Audit plan play a very importance role in audit process. Organizations need to seek a suitable, adequate, and effective quality management system (QMS) need to conduct internal audits, to ensure that the QMS functions as intended, and that it identifies weak links in the system as well as potential opportunities for improvement. Initially audit planning takes place before the detailed audit work begins. For a specific audit project, an auditor must adopt a strategy audit plan which regard to the nature, timing and extent of the audit work to be carried out.
Special attention should be given to processes where the high level of risk is influenced by factors such as:
- Severe consequences of failure on process capability;
- Customer dissatisfaction;
- Non compliance with product (or process) statutory and regulatory requirements.
The objectives of the audit plan are to ensure that appropriate attention is devoted to the different areas of the audit, potential problems that may occur are identified and audit review from previous auditor are facilitated.
The audit plan establishes the procedures necessary to complete an efficient and effective audit. It includes a detailed plan of the work to be performed as well as the steps required to achieve the audit objectives. There should be sufficient detail for less experience staff to perform the steps however it should not be overly detailed whereby it might cause auditors to execute steps routinely and override their judgment.
Top management should ensure the establishment of an effective and efficient internal audit process to assess the strengths and weaknesses of the quality management system.
An efficient and effective audit can only be performed if the audit has been thoroughly and properly planned. ISA 300 "Planning an Audit of Financial Statements" contains the provisions which the auditor is required to comply with in planning an audit.
In summary, ISA 300 state that the planning stage of the audit should be used to establish an overall strategy for the audit, develop an audit plan and reduce audit risk to an acceptably low level. In other words, the auditor should plan the audit engagement so that it will be performed in an effective manner and in accordance with auditing standards.
Adequate audit planning will ensure that appropriate attention is given to crucial areas of the audit and that potential problems are identified on a timely basis. At the planning stage the audit engagement partner should assign the people who possess the skills and ability required in order to ensure the audit is carried out efficiently and in accordance with the International Standards on Auditing.
Audit plan is set based on the Audit Commission's risk which approach to audit planning that assesses the current national risks relevant to specific circumstances and improvement of performance. There are few phases of an audit that relate to audit planning, such as client acceptance and continuance, establish an understanding with the client, preliminary engagement activities, obtain understanding of the entity, establish materiality and assess risks and plan the audit. Planning the audit generally is regard setting an overall audit strategy and develop audit plan.
Performing these preliminary activities ensures that the auditor maintains the necessary independence and ability to perform the engagement, ensures that there are no issues with management integrity that may affect the auditor's willingness to continue with the engagement and ensures that there is no misunderstanding with the client as to the terms of the engagement. If there has been a change of auditors the present auditor should communicate with the entity's previous auditors in accordance with the relevant Ethical Standards.
At the planning stage the auditor will develop the overall audit strategy.Â The audit strategy sets the scope, timing and direction of the audit.Â At this stage the auditor will develop the detailed audit plan which will help identify problem areas and important audit areas. The materiality level is set and areas where material misstatement might occur are identified.Â Materiality must always be assessed where an audit opinion is given.
Once the audit strategy has been established, then the auditor is able to develop the more detailed audit plan to address the matters identified in the overall audit strategy.Â The auditor should then reduce the audit risk to an acceptably low level.Â Audit risk is the risk that the auditor will arrive at the wrong opinion.
The audit plan is more detailed than the overall audit strategy and ISA 300 defines the contents which the detailed audit plan should take. The detailed audit plan should also contain a description of the nature, timing and extent of planned further audit procedures at the assertion level for each material class of transactions, account balances and disclosures.Â This section of the audit plan interlinks with the provisions of ISA 330 'The Auditor's Procedures in Response to Assessed Risks'.Â
Finally, the audit plan should also contain details of other audit procedures to be adopted so that the audit can be carried out in accordance with the ISA's. For example, ISA 620 'Using the Work of an expert'.
It is important to understand that once the planning of the audit is completed, it is not simply forgotten about.Â There could be occasions when the audit plan might need to be changed, for example due to unforeseen circumstances and in these respects the auditor will need to change the overall audit plan.
Macro-level planning applied in the audit of private sector companies. It is a process where usually conducted by audit management, identifies the audits that will be performed within the organization.
Planning procedures are the initial and perhaps most important step in conducting a successful internal audit. Without adequate planning, the likelihood of missing relevant control weaknesses or encountering engagement-related problems increases considerably. Moreover, improper planning can lead to changes in scope or objectives after much of the audit work has already been completed.
Although planning is crucial to audit success, auditors may tend to overlook important aspects of the process. To help ensure engagements run smoothly, the audit department should develop and document a plan for each audit that addresses the audit scope, objectives, client operations, administrative tasks, the opening meeting, and the audit program. With careful planning, internal auditors can meet the objectives of their reviews and identify opportunities for improvements to the auditable unit's risk management and control environment.
Evaluate the planning of audits; the organisation should be able to maximize the use of available resources during the conduct of internal audit activities. This can be facilitated by the adoption of a risk based approach to the planning of internal audits. This should also ensure that the inherent risks of audit failure in the audit process, and to audit outcomes, are minimised.
Below is the phrase of an audit that related to audit planning:
Preliminary engagement activities
Obtain understanding of the entity
Establish materiality and access risks
Planning: set overall audit strategy and develop audit plan
Preliminary Engagement Activities
When planning an audit, auditor needs to begin by looking at client's business and its industry. Performing these activities helps the auditor to consider events or circumstances that may adversely affect the auditor's ability to plan and perform the audit engagement, can reduce audit risk to an acceptably low level.
It's important to use multiple sources to stay abreast of political and economic events that can affect clients. Auditors can monitor industry-specific trends through industry conferences and trade publications. Perform the following preliminary engagement activities at the beginning of the current audit engagement is required, which stated in auditing standards:
Procedures regarding acceptance and continuance of the client relationship and the audit engagement.
Evaluating of independent and other ethical requirements.
Establish the terms of engagement
It is importance for audit firm to establish proper quality control policies and procedures in their decision making process regarding the acceptance and continuance of audit engagement.
Obtain Understanding of Entity
The engagement team should gain an understanding of the auditable unit's business and operations as well as any of its unique characteristics or business practices. Before accepting an audit engagement, the team should review any prior-year workpapers related to the client so that to ensure the integrity of prospective clients. They should also consider obtaining background information on the client's responsibilities and processes via Web searches, company document reviews, and discussions with senior management or other personnel familiar with the client's business area. Internal auditors should pay particular attention to new processes or guidelines, employee turnover, or items that may seem out of the ordinary or unusual.
Auditors need to gather various levels of data about the business. Good sources of information include organizational charts, system and process flow charts, employee profiles, customer profiles, supplier profiles, vendor profiles and supporting documentation for current initiatives.
Auditors can also use questionnaires to gather company data from the management team and company employees. Questionnaires help to initiate discussions with company personnel and can help you identify risks so that you can further tailor the auditing process.
Such consideration is essential to minimize the likelihood of associating with clients who lack integrity. If an auditor is associated with a client who lacks integrity, material misstatements may exist and not be detected by auditor. This can lead to lawsuits brought by users of the financial statements. In discussing client acceptance issue, a distinction is made between evaluating a prospective client and continuing a current client.
Establish Materiality and Assess Risk
When major events occur, auditors need to quickly assess the potential effects on client's business and on the audit process, and then need to review findings with client's management team.
Auditors also need to collect information about the client company's internal practices. Arrange to meet with client's management team to review any process or system changes that might affect the audit. Determine the potential impact of major corporate events such as:
Large increases in sales
Significant employee turnover
New business initiatives
Consider using technology to help auditors identifies areas of risk. For example, they might use database tools to identify specific events that need closer monitoring, such as a sharp increase in customer returns or small transactions.
This can prevent inaccurate or fraudulent accounting practices only after they truly understand clients' business risks.
Planning: Set Overall Audit Strategy and Develop Audit Plan
Firstly, auditors need to identify the deliverables of the audit plan. For example, if their audit focuses on compliance reviews, it needs to include the filing of regulatory documentation. But if performing a more traditional audit, they need to focus more on policies, financial controls, and GAAP compliance. Knowing the expected deliverables for audit can help determine its focus, timing, level of detail, and expected duration.
Second, identify the audit scope. After have assessed the organization and defined the audit's deliverables, auditors can start creating the scope document. To avoid confusion during the audit, summarize the scope document for client's management team. Identifying the exact scope of the audit keeps auditors from being distracted with issues that do not immediately relate to the current audit. In the course of the audit process, make note of issues that fall outside the current scope so that you can address them later.
Then, develop a project plan. A successful audit requires a thorough project plan. The previous analysis, in turn, helps auditors to define detailed task lists, potential project phases, time frames, and resulting resource needs.
The Importance of Audit Planning
An efficient and effective audit can only be performed if the audit has been thoroughly and properly planned as what stated above.Â It is important to understand that once the planning of the audit is completed.Â There could be occasions such as unforeseen circumstances when the audit plan might need to be changed.
Supervision and documentation is very important in audit planning phrase.Â The auditor should also ensure that they plan the nature, timing and extent of the review of the work of the engagement team members.Â The review of previous engagement team members' work will vary depending on various factors such as the complexity of the audit engagement, the risk of material misstatement and the competencies involved.Â
Any significant changes to the overall audit strategy and audit plan must also be documented.Â Standard audit programmes can be used to deal with this issue, however it is important that the auditor tailors the audit programme appropriately so it is specific to the engagement.Â
The audit should be used to establish an overall strategy for the audit, develop an audit plan and reduce audit risk to an acceptably low level.Â In other words, the auditor should plan the audit engagement so that it will be performed in an effective manner and in accordance with auditing standards. At the planning stage the auditor will develop the overall audit strategy.Â The audit strategy sets the scope, timing and direction of the audit.Â At this stage the auditor will develop the detailed audit plan which will help identify problem areas and important audit areas. Then the auditor is able to develop the more detailed audit plan to address the matters identified in the overall audit strategy.Â The auditor should then reduce the audit risk to an acceptably low level.Â Audit risk is the risk that the auditor will arrive at the wrong opinion.
The planning stage of the audit is an extremely vital area.Â Going in to an audit 'blind' is wreckless and does not conform to the ISAs relating to planning - namely ISA 300 and ISA 315.Â The core principle involved in the audit planning is to ensure the audit is carried out efficiently and that sufficient attention is devoted to important audit areas.
Tips for prepare an efficiency audit plan.
Ask management to co-sign the audit plan. This step encourages management's early commitment to the rationale for the audit and the organization's allocation of audit time.
Focus on management objectives. Our objectives as auditors must fit within the overall context of management's objectives; otherwise, management is much less likely to implement any recommendations from the audit.
Explore the viability of facilitating a workshop during the audit planning process to gather information and identify risks and controls. You may not actually ask for a self-assessment of controls, but including client personnel in the planning process can enhance the audit's applicability to management goals and objectives.
Understand the macro-level risk assessment process well enough to know why the current audit is being performed. Starting an audit by saying, "We're here because it's been two years since we were last here," is not what clients want to hear. We should be able to say why, on an overall company risk basis, it makes sense to perform the audit at that time. The micro audit plan should make such macro-level factors the underlying focal point of the audit.
Writing the audit programs.
Determining how and when audit results will be communicated.
Obtaining approval of the audit planning results. Beginning auditors who want to know more about audit planning, such as what to include in meetings with management and how audit planning should be documented
In conclusion, by following these audit procedures when in the planning stage of audit, the audit is reasonably efficiency.
Result and discussion
As observation of a few audit committee report of a private sector company in Malaysia, They conducted a review of the annual audit plan and internal and external auditors to prepare room for a year, and this activity is essential. These activities were conducted by audit committee in line with the terms of reference during the financial period under review.
From the review of operation review of The Jelutong Stp Project, internal audit plan was considered as the major findings of internal audit, fraud investigations and actions and steps taken by management in response to audit findings. The next finding in the report was reviewed and approved the Annual Audit Plan for the next financial year prepared by the Internal Audit Department to ensure fully protect the high-risk areas have made significant corporate events. The Internal Audit personnel have actively conducted several independent reviews based on the approved Annual Audit Plan throughout the financial year under review. From those findings, it showed that the importance on reviewed the internal audit plan which let the external auditors discover the risk area of the company and increase the efficiency level of the audit work. Based on the internal audit plan, the external auditors can easily understand the strength and weaknesses of the internal control. Then the external auditors can design and conduct the audit procedures in the lowest cost, resources and the shortest time.
Besides that, reviewed the Audit Planning Memorandum with the external Auditors, Messrs BDO Binder on the scope of their audit including audit procedures, significant accounting and auditing issues, impact of new or proposed changes in accounting standards and regulatory requirements and how the changes will be subsequently reported also a finding of the report. From this finding, the auditors can ensure that they were conducted the audit in the effective and efficiency way. As an example, within the audit plan, the auditors can make sure the audit conduct based on the latest accounting standard, rules and regulation where they can refer to the government ISO.
For the second review from the Tradewinds Corporation Berhad's Audit Committee Report in year 2008, internal auditor for the operation of the internal audit function and risk-based audit plan is reviewed and approved by the Board of Auditors. The risk-based audit plan covers the review of key operational and financial activities including the efficacy of risk management practices, efficiency and effectiveness of operational and financial controls and compliance with the relevant Laws and Regulations. From this finding, it show that the audit plan is not only used by the external audit to conduct the efficiency audit but it also used by the internal auditor to ensure their financial and operational control was conduct in a efficient and effective way. The internal audit professionals take a risk-based audit plan to internal audit to help clients improve performance and operational efficiency too.
For the third review from the audit committee report of QSR Brands Berhad on year 2004 listed that The General Internal Audit Department's scope of work covers all the operating divisions of the Group and they performed their duties in accordance with the annual audit plan that was approved by the Audit Committee. As part of its audit strategies, the General Internal Audit Department conduct risk assessments, review the adequacy and effectiveness of internal control system and reviewed with the Group's policies and procedures and regulatory requirements, but also examined the level of compliance with business processes in order to enhance the Group's actions are aimed at. During the financial year, the General Internal Audit Department issued eighteen audit reports. From this finding, it show that how importance of audit plan from the audit committee to the internal auditor and there were mention in the report that no any material internal control failures that resulted in a significant financial loss to the Group. This means that how an efficient audit had been conducted by the company within an audit plan of the group.
The last review from the audit report of Air Asia Berhad on year 2007 listed that the used of audit report towards an internal auditor. The audits and reviews conducted by internal audit are defined in an annual audit plan that was reviewed and approved by the Audit Committee at the beginning of each financial year. The plan was derived from a risk assessment process which considers the risks within each department and the extent that it would have an impact on the Air Asia. The audit plan can ensure the auditor to focus on the most risk area, implemented all the responsibility within the time frame and all the things that done by the company is compliance with internal control and relevant law and regulation. This process is continually reviewed and strengthened as appropriate. A key performance indicator in the following year is to roll out risk management to the rest of the Air Asia Group's associates.
From the review on a few of annual report and audit committee report in Malaysia's private sector company, we found that the audit plan is useful to an auditor to perform a efficiency audit.
The audit plan and audit efficiency in private sector are well organize. Although it is still contain a reasonable audit risk, but overall is satisfy and do not have significant mistakes. Audit plan assist auditor to detect audit risk and included step to do sufficient risk assessment. In addition, audit plan also state the substantive test that have to be done in order to provide true and fair view to users. By using audit plan, auditor can organize audit work and clarify the job scope.
With well organize audit plan, audit efficiency can be increase. With that, energy, time and money can be attributing in the right place. Therefore, auditor can focus on the significant risk area and complete the audit report at a minimum time.
Audit plan also is a working paper that help auditor to keep all the audit evidence obtained during financial statements auditing. Audit plan are able to support the audit work done in order, sufficient and assurance audit evidence. Audit plan are an important property of the auditor. In order to keep professional ethic, it cannot disclose to third party without consent of the client unless limited specified situations mentioned in ISA 230 Documentation or required by law, such as court order, for public interest and so on. It can be: