Audit Plan


The whole process of audit engagement usually follows three stages, including audit plan, evidence gathering, and completion stage. Although audit plan is the first stage in the audit process, the planning can take place at any point of the audit process.

This is due to there may be some unexpected events, changes in conditions or audit evidence obtained from the results of audit procedures that require auditors to modify the audit plan and overall audit strategy.

Audit plan includes the nature, timing, and extent of audit procedures that the audit team members need to perform in order to obtain sufficient and appropriate audit evidence and reduce the audit risk to an acceptably low level.

Objectives of Audit Plan

The main objectives of audit plan include:

  • Help audit team members to focus and pay attention to the key risk areas of the audit
  • Help team members to identify issues regarding the audit and solve them on a timely basis
  • Help audit team to perform audit engagement in an effective and efficient manner
  • Help in selecting audit team members with sufficient and appropriate skills and experiences
  • Help in assigning proper work to the team members based on their skills and experiences
  • Have proper direction and supervision as well as reviewing the work performed by the team members, including both hot and cold review
  • Have effective coordination of the work performed by auditors and others, such as experts and component auditors.

3 Phases of Audit Plan

The three phases of audit planning include initial planning activities, risk assessment, and audit strategy.

Audit Plan
Initial planning activities Initial planning activities start after the audit accepting the client. This includes evaluating the compliance with relevant ethical requirements, such as independence matter, and establishing an understanding of the engagement terms before signing the engagement letter.

In addition, auditors need to form engagement team members with appropriate levels of capabilities and competence. This is so that team members can properly respond to the anticipated risks, and suitable assignment of audit work can be allocated to them. At the same time, auditors need to obtain an understanding of the business and control environment of the client.

A good understanding of the client’s business and its environment help auditors to appropriately assess risk, decide on a suitable audit strategy, and be able to design and perform effective audit procedures. After understanding the client’s business and control environment, auditors need to determine the nature, timing and extent of audit process.

Risk assessment Usually, auditors identify risks during the process of obtaining an understanding of the client, so this step requires auditors to assess those identified risks. Auditors need to assess the potential impact that those risks can have on financial statements as a whole as well as on specific assertions.

In this step of audit plan, auditors need to consider the risks here as risks of material misstatement. In this case, auditors need to assess the significant impact in terms of misstatement that such identified risks could have on the financial statements.

Specifically, auditors need to assess the inherent risk and control risk that auditors should have already identified when obtaining an understanding of the client’s business and its environment.

As these two risks are outside control of auditors, the assessment would be performed to determine whether they are at a high, moderate or low level so that auditors can design audit procedures and decide the amount of audit work based on the level of risk.

Auditors need to make sure that audit risk is at an acceptably low level. Hence, if the inherent risk and control risk are high, auditors need to lower the level of detection risk by performing more audit works.

Audit strategy This is also an important step of audit plan where auditors need to form audit strategies by designing an overall audit approach including the scope, timing, and direction of the audit. The appropriate audit strategies help auditors reduce the audit risk and perform audit process in an efficient manner.

Some examples of audit strategies include:

  • Allocating audit tasks to audit team members with appropriate level of experiences
  • Deciding how much time required for the audit work and when will it complete
  • Designing suitable audit approaches, including both tests controls and substantive tests
  • Designing a proper structure of direction and supervision during the audit work