You are on page 1of 8

How to Prepare an Audit Plan

An audit plan explains the expected scope and functioning of the procedure under which
financial books of a company are minutely inspected to ensure they are accurate. Audit plans
make sure priorities within the audit process are addressed and direct the nature, timing and
extent of the program's success.

Audit preparation

Prepare the audit plan well. The audit plan needs to include certain preliminary checks,
such as the updating of all pertinent information, a review of risk, and, if possible, coordination of
the process.

Carry out a preliminary audit overview. This process gives insight into the audit plan and
the entire scope of the audit. Discuss with relevant stakeholders matters such as the completion
date, the process of the audit and even any matter relating to tax office guidelines. It is
important to know exactly what role each member within the audit team will play..

Gather all available information. This ensures that as detailed information as possible can
and will be used for the actual audit. For evidential purposes, the information collected needs to
be confirmed.

Review all gathered information. This helps to identify whether or not the audit scope
should be redefined. As this is the final step prior to the actual audit, the auditor must ensure
that all key issues are addressed and that a risk hypothesis has been developed. As the auditor
will now begin to develop a position, any necessary adjustments to the audit scope should be
made.

Pre-Audit Checklist
According to professional standards, auditors must plan audits using due professional care. This
includes gaining an understanding of the audit client's business processes, objectives and risks.
A common tool used during audit planning is the pre-audit checklist, or questionnaire. The
checklist can have many uses, including gathering preliminary information to scope the audit,
determining the key business risks, identifying areas for more audit attention and informing the
client of data needs.

Client Information Collection

Pre-audit checklists are often used to gather important information from the audit client
during the planning phase of an audit. For example, in a financial statement audit the auditor
may send a checklist requesting specific information such as bank statements, lease agreements
and insurance policies for a certain time period. A questionnaire can also be sent to the client to
gather key information regarding business objectives and risks. The auditor can use this
knowledge to target and prioritize audit fieldwork.

Audit Information Communication

A pre-audit checklist can be also be used as a tool to provide important information to the
audit client. For example, a communication may announce the date and duration of an upcoming
audit, preliminary audit scope and objectives and audit requirements, such as office space
accommodation and data access needs. This announcement can be combined with preliminary
information requests. The information can be either forwarded to the auditor during planning or
be made available to the auditor at the audit location.

Internal Information Collection

A pre-audit checklist can also function as an internal document for the audit team to
ensure key information is gathered. For example, a checklist may require the auditor to internally
generate certain reports and metrics such as financial statements and key performance metrics.
Gathering this information independent of the audit client lends more credibility to its accuracy.
Also, the auditor can gather information from third party sources, such as suppliers, creditors,
and customers using a checklist approach.

Internal Quality Assurance

Another purpose of a pre-audit checklist is to ensure internal audit guidelines and


practices are followed. For example, a checklist may include items such as required data, reports
or analyses for each audit or approval of audit objectives, scope and test procedures by audit
management. Other checklist items may include audit client communications and auditor travel
arrangement verification, Checklist documentation can provide credible evidence to outside
parties that the audit planning process followed certain standards.

How to Create an Audit Plan


Audit plan creation can begin as early as six months before the business's audit year starts and
can require considerable staff and management resources. Audit plans should consider all areas
of the business and focus resources on those with the highest risk. Once you have assessed
these risks, you can determine how often you perform audits and evaluate whether your staffing
levels need adjustment.

Things You'll Need

Business organization chart

Business income statement

Results and dates of last audit for each business area

Define the Audit Targets

Review the business's organization charts to identify all business areas and support units.

Review the business's income statement to identify all sources of revenue. Make sure they
are accounted for in the organization chart.

Meet with business managers to discuss any plans to open new business or support units,
or to close, consolidate or sell existing units. Follow up on any anomalies between the income
statement and the organization chart.

Decide how to split your audit universe (the areas you will audit). Once you establish an
audit universe, you will audit each unit or department on a risk-based cycle, usually three years.
You may choose to audit business units in their entirety, from manufacturing or sales to shipping
and collections, including all supporting functions such as human resources, accounting, tax,
strategy and information technology. Or, you can perform smaller audits of discreet business
activities such as sales or collections, or support activities such as human resources.

Risk Assessment

Establish a numeric approach to rating the risk of each unit so you can allocate scarce
audit resources to the riskiest areas of the business. Factors to consider include: income and/or
expense contribution; transaction volume, which might include number of items manufactured,
number of employees hired or number of transactions processed through a computer system;
time since the last audit and the results; and the degree of strategic significance the unit has to
the overall business.

Determine a numeric cut-off for high-, medium- and low-risk units. For example, units
scoring between 80 and 100 (high risk) might be audited annually; those scoring between 50 and
80 may be audited every two years; and those scoring below 50 (low risk) would be audited
every three years.

Rate each unit based on its risk and assign an audit frequency. If possible, include business
managers in the process to gain their perspective on each unit's risk.

Other People Are Reading

Establish how much time you will allocate to each audit, considering the manual and
automated procedures you will need to perform.

Determine how many hours of audit time your staff has available and compare it to the
audit time required. If the numbers do not match, request additional staff or reduce the hours per
audit or the number of audits you perform each year.

Discuss the draft audit plan with the business's managers and get their approval for it and
related resources.

An Audit Scope Checklist


An audit scope checklist is a document created during the planning stages of an audit. It lists all
the tasks that must be completed during the audit. This checklist is normally created by a senior
auditor who is responsible for the whole audit. An audit scope checklist typically contains five
different sections: scope, evidence collection, audit tests, analysis of the results, and the
conclusion.

Scope

The scope of an audit checklist outlines the main details of the audit. It contains
information about the client, any concerns that could be factors, the focus of the audit, the time
line and the required outcome. Many times, the scope also allocates the resources that will be
used during the audit. The resources will describe which departments or divisions will be involved
in the audit, and what roles they will play.

Evidence Collection

The next section in an audit checklist is for evidence collection. This is where the auditor
determines the sources from which to collect information. Depending on any known concerns,
there are many places in an organization that the auditor will collect information from for a
financial audit. These include accounts payable, accounts receivable, inventory records and

banking information. All places from which information will be collected are marked on the audit
checklist, focusing on any areas with concerns.

Audit Tests

Audit tests is the next section on the checklist. This section is labeled similarly to the
evidence collection section, listing all areas that are sources of evidence. Each area in this
section is listed, along with the type of tests used for that specific area. This section shows the
auditor the type of testing required for each area.

Analysis of Results

This section of the audit checklist contains a place to organize the results found in the
audit. The results are organized by section, and the checklist is given to the senior auditor.

Conclusion

The conclusion section to an audit checklist contains room for the auditor to write his
opinion. In this section the auditor describes the methods used in the audit, along with the
results, and he gives any opinions about the conclusion of the audit.

How to Write an Internal Audit Plan


The Institute of Internal Auditors requires that the chief audit executive establish risk-based plans
that drive internal audit activity. Audit planning is a process that identifies all business areas;
assesses the risk of each using a standard methodology; and uses available audit and financial
resources to determine which audits will be performed during a year.
Once planning is complete, a written internal audit plan should be developed and communicated
to management. The plan should include background information; a summary of the risk rating
methodology and staffing allocations; and audit plan details.

Things You'll Need

Details of audit planning activities


Internal audit department staffing details

Background Information

Include a summary of the documents purpose to explain to readers what an internal audit
plan is and what makes it useful. The St. Louis Federal Reserve Bank indicates that the audit plan
can be used by executive management to oversee both the business's and the audit
departments performance during the year.

Include the internal audit departments mission statement and objectives.

Explain how the audit plan was developed. It is usually based on a standardized risk
assessment; discussions with management; evaluations of prior audit results; inclusion of audits
mandated by regulatory bodies or parent companies; and management requests.

Provide a summary of the companys background, regulatory environment and current


operations as an aid to readers unfamiliar with the business.

Risk Rating Methodology and Staffing Allocations

Describe the methodology used by the audit department to assign risk to individual audit
areas or businesses. Risk rating will usually involve assessments of quantitative risk areas such
as credit or financial risk, along with evaluations of less tangible risk areas such as staffing,
strategic importance and legal risk.

Describe the structure of the internal audit department, providing organization charts as
needed. Include explanations of available time, documenting hours available for audit work
during the year and explaining the difference between available hours and working hours (i.e.,
most audit departments exclude vacation, holiday and administrative time from available hour
calculations).

Document significant changes in the internal audit departments structure or personnel


since the last audit plan, or changes that are planned for the coming year.

Provide a summary of the backgrounds of key audit personnel, if appropriate.

Audit Plan Details

Provide a brief description of each audit planned for the year, including scheduled audit
hours and general audit scope.

Include a list of all auditable areas and document the department or businesss risk rating,
date of the last audit, audit result, hours used during the audit, and planned dates and audit
hours for future audits. This list demonstrates how risk ratings and prior audit history influence
the future audit schedule.

Compare the previous years audit resource allocation to each auditable area to the
coming years allocation using a pie chart or bar graph, to demonstrate how audit focus will
change. Provide an explanation for significant deviations.

How to Write an Audit Memo


Audit memorandums report the findings of an audit to the client. Auditors may also send a memo
at the end of an internal audit to inform managers, owners or board members of the audit team's
recommendations. The scope of an audit varies based on the company's needs. For example, an
internal audit may focus on the efficiency of a company's procedures rather than evaluating its
financial information.

Header and Introductory Paragraphs

List the date at the top of your audit memo. Drop down several lines and list the client's
name, address and identification number, if applicable. Specify the period covered by the audit in
the introductory paragraph. If the memo relates to a quarterly audit, include the fiscal year to
which it belongs. State the initial objective of the audit, such as verification of financial
statements, internal use or tax analysis.

Body of Memo

Use the body of the memo to discuss the results of the audit. List the areas included in the
audit and the method used to evaluate each. For financial audits, be as specific as possible with
the dollar amounts and dates of any questionable transactions.

Final Paragraph

In the final paragraph, offer a brief summary of your opinion of the company's processes.
List the areas that worked well and offer recommendations to address any problem areas.
Provide your contact information in case the recipient has any questions about your findings or
would like to schedule a follow-up audit after correcting the issues.

How to Design Audit Procedures


Auditing is a process companies use to review their operations, financial information and
compliance with government regulations or other guidelines. Many companies use public
accounting firms of independent professional accountants for this process. Audit procedures
outline how individuals will conduct an audit and compare a company's information to national
accounting standards or other rules. Designing audit procedures typically includes universal
principles or procedures specific to a company's operations and individual job functions or tasks.

Things You'll Need

Accounting principles

Auditing principles

Financial information
Review national accounting and auditing standards. Generally accepted accounting
principles (GAAP) and generally accepted auditing standards (GAAS) are the most authoritative
accounting and auditing standards in the U.S. Accountants should review these standards to
design auditing procedures that accurately reflect these concepts.

Create a sampling process. Audits do not test every transaction during the review process.
Accountants must create a statistical or non-statistical system to select a random sample of the
company's information. This procedure can be computer generated or a manual random
selection process.

Develop individual fieldwork techniques. Accountants will complete most of their work
during the fieldwork stage. These procedures use a mix of observations, interviews and
recalculations. Observing and interviewing procedures are better when physical items are under
review, while recalculating information is common when accountants must test the accuracy and
validity of information.

Evaluate internal controls. Publicly held companies must use internal controls to safeguard
their financial information. Audit procedures should include an interview of company
management to assess their knowledge of the controls, observe the controls if possible and test
information to ensure all signatures or authorization exists on documents.

Tips & Warnings

Audit procedures can change over time. Professional accountants should consider taking
current seminars or courses to learn about accounting issues and how to create audit
procedures.

Failing to develop strong audit procedures can allow inaccurate information to remain in a
company's accounting information. This can create dangerous legal situations for both auditors
and their clients.

Audit Preparation Checklist


Audits are an internal or external review of a companys operations for financial information.
Companies use operational audits to ensure they remain in compliance with operating standards
or regulatory guidelines. Financial audits compare the companys financial information to
national accounting standards. Business owners use financial audits to ensure their accounting
information accurately represents their companies financial health. Audits require a certain
amount of preparation. Auditors use checklists to ensure they gather all necessary information
prior to conducting an audit.

Management Information

Audit checklists usually include information about a companys management structure.


Owners, directors and managers responsible for business operations are an important part of the
audit checklist. Auditors use this information to determine who oversees certain business
functions. Owners, directors and managers are also responsible for answering auditor questions.
Auditors may frequently meet with these individuals prior to, during and after the audit.

Manuals

Manuals outline the companys specific business or accounting policies and procedures.
Auditors use these manuals to compare actual information from various departments to the
companys standard operating procedures. Companies can have a single manual for the entire
company or several individual manuals. Auditors will request each manual pertinent to the audit.

Accounting Ledger

The accounting ledger includes information on a companys financial transactions.


Auditors review the accounting ledger to ensure all information is internal and external
accounting standards. A companys accounting ledger can include the general ledger and several
subledgers or journals. An audit checklist will usually outline the specific ledgers needed for the
audit. Companies often limit the scope of an audit to save money. Limited scope usually requires
fewer accounting ledgers and journals for the audit process.

Tax Information

Companies may disclose tax information during financial audits. External auditors review
this information to ensure the company accurately reports income for tax purposes. Sales tax,
payroll tax and property tax represent a few other taxes auditors can review. Companies may not
have each of these taxes depending on their operations. Auditors will usually question company
management to determine how many tax liabilities the company must report to government
agencies.

Bank Statements

Bank statements are an important part of the audit preparation checklist. Auditors
measure the companys cash flow to assure they have enough capital to remain in business.
Companies can have several bank accounts depending on the size of their operations. Auditors
will need general, wire transfer, payroll and disbursement statements during audit preparation.

Reconciliation

Reconciliations represent internal company reviews regarding financial accounts. Company


accountants are usually responsible for reconciling financial information. Auditors will gather
these reconciliations in preparation for an audit. Reconciliations include inventory, depreciation,
fixed assets and bank accounts. The number and scope of reconciliations depend on the size of
the companys accounting department.