AUD planning coverage for strategy, procedure selection, group audits, use of others, and technology in planning.
This chapter translates assessed risk into the actual audit approach. Once risks are identified, the auditor must decide what work to perform, when to perform it, who can help perform it, and how technology affects the plan.
Planning questions usually test whether the response matches the risk rather than whether the candidate can name a generic audit step. A higher-risk area may require more persuasive evidence, work closer to year-end, more experienced staff, or less reliance on others. A lower-risk area may still need procedures, but the nature, timing, and extent can change.
| Planning issue | Exam decision to make | Common trap |
|---|---|---|
| Overall audit strategy | Set the engagement direction, staffing, timing, and supervision based on risk and reporting needs. | Treating strategy as a fixed checklist prepared before risk assessment matters. |
| Detailed audit plan | Choose specific procedures for assertions and risks. | Confusing the broad strategy with the detailed procedure plan. |
| Nature, timing, and extent | Decide what evidence is needed, when to obtain it, and how much to test. | Increasing sample size when a different procedure or timing change is the stronger response. |
| Use of others | Evaluate competence, objectivity, scope, and the auditor’s responsibility for their work. | Assuming internal audit, component auditors, or specialists remove the principal auditor’s responsibility. |
| Technology in planning | Use analytics to identify risks, unusual relationships, and testing focus. | Treating analytics as a substitute for professional judgment or sufficient appropriate evidence. |
| Step | Planning action | Exam use |
|---|---|---|
| 1. Start with assessed risk | Link each significant risk or relevant assertion to the planned response. | Procedures should not be selected from a generic checklist. |
| 2. Choose the nature of work | Decide whether inspection, confirmation, recalculation, reperformance, analytics, observation, inquiry, or control testing is most responsive. | Stronger evidence may require changing the type of procedure, not just doing more work. |
| 3. Set timing | Decide whether interim work is acceptable or whether year-end or surprise procedures are needed. | Higher risk often pushes work closer to period end. |
| 4. Set extent | Adjust sample size, locations, components, staff involvement, and review depth. | Extent responds to risk only after the procedure and timing are appropriate. |
| 5. Evaluate use of others | Assess competence, objectivity, scope, supervision, and responsibility for internal auditors, specialists, or component auditors. | Using others can support the audit but does not eliminate the auditor’s responsibility. |