Skip supplemental navigation

Auditing Standard No. 9

Audit Planning

Effective Date: For audits of fiscal years beginning on or after Dec. 15, 2010

Final Rule: PCAOB Release No. 2010-004

Summary Table of Contents

Introduction

1.     This standard establishes requirements regarding planning an audit.

Objective

2.     The objective of the auditor is to plan the audit so that the audit is conducted effectively.

Responsibility of the Engagement Partner for Planning

3.     The engagement partner1/ is responsible for the engagement and its performance. Accordingly, the engagement partner is responsible for planning the audit and may seek assistance from appropriate engagement team members in fulfilling this responsibility. Engagement team members who assist the engagement partner with audit planning also should comply with the relevant requirements in this standard.

Planning an Audit

4.     The auditor should properly plan the audit. This standard describes the auditor's responsibilities for properly planning the audit.2/

5.     Planning the audit includes establishing the overall audit strategy for the engagement and developing an audit plan, which includes, in particular, planned risk assessment procedures and planned responses to the risks of material misstatement. Planning is not a discrete phase of an audit but, rather, a continual and iterative process that might begin shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit.

Preliminary Engagement Activities

6.     The auditor should perform the following activities at the beginning of the audit:

  1. Perform procedures regarding the continuance of the client relationship and the specific audit engagement,3/
  2. Determine compliance with independence and ethics requirements, and

    Note:   The determination of compliance with independence and ethics requirements is not limited to preliminary engagement activities and should be reevaluated with changes in circumstances.

    [The following subparagraph is effective for audits of fiscal years beginning on or after December 15, 2012. See PCAOB Release No. 2012-004. For audits of fiscal years beginning before December 15, 2012, click here.]
  3. Establish an understanding of the terms of the audit engagement with the audit committee in accordance with Auditing Standard No. 16, Communications with Audit Committees.[4/]

Planning Activities

7.     The nature and extent of planning activities that are necessary depend on the size and complexity of the company, the auditor's previous experience with the company, and changes in circumstances that occur during the audit. When developing the audit strategy and audit plan, as discussed in paragraphs 8-10, the auditor should evaluate whether the following matters are important to the company's financial statements and internal control over financial reporting and, if so, how they will affect the auditor's procedures:

  • Knowledge of the company's internal control over financial reporting obtained during other engagements performed by the auditor;
  • Matters affecting the industry in which the company operates, such as financial reporting practices, economic conditions, laws and regulations, and technological changes;
  • Matters relating to the company's business, including its organization, operating characteristics, and capital structure;
  • The extent of recent changes, if any, in the company, its operations, or its internal control over financial reporting;
  • The auditor's preliminary judgments about materiality,5/ risk, and, in integrated audits, other factors relating to the determination of material weaknesses;
  • Control deficiencies previously communicated to the audit committee6/ or management;
  • Legal or regulatory matters of which the company is aware;
  • The type and extent of available evidence related to the effectiveness of the company's internal control over financial reporting;
  • Preliminary judgments about the effectiveness of internal control over financial reporting;
  • Public information about the company relevant to the evaluation of the likelihood of material financial statement misstatements and the effectiveness of the company's internal control over financial reporting;
  • Knowledge about risks related to the company evaluated as part of the auditor's client acceptance and retention evaluation; and
  • The relative complexity of the company's operations.

    Note:  Many smaller companies have less complex operations. Additionally, some larger, complex companies may have less complex units or processes. Factors that might indicate less complex operations include: fewer business lines; less complex business processes and financial reporting systems; more centralized accounting functions; extensive involvement by senior management in the day-to-day activities of the business; and fewer levels of management, each with a wide span of control.

Audit Strategy

8.     The auditor should establish an overall audit strategy that sets the scope, timing, and direction of the audit and guides the development of the audit plan.

9.     In establishing the overall audit strategy, the auditor should take into account:

  1. The reporting objectives of the engagement and the nature of the communications required by PCAOB standards,7/
  2. The factors that are significant in directing the activities of the engagement team,8/
  3. The results of preliminary engagement activities9/ and the auditor's evaluation of the important matters in accordance with paragraph 7 of this standard, and
  4. The nature, timing, and extent of resources necessary to perform the engagement.10/

Audit Plan

10.      The auditor should develop and document an audit plan that includes a description of:

  1. The planned nature, timing, and extent of the risk assessment procedures;11/
  2. The planned nature, timing, and extent of tests of controls and substantive procedures;12/ and
  3. Other planned audit procedures required to be performed so that the engagement complies with PCAOB standards.

Multi-location Engagements

11.      In an audit of the financial statements of a company with operations in multiple locations or business units,13/ the auditor should determine the extent to which audit procedures should be performed at selected locations or business units to obtain sufficient appropriate evidence to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement. This includes determining the locations or business units at which to perform audit procedures, as well as the nature, timing, and extent of the procedures to be performed at those individual locations or business units. The auditor should assess the risks of material misstatement to the consolidated financial statements associated with the location or business unit and correlate the amount of audit attention devoted to the location or business unit with the degree of risk of material misstatement associated with that location or business unit.

12.      Factors that are relevant to the assessment of the risks of material misstatement associated with a particular location or business unit and the determination of the necessary audit procedures include:

  1. The nature and amount of assets, liabilities, and transactions executed at the location or business unit, including, e.g., significant transactions executed at the location or business unit that are outside the normal course of business for the company, or that otherwise appear to be unusual given the auditor's understanding of the company and its environment;14/
  2. The materiality of the location or business unit;15/
  3. The specific risks associated with the location or business unit that present a reasonable possibility16/ of material misstatement to the company's consolidated financial statements;
  4. Whether the risks of material misstatement associated with the location or business unit apply to other locations or business units such that, in combination, they present a reasonable possibility of material misstatement to the company's consolidated financial statements;
  5. The degree of centralization of records or information processing;
  6. The effectiveness of the control environment, particularly with respect to management's control over the exercise of authority delegated to others and its ability to effectively supervise activities at the location or business unit; and
  7. The frequency, timing, and scope of monitoring activities by the company or others at the location or business unit.

    Note:  When performing an audit of internal control over financial reporting, refer to Appendix B, Special Topics, of Auditing Standard No. 517/ for considerations when a company has multiple locations or business units.

13.      In determining the locations or business units at which to perform audit procedures, the auditor may take into account relevant activities performed by internal audit, as described in AU sec. 322, The Auditor's Consideration of the Internal Audit Function in an Audit of Financial Statements, or others, as described in Auditing Standard No. 5. AU sec. 322 and Auditing Standard No. 5 establish requirements regarding using the work of internal audit and others, respectively.

14.      AU sec. 543, Part of Audit Performed by Other Independent Auditors, describes the auditor's responsibilities regarding using the work and reports of other independent auditors who audit the financial statements of one or more of the locations or business units that are included in the consolidated financial statements.18/ In those situations, the auditor should perform the procedures in paragraphs 11-13 of this standard to determine the locations or business units at which audit procedures should be performed.

Changes During the Course of the Audit

15.      The auditor should modify the overall audit strategy and the audit plan as necessary if circumstances change significantly during the course of the audit, including changes due to a revised assessment of the risks of material misstatement or the discovery of a previously unidentified risk of material misstatement.

Persons with Specialized Skill or Knowledge

16.      The auditor should determine whether specialized skill or knowledge is needed to perform appropriate risk assessments, plan or perform audit procedures, or evaluate audit results.

17.      If a person with specialized skill or knowledge employed or engaged by the auditor participates in the audit, the auditor should have sufficient knowledge of the subject matter to be addressed by such a person to enable the auditor to:

  1. Communicate the objectives of that person's work;
  2. Determine whether that person's procedures meet the auditor's objectives; and
  3. Evaluate the results of that person's procedures as they relate to the nature, timing, and extent of other planned audit procedures and the effects on the auditor's report.

Additional Considerations in Initial Audits

18.      The auditor should undertake the following activities before starting an initial audit:

  1. Perform procedures regarding the acceptance of the client relationship and the specific audit engagement; and
  2. Communicate with the predecessor auditor in situations in which there has been a change of auditors in accordance with AU sec. 315, Communications Between Predecessor and Successor Auditors.

19.      The purpose and objective of planning the audit are the same for an initial audit or a recurring audit engagement. However, for an initial audit, the auditor should determine the additional planning activities necessary to establish an appropriate audit strategy and audit plan, including determining the audit procedures necessary to obtain sufficient appropriate audit evidence regarding the opening balances.19/

1/ Terms defined in Appendix A, Definitions, are set in boldface type the first time they appear.

2/ The term, "auditor," as used in this standard, encompasses both the engagement partner and the engagement team members who assist the engagement partner in planning the audit.

3/ Paragraphs .14-.16 of QC sec. 20, System of Quality Control for a CPA Firm's Accounting and Auditing Practice. AU sec. 161, The Relationship of Generally Accepted Auditing Standards to Quality Control Standards, explains how the quality control standards relate to the conduct of audits.

[4/]  [Footnote deleted, effective for audits of fiscal years beginning on or after December 15, 2012. See PCAOB Release No. 2012-004. For audits of fiscal years beginning before December 15, 2012, click here.]

5/ Auditing Standard No. 11, Consideration of Materiality in Planning and Performing an Audit.

6/ If no audit committee exists, all references to the audit committee in this standard apply to the entire board of directors of the company. See 15 U.S.C. §§ 78c(a)58 and 7201(a)(3).

[The following footnote is effective for audits of fiscal years beginning on or after December 15, 2012.  See PCAOB Release No. 2012-004. For audits of fiscal years beginning before December 15, 2012, click here.] 

7/ See, e.g., Auditing Standard No. 16, Communications with Audit Committees. Also, various laws or regulations require other matters to be communicated. (See, e.g., Rule 2-07 of Regulation S-X, 17 CFR 210.2-07; and Rule 10A-3 under the Securities Exchange Act of 1934, 17 CFR 240.10A-3.) The requirements of this standard do not modify communications required by those other laws or regulations.

8/ See, e.g., paragraph 6 of Auditing Standard No. 10, Supervision of the Audit Engagement.

9/ Paragraph 6 of this standard.

10/ See, e.g., paragraph .06 of AU sec. 230, Due Professional Care in the Performance of Work,  paragraph 16 of this standard, and paragraph 5.a. of Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement.

11/ Auditing Standard No. 12, Identifying and Assessing Risks of Material Misstatement.

12/ Auditing Standard No. 13 and Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements.

13/ The term "business units" includes subsidiaries, divisions, branches, components, or investments.

14/ Paragraph .66 of AU sec. 316, Consideration of Fraud in a Financial Statement Audit.

15/ Paragraph 10 of Auditing Standard No. 11 describes the consideration of materiality in planning and performing audit procedures at an individual location or business unit.

16/ There is a reasonable possibility of an event, as used in this standard, when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in the FASB Accounting Standards Codification, Contingencies Topic, paragraph 450-20-25-1.

17/ Paragraphs B10-B16 of Auditing Standard No. 5.

18/ For integrated audits, see also paragraphs C8-C11 of Auditing Standard No. 5.

19/ See also paragraph 3 of Auditing Standard No. 6, Evaluating Consistency of Financial Statements.

[Effective pursuant to SEC Release No. 34-63606, File No. PCAOB-2010-01 (December 23, 2010)]