The importance of audit planning
What is the purpose of audit planning if the audit may not ultimately follow the carefully thought out plan? As may be inferred from Dwight D. Eisenhower’s words—”Plans are worthless, but planning is everything”—the value of audit planning is not derived solely from the resulting audit plan. Often overlooked, the real benefit of audit planning is gained from the process itself. In painstakingly documenting endless client details, auditors achieve more than just compliance with professional standards—they also develop more efficient engagements and help reduce professional liability risk.
Consider the importance of planning in this claim scenario:
The senior on a CPA firm’s largest audit engagement received a request from the client’s CFO for a copy of “any communications the firm has sent relating to internal–control–related matters identified during the current– and prior–year audits and copies of internal control documentation completed by the firm.” Operating under the assumption that the client was finally going to address its many pesky control deficiencies, the senior happily sent an email with the requested documents.
A short time later the firm received notification of a lawsuit from the client. The complaint asserted that the audit firm had failed to detect an embezzlement scheme perpetrated by the accounts payable clerk. It further indicated that the firm’s failure to detect a breakdown in internal controls allowed for the payment of fictitious vendor invoices.
The firm’s legal counsel hired an expert to review each year’s engagement workpapers. One hopeful yet disturbing issue arose: The firm had informed the client of a significant deficiency in internal controls in its prior–year management letter. Had the deficiency been corrected, the embezzlement scheme likely would have been discovered. The disturbing point—the significant deficiency was not mentioned in current–year engagement planning documentation, neither in risk assessment nor in the design of planned audit procedures. It appeared as though the prior–year documentation had simply been copied to the current–year file with updated completion dates. No additional audit procedures addressed the issue, and the scheme continued for an additional six months beyond issuance of the current–year audit report.
As exemplified above, use of the “same as last year” (SALY) mentality can be a major pitfall in audit planning. SALY disregards the advantages of the planning thought process, focusing instead on getting the job done quickly. Many planning pitfalls, including relying too heavily on checklists or compartmentalizing each step of the audit, result from trying to save time in the present without consideration of the rest of the engagement. Conversely, an engagement that is effectively planned could eliminate over– or under–testing, lead to more relevant documentation, and help reduce the likelihood of audit failure or a potential professional liability claim, saving time in the long run.
Audit planning is not a simple process. It involves consideration of client industry and regulatory factors, client operations and administration, availability and assignment of firm resources, engagement timing, and much more. Fortunately, the hard work of proper planning may not only enable more efficient audit execution, but it also provides auditors with important risk management techniques. Complying with all applicable professional standards when delivering services helps reduce professional liability risk. Consider the professional liability lessons that can be gleaned from these particular sections of the AICPA Statements on Auditing Standards:
Further, the resources should not be limited solely to the engagement team. Colleagues, peers, professional associations, technical standards, prior–year audits, and other engagements can all provide valuable insight. Utilizing all resources available to the engagement team may develop a more informed audit approach. For example, in the scenario above, the current–year testing of accounts affected by the significant deficiency could have been assigned to a more experienced team member or subjected to additional review.
In addition to the professional liability risk management considerations that can be gleaned from the professional standards, two additional suggestions should be kept in mind.
Daniel Gartland is a risk control consultant at CNA.
Continental Casualty Co., one of the CNA insurance companies, is the underwriter of the AICPA Professional Liability Insurance Program. Aon Insurance Services, the National Program Administrator for the AICPA Professional Liability Program, is available at 800-221-3023 or visit cpai.com.
This article provides information, rather than advice or opinion. It is accurate to the best of the author’s knowledge as of the article date. This article should not be viewed as a substitute for recommendations of a retained professional. Such consultation is recommended in applying this material in any particular factual situations.
Examples are for illustrative purposes only and not intended to establish any standards of care, serve as legal advice, or acknowledge any given factual situation is covered under any CNA insurance policy. The relevant insurance policy provides actual terms, coverages, amounts, conditions, and exclusions for an insured. All products and services may not be available in all states and may be subject to change without notice.
Research & References of The importance of audit planning|A&C Accounting And Tax Services