Audit planning sets the tone for the audit. If audit planning hasn't been done well, it can make the entire audit much more difficult. You should be answering four key questions during audit planning:
What information should we collect?
- Start with the business objectives. Sometimes these are implied not documented. This could be another value-added solution you bring to the audit by getting everyone on the same page about their business objectives.
- Process owners should have specific, measurable, achievable, relevant and time-bound (SMART) goals.
- Make sure you’re speaking to the right people.
How can we make sure we collect complete information when planning an audit?
- Use a planning checklist to create a structured, repeatable, and documented consistent process. A checklist also provides the following benefits:
- Audit risk is minimized.
- An array of topics is consistently considered.
- Auditor-in-charge work experience differences are evened out.
- New in-charge auditors can easily set an audit’s objectives and scope.
- A repository for planning information that can be accessed by other auditors involved in the review is created.
How can we better understand the process under review without sacrificing accuracy?
- Study a process for similarities and patterns.
Follow these five process buckets:
- Maximizer Process: Make, acquire and generate as much as possible (e.g., sales).
- Minimizer Process: Generate as little as possible (e.g., staffing).
- Line Process: Directly affect the achievement of business goals (e.g., manufacturing).
- Support Functions: Support line functions (e.g., HR, accounting).
- Control Functions: Mitigate risk (e.g., reconciliation divisions, quality control units).
How should we organize and analyze the information to arrive at useful conclusions concerning an audit’s objectives and scope?
- Think critically about the info you've collected, then write an audit planning memo.
- The purpose of the planning memo is to enable audit management to process and agree upon the audit’s objectives and scope before detailed testing begins. You can use bits of the planning memo in the audit report. The planning memo highlights the most important findings in your research.
Your audit planning memo should include the following items:
Essentially, any topic identified in the planning checklist could affect or threaten the business objective’s achievement. Examples include:
- Key systems
- A competitive environment
- The potential of fraud
- The planning memo should provide the business context for the area under review.
- The planning memo should describe the audit’s objective and scope.
- The type of review should be defined (e.g., balance sheet, data center review, operational audit, etc.).
- Include key audit objectives.
- Include why the entity should be audited.
- Include areas of particular audit focus.
- Include areas noted as having high risk.
Some additional questions you may have about audit planning:
- What is the hardest part of getting the planning process right?
A: Right means your boss is happy with it. Make sure your boss is on board with how it's going and document your ideas in a way that makes sense and can stand alone. Communication is key; get enough time with the right people and take the time to process what they meant by their answers.
- How long should the audit planning process take?
A: The purpose of the planning phase is to set the shape of the audit (i.e., determine the objectives and scope). Try to accomplish this in two weeks. Then, when you get into the next audit execution phase, the detailed assessment, you can take a deeper dive into inherent risks and key controls to develop the testing plan.
You can read more on this topic by exploring these related items on KnowledgeLeader: