingfisher's corporate charter, a copy of its long-term debt agreement with covenants, and an organizational chart. The current file includes this year's bank confirmations, detailed testing of accounts receivable, and the management representation letter dated as of the report date.
The permanent file reduces redundant documentation year after year. Rather than re-documenting the entity's organizational structure and legal formation each year, the auditor includes this information once in the permanent file and updates it only when changes occur.
Documentation Requirements
Under auditing standards, documentation must be sufficient to enable an experienced auditor with no prior connection to the engagement to understand:
- The nature, timing, and extent of procedures performed
- The results of those procedures and the audit evidence obtained
- Significant matters arising during the audit and the conclusions reached
- Who performed and reviewed the work, and the dates of performance and review
Assembly and Retention
- Assembly deadline — Documentation must be assembled into the final engagement file within 60 days after the report release date (for nonissuers under AICPA standards) or 45 days (for issuers under PCAOB standards)
- Retention period — Completed engagement files must be retained for a minimum of 5 years (AICPA) or 7 years (PCAOB) from the report release date
- No deletion after assembly — Once the file is assembled, documentation must not be deleted or discarded before the end of the retention period
Engagement Partner Responsibilities
The engagement partner bears ultimate responsibility for the audit. While the partner may delegate tasks to engagement team members, the partner cannot delegate responsibility.
Key responsibilities include:
- Overall quality of the engagement, including compliance with professional standards
- Direction, supervision, and review of the work of engagement team members
- Ensuring the audit report is appropriate given the circumstances
- Ensuring that the engagement team collectively possesses the appropriate competence and capabilities
- Being satisfied that the team has performed sufficient appropriate procedures to support the opinion
- Taking responsibility for proper consultation on difficult or contentious matters
Example: At MAS Inc., the engagement partner reviews the senior associate's testing of inventory valuation. The partner identifies that the sample size was insufficient given the assessed risk level and directs the team to expand testing. The engagement partner is ultimately responsible for ensuring the evidence supports the conclusions.
Factors Affecting Audit Planning
No two audits are the same. The auditor must tailor the planning process based on factors specific to each engagement.
Key Factors
| Factor | Planning Implication |
|---|---|
| Size and complexity of the entity | Larger, more complex entities require more staff, more time, and potentially more specialized expertise |
| Prior experience with the entity | Continuing engagements benefit from prior knowledge; first-year engagements require more extensive planning |
| Industry and regulatory environment | Entities in highly regulated industries (banking, healthcare) may require specialized procedures |
| Internal control effectiveness | Strong internal controls may allow reduced substantive testing; weak controls require more extensive substantive procedures |
| Identified risks of material misstatement | Higher-risk areas demand more attention, more experienced staff, and more persuasive evidence |
| Use of technology | The entity's IT environment affects the nature of controls and the auditor's approach |
| Going concern considerations | If there are doubts about the entity's ability to continue as a going concern, additional procedures are necessary |
| Group audits | Auditing a group with multiple components introduces coordination challenges |
Example: Illini Entertainment is a small, privately held company with straightforward operations. The audit plan is relatively lean, with a small team and a compressed timeline. Contrast this with Kingfisher Industries, a large multinational manufacturer with complex supply chains, foreign subsidiaries, and significant estimates—the planning process for Kingfisher is far more extensive and resource-intensive.
Financial Statement Assertions
Assertions are the representations—explicit or implicit—made by management when presenting the financial statements. Every number, disclosure, and classification in the financial statements embodies one or more assertions. The auditor's job is to design procedures that test these assertions to determine whether the financial statements are free from material misstatement.
Assertions are the bridge between the financial statements and audit procedures. Each audit procedure is designed to address one or more specific assertions for a particular account balance, transaction class, or disclosure.
The COVERUP Mnemonic
A helpful way to remember the key financial statement assertions is the COVERUP mnemonic:
| Letter | Assertion | Meaning |
|---|---|---|
| C | Completeness | All transactions and balances that should be recorded have been recorded |
| O | Occurrence / Existence | Transactions that are recorded actually occurred, and assets/liabilities actually exist |
| V | Valuation / Accuracy | Amounts are recorded at the correct values and calculations are accurate |
| E | Rights and Obligations (Entitlements) | The entity holds the rights to assets and has the obligations for liabilities |
| R | Classification (Recorded properly) | Transactions and balances are recorded in the proper accounts and are properly classified |
| U | Understandability (Presentation and Disclosure) | Financial information is appropriately presented and described, and disclosures are clear |
| P | Cutoff (Period) | Transactions are recorded in the correct accounting period |
Assertions for Transaction Classes vs. Account Balances
Assertions are categorized differently depending on whether they relate to classes of transactions, account balances, or presentation and disclosure:
| Category | Key Assertions |
|---|---|
| Classes of transactions and events | Occurrence, completeness, accuracy, cutoff, classification |
| Account balances at period end | Existence, completeness, valuation and allocation, rights and obligations |
| Presentation and disclosure | Occurrence and rights and obligations, completeness, classification and understandability, accuracy and valuation |
Example: Consider Illini Security's accounts receivable balance at year-end:
- Existence — Do the recorded receivables actually represent amounts owed to Illini Security by real customers?
- Completeness — Have all amounts owed by customers been recorded?
- Valuation — Are the receivables recorded at the correct net realizable value, considering the allowance for doubtful accounts?
- Rights — Does Illini Security actually own the rights to collect these receivables, or have they been factored or assigned?
The CPA exam frequently tests your ability to match an audit procedure to the assertion it addresses. For example, sending confirmations to customers primarily tests the existence assertion for accounts receivable. Searching for unrecorded liabilities after year-end primarily tests the completeness assertion for accounts payable.
Summary
| Topic | Key Takeaway |
|---|---|
| Audit strategy | High-level roadmap: scope, timing, direction, and resources |
| Audit plan | Detailed procedures: nature, timing, and extent of risk assessment and further procedures |
| Current file | Documentation for the current year (confirmations, lead schedules, representation letter) |
| Permanent file | Ongoing reference material (charter, bylaws, contracts, organizational charts) |
| Engagement partner | Ultimately responsible for quality, supervision, and the appropriateness of the report |
| Assertions (COVERUP) | Completeness, Occurrence/Existence, Valuation, Entitlements (Rights), Recorded properly (Classification), Understandability, Period (Cutoff) |