TS2 - Documenting the audit plan, audit program and internal control relevant to the audit
What do mandatory Australian Auditing Standards require?
Mandatory ASA*300 Planning an Audit of a Financial Report requires the auditor to develop and document an audit plan for the audit in order to reduce audit risk to an acceptably low level. The audit plan ordinarily includes a description of the nature, timing and extent of planned further audit procedures at the assertion level for each material class of transactions, account balance and disclosure (i.e. an audit program).
Mandatory ASA 315 Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement requires the auditor to obtain and document an understanding of internal control relevant to the audit.
The standards recognise that the level of documentation prepared will vary depending on the size, nature and complexity of the entity. For example, for small audits, the documentation of internal control may simply consist of brief handwritten notes.
Why is documenting the audit plan, audit program and internal control important?
Planning the engagement prior to commencing work allows potential problems to be identified early, and enables you to address these problems by including appropriate procedures in your audit program. For example, while planning the audit you may discover a significant proportion of a client’s inventory is at risk of becoming obsolete. Knowing this then allows you to design and document procedures specifically addressing this risk (eg a larger sample of inventory items might be selected for valuation testing). This in turn ensures you have sufficient appropriate evidence on which to base your audit opinion, reducing the risk of issuing an incorrect audit report.
Understanding and documenting internal control ensures that you understand how the client operates, what the major transaction flows are and how these are recorded in the general ledger and financial report. This information is useful in alerting you to potential problems in the client’s financial records, which will affect the conduct of the audit.
In addition, documenting the audit plan, audit program and internal control provides evidence that you carried out the audit in accordance with ASAs.
What should your audit plans include?
ASA 300 suggests that, as well as a description of further audit procedures, your audit plan will generally include matters such as:
- an outline of the audit strategy, eg the financial reporting framework used, client locations, deadlines, materiality level, etc.
- a description of the risk assessment procedures sufficient to assess the risks of material misstatement as required by ASA 315
- other audit procedures required to ensure compliance with ASAs (eg obtaining a solicitor’s representation letter).
Where you have a number of similar clients (eg self managed superannuation funds, or owners’ corporations), you may find it useful to prepare a master plan addressing issues common to all such clients, adapting it where necessary for individual engagements. You may also find the same approach is useful in relation to your audit programs; i.e. prepare a master program addressing issues common to a group of clients, then adapt it where necessary for individual engagements.
Members who audit self managed superannuation funds were sent a free information kit (including audit programs) to assist with fund audits in August 2006. This kit is also available on the Institute’s website.
What should your documentation of internal control include?
ASA 315 divides internal control into five components:
- the control environment
- the entity’s risk assessment procedures
- the information system relevant to financial reporting
- control activities
- monitoring of controls
The standard requires you to document your understanding of each of these components; however the form of documentation is likely to vary with each client. For example, for a real estate agent’s trust account you may find that a short narrative is sufficient; for a larger more complex trading entity you may find flowcharts useful.
Once your understanding of internal control is documented, you can carry the information forward in the audit file and update it each year.
What action do you need to take?
Prior to commencing each of your audits, ensure you have documented an audit plan (including an audit program) and your understanding of internal control. Where you are carrying documentation forward from a prior year, ensure it is up to date and properly reflects the client’s business and operations.
For further guidance, refer to ASA 300 and ASA 315. These standards are currently available at www.auasb.gov.au and will be available in your Members’ Handbook following the December 2006 update.
* Mandatory Auditing Standards (ASAs) apply to audits of financial reports and other financial information for financial reporting periods commencing on or after 1 July 2006. The superseded AUS standard contained similar requirements. |
|
The Institute’s education and training pathway is the preferred choice for industry professionals.
Considering a career as a Chartered Accountant? Looking for the next step in your professional life?
The Institute is leading the debate in the areas that matter most to business and the accounting profession. 
The Institute produces an invaluable suite of tools, guidance, products and services to help members in their work. 
Print this Article
Email this Article
