The International Standards of Supreme Audit Institutions, ISSAI, are issued by the International Organization of Supreme Audit Institutions, INTOSAI.
For more information visit www.issai.org.
Financial Audit Guideline
Planning an Audit of Financial Statements
ISSAI 1300
ISSAI 1300
INTOSAI general Secretariat - RecHNuNgSHOF (Austrian court of Audit)
dAmPFScHIFFSTRASSe 2 A-1033 VIeNNA
AuSTRIA Tel: ++43 (1) 711 71 Fax: ++43 (1) 718 09 69 intosai@rechnungshof.gv.at
http://www.intosai.org
INTOSAI PrOfeSSIONAl STANdArdS COmmITTee fINANCIAl AudIT SubCOmmITTee-SeCreTArIAT
Riksrevisionen • 114 90 Stockholm • Sweden
Tel.:+46 5171 4000 • Fax:+46 5171 4111 • E-mail: projectsecretariat@riksrevisionen.se
This Financial Audit Guideline draws on International Standard on Auditing (ISA) 300“Planning an Audit of Financial Statements” developed by the International Auditing and Assurance Standards Board (IAASB) and published by the International Federation of Accountants (IFAC). The ISA is included in this Guideline with the permission of IFAC.
ISSAI 1300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 363
PrACTICe NOTe TO ISA 300 Paragraph
background
Introduction to the ISA
content of the Practice Note P1
Applicability of the ISA in Public Sector Auditing P2
Additional Guidance on Public Sector Issues
Overall considerations P3
The Role and Timing of Planning P4–P5
Preliminary engagement Activities P6
Planning Activities P7
Considerations Specific to Smaller Entities P8
documentation P9
Additional considerations in Initial Audit engagements P10
Specific Considerations for Public Sector Auditors with a Judicial Role P11–P12 INTerNATIONAl STANdArd ON AudITING 300
Introduction
Scope of this ISA 1
The Role and Timing of Planning 2
effective date 3
Objectives 4
requirements
Involvement of Key engagement Team members 5
Preliminary engagement Activities 6
Planning Activities 7–11
documentation 12
Additional considerations in Initial Audit engagements 13
Application and Other explanatory material
The Role and Timing of Planning A1–A3
Involvement of Key engagement Team members A4
Preliminary engagement Activities A5–A7
Planning Activities A8–A15
documentation A16–A19
Additional considerations in Initial Audit engagements A20
Appendix: Considerations in establishing the Overall Audit Strategy
Table of contents ISSAI 1300
ISSAI 1300
ISSAI 1300 NOTe de PRATIque 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 365
1 All Practice Notes are read together with ISSAI 1000, “general Introduction to the INTOSAI Financial Audit guidelines.”
Practice Note1 to International Standard on Auditing (ISA) 300
Planning an Audit of Financial Statements
background
This Practice Note provides supplementary guidance on ISA 300 - Planning an Audit of Financial State- ments. It is read together with the ISA. ISA 300 is effective for audits of financial statements for periods beginning on or after december 15, 2009. The Practice Note is effective the same date as the ISA.
Introduction to the ISA
ISA 300 deals with the auditor’s responsibility to plan an audit of financial statements. It is written in the context of recurring audits. Additional considerations in an initial audit engagement are separately identified.
content of the Practice Note
P1. The Practice Note provides additional guidance for public sector auditors related to:
(a) Overall considerations.
(b) The Role and Timing of Planning.
(c) Preliminary engagement Activities.
(d) Planning Activities.
(e) Considerations Specific to Smaller Entities.
(f) documentation.
(g) Additional considerations in Initial Audit engagements.
(h) Specific Considerations for Public Sector Auditors with a Judicial Role.
Applicability of the ISA in Public Sector Auditing
P2. ISA 300 is applicable to auditors of public sector entities in their role as auditors of financial statements.
ISSAI 1300
NOTe de PRATIque 300
Additional Guidance on Public Sector Issues
Overall considerations
P3. The objectives of a financial audit in the public sector are often broader than expressing an opin- ion whether the financial statements have been prepared, in all material respects, in accordance with the applicable financial reporting framework (i.e. the scope of the ISAs). The audit mandate, or obligations for public sector entities, arising from legislation, regulation, ministerial directives, government policy requirements, or resolutions of the legislature may result in additional objec- tives. These additional objectives may include audit and reporting responsibilities, for example, relating to reporting whether the public sector auditors found any instances of non-compliance with authorities including budgets and accountability frameworks and/or reporting on the effec- tiveness of internal control. However, even where there are no such additional objectives, there may be general public expectations in regard to public sector auditors’ reporting of non-compli- ance with authorities or reporting on effectiveness of internal control. Therefore, public sector au- ditors keep such expectations in mind, and are alert to risks that may give rise to non-compliance or risks relating to effectiveness of internal control when planning and performing the audit.
The Role and Timing of Planning
P4. Paragraph 2 of the ISA deals with the benefits of adequate planning. The application and other explanatory material in paragraphs A1 to A3 of the ISA provides guidance on the role and timing of planning. In the public sector environment, additional planning considerations may include:
• Obtaining an understanding of the legal and regulatory framework applicable to the entity due to the broader objectives of the audit;
• The implications for the audit of the financial statements of knowledge obtained from perfor- mance audits and other audit activities relevant to the entity, including the implications of previ- ous recommendations;
• The implications for the audit of the financial statements of knowledge obtained from planning activities related to the relevant department and ministry; and
• The expectations of the legislature and other users of the auditors’ report.
P5. Paragraph A3 of the ISA states that the auditor may decide to discuss elements of planning with the entity’s management to facilitate the conduct and management of the audit engagement.
laws, regulations or the audit mandate may limit what the auditor may discuss about the audit strategy and audit plan. Public sector auditors familiarize themselves with such laws, regulations or audit mandate.
Preliminary engagement Activities
P6. Paragraph 6 of the ISA sets out the activities to be undertaken at the beginning of a current audit engagement. They are performing procedures required by ISA 220, regarding the continuance of the client relationship and the specific audit engagement, evaluating compliance with ethical requirements, including independence, in accordance with ISA 220, and establishing an under- standing of the terms of the engagement, as required by ISA 210. The continuance process for
ISSAI 1300 NOTe de PRATIque 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 367
public sector auditors is influenced by the fact that they may not have the option to resign from an engagement. If information becomes available to public sector auditors that would normally result in declining or discontinuing an engagement, public sector auditors consider such informa- tion when performing further planning and risk assessment activities. Public sector auditors may also have a statutory responsibility to report such issues. They may consult with legal counsel in this regard.
Planning Activities
P7. Paragraph 8 of the ISA prescribes procedures to be performed in establishing the overall audit strategy. In identifying the characteristics of the engagement that define its scope (as per para- graph 8(a) of the ISA), public sector auditors consider additional characteristics. examples of such characteristics may encompass:
• Additional reporting responsibilities for the entity established by the legislature that may influ- ence the scope and timing of the audit, and the nature of communication. examples of such ad- ditional requirements may include a requirement for the entity to report on government funding, including grants; and
• Additional reporting responsibilities for the public sector auditors as a result of the audit man- date or other requirements that may influence the scope and timing of the audit, and the nature of communication. examples of such additional responsibilities for the public sector auditors may include reporting instances of non-compliance with authorities including budgets and ac- countability frameworks, and/or reporting on effectiveness of internal control.
Considerations Specific to Smaller Entities
P8. Paragraphs A11, A15 and A19 of the ISA contain guidance specific to smaller entities. Audits of smaller public sector entities are normally not conducted by a sole practitioner. Furthermore, due to the reporting structure of government entities, the concept of the owner-manager normally does not exist. In the public sector, control structures of smaller entities are often part of the control structure of a larger government body. Therefore, the assumption of few relevant control activities as described in paragraph A19 of the ISA is often not appropriate in the public sector.
Additional control aspects of the larger government body may be included in the public sector auditors’ audit plans.
documentation
P9. Paragraph 12 of the ISA requires the auditor to document the overall audit strategy and audit plan, as well as significant changes to those documents made during the audit and the reasons for such changes. In the public sector, audit documentation may be subject to third party access. As a result, public sector auditors familiarize themselves with relevant legislation and determine the implications for their audit documentation.
ISSAI 1300
NOTe de PRATIque 300
Additional considerations in Initial Audit engagements
P10. Paragraph 13 of the ISA, supplemented by application and other explanatory material in para- graph A20 of the ISA, requires the auditor to undertake certain activities prior to starting an initial audit. In the public sector, audit engagements are normally not initiated in the same way as in the private sector. Public sector auditors may be selected through a competitive process or may be appointed by statute. Nonetheless, the guidance contained in paragraphs 13 and A20 of the ISA is relevant for public sector auditors where the circumstances described exist.
Specific Considerations for Public Sector Auditors with a Judicial Role
P11. In some public sector environments, such as in a court of Accounts environment, the auditors’
report is often adjudicated upon and used to determine personal legal implications of those who are responsible for financial acts, including significant matters, control deficiencies, and instances of non-compliance with authorities. Therefore, public sector auditors in such environments may plan and perform procedures to meet legal requirements and to identify those responsible for financial acts.
P12. Public sector auditors in such environments addressed in paragraph P11 above may also work closely with prosecutors and police when dealing with financial fraud. Therefore, public sector auditors in such environments may also obtain information from prosecutors and police when appropriate.
International Auditing and Assurance Standards Board
ISA 300
April 2009International Standard on Auditing
Planning an Audit of
Financial Statements
ISSAI 1300 ISA 300
1
International Auditing and Assurance Standards Board International Federation of Accountants
545 Fifth Avenue, 14th Floor New York, New York 10017 USA
This International Standard on Auditing (ISA) 300, “Planning an Audit of Financial Statements” was prepared by the International Auditing and Assurance Standards Board (IAASB), an independent standard-setting body within the International Federation of Accountants (IFAC). The objective of the IAASB is to serve the public interest by setting high quality auditing and assurance standards and by facilitating the convergence of international and national standards, thereby enhancing the quality and uniformity of practice throughout the world and strengthening public confidence in the global auditing and assurance profession.
This publication may be downloaded free of charge from the IFAC website:
http://www.ifac.org. The approved text is published in the English language.
The mission of IFAC is to serve the public interest, strengthen the worldwide accountancy profession and contribute to the development of strong international economies by establishing and promoting adherence to high quality professional standards, furthering the international convergence of such standards and speaking out on public interest issues where the profession’s expertise is most relevant.
Copyright © April 2009 by the International Federation of Accountants (IFAC). All rights reserved. Permission is granted to make copies of this work provided that such copies are for use in academic classrooms or for personal use and are not sold or disseminated and provided that each copy bears the following credit line: “Copyright © April 2009 by the International Federation of Accountants (IFAC). All rights reserved.
Used with permission of IFAC. Contact permissions@ifac.org for permission to reproduce, store or transmit this document.” Otherwise, written permission from IFAC is required to reproduce, store or transmit, or to make other similar uses of, this document, except as permitted by law. Contact permissions@ifac.org.
ISBN: 978-1-60815-006-9
ISSAI 1300 ISA 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 371 2
INTERNATIONAL STANDARD ON AUDITING 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS
(Effective for audits of financial statements for periods beginning on or after December 15, 2009)
CONTENTS
Paragraph Introduction
Scope of this ISA ... 1
The Role and Timing of Planning ... 2
Effective Date ... 3
Objective ... 4
Requirements Involvement of Key Engagement Team Members ... 5
Preliminary Engagement Activities ... 6
Planning Activities ... 7-11 Documentation ... 12
Additional Considerations in Initial Audit Engagements ... 13 Application and Other Explanatory Material
The Role and Timing of Planning ... A1-A3 Involvement of Key Engagement Team Members ... A4 Preliminary Engagement Activities ... A5-A7 Planning Activities ... A8-A15 Documentation ... A16-A19 Additional Considerations in Initial Audit Engagements ... A20 Appendix: Considerations in Establishing the Overall Audit Strategy
International Standard on Auditing (ISA) 300, “Planning an Audit of Financial Statements” should be read in conjunction with ISA 200, “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing.”
ISSAI 1300 ISA 300
PLANNING AN AUDIT OF FINANCIAL STATEMENTS
3
Introduction
Scope of this ISA
1. This International Standard on Auditing (ISA) deals with the auditor’s responsibility to plan an audit of financial statements. This ISA is written in the context of recurring audits. Additional considerations in an initial audit engagement are separately identified.
The Role and Timing of Planning
2. Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan. Adequate planning benefits the audit of financial statements in several ways, including the following: (Ref: Para.
A1-A3)
• Helping the auditor to devote appropriate attention to important areas of the audit.
• Helping the auditor identify and resolve potential problems on a timely basis.
• Helping the auditor properly organize and manage the audit engagement so that it is performed in an effective and efficient manner.
• Assisting in the selection of engagement team members with appropriate levels of capabilities and competence to respond to anticipated risks, and the proper assignment of work to them.
• Facilitating the direction and supervision of engagement team members and the review of their work.
• Assisting, where applicable, in coordination of work done by auditors of components and experts.
Effective Date
3. This ISA is effective for audits of financial statements for periods beginning on or after December 15, 2009.
Objective
4. The objective of the auditor is to plan the audit so that it will be performed in an effective manner.
Requirements
Involvement of Key Engagement Team Members
5. The engagement partner and other key members of the engagement team shall be involved in planning the audit, including planning and participating in the discussion among engagement team members. (Ref: Para. A4)
ISSAI 1300 ISA 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 373 PLANNING AN AUDIT OF FINANCIAL STATEMENTS
4
Preliminary Engagement Activities
6. The auditor shall undertake the following activities at the beginning of the current audit engagement:
(a) Performing procedures required by ISA 220 regarding the continuance of the client relationship and the specific audit engagement;1
(b) Evaluating compliance with relevant ethical requirements, including independence, in accordance with ISA 220;2 and
(c) Establishing an understanding of the terms of the engagement, as required by ISA 210.3 (Ref: Para. A5-A7)
Planning Activities
7. The auditor shall establish an overall audit strategy that sets the scope, timing and direction of the audit, and that guides the development of the audit plan.
8. In establishing the overall audit strategy, the auditor shall:
(a) Identify the characteristics of the engagement that define its scope;
(b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required;
(c) Consider the factors that, in the auditor’s professional judgment, are significant in directing the engagement team’s efforts;
(d) Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and
(e) Ascertain the nature, timing and extent of resources necessary to perform the engagement. (Ref: Para. A8-A11)
9. The auditor shall develop an audit plan that shall include a description of:
(a) The nature, timing and extent of planned risk assessment procedures, as determined under ISA 315.4
(b) The nature, timing and extent of planned further audit procedures at the assertion level, as determined under ISA 330.5
1 ISA 220, “Quality Control for an Audit of Financial Statements,” paragraphs 12-13.
2 ISA 220, paragraphs 9-11.
3 ISA 210, “Agreeing the Terms of Audit Engagements,” paragraphs 9-13.
4 ISA 315, “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment.”
5 ISA 330, “The Auditor’s Responses to Assessed Risks.”
ISSAI 1300 ISA 300
PLANNING AN AUDIT OF FINANCIAL STATEMENTS
5
(c) Other planned audit procedures that are required to be carried out so that the engagement complies with ISAs. (Ref: Para. A12)
10. The auditor shall update and change the overall audit strategy and the audit plan as necessary during the course of the audit. (Ref: Para. A13)
11. The auditor shall plan the nature, timing and extent of direction and supervision of engagement team members and the review of their work. (Ref: Para. A14- A15)
Documentation
12. The auditor shall include in the audit documentation:6 (a) The overall audit strategy;
(b) The audit plan; and
(c) Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the reasons for such changes. (Ref: Para. A16-A19)
Additional Considerations in Initial Audit Engagements
13. The auditor shall undertake the following activities prior to starting an initial audit:
(a) Performing procedures required by ISA 220 regarding the acceptance of the client relationship and the specific audit engagement;7 and
(b) Communicating with the predecessor auditor, where there has been a change of auditors, in compliance with relevant ethical requirements.
(Ref: Para. A20)
***
Application and Other Explanatory Material
The Role and Timing of Planning (Ref: Para. 2)
A1. The nature and extent of planning activities will vary according to the size and complexity of the entity, the key engagement team members’ previous experience with the entity, and changes in circumstances that occur during the audit engagement.
A2. Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of
6 ISA 230, “Audit Documentation,” paragraphs 8-11, and paragraph A6.
7 ISA 220, paragraphs 12-13.
ISSAI 1300 ISA 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 375 PLANNING AN AUDIT OF FINANCIAL STATEMENTS
6
the previous audit and continues until the completion of the current audit engagement. Planning, however, includes consideration of the timing of certain activities and audit procedures that need to be completed prior to the performance of further audit procedures. For example, planning includes the need to consider, prior to the auditor’s identification and assessment of the risks of material misstatement, such matters as:
• The analytical procedures to be applied as risk assessment procedures.
• Obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework.
• The determination of materiality.
• The involvement of experts.
• The performance of other risk assessment procedures.
A3. The auditor may decide to discuss elements of planning with the entity’s management to facilitate the conduct and management of the audit engagement (for example, to coordinate some of the planned audit procedures with the work of the entity’s personnel). Although these discussions often occur, the overall audit strategy and the audit plan remain the auditor’s responsibility. When discussing matters included in the overall audit strategy or audit plan, care is required in order not to compromise the effectiveness of the audit. For example, discussing the nature and timing of detailed audit procedures with management may compromise the effectiveness of the audit by making the audit procedures too predictable.
Involvement of Key Engagement Team Members (Ref: Para. 5)
A4. The involvement of the engagement partner and other key members of the engagement team in planning the audit draws on their experience and insight, thereby enhancing the effectiveness and efficiency of the planning process.8 Preliminary Engagement Activities (Ref: Para. 6)
A5. Performing the preliminary engagement activities specified in paragraph 6 at the beginning of the current audit engagement assists the auditor in identifying and evaluating events or circumstances that may adversely affect the auditor’s ability to plan and perform the audit engagement.
8 ISA 315, paragraph 10, establishes requirements and provides guidance on the engagement team’s discussion of the susceptibility of the entity to material misstatements of the financial statements. ISA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements,” paragraph 15, provides guidance on the emphasis given during this discussion to the susceptibility of the entity’s financial statements to material misstatement due to fraud.
ISSAI 1300 ISA 300
PLANNING AN AUDIT OF FINANCIAL STATEMENTS
7
A6. Performing these preliminary engagement activities enables the auditor to plan an audit engagement for which, for example:
• The auditor maintains the necessary independence and ability to perform the engagement.
• There are no issues with management integrity that may affect the auditor’s willingness to continue the engagement.
• There is no misunderstanding with the client as to the terms of the engagement.
A7. The auditor’s consideration of client continuance and relevant ethical requirements, including independence, occurs throughout the audit engagement as conditions and changes in circumstances occur. Performing initial procedures on both client continuance and evaluation of relevant ethical requirements (including independence) at the beginning of the current audit engagement means that they are completed prior to the performance of other significant activities for the current audit engagement. For continuing audit engagements, such initial procedures often occur shortly after (or in connection with) the completion of the previous audit.
Planning Activities
The Overall Audit Strategy (Ref: Para. 7-8)
A8. The process of establishing the overall audit strategy assists the auditor to determine, subject to the completion of the auditor’s risk assessment procedures, such matters as:
• The resources to deploy for specific audit areas, such as the use of appropriately experienced team members for high risk areas or the involvement of experts on complex matters;
• The amount of resources to allocate to specific audit areas, such as the number of team members assigned to observe the inventory count at material locations, the extent of review of other auditors’ work in the case of group audits, or the audit budget in hours to allocate to high risk areas;
• When these resources are to be deployed, such as whether at an interim audit stage or at key cut-off dates; and
• How such resources are managed, directed and supervised, such as when team briefing and debriefing meetings are expected to be held, how engagement partner and manager reviews are expected to take place (for example, on-site or off-site), and whether to complete engagement quality control reviews.
ISSAI 1300 ISA 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 377 PLANNING AN AUDIT OF FINANCIAL STATEMENTS
8
A9. The Appendix lists examples of considerations in establishing the overall audit strategy.
A10. Once the overall audit strategy has been established, an audit plan can be developed to address the various matters identified in the overall audit strategy, taking into account the need to achieve the audit objectives through the efficient use of the auditor’s resources. The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete or sequential processes, but are closely inter-related since changes in one may result in consequential changes to the other.
Considerations Specific to Smaller Entities
A11. In audits of small entities, the entire audit may be conducted by a very small audit team. Many audits of small entities involve the engagement partner (who may be a sole practitioner) working with one engagement team member (or without any engagement team members). With a smaller team, co-ordination of, and communication between, team members are easier. Establishing the overall audit strategy for the audit of a small entity need not be a complex or time-consuming exercise; it varies according to the size of the entity, the complexity of the audit, and the size of the engagement team. For example, a brief memorandum prepared at the completion of the previous audit, based on a review of the working papers and highlighting issues identified in the audit just completed, updated in the current period based on discussions with the owner- manager, can serve as the documented audit strategy for the current audit engagement if it covers the matters noted in paragraph 8.
The Audit Plan (Ref: Para. 9)
A12. The audit plan is more detailed than the overall audit strategy in that it includes the nature, timing and extent of audit procedures to be performed by engagement team members. Planning for these audit procedures takes place over the course of the audit as the audit plan for the engagement develops. For example, planning of the auditor’s risk assessment procedures occurs early in the audit process. However, planning the nature, timing and extent of specific further audit procedures depends on the outcome of those risk assessment procedures. In addition, the auditor may begin the execution of further audit procedures for some classes of transactions, account balances and disclosures before planning all remaining further audit procedures.
Changes to Planning Decisions during the Course of the Audit (Ref: Para. 10)
A13. As a result of unexpected events, changes in conditions, or the audit evidence obtained from the results of audit procedures, the auditor may need to modify the overall audit strategy and audit plan and thereby the resulting planned nature, timing and extent of further audit procedures, based on the revised consideration of assessed risks. This may be the case when information comes
ISSAI 1300 ISA 300
PLANNING AN AUDIT OF FINANCIAL STATEMENTS
9
to the auditor’s attention that differs significantly from the information available when the auditor planned the audit procedures. For example, audit evidence obtained through the performance of substantive procedures may contradict the audit evidence obtained through tests of controls.
Direction, Supervision and Review (Ref: Para. 11)
A14. The nature, timing and extent of the direction and supervision of engagement team members and review of their work vary depending on many factors, including:
• The size and complexity of the entity.
• The area of the audit.
• The assessed risks of material misstatement (for example, an increase in the assessed risk of material misstatement for a given area of the audit ordinarily requires a corresponding increase in the extent and timeliness of direction and supervision of engagement team members, and a more detailed review of their work).
• The capabilities and competence of the individual team members performing the audit work.
ISA 220 contains further guidance on the direction, supervision and review of audit work.9
Considerations Specific to Smaller Entities
A15. If an audit is carried out entirely by the engagement partner, questions of direction and supervision of engagement team members and review of their work do not arise. In such cases, the engagement partner, having personally conducted all aspects of the work, will be aware of all material issues. Forming an objective view on the appropriateness of the judgments made in the course of the audit can present practical problems when the same individual also performs the entire audit. If particularly complex or unusual issues are involved, and the audit is performed by a sole practitioner, it may be desirable to consult with other suitably-experienced auditors or the auditor’s professional body.
Documentation (Ref: Para. 12)
A16. The documentation of the overall audit strategy is a record of the key decisions considered necessary to properly plan the audit and to communicate significant matters to the engagement team. For example, the auditor may summarize the overall audit strategy in the form of a memorandum that contains key decisions regarding the overall scope, timing and conduct of the audit.
9 ISA 220, paragraphs 15-17.
ISSAI 1300 ISA 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 379 PLANNING AN AUDIT OF FINANCIAL STATEMENTS
10
A17. The documentation of the audit plan is a record of the planned nature, timing and extent of risk assessment procedures and further audit procedures at the assertion level in response to the assessed risks. It also serves as a record of the proper planning of the audit procedures that can be reviewed and approved prior to their performance. The auditor may use standard audit programs or audit completion checklists, tailored as needed to reflect the particular engagement circumstances.
A18. A record of the significant changes to the overall audit strategy and the audit plan, and resulting changes to the planned nature, timing and extent of audit procedures, explains why the significant changes were made, and the overall strategy and audit plan finally adopted for the audit. It also reflects the appropriate response to the significant changes occurring during the audit.
Considerations Specific to Smaller Entities
A19. As discussed in paragraph A11, a suitable, brief memorandum may serve as the documented strategy for the audit of a smaller entity. For the audit plan, standard audit programs or checklists (see paragraph A17) drawn up on the assumption of few relevant control activities, as is likely to be the case in a smaller entity, may be used provided that they are tailored to the circumstances of the engagement, including the auditor’s risk assessments.
Additional Considerations in Initial Audit Engagements (Ref: Para. 13)
A20. The purpose and objective of planning the audit are the same whether the audit is an initial or recurring engagement. However, for an initial audit, the auditor may need to expand the planning activities because the auditor does not ordinarily have the previous experience with the entity that is considered when planning recurring engagements. For an initial audit engagement, additional matters the auditor may consider in establishing the overall audit strategy and audit plan include the following:
• Unless prohibited by law or regulation, arrangements to be made with the predecessor auditor, for example, to review the predecessor auditor’s working papers.
• Any major issues (including the application of accounting principles or of auditing and reporting standards) discussed with management in connection with the initial selection as auditor, the communication of these matters to those charged with governance and how these matters affect the overall audit strategy and audit plan.
• The audit procedures necessary to obtain sufficient appropriate audit evidence regarding opening balances.10
10 ISA 510, “Initial Audit Engagements—Opening Balances.”
ISSAI 1300 ISA 300
PLANNING AN AUDIT OF FINANCIAL STATEMENTS
11
• Other procedures required by the firm’s system of quality control for initial audit engagements (for example, the firm’s system of quality control may require the involvement of another partner or senior individual to review the overall audit strategy prior to commencing significant audit procedures or to review reports prior to their issuance).
ISSAI 1300 ISA 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 381 PLANNING AN AUDIT OF FINANCIAL STATEMENTS
12
Appendix
(Ref: Para. 7-8, A8-A11)
Considerations in Establishing the Overall Audit Strategy
This appendix provides examples of matters the auditor may consider in establishing the overall audit strategy. Many of these matters will also influence the auditor’s detailed audit plan. The examples provided cover a broad range of matters applicable to many engagements. While some of the matters referred to below may be required by other ISAs, not all matters are relevant to every audit engagement and the list is not necessarily complete.
Characteristics of the Engagement
• The financial reporting framework on which the financial information to be audited has been prepared, including any need for reconciliations to another financial reporting framework.
• Industry-specific reporting requirements such as reports mandated by industry regulators.
• The expected audit coverage, including the number and locations of components to be included.
• The nature of the control relationships between a parent and its components that determine how the group is to be consolidated.
• The extent to which components are audited by other auditors.
• The nature of the business segments to be audited, including the need for specialized knowledge.
• The reporting currency to be used, including any need for currency translation for the financial information audited.
• The need for a statutory audit of standalone financial statements in addition to an audit for consolidation purposes.
• The availability of the work of internal auditors and the extent of the auditor’s potential reliance on such work.
• The entity’s use of service organizations and how the auditor may obtain evidence concerning the design or operation of controls performed by them.
• The expected use of audit evidence obtained in previous audits, for example, audit evidence related to risk assessment procedures and tests of controls.
• The effect of information technology on the audit procedures, including the availability of data and the expected use of computer-assisted audit techniques.
ISSAI 1300 ISA 300
PLANNING AN AUDIT OF FINANCIAL STATEMENTS
13
• The coordination of the expected coverage and timing of the audit work with any reviews of interim financial information and the effect on the audit of the information obtained during such reviews.
• The availability of client personnel and data.
Reporting Objectives, Timing of the Audit, and Nature of Communications
• The entity’s timetable for reporting, such as at interim and final stages.
• The organization of meetings with management and those charged with governance to discuss the nature, timing and extent of the audit work.
• The discussion with management and those charged with governance regarding the expected type and timing of reports to be issued and other communications, both written and oral, including the auditor’s report, management letters and communications to those charged with governance.
• The discussion with management regarding the expected communications on the status of audit work throughout the engagement.
• Communication with auditors of components regarding the expected types and timing of reports to be issued and other communications in connection with the audit of components.
• The expected nature and timing of communications among engagement team members, including the nature and timing of team meetings and timing of the review of work performed.
• Whether there are any other expected communications with third parties, including any statutory or contractual reporting responsibilities arising from the audit.
Significant Factors, Preliminary Engagement Activities, and Knowledge Gained on Other Engagements
• The determination of materiality in accordance with ISA 32011 and, where applicable:
o The determination of materiality for components and communication thereof to component auditors in accordance with ISA 600.12
o The preliminary identification of significant components and material classes of transactions, account balances and disclosures.
• Preliminary identification of areas where there may be a higher risk of material misstatement.
11 ISA 320, “Materiality in Planning and Performing an Audit.”
12 ISA 600, “Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors), paragraphs 21-23 and 40(c).
ISSAI 1300 ISA 300
PlANNINg AN AudIT OF FINANcIAl STATemeNTS 383 PLANNING AN AUDIT OF FINANCIAL STATEMENTS
14
• The impact of the assessed risk of material misstatement at the overall financial statement level on direction, supervision and review.
• The manner in which the auditor emphasizes to engagement team members the need to maintain a questioning mind and to exercise professional skepticism in gathering and evaluating audit evidence.
• Results of previous audits that involved evaluating the operating effectiveness of internal control, including the nature of identified deficiencies and action taken to address them.
• The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity.
• Evidence of management’s commitment to the design, implementation and maintenance of sound internal control, including evidence of appropriate documentation of such internal control.
• Volume of transactions, which may determine whether it is more efficient for the auditor to rely on internal control.
• Importance attached to internal control throughout the entity to the successful operation of the business.
• Significant business developments affecting the entity, including changes in information technology and business processes, changes in key management, and acquisitions, mergers and divestments.
• Significant industry developments such as changes in industry regulations and new reporting requirements.
• Significant changes in the financial reporting framework, such as changes in accounting standards.
• Other significant relevant developments, such as changes in the legal environment affecting the entity.
Nature, Timing and Extent of Resources
• The selection of the engagement team (including, where necessary, the engagement quality control reviewer) and the assignment of audit work to the team members, including the assignment of appropriately experienced team members to areas where there may be higher risks of material misstatement.
• Engagement budgeting, including considering the appropriate amount of time to set aside for areas where there may be higher risks of material misstatement.
ISSAI 1300
