AS 2101: Requirements for Planning an Audit

Planning an audit for a publicly traded company is a foundational stage governed by professional standards from the Public Company Accounting Oversight Board (PCAOB). This initial phase is a continuous and iterative process that shapes the entire engagement. The objective is to plan the audit so it is conducted effectively, with attention devoted to the most important areas. This planning is the responsibility of the engagement partner, the lead auditor overseeing the audit. Proper planning helps the auditor identify and assess risks of material misstatement and gather sufficient evidence to support their opinion on the financial statements.

Preliminary Engagement Activities

Before planning an audit, a firm performs preliminary activities to decide whether to accept a new client or continue with an existing one. This evaluation includes assessing the integrity of the client’s management, the company’s financial stability, and reviewing any significant disagreements from the previous year’s audit. For a new client, this process also involves communicating with the predecessor auditor to understand the reasons for the change.

A clear understanding of the engagement terms is established with the company’s audit committee and formalized in an engagement letter. This letter outlines the audit’s objective to express an opinion on the financial statements and details the responsibilities of both the auditor and management. Management is responsible for the financial statements and internal controls, while the auditor is responsible for performing the audit according to PCAOB standards.

The audit firm must also ensure its independence from the client. All engagement team members must comply with the independence and ethics requirements of the Securities and Exchange Commission (SEC) and the PCAOB. The firm must reevaluate its independence whenever circumstances change to ensure the auditor remains objective.

Developing the Overall Audit Strategy

After accepting the engagement, the auditor develops an overall audit strategy. This high-level blueprint sets the scope, timing, and direction for the audit and guides the detailed audit plan. The strategy is a responsive process and may be modified if significant changes occur during the audit.

The first step is to identify the engagement’s characteristics that define its scope. This includes understanding the financial reporting framework, such as U.S. Generally Accepted Accounting Principles (GAAP), and any industry-specific reporting requirements. The auditor also considers the company’s operational structure, including the number and location of its business units.

Next, the auditor determines the reporting objectives to establish the audit’s timing. This involves considering deadlines for regulatory filings with the SEC and the expected dates for issuing audit reports. The strategy will also outline the nature and timing of communications with the audit committee and management.

A significant part of the strategy involves considering factors that will direct the audit team’s work. This includes a preliminary determination of materiality, which is the magnitude of a misstatement that could influence a user’s decisions. The auditor also identifies areas with a higher risk of material misstatement, which could stem from complex transactions or recent changes in the company’s business.

Creating the Detailed Audit Plan

With the overall strategy established, the auditor creates a detailed audit plan. This document translates the strategy into a specific set of procedures and must describe the nature, timing, and extent of those procedures.

The plan begins with risk assessment procedures to obtain a deeper understanding of the company and its internal controls. These often include analytical reviews, inquiries of management, and observation of company operations.

Next, the plan outlines specific tests of internal controls to evaluate if they are designed and operating effectively. If the auditor plans to rely on these controls, they will be tested to gather evidence. The results of these tests influence the amount of other audit work required.

The core of the audit plan consists of substantive procedures, which are detailed tests of transactions and account balances designed to detect material misstatements. For example, an auditor might confirm accounts receivable with customers or observe an inventory count. The nature and extent of these procedures are linked to the assessed risk and materiality level.

Addressing Specific Planning Considerations

During the planning phase, auditors must address several specific situations that can significantly affect the audit strategy and plan.

Multi-Location Audits

For companies with operations in multiple locations, the lead auditor must determine the scope of work needed at each site. This decision is risk-based, focusing attention on units with higher materiality and specific risks. When other audit firms are involved in auditing these locations, the lead auditor must first determine if their own firm’s participation is sufficient to serve as the lead auditor. The lead auditor must then implement a risk-based supervisory approach over the work of other auditors, which includes performing procedures to evaluate their knowledge, skill, and independence. Clear written communication is required to address risks, procedures, and findings.

Using Specialists

Auditors may need to engage specialists to assist with certain aspects of the audit. This occurs when a matter requires specialized skill or knowledge beyond what an auditor normally possesses, such as valuing complex financial instruments or assessing mineral reserves. The auditor is responsible for evaluating the specialist’s professional qualifications, objectivity, and the quality of their work.

Team Supervision

Proper supervision of the engagement team is a continuous part of planning and execution. The engagement partner is responsible for overseeing the work of all team members and ensuring the audit is performed with due professional care. This includes determining the necessary extent of supervision based on the risks involved and the experience of the team members.