The objective of the audit planning stage is for the auditor to determine the tactical audit plan for the audit engagement. The auditor develops this plan by firstly obtaining a detailed knowledge of the client's business and secondly by identifying the competence and availability of the staff members that will comprise the audit team. This knowledge includes an understanding of the entity and its environment, including its internal control [fn], sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures (ISA315.2).
In obtaining the detailed knowledge of the client's business, the auditor undertakes various risk assessment activities including analytical procedures, completing questionnaire's and control matrices, inquiring of appropriate client personnel, inspecting records, reviewing systems and systems documentation, "walking" through the audit trail, "reperforming" client's procedures, observing the client's activities and operations, reviewing permanent working paper files, and performing CAATS. The understanding is documented in the working papers.
The auditor then uses this knowledge to evaluate inherent and control risks for each material account balance assertion. For any one account balance assertion, given the acceptable level of audit risk (AR*}and the related evaluations of inherent and control risk [IR and CR}, the auditor can derive the acceptable level of detection risk [AR*].
In particular, the auditor evaluates AR*2 for each material account balance assertion as well as IR2 and CR2. (Note that auditors refer to CR2 as the preliminary evaluation of control risk, as a subsequent evaluation may be made in the next audit stage.) Given that the achievable audit risk [AR2] must be not greater than the acceptable audit risk [AR*2] (in other words, given that the auditor must be able to achieve a level of risk that is acceptable), then the value of AR*2 latter can be substituted for AR2 in the equation for the audit risk model (AR2 = IR2 x CR2 x DR2) to determine the acceptable level of detection risk DR*2 for each account balance assertion. (That is, DR*2 = AR*2 / IR2 x CR2). The auditor documents the evaluation of these risks in the audit working papers.
Consideration of the respective values of control and acceptable detection risk for each account balance assertion (i.e. consideration of CR2 and DR*2) assists in determining the audit approach [fn]. The auditor documents the audit approach for each assertion, along with the time budget and staff planning schedule, as part of the tactical audit plan, facilitating the conduct of an efficient and effective audit.
