Amendments to this standard have been adopted by the PCAOB and approved by the U.S. Securities and Exchange Commission. The amendments affect the following provisions: paragraphs .03, .04, .06b, .06A–.06I (new), .07, .09–.11, .14, .16, .A1, and .A3–.A6 (new); the heading and subheading after paragraph .06 (both new); the subheadings after paragraphs .06C, .06F, and .06G (all new); the heading after paragraph .13 (new); and the title of Appendix A. The standard as amended will be effective for audits of financial statements for fiscal years ending on or after December 15, 2024. See PCAOB Release No. 2022-002, SEC Release No. 34-95488. View the standard as amended.
Summary Table of Contents
.01 This standard establishes requirements regarding planning an audit.
.02 The objective of the auditor is to plan the audit so that the audit is conducted effectively.
.03 The engagement partner1 is responsible for the engagement and its performance. Accordingly, the engagement partner is responsible for planning the audit and may seek assistance from appropriate engagement team members in fulfilling this responsibility. Engagement team members who assist the engagement partner with audit planning also should comply with the relevant requirements in this standard.
.04 The auditor should properly plan the audit. This standard describes the auditor's responsibilities for properly planning the audit.2
.05 Planning the audit includes establishing the overall audit strategy for the engagement and developing an audit plan, which includes, in particular, planned risk assessment procedures and planned responses to the risks of material misstatement. Planning is not a discrete phase of an audit but, rather, a continual and iterative process that might begin shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit.
Preliminary Engagement Activities
.06 The auditor should perform the following activities at the beginning of the audit:
- Perform procedures regarding the continuance of the client relationship and the specific audit engagement,3
Determine compliance with independence3A and ethics requirements, and
Note: The determination of compliance with independence and ethics requirements is not limited to preliminary engagement activities and should be reevaluated with changes in circumstances.
- Establish an understanding of the terms of the audit engagement with the audit committee in accordance with AS 1301, Communications with Audit Committees.
.07 The nature and extent of planning activities that are necessary depend on the size and complexity of the company, the auditor's previous experience with the company, and changes in circumstances that occur during the audit. When developing the audit strategy and audit plan, as discussed in paragraphs .08-.10, the auditor should evaluate whether the following matters are important to the company's financial statements and internal control over financial reporting and, if so, how they will affect the auditor's procedures:
- Knowledge of the company's internal control over financial reporting obtained during other engagements performed by the auditor;
- Matters affecting the industry in which the company operates, such as financial reporting practices, economic conditions, laws and regulations, and technological changes;
- Matters relating to the company's business, including its organization, operating characteristics, and capital structure;
- The extent of recent changes, if any, in the company, its operations, or its internal control over financial reporting;
- The auditor's preliminary judgments about materiality,5 risk, and, in integrated audits, other factors relating to the determination of material weaknesses;
- Control deficiencies previously communicated to the audit committee6 or management;
- Legal or regulatory matters of which the company is aware;
- The type and extent of available evidence related to the effectiveness of the company's internal control over financial reporting;
- Preliminary judgments about the effectiveness of internal control over financial reporting;
- Public information about the company relevant to the evaluation of the likelihood of material financial statement misstatements and the effectiveness of the company's internal control over financial reporting;
- Knowledge about risks related to the company evaluated as part of the auditor's client acceptance and retention evaluation; and
The relative complexity of the company's operations.
Note: Many smaller companies have less complex operations. Additionally, some larger, complex companies may have less complex units or processes. Factors that might indicate less complex operations include: fewer business lines; less complex business processes and financial reporting systems; more centralized accounting functions; extensive involvement by senior management in the day-to-day activities of the business; and fewer levels of management, each with a wide span of control.
.08 The auditor should establish an overall audit strategy that sets the scope, timing, and direction of the audit and guides the development of the audit plan.
.09 In establishing the overall audit strategy, the auditor should take into account:
- The reporting objectives of the engagement and the nature of the communications required by PCAOB standards,7
- The factors that are significant in directing the activities of the engagement team,8
- The results of preliminary engagement activities9 and the auditor's evaluation of the important matters in accordance with paragraph .07 of this standard, and
- The nature, timing, and extent of resources necessary to perform the engagement.10
.10 The auditor should develop and document an audit plan that includes a description of:
- The planned nature, timing, and extent of the risk assessment procedures;11
- The planned nature, timing, and extent of tests of controls and substantive procedures;12 and
- Other planned audit procedures required to be performed so that the engagement complies with PCAOB standards.
.11 In an audit of the financial statements of a company with operations in multiple locations or business units,13 the auditor should determine the extent to which audit procedures should be performed at selected locations or business units to obtain sufficient appropriate evidence to obtain reasonable assurance about whether the consolidated financial statements are free of material misstatement. This includes determining the locations or business units at which to perform audit procedures, as well as the nature, timing, and extent of the procedures to be performed at those individual locations or business units. The auditor should assess the risks of material misstatement to the consolidated financial statements associated with the location or business unit and correlate the amount of audit attention devoted to the location or business unit with the degree of risk of material misstatement associated with that location or business unit.
.12 Factors that are relevant to the assessment of the risks of material misstatement associated with a particular location or business unit and the determination of the necessary audit procedures include:
- The nature and amount of assets, liabilities, and transactions executed at the location or business unit, including, e.g., significant transactions that are outside the normal course of business for the company or that otherwise appear to be unusual due to their timing, size, or nature ("significant unusual transactions") executed at the location or business unit;14
- The materiality of the location or business unit;15
- The specific risks associated with the location or business unit that present a reasonable possibility16 of material misstatement to the company's consolidated financial statements;
- Whether the risks of material misstatement associated with the location or business unit apply to other locations or business units such that, in combination, they present a reasonable possibility of material misstatement to the company's consolidated financial statements;
- The degree of centralization of records or information processing;
- The effectiveness of the control environment, particularly with respect to management's control over the exercise of authority delegated to others and its ability to effectively supervise activities at the location or business unit; and
The frequency, timing, and scope of monitoring activities by the company or others at the location or business unit.
Note: When performing an audit of internal control over financial reporting, refer to Appendix B, Special Topics, of AS 220117 for considerations when a company has multiple locations or business units.
.13 In determining the locations or business units at which to perform audit procedures, the auditor may take into account relevant activities performed by internal audit, as described in AS 2605, Consideration of the Internal Audit Function, or others, as described in AS 2201. AS 2605 and AS 2201 establish requirements regarding using the work of internal audit and others, respectively.
.14 AS 1205, Part of the Audit Performed by Other Independent Auditors, describes the auditor's responsibilities regarding using the work and reports of other independent auditors who audit the financial statements of one or more of the locations or business units that are included in the consolidated financial statements.18 In those situations, the auditor should perform the procedures in paragraphs .11-.13 of this standard to determine the locations or business units at which audit procedures should be performed.
Changes During the Course of the Audit
.15 The auditor should modify the overall audit strategy and the audit plan as necessary if circumstances change significantly during the course of the audit, including changes due to a revised assessment of the risks of material misstatement or the discovery of a previously unidentified risk of material misstatement.
Persons with Specialized Skill or Knowledge
.16 The auditor should determine whether specialized skill or knowledge is needed to perform appropriate risk assessments, plan or perform audit procedures, or evaluate audit results.
.17 If a person with specialized skill or knowledge employed or engaged by the auditor participates in the audit, the auditor should have sufficient knowledge of the subject matter to be addressed by such a person to enable the auditor to:
- Communicate the objectives of that person's work;
- Determine whether that person's procedures meet the auditor's objectives; and
- Evaluate the results of that person's procedures as they relate to the nature, timing, and extent of other planned audit procedures and the effects on the auditor's report.
.18 The auditor should undertake the following activities before starting an initial audit:
- Perform procedures regarding the acceptance of the client relationship and the specific audit engagement; and
- Communicate with the predecessor auditor in situations in which there has been a change of auditors in accordance with AS 2610, Initial Audits—Communications Between Predecessor and Successor Auditors.
.19 The purpose and objective of planning the audit are the same for an initial audit or a recurring audit engagement. However, for an initial audit, the auditor should determine the additional planning activities necessary to establish an appropriate audit strategy and audit plan, including determining the audit procedures necessary to obtain sufficient appropriate audit evidence regarding the opening balances.19
.A1 For purposes of this standard, the term listed below is defined as follows:
.A2 Engagement partner - The member of the engagement team with primary responsibility for the audit.
Footnotes (AS 2101 - Audit Planning):
1Terms defined in Appendix A, Definitions, are set in boldface type the first time they appear.
2The term, "auditor," as used in this standard, encompasses both the engagement partner and the engagement team members who assist the engagement partner in planning the audit.
3Paragraphs .14-.16 of QC sec. 20, System of Quality Control for a CPA Firm's Accounting and Auditing Practice. AS 1110, Relationship of Auditing Standards to Quality Control Standards, explains how the quality control standards relate to the conduct of audits.
3A Under PCAOB Rule 3520, Auditor Independence, a registered public accounting firm or associated person's independence obligation with respect to an audit client encompasses not only an obligation to satisfy the independence criteria applicable to the engagement set out in the rules and standards of the PCAOB, but also an obligation to satisfy all other independence criteria applicable to the engagement, including the independence criteria set out in the rules and regulations of the Securities and Exchange Commission under the federal securities laws.
 [Footnote deleted.]
5 AS 2105, Consideration of Materiality in Planning and Performing an Audit.
6 If no audit committee exists, all references to the audit committee in this standard apply to the entire board of directors of the company. See 15 U.S.C. §§ 78c(a)58 and 7201(a)(3).
7 See, e.g., AS 1301. Also, various laws or regulations require other matters to be communicated. (See, e.g., Rule 2-07 of Regulation S-X, 17 CFR 210.2-07; and Rule 10A-3 under the Securities Exchange Act of 1934, 17 CFR 240.10A-3.) The requirements of this standard do not modify communications required by those other laws or regulations.
8 See, e.g., paragraph .06 of AS 1201, Supervision of the Audit Engagement.
9 Paragraph .06 of this standard.
10 See, e.g., paragraph .06 of AS 1015, Due Professional Care in the Performance of Work, paragraph .16 of this standard, and paragraph .05a. of AS 2301, The Auditor's Responses to the Risks of Material Misstatement.
11 AS 2110, Identifying and Assessing Risks of Material Misstatement.
12 AS 2301 and AS 2201, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements.
13 The term "business units" includes subsidiaries, divisions, branches, components, or investments.
14 Paragraph .66 of AS 2401, Consideration of Fraud in a Financial Statement Audit.
15 AS 2105.10 describes the consideration of materiality in planning and performing audit procedures at an individual location or business unit.
16 There is a reasonable possibility of an event, as used in this standard, when the likelihood of the event is either "reasonably possible" or "probable," as those terms are used in the FASB Accounting Standards Codification, Contingencies Topic, paragraph 450-20-25-1.
17 AS 2201.B10-.B16.
18 For integrated audits, see also AS 2201.C8-.C11.
19 See also paragraph .03 of AS 2820, Evaluating Consistency of Financial Statements.