4021 Establish an audit strategy

Apr-2018

CAS Guidance

Once the overall audit strategy has been established, an audit plan can be developed to address the various matters identified in the overall audit strategy, taking into account the need to achieve the audit objectives through the efficient use of the auditor’s resources. The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete or sequential processes, but are closely inter-related since changes in one may result in consequential changes to the other (CAS 300.A12).

CAS Guidance

Examples of matters the auditor may consider, include (CAS 300.Appendix):

• The financial reporting framework on which the financial information to be audited has been prepared, including any need for reconciliations to another financial reporting framework.

• Industry-specific reporting requirements such as reports mandated by industry regulators.

• The expected audit scope, including the components at which audit work is expected to be performed for the purposes of a group audit, and the extent to which component auditors will be involved.

• The nature of the control relationships between a parent and its entities or business units that determine how the group is to be consolidated.

• The nature of the business segments to be audited, including the need for specialized knowledge.

• The reporting currency to be used, including any need for currency translation for the financial information audited.

• The requirement for an audit of financial statements for statutory, regulatory or other reasons in addition to audit work performed for the purposes of the group audit.

• Whether the entity has an internal audit function, and if so, whether, in which areas, and to what extent the work of the function can be used, or internal auditors can be used to provide direct assistance, for purposes of the audit.

• The entity’s use of service organizations and how the auditor may obtain evidence concerning the design or operation of controls performed by them.

• The expected use of audit evidence obtained in previous audits, for example, audit evidence related to risk assessment procedures and tests of controls.

• The effect of information technology on the audit procedures, including the availability of data and the expected use of computer-assisted audit techniques.

• The coordination of the expected coverage and timing of the audit work with any reviews of interim financial information and the effect on the audit of the information obtained during such reviews.

• The availability of client personnel and data.

CAS Guidance

Examples of matters the auditor may consider, include (CAS 300.Appendix):

• The entity’s timetable for reporting, such as at interim and final stages.

• The organization of meetings with management and those charged with governance to discuss the nature, timing and extent of the audit work (OAG Audit 2214).

• The discussion with management and those charged with governance regarding the expected type and timing of reports to be issued and other communications, both written and oral, including the auditor’s report, management letters and communications to those charged with governance.

• The discussion with management regarding the expected communications on the status of audit work throughout the engagement.

• Communication with component auditors regarding the expected types and timing of communications in connection with the audit work performed for the purposes of the group audit.

• The expected nature and timing of communications among engagement team members, including the nature and timing of team meetings and timing of the review of audit work performed.

• Whether there are any other expected communications with third parties, including any statutory or contractual reporting responsibilities arising from the audit.

CAS Guidance

Examples of matters the auditor may consider, include (CAS 300.Appendix):

• The determination of materiality in accordance with CAS 320 and, where applicable:

  • The determination of component performance materiality and communication thereof to component auditors in accordance with CAS 600;
  • The initial expectations about the classes of transactions, account balances and disclosures that may be significant.

• Preliminary identification of areas where there may be a higher risk of material misstatement.

• The impact of the assessed risk of material misstatement at the overall financial statement level on direction, supervision and review.

• The manner in which the auditor emphasizes to engagement team members the need to maintain a questioning mind and to exercise professional skepticism in gathering and evaluating audit evidence.

• Results of previous audits that involved evaluating the operating effectiveness of internal control, including the nature of identified deficiencies and action taken to address them.

• The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity.

• Evidence of management’s commitment to the design, implementation and maintenance of sound internal control, including evidence of appropriate documentation of such internal control.

• Changes within the applicable financial reporting framework, such as changes in accounting standards, which may involve significant new or revised disclosures.

• Volume of transactions, which may determine whether it is more efficient for the auditor to rely on internal control.

• Importance attached to internal control throughout the entity to the successful operation of the business.

• The process(es) management uses to identify and prepare the disclosures required by the applicable financial reporting framework, including disclosures containing information that is obtained from outside of the general and subsidiary ledgers.

• Significant business developments affecting the entity, including changes in information technology and business processes, changes in key management, and acquisitions, mergers and divestments.

• Significant industry developments such as changes in industry regulations and new reporting requirements.

• Other significant relevant developments, such as changes in the legal environment affecting the entity.

CAS Guidance

The process of establishing the overall audit strategy, subject to the completion of the auditor’s risk assessment procedures, may include such matters as (CAS 300.A9):

• The nature of resources (human, technological or intellectual) to be deployed for specific audit areas. For example, the deployment of experienced team members for high risk areas or the assignment of experts to address complex matters.

• The amount of resources to be allocated to specific audit areas. For example, the number of team members assigned to attend the physical inventory count at multiple locations, the extent of review of other auditors’ work in the case of group audits, or the audit budget in hours to allocate to high risk areas.work in the case of group audits, or the audit budget in hours to allocate to high risk areas.

• When these resources are to be deployed, such as whether at an interim audit stage or at key cut-off dates.

• How such resources are directed, supervised or used. For example, when team briefing and debriefing meetings are expected to be held, how engagement partner and manager reviews are expected to take place (for example, on-site or off-site).

Examples of matters the auditor may consider, include (CAS 300.Appendix):

• The human, technological and intellectual resources assigned or made available to the engagement (e.g., assignment of the engagement team and the assignment of audit work to the team members, including the assignment of appropriately experienced team members to areas where there may be higher risks of material misstatement).

• Engagement budgeting, including considering the appropriate amount of time to set aside for areas where there may be higher risks of material misstatement.

CAS Guidance

In audits of small entities, the entire audit may be conducted by a very small engagement team. Many audits of small entities involve the engagement partner (who may be a sole practitioner) working with one engagement team member (or without any engagement team members). With a smaller team, coordination of, and communication between, team members are easier. Establishing the overall audit strategy for the audit of a small entity need not be a complex or time‑consuming exercise; it varies according to the size of the entity, the complexity of the audit, and the size of the engagement team. For example, a brief memorandum prepared at the completion of the previous audit, based on a review of the working papers and highlighting issues identified in the audit just completed, updated in the current period based on discussions with the owner-manager, can serve as the documented audit strategy for the current audit engagement if it covers the matters noted in paragraph 8 (CAS 300.A13).