Apply assurance planning, risk assessment, materiality, and acceptance judgment at role depth.
Assurance planning is the bridge between the engagement request and the work that can support a conclusion. In a CFE Day 2 assurance role, planning is not a background paragraph to rush through. It determines whether the engagement should be accepted or continued, which risks deserve attention, what materiality means in the circumstances, and what evidence strategy is proportionate to the assignment.
The core planning question is simple: what could make the conclusion wrong or misleading if the engagement team does not respond properly? The answer may come from management incentives, weak records, unusual transactions, pressure from lenders, independence concerns, tight deadlines, new systems, related-party activity, going-concern uncertainty, or a significant change in operations. Planning quality improves when each of those facts is connected to the work that follows.
| Planning area | What to identify | What to write |
|---|---|---|
| Acceptance and continuance | Conflicts, competence, integrity, independence, scope, timing, and client risk. | Whether the engagement should proceed, proceed with safeguards, or require more information. |
| Risk assessment | Accounts, assertions, estimates, controls, transactions, or disclosures that could be misstated. | Why the risk matters and how it should affect planned work. |
| Materiality | Quantitative and qualitative factors that affect the significance of misstatements or omissions. | The benchmark or consideration that is most relevant to the users and engagement purpose. |
| Evidence strategy | Procedures, documents, specialists, testing extent, and timing. | How the planned work responds to the identified risk. |
| Communication | Partner, management, audit committee, board, or other governance audience. | The issue, implication, recommendation, and follow-up needed. |
Acceptance is more than deciding whether the client is desirable. It is a professional judgment about whether the engagement can be performed with competence, objectivity, sufficient evidence, and an appropriate scope. A case may signal acceptance risk through unpaid fees, management pressure, missing records, a predecessor issue, a dispute over reporting, or a request for work that the firm is not prepared to perform.
When writing, avoid a vague statement such as “there may be an acceptance issue.” Explain the condition and consequence. For example, if management refuses access to prior-year working papers or key documents, the issue is not just inconvenient. It may prevent the team from obtaining evidence, increase detection risk, affect the planned approach, and require a discussion with the engagement partner before accepting or continuing.
Independence and ethics should be handled with the same discipline. Name the threat, connect it to the case fact, and recommend a safeguard or action. If the fact is incomplete, state the missing information and explain why it matters. A strong planning response does not pretend certainty when the case only supports a conditional conclusion.
Risk assessment should be specific enough to guide procedures. “Revenue is risky” is too broad. A stronger response identifies why revenue is risky in this case: new contracts, aggressive targets, bill-and-hold terms, cut-off issues, manual overrides, returns, related-party sales, or a change in accounting policy. The risk statement should point to the assertion or conclusion that could be affected.
Good risk language usually includes three parts: the condition, the possible error, and the planning response. For example, rapid growth with manual invoicing may increase cut-off and completeness risk, so the team should test invoices and shipping documents around year-end and reconcile manual listings to the general ledger. This format shows professional judgment rather than memorized concern.
Business risk and assurance risk should not be blended carelessly. A business risk matters in the assurance role when it changes the risk of material misstatement, the scope of work, the reliability of evidence, or the appropriateness of the report. If the client faces declining demand, the assurance issue may be inventory valuation, going concern, impairment, covenant compliance, or disclosure, depending on the facts.
Materiality is a planning tool, not a magic threshold. In case writing, the point is usually to choose the consideration that fits the users and the engagement. Profit before tax may be useful for a stable profit-oriented entity. Revenue, assets, normalized earnings, or a specific covenant threshold may be more relevant when earnings are volatile, the entity is asset-heavy, or the users care about compliance with a financing agreement.
Qualitative materiality often matters in Day 2 assurance. A small dollar amount may still be important if it affects debt covenants, management compensation, regulatory compliance, trend reporting, related-party disclosure, or a sensitive account. The response should explain why the fact changes the level of concern rather than merely stating that qualitative factors exist.
If the case does not provide enough information to compute materiality, do not force a fabricated number. State the likely benchmark, identify the information needed, and explain how the result would be used. That is better than presenting an unsupported calculation.
Planning should lead naturally to procedures. Each procedure should answer a risk. If the risk is inventory existence, inspection and count observation may be relevant. If the risk is receivable collectability, subsequent receipts and customer correspondence may matter. If the risk is management bias in estimates, the team may need assumptions, external data, retrospective review, and sensitivity analysis.
Procedures should be practical and case-specific. “Review support” is weak because it does not say what support or why. “Inspect the signed loan agreement to determine whether the covenant calculation uses EBITDA before or after unusual restructuring costs” is stronger because it identifies the document, the purpose, and the decision affected.
| Pitfall | Better approach |
|---|---|
| Listing every possible engagement risk. | Select the risks that change acceptance, materiality, evidence, or reporting. |
| Treating materiality as a formula only. | Explain qualitative factors and user needs. |
| Recommending procedures before identifying risk. | Write risk first, then procedure, then expected evidence. |
| Ignoring missing facts. | State the missing fact, its effect, and the follow-up needed. |
| Writing to the wrong audience. | Match the communication to the partner, management, or governance body. |
A planning answer can often be organized in four short moves: identify the planning issue, explain the case fact that creates it, state the implication for risk or materiality, and recommend the planning response. This structure works because it keeps the response from becoming a general assurance lecture.
Strong planning responses also show restraint. If an issue is important but not central to the assurance role, acknowledge it briefly and move on. Depth is not measured by word count. It is measured by whether the response gives the engagement team a defensible plan for the risks that matter most.