The main objective of engagement planning is to draw early attention to things that could possibly go wrong during the audit of financial statements of an organization.
The audit planning memo of Arthur Anderson dated February 6, 2001 revealed that the audit team assigned to Enron identified some serious red flags about some investing activities of Enron, discussed it amongst themselves but still went ahead to conclude that Enron had the ‘appropriate people and system’ that are capable of saddling the responsibilities of the company. Thorns of books and articles have been written about what happened next.
The question now is ‘will auditors now abandon planning simply because Arthur Anderson did not act on findings during planning? No of course! So let’s get down to the business of discussing the fundamentals of engagement planning of financial statement audit. Although this article is tending towards engagement planning of financial statement audit, the planning tips and issues discussed here are applicable to most assurance engagements.
Purposes and goals of audit engagement planning
The primary goal and objective of engagement planning of financial audit is to control engagement risks. This overriding objective is contained in the three basic goals of engagement planning that follows:
- To obtain (or update) an understanding of important events that have affected the audit client and its operations.
- To ensure that audit timetable is followed.
- To help identify risky areas of a client line of business.
Engagement planning of financial statement audit begins with carrying out risk management activities. Risk in audit engagement is the probability that something may go wrong during the actual audit. This is usually combined with audit quality management. The whole essence of audit risk management is to reduce the audit risks.
Some background works are done during the planning stage of an audit engagement before pen are put to papers. This section of this article on engagement planning of financial statement audit will take you through the preliminary stuffs.
Ensuring that desirable and low risk clientele database is acquired is the bane of risk management of public accounting firms. There is no law (as at the time of this writing) obligating public accounting firms to accept clients or to retain clients if they are perceived as being too risky or suspicious. Depending on the country where you operate from, client acceptance and retention policies and procedures may include:-
- Obtaining and reviewing financial information about the prospective client- Interim financial statements, annual reports, registration details, form 10-k, reports to companies house (if in the UK), report to HMRC, and report to other regulatory agencies.
- Inquiring of the potential client’s bankers, lawyers, analysts, or any other person(s) that have had any business or professional dealings with the prospective clients in the past. This will give useful insight that can be used to assess the risk profile of the prospective client
- Evaluate and assess the accounting or auditing firm’s independence with regards to the prospective client.
- Communication with predecessor auditor if there was one.
- Consider if there is need for any special skill(s) required for successful completion of the audit assignment.
- Are there any unusual risk that would be involved?
- Conduct background checks on key officers of the prospective audit client.
- Online search for any possible clue of pending or recently decided court cases, bankruptcy rumour, major disagreement, etc
- Engage the service of private investigator (PI) to get more information.
Careful client selection should be the bread and butter of proper engagement planning of financial statement audit. Decision to continue dealing with a client is similar to decision to accept clients the first time. The only difference is that the audit firm will be making a more informed decision when deciding on retention.
Communication between outgoing and incoming auditors (SAS 84)
We all know that nothing stays the same forever. Companies from time to time change auditors for various reasons. This sometimes is due to company policy to rotate auditors or due to argument over treatment of accounting item, or it can even be down to fee consideration.
The reason for the change of auditors does not really matter much, what we should be concerned is that we do not take on toxic client that will do more harm than good to the reputation of our firm. An auditing firm will always appear guilty in the eyes of all stakeholders when they are known for associating with clients that lack integrity.
To reduce the risk of accepting clients that will tarnish an audit firms’ image, auditing standards require a successor auditor to initiate contact with and attempt to obtain basic information directly from the predecessor regarding issues that reflect directly on the integrity of management.
The following are things that might be discussed or obtained.
- Disagreement about accounting principles or audit procedures
- Issues about fraud, illegal acts, and internal control recommendations
- Reasons for the change of auditor especially when predecessor’s appointment was terminated.
Please note that consent must be sought from the client before contacting the predecessor as client confidentiality still remains even after termination.
A refusal should be taken as a red flag and care must be taken when making decision as to whether to accept the engagement or not to accept it.
Obtaining engagement letters
At this stage of the engagement planning, the requirement of audit standard that requires auditors to reach mutual understanding with clients concerning the requirements and expectations of the audit exercise. This requirement must be properly document in written form.
An engagement letter should be prepared each time a new client is gained or when the contract of an existing client is renewed. This engagement letter among other things includes:
- Management responsibilities
- The objectives of the engagement (relevant laws and standards should be referenced)
- Form of report or communication
- Confirmation that precondition for audit exist
- Expectations and levels of representations/assertions.
- Confirmation of understanding of respective responsibilities
- Auditors responsibilities
- Scope and limitations of the engagement
- Fees and billing modalities
- Reference to further agreement between auditor and clients
The engagement acts as a contract therefore should be treated as such.
Planning for staffing requirement
Care must be taken to ensure that the right staff members with the right training, skills, experience and qualifications is drafted into the audit of every audit client – old or new.
Typically, audit teams usually consists of audit engagement partner, an audit manager, industry specialist, mix of audit seniors and audit juniors, computer specialist (if needed), a tax partner and a second (concurring) audit partner.
Detailing time table
Time budget is very important in every audit engagement. Plans have to be made during the planning stage of the audit to avoid running behind agreed time.
The timing of the work and the number of hours required to complete parts of the engagement should be detailed in the time budget. For an existing client, previous year’s time budget with necessary adjustment may be adopted. For a new client, predecessors’ time sheet can be used as a starting point.
UNDERSTANDING THE CLIENT’S BUSINESS AND ENVIRONMENT
The understanding of client’s business, industry and environment will help an auditor identify business risks and to an extent majority of financial risks that can lead to overstatement (Income and Assets) or understatement (Expense and Liabilities) of items.
Considering materiality at the planning stage helps the auditor think of efficiency and effectiveness from the very beginning. Materiality is an expression of the relative significance or importance of a particular matter in the context of the financial statement as a whole.
This implies that materiality runs through the whole process of audit engagement and therefore must start from the word Go. The auditor should set a performance materiality at the planning. Performance materiality is a technique used by auditors to slightly set materiality for certain items in order to compensate for other areas where the risk of uncorrected and undetected risks are higher.
An item might be material due to;
Its impact, or
Materiality is judgmental, but there are guidelines set by the standards. Range is given to guide auditors when planning for materiality. Auditors are advised to consider any figure that is up to 5% of Profit Before Tax, between 1/2 – 1% of Gross Profit, between 1/2 – 1% of Revenue, 1-2% of Total Assets, 2-5% of Net Assets, or 5-10% of Profit After Tax as Material for planning purposes.
Audit risk which is the risk that the auditor gives inappropriate opinion on the financial statement is made up of inherent risk, control risk and detection risk. Auditors must plan om how to deal with these kinds of risks from the beginning. The overview of the risk process is as follows;
- Perform Risk Assessment Procedures (ISA 315)
- Assess the risk of material misstatement (ISA 315)
- Respond to assessed risks (ISA 330)
- perform further audit procedures (ISA 330)
Auditors should plan adequately for a Risk Based Auditing.
Engagement planning in a computerized environment
In this day and age, an auditor will be embarking on a suicide mission if there is no adequate plan for computerised auditing. As a baseline during the planning stage, the engagement partner must ensure that skill staff in the area of IT auditing are included in the audit team. You may want to read this article on auditing through computer and auditing around the computer.
You will never go wrong if documentation runs through all that you do in auditing. In fact, you have to document the fact that you have adequately planned your audit. Findings are also documented in the form of an audit report.
Documentation will safe the day when a public accounting firm is challenged- a tip to reducing auditors liability.