2

Audit Strategy, Planning and

Programming
2.1 Commencing an Audit
SA 200 “Overall Objectives of the Independent Auditor and the Conduct of an Audit in
accordance with Standards on Auditing” states that to achieve the overall objectives of the
auditor, the auditor shall use the objectives stated in relevant SAs in planning and performing
the audit. Without a careful plan, the overall objective of an audit may not be achieved. The
audit planning is necessary to conduct an effective audit in an efficient and timely manner.
2.1.1 Benefits/Advantages of Planning in an Audit of Financial Statements
Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. Adequate planning benefits the audit of financial statements in several
ways described hereunder-
(i) Attention to Important Areas - Planning would help the auditor to devote appropriate
attention to important areas of the audit.
(ii) Timely resolution of Potential Problems - It would also help the auditor identify and resolve
potential problems on a timely basis.
(iii) Proper Organisation and Management of Audit Engagement - Adequate planning would
help the auditor in properly organizing and managing the audit engagement so that it is
performed in an effective and efficient manner.
(iv) Proper Selection of Engagement Team - Planning would assist the auditor in the selection
of engagement team members with appropriate levels of capabilities and competence to
respond to anticipated risks, and the proper assignment of work to them.
(v) Direction and Supervision of Engagement Team - It would further facilitate the direction
and supervision of engagement team members and the review of their work.
(vi) Easy Coordination - Also, planning would be helpful to the auditor in coordination of work
done by auditors of components and experts.
2.1.2 Nature and Extent of Planning
So far as the nature of planning is concerned, it would vary according to-
(i) Size and Complexity of the Auditee - If the size and complexity of organization of which
audit is to be conducted is large, then much more planning activities would be required as
compared to an entity whose size and complexity is small.

© The Institute of Chartered Accountants of India

 2.2 Advanced Auditing and Professional Ethics

(ii) Past Experience - The key engagement team members’ previous experience also
contributes towards variation in planning activities.
(iii) Change in Circumstances - Another factor contributing towards variation in planning
activities is change in circumstances.
2.1.3 Planning - A Continuous Process
Planning is not a discrete phase of an audit but rather a continual and iterative process. It often
begins shortly after (or in connection with) the completion of the previous audit and continues
until the completion of the current audit engagement. Planning includes consideration of the
timing of certain activities and audit procedures.
For example, planning includes the need to consider such matters as:
 The analytical procedures to be applied as risk assessment procedures.
 Obtaining a general understanding of the legal and regulatory framework applicable to the
entity and how the entity is complying with that framework.
 The determination of materiality.
 The involvement of experts.
 The performance of other risk assessment procedures.
2.1.4 Overall Audit Strategy and Audit Plan - Responsibility of the Auditor
The auditor may decide to discuss elements of planning with the entity’s management to
facilitate the conduct and management of the audit engagement. For example - to coordinate
some of the planned audit procedures with the work of the entity's personnel.
Although these discussions often occur but the overall audit strategy and the audit plan remain
the auditor's responsibility. When discussing matters about the overall audit strategy or audit
plan, care is required in order not to compromise the effectiveness of the audit. For Example -
discussing the nature and timing of detailed audit procedures with management may
compromise the effectiveness of the audit by making the audit procedures too predictable.
The engagement partner and other key members of the engagement team shall be involved in
planning the audit. The involvement of the engagement partner and other key members of the
engagement team in planning the audit draws on their experience thereby enhancing the
effectiveness and efficiency of the planning process.
2.1.5 Preliminary Engagement Activities
The auditor shall undertake the following activities at the beginning of the current audit
engagement-
(i) Performing procedures required by SA 220, “Quality Control for an Audit of Financial
Statements” regarding the continuance of the client relationship and the specific audit
engagement.
As per the combined reading of SA 220 and SQC 1, information and procedures such as
the following assists the auditor in determining whether the conclusions reached regarding

© The Institute of Chartered Accountants of India

 Audit Strategy, Planning and Programming 2.3

the acceptance and continuance of client relationships and audit engagements are
appropriate:
• The integrity of the principal owners, key management and those charged with
governance of the entity;
• Whether the engagement team is competent to perform the audit engagement and
has the necessary capabilities, including time and resources;
• Whether the firm and the engagement team can comply with relevant ethical
requirements; and
• Significant matters that have arisen during the current or previous audit engagement,
and their implications for continuing the relationship.
In case of certain entities, such as, Central/State governments and related government
entities (for example, agencies, boards, commissions), auditors may be appointed in
accordance with statutory procedures.
(ii) Evaluating compliance with ethical requirements, including independence, as required by
SA 220; and
(iii) Establishing an understanding of the terms of the engagement, as required by
SA 210.
2.1.6 Contents of an Audit Plan
The auditor shall develop an audit plan that shall include a description of-
(i) The nature, timing and extent of planned risk assessment procedures, as determined under
SA 315 “Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment”.
(ii) The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under SA 330 “The Auditor’s Responses to Assessed Risks”.
(iii) Other planned audit procedures that are required to be carried out so that the engagement
complies with SAs.
The audit plan is more detailed than the overall audit strategy that includes the nature, timing
and extent of audit procedures to be performed by engagement team members. Planning for
these audit procedures takes place over the course of the audit as the audit plan for the
engagement develops. For example, planning of the auditor's risk assessment procedures
occurs early in the audit process. However, planning the nature, timing and extent of specific
further audit procedures depends on the outcome of those risk assessment procedures. In
addition, the auditor may begin the execution of further audit procedures for some classes of
transactions, account balances and disclosures before planning all remaining further audit
procedures.
2.1.7 Changes to Planning Decisions
The auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.

© The Institute of Chartered Accountants of India

 2.4 Advanced Auditing and Professional Ethics

The auditor may need to modify the overall audit strategy and audit plan due to below mentioned
factors-
(i) result of unexpected events,
(ii) changes in conditions, or
(iii) the audit evidence obtained from the results of audit procedures.
Further, the auditor would also modify the nature, timing and extent of further audit procedures,
based on the revised consideration of assessed risks.
This may be the case when information coming to the auditor differs significantly from the
information when he planned the audit procedures. For example, audit evidence obtained
through the performance of substantive procedures may contradict the audit evidence obtained
through tests of controls.
2.2 Overall Audit Strategy
The auditor shall establish an overall audit strategy that sets the scope, timing and direction of
the audit, and that guides the development of the audit plan.
2.2.1 Factors while establishing Overall Audit Strategy
Overall audit strategy would involve-
(i) Determination of Characteristics of Audit: Identify the characteristics of the engagement
that define its scope.
(ii) Reporting Objectives: Ascertain the reporting objectives of the engagement to plan the
timing of the audit and the nature of the communications required.
(iii) Team’s Efforts: Consider the factors that, in the auditor’s professional judgment, are
significant in directing the engagement team’s efforts.
(iv) Preliminary Work: Consider the results of preliminary engagement activities and, where
applicable, whether knowledge gained on other engagements performed by the
engagement partner for the entity is relevant.
(v) Nature, timing and Resources: Ascertain the nature, timing and extent of resources
necessary to perform the engagement.
2.2.2 Benefits of Overall Audit Strategy
The process of establishing the overall audit strategy assists the auditor to determine such
matters as-
(i) Employment of Qualitative Resources: The resources to deploy for specific audit areas,
such as the use of appropriately experienced team members for high risk areas or the
involvement of experts on complex matters.
(ii) Allocation of Quantity of Resources: The amount of resources to allocate to specific audit
areas, such as the number of team members assigned to observe the inventory count at

© The Institute of Chartered Accountants of India

 Audit Strategy, Planning and Programming 2.5

material locations, the extent of review of other auditors’ work in the case of group audits,
or the audit budget in hours to allocate to high risk areas.
(iii) Timing of Deployment of Resources: When these resources are to be deployed, such as
whether at an interim audit stage or at key cut-off dates.
(iv) Management of Resources: How such resources are managed, directed and supervised,
such as when team briefing and debriefing meetings are expected to be held, how
engagement partner and manager reviews are expected to take place (for example, on-
site or off-site), and whether to complete engagement quality control reviews.
2.2.3 Considerations in Establishing the Overall Audit Strategy
Some of the examples of matters that the auditor may consider in establishing the overall audit
strategy are given hereunder. Many of these matters will also influence the auditor’s detailed
audit plan. All matters are not relevant to every audit engagement and the list is not necessarily
complete.
Characteristics of the Engagement
(i) The financial reporting framework.
(ii) Industry-specific reporting requirements such as reports mandated by industry regulators.
(iii) The expected audit coverage, including the number and locations of components to be
included.
(iv) The nature of the control relationships between a parent and its components that determine
how the group is to be consolidated.
(v) The extent to which components are audited by other auditors.
(vi) The entity’s use of service organizations and how the auditor may obtain evidence
concerning the design or operation of controls performed by them.
(vii) The expected use of audit evidence obtained in previous audits, for example, audit
evidence related to risk assessment procedures and tests of controls.
(viii) The effect of information technology on the audit procedures.
(ix) The availability of client personnel and data.
Reporting Objectives, Timing of the Audit, and Nature of Communications
(i) The entity's timetable for reporting.
(ii) The organization of meetings with management regarding audit work (Nature, timing and
extent).
(iii) The discussion with management regarding type and timing of reports to be issued.
(iv) The discussion with management regarding communications on the status of audit work.
(v) Communication with auditors of components regarding types and timing of reports to be
issued.

© The Institute of Chartered Accountants of India

 2.6 Advanced Auditing and Professional Ethics

(vi) The nature and timing of communications among engagement team members.
(vii) Whether there are any other expected communications with third parties, including any
statutory or contractual reporting responsibilities arising from the audit.
Significant Factors, Preliminary Engagement Activities, and Knowledge Gained on Other
Engagements
(i) The determination of materiality in accordance with SA 320.
(ii) Preliminary identification of areas where there may be a higher risk of material
misstatement.
(iii) The impact of the assessed risk of material misstatement at the overall financial statement
level on direction, supervision and review.
(iv) The manner in which engagement team members need to maintain a questioning mind and
to exercise professional skepticism.
(v) Results of previous audits including the identified deficiencies and action taken to address
them.
(vi) The discussion of matters that may affect the audit with firm personnel responsible for
performing other services to the entity.
(vii) Evidence of management’s commitment to the design, implementation and maintenance
of sound internal control.
(viii) Volume of transactions which may determine reliance on internal control.
(ix) Importance attached to internal control.
(x) Significant business developments affecting the entity.
(xi) Significant industry developments.
(xii) Significant changes in the financial reporting framework, such as changes in accounting
standards.
(xiii) Other significant relevant developments, such as changes in the legal environment
affecting the entity.
Nature, Timing and Extent of Resources
(i) The selection of the engagement team and the assignment of audit work to the team
members.
(ii) Engagement budgeting.
2.2.4 Documenting the Audit Plan
The auditor shall document-
(i) The overall audit strategy;
(ii) The audit plan; and
(iii) Any significant changes made during the audit engagement to the overall audit strategy or
the audit plan, and the reasons for such changes as under-

© The Institute of Chartered Accountants of India

 Audit Strategy, Planning and Programming 2.7

(a) Record of Key Decisions: The documentation of the overall audit strategy is a record
of the key decisions considered necessary to properly plan the audit and to
communicate significant matters to the engagement team. For example, the auditor
may summarize the overall audit strategy in the form of a memorandum that contains
key decisions regarding the overall scope, timing and conduct of the audit.
(b) Record of Nature, Timing and Extent of Risk Assessment Procedures: The
documentation of the audit plan is a record of the planned nature, timing and extent
of risk assessment procedures and further audit procedures at the assertion level in
response to the assessed risks. It also serves as a record of the proper planning of
the audit procedures that can be reviewed and approved prior to their performance.
The auditor may use standard audit programs and/or audit completion checklists,
tailored as needed to reflect the particular engagement circumstances.
(c) Record of reasons for Change in Audit Plans: A record of the significant changes to the
overall audit strategy and the audit plan, and resulting changes to the planned nature,
timing and extent of audit procedures, explains why the significant changes were made,
and the overall strategy and audit plan finally adopted for the audit. It also reflects the
appropriate response to the significant changes occurring during the audit.
2.2.5 Relationship between the Overall Audit Strategy and the Audit Plan

Fig 1: Audit Strategy and the Audit Plan are interrelated. ∗

The audit strategy is prepared before the audit plan. The audit plan contains more details than
the overall audit strategy. Audit strategy and audit plan are inter-related because change in one
would result into change in the other. The audit strategy provides the guidelines for developing
the audit plan. It establishes the scope and conduct of the audit procedures and thereby works
as basis for developing a detailed audit plan. Detailed audit plan would include the nature, timing
and extent of the audit procedures so as to obtain sufficient appropriate audit evidence.

∗
Source : msp-c.com

© The Institute of Chartered Accountants of India

 2.8 Advanced Auditing and Professional Ethics

Example
CA. Sapna has already developed an audit strategy for Hitesh Ltd. While a detailed audit plan
is being developed, she decided that materiality levels set earlier need to be increased as
weaknesses in the internal controls were highlighted in the internal audit report. Subsequently,
a deviation from the audit strategy is felt necessary. Therefore, Sapna would firstly modify the
overall strategy and thereafter prepare the audit plan according to the strategy. This shows that
the audit strategy and audit plan are closely inter-related as change in one is resulting into
change in the other.
2.3 Audit Programme
In I(IPC) study material, we have discussed audit programme generally so as to enable the students
to know the utility and nature of audit programmes. An audit programme is commonly prepared to
allocate work to team members which may include the list of audit procedures and instructions to be
followed by the member. It also estimates the duration for completing an audit task.
2.3.1 Formulating an Audit Programme

Generally
Ascertaining their
ascertaining
existence on the
whether the assets
balance sheet
are in good
date;
working order.

Proper
categorisation of Confirming ownership
assets;

Presentation Finding out

of relevant information encumbrances
for a proper attaching the
understanding of their assets, if any;
nature value and
usefulness;

Determining the
valuations

© The Institute of Chartered Accountants of India

 Audit Strategy, Planning and Programming 2.9

It is very useful for students to know how to plan an audit programme. The programme may
contain audit objectives for each area and should have sufficient detail to serve as a set of
instructions to the assistants involved in the audit and as a means to control the proper execution
of work. It may be emphasised that a clear spelling out of audit objectives for each area is
important to link up the procedures with audit objectives and to ensure a purposeful audit. For
example, in the area of fixed assets, audit objectives can be the following:
Procedures of verification for this purpose may include physical verification, review of working
papers, document verification including verification of loan documents, checking of provisions
for depreciation, review of accounting policy on fixed assets, verification of compliance with
legal requirements about disclosure and verification of jobs work performed by the assets. This
linkage in the mind of the assistants on job is imperative and without this the audit would be just
a mechanical performance. They should be able to identify the assertions made in the Balance
Sheet and Profit and Loss Account because that provides key to the auditor’s selection of the
procedures. The important matters which need to be considered in this regard are:
(a) Nature of business in which the organisation is engaged: On his first appointment, the
auditor should examine in detail the financial and accounting organisation of the business by
visiting the client’s office; by observing different stages through which papers pass before each
transaction is authorised and recorded; the record that is kept and the titles of books in which it
is kept. In the case of an industrial concern, he must also visit the factory to acquaint himself
with the different processes of manufacture, the quantitative records maintained and the manner
in which statistics are compiled in respect of losses in process.
The nature of business carried on by the concern has a great relevance to different audit
procedures. The auditor, therefore, should draw up the programme of audit on a consideration
of the technical, financial and accounting set-up of the company.
(b) Overall plan: Overall plan for the audit programme should be drawn up to ensure a
systematic approach to the work. If in drawing the audit programme, any divergence from the
overall plan becomes necessary, first the overall plan should be modified after due consideration
and thereafter only the matter may be taken in the audit programme. The frame provided by the
overall plan should be strictly adhered to.
(c) System of internal control and accounting procedures: The existence of a system of
internal control is essential for every business organisation. It ensures that both financial and
statistical records are checked continuously; it also unearths errors, both of omission and of
commission. The auditor, in framing his opinion on financial statements needs reasonable
assurance that transactions are properly authorised and recorded in the accounting records and
that transactions have not been omitted. Internal control may contribute to the reasonable
assurance the auditor seeks. Therefore, it has become an accepted audit practice to study and
evaluate internal control. The study and evaluation of internal control helps the auditor to
establish the reliance he can place on the internal control in determining the nature, timing and
extent of his substantive auditing procedures. The auditor also obtains an understanding of the
accounting system to identify points in processing of transaction and handling of assets where
errors or fraud may occur. When the auditor relies on internal control, it is at these points that
he must be satisfied that internal control procedures applied by the entity are effective for his

© The Institute of Chartered Accountants of India

 2.10 Advanced Auditing and Professional Ethics

purpose.
The auditor’s examination of the system of internal control should have three features - review
and preliminary evaluation, testing of compliance and evaluation.
(i) Review and preliminary evaluation - The auditor should review the accounting system
and related internal control to gain an understanding of the flow of transactions and the
specific control procedures to be able to make a preliminary evaluation and identification
of these aspects of internal control on which it might be efficient and effective to rely in
conducting his audit.
(ii) Test of compliance - Compliance tests should be conducted by the auditor to gain
evidence that those internal controls on which he intends to rely operate generally as
identified by him and that they function effectively throughout the period of intended
reliance. Based on the results of his compliance procedure including observed deviations,
the auditor should evaluate whether the internal controls are adequate for his purposes.
(iii) Evaluation - It is essentially an objective process of application of auditor’s judgement to
determine whether all or any of the internal controls in the client’s organisation can be
relied upon in carrying out the audit. Based on the degree of reliance which may be full,
partial or none, the auditor will programme for the substantive verification of transactions
for expression of audit opinion. The results of compliance procedure directly provide the
basis for this evaluation and, in turn, basis to determine the nature, timing and extent of
the substantive audit procedure. In evaluating the auditor recognises that some deviations
from compliance may have occurred.
(d) Size of the organisation and structure of its management: An increase in the size of
the organisation enhances the complexity of the examination of its accounting records specially
when it has a number of branches, deals in several products or has a very large turnover. With
the increase in the size ordinarily the scope and extent of the system of internal control also
should increase but it may not be so in every case. It has been the experience that while many
small businesses have excellent controls, some of the large enterprises are deficient in their
operational controls. For example, the reports of the Comptroller and Auditor General on audit
of accounts of Public Enterprises show that some of them have a very poor system of internal
control. In such cases, the magnitude of the tasks of the auditor increases considerably.
(e) Information as regards organisation of the business: To plan audit programme, it is
necessary that the auditor should obtain from his client information as regards the under
mentioned matters-
♦ Client’s history and business.
♦ Purpose and nature of engagement.
♦ Time schedule for the completion of audit.
Before accepting a new audit, the auditor should satisfy himself as to the desirability of being
associated with the job. If the concern is not known to him, he should enquire into its standing,
financial background, nature of business and other similar matters. As far as practicable, he

© The Institute of Chartered Accountants of India

 Audit Strategy, Planning and Programming 2.11

should also try to ascertain the reputation of the concern as also the honesty and integrity of
principal executive.
(f) Accounting and management policies: On the first appointment it is necessary that the
auditor should review the financial statements of the past several years, audited by his
predecessors specially those of the immediately preceding previous year. This would reveal to
him a great deal of information regarding accounting and management policies which have been
followed in the past and whether these have been employed consistently.

(a) Nature of (c) System of (d) Size of the (e)

(f) Accounting
business in (b) Overall internal organisation Information
policies
which the plan prepared control and and structure regarding the
followed by
organisation for the audit. accounting of its organisation
the client.
is engaged. procedures. management. of business.

2.3.2 Drawing up the audit programme

After the auditor has collected the aforementioned information, he will be in a position to draw
up the programme of audit. He can now decide the areas to be covered by audit, also those to
be covered in detail and those which should be covered by the applications of the test checks.
He will also be able to decide the specific audit procedures which should be applied in each
case. These procedures vary widely because of the conditions under which each concern
operates, its form of organisation, its nature of business and the condition of its accounts. On
this account, it is not practicable to draw up a typical audit programme. When an auditor is
appointed to audit the accounts of an entity for the first time, the audit programme should be
developed in three stages stated below:
(i) To begin with, a broad outline of the audit programme should be drawn up.
(ii) After the internal and accounting procedures have been reviewed, the details should be
filled up on a consideration of the deficiencies in the system of internal control.
(iii) After the detailed checking formality is over, the extent to which the special procedures
need to be applied should be determined, e.g., independent verification of balances of

© The Institute of Chartered Accountants of India

 2.12 Advanced Auditing and Professional Ethics

debtors and creditors, physical inspection of fixed assets, personal inspection of various
items of stock included in closing inventories and testing their values. At times, special
procedures may have to be applied on a consideration of the nature of business e.g.
verification of provision for tax liability in case of a shipping company regarding freight
booked in different countries or for making a provision for unexpired liability in case of an
insurance company, etc.
At each subsequent engagement the programme should be reviewed and, if necessary,
modified on account of:
(i) experience gained during the previous audits;
(ii) important changes that have taken place in the business specially in the system of internal
control, accounting procedures or in the structure of management or of the scope of
business; and
(iii) evaluation of internal control made for the current year.
Given below are a few circumstances where in the audit programme would have to be suitably
altered:
(1) If the audit procedures were designed for a certain volume of turnover and subsequently
the volume have substantially increased. Also, when there have been significant changes
in the accounting organisation, procedures and personnel subsequent to the audit
procedures.
(2) Where during the course of an audit, it has been discovered that internal control
procedures were not as effective as assumed at the time the audit programme was framed.
(3) Where there has been an extraordinary increase in the amount of book debts or that in the
value of stocks as compared to that in the previous year.
(4) When a suspicion is aroused during the course of audit or information has been received
that assets of the company have been misappropriated.
It may be noted that the audit plan and related programme should be reconsidered as the audit
progresses. Such re-consideration is based on the auditor’s review of internal control, his
preliminary evaluation thereof and the result of his compliance and substantive procedures.

© The Institute of Chartered Accountants of India