How to Write an Audit Planning Memorandum Under ISA 300

An engagement partner at a mid-tier Dutch firm lost a tender last year. The prospective client's audit committee asked to see the planning memo from a comparable engagement. The partner sent over a two-page document that listed the team members and the timeline. Nothing else. The audit committee selected the firm that sent a planning memo covering risk assessment, materiality, significant areas, and the planned response to each.

ISA 300.7 requires the auditor to establish an overall audit strategy. The planning memorandum is how that strategy becomes a document a reviewer can read, a team can follow, and an audit committee can evaluate.

An audit planning memorandum under ISA 300 documents the overall audit strategy by recording the scope and direction of the audit, including its timing. ISA 300.A16 specifically permits the auditor to record the strategy in the form of a memorandum containing key decisions regarding the conduct of the audit, and for smaller engagements ISA 300.A21 confirms that a brief memorandum is sufficient.

What ISA 300 actually requires you to document

ISA 300.12 requires the auditor to document the overall audit strategy and the audit plan, including any significant changes made during the engagement. That is the mandatory requirement. ISA 300.A16 then explains that the documentation of the strategy is a record of the key decisions considered necessary to properly plan the audit, and the auditor may summarise it as a memorandum.

The standard does not prescribe a format. It does not require a specific template. It requires that the documentation records the key decisions regarding scope and conduct, including the timing of each phase. For a smaller entity, ISA 300.A21 confirms that a brief memorandum prepared at the completion of the previous audit (updated for the current period based on discussions with the owner-manager) can serve as the documented strategy.

The appendix to ISA 300 lists matters the auditor may consider when establishing the overall audit strategy. These include:

• The characteristics of the engagement that define its scope
• The reporting objectives
• The nature of the entity's business
• The applicable financial reporting framework
• Audit areas with higher risk of material misstatement
• Materiality for planning purposes
• Preliminary engagement activities
• Resource allocation

Not all of these will be relevant to every engagement. The planning memorandum should cover each one that is relevant and omit those that are not, with a brief note explaining the omission.

Strategy versus plan: why the distinction matters for your file

ISA 300 draws a distinction between the overall audit strategy (ISA 300.7–8) and the audit plan (ISA 300.9). The strategy sets the scope and direction of the audit, including its timing. The plan describes the nature and extent of planned risk assessment procedures (ISA 315), their timing, and the further audit procedures at the assertion level (ISA 330).

In practice, many non-Big 4 firms merge them into a single document. ISA 300 does not prohibit this. But the distinction matters for one reason: the strategy drives the plan, not the other way around. If your planning memorandum jumps straight to a list of procedures without first recording why those procedures were chosen (what risks were assessed, what materiality was set, what areas were identified as significant), then a reviewer has no way to evaluate whether the procedures are appropriate.

The planning memorandum documents the strategy. The audit programme documents the plan. They should cross-reference each other. A risk identified as significant in the planning memorandum should have a corresponding response in the audit programme. If it doesn't, the file has a gap.

The sections every planning memorandum needs

The following sections are not prescribed by ISA 300. They are a practical structure that captures what the standard requires and what reviewers look for. Adapt the headings to your firm's terminology, but cover all the content.

Engagement overview

One paragraph. State the entity name, the financial reporting framework (IFRS or local GAAP), the period under audit, the type of opinion expected, and whether this is an initial or recurring engagement. For initial engagements, reference the ISA 510 opening balance procedures and any communication with the predecessor auditor under ISA 300.A22. For group audits, reference ISA 600 and identify the components.

Scope and reporting objectives

State what is being audited (standalone or consolidated financial statements, management report if applicable) and any additional reporting obligations (regulatory filings, management letter). If the engagement includes specific requirements beyond the financial statement audit (for example, a Dutch 403-declaration or a German Lagebericht), state them here. ISA 300.A8 lists these as matters to consider when establishing the strategy.

Materiality

State overall materiality and performance materiality, with the benchmark used and the percentage applied. State the rationale for the chosen benchmark (ISA 320.A4). If materiality has changed from the prior year, state why. If a specific materiality has been set for particular classes of transactions or balances, state the amount and the reason (ISA 320.10). Cross-reference to the materiality calculator working paper if one is used.

Understanding the entity and risk assessment

Summarise the key risks of material misstatement at both the financial statement level and the assertion level. For each significant risk, state the financial statement area affected, the nature of the risk (inherent risk factors per ISA 315.A222–A230), and the planned response. Do not repeat the full risk assessment from the ISA 315 working papers. Summarise the conclusions and reference the supporting documents. If the entity's IT environment is relevant (ISA 315.25–26), note the general IT controls identified and whether they will be tested.

Significant areas and key audit matters

For listed entities, identify the areas expected to be communicated as key audit matters under ISA 701. For all entities, identify the areas that will require the most audit effort or the most judgment. Typical examples: revenue recognition (ISA 240.26–27), estimates with high estimation uncertainty (ISA 540), going concern (ISA 570), and related party transactions (ISA 550). For each area, note the nature of the planned procedures in one or two sentences.

Fraud risk assessment

ISA 240.26 requires the auditor to treat revenue recognition as a presumed risk of material misstatement due to fraud unless the presumption is rebutted. State whether the presumption has been rebutted, and if so, why. State any other identified fraud risks and the planned response. Reference the ISA 240 discussion among the engagement team.

Team composition and resource allocation

List the engagement partner, the manager (if applicable), the senior, and the number of staff. Note any specialists involved (IT auditor, valuations expert, tax specialist) and the basis for their involvement (ISA 620). State the planned hours for each phase of the audit, or at minimum the total budgeted hours and any significant allocations.

Timeline

State the key dates: planning meeting, interim fieldwork (if applicable), year-end fieldwork start and end, partner review, draft report to management, and signing date. If the entity has a tight reporting deadline, note it and explain how the timeline accommodates it.

Communication plan

Note the planned communications with those charged with governance under ISA 260 (scope and timing overview at planning, audit findings at completion). Note any required communications with management (management letter, internal control deficiencies under ISA 265).

Changes from prior year

For recurring engagements, this is the most valuable section. State what has changed since the prior year: new risks, changes in the entity's business, changes in the regulatory environment, findings from the prior year that require follow-up, and any changes to materiality. ISA 300.A15 recognises that the planning process for a recurring engagement benefits from prior knowledge, but that knowledge must be updated, not assumed to be current.

How to avoid the “copy forward” trap

The most common planning memorandum deficiency is not a missing section. It is a memorandum that was copied from the prior year with the dates changed and nothing else updated. Regulatory inspectors look for this specifically. The FRC's 2022–23 Tier 2 and Tier 3 inspection cycle flagged planning documentation as an area where prior-year reliance was excessive, with auditors failing to update risk assessments for changed circumstances.

ISA 300.A6 makes this point directly: the nature and extent of planning activities vary with the size and complexity of the entity, but also with changes in circumstances that occur during the audit. A planning memorandum for a recurring engagement that does not reference any changes is either evidence that nothing changed (document that conclusion) or evidence that the auditor did not look.

Worked example: Van der Berg Holding N.V.

Client profile: Van der Berg Holding N.V., a Dutch holding company with two operating subsidiaries (Van der Berg Logistics B.V. and Van der Berg Property B.V.). Consolidated revenue: €68M. Reporting framework: Dutch GAAP (Titel 9, Boek 2 BW). Recurring engagement, year four.

Engagement overview

Van der Berg Holding N.V. consolidated financial statements for the year ended 31 December 2025. Dutch GAAP. Unmodified opinion expected. Recurring engagement. Two wholly-owned subsidiaries audited by this firm (no component auditors). No 403-declaration in place. Management report required under Titel 9.

Documentation note: Reference the engagement letter (dated 15 September 2025), the ISA 210 terms confirmation, and the ISA 220 independence confirmation for all team members.

Materiality

Overall materiality: €510,000 (0.75% of consolidated revenue of €68M). Performance materiality: €382,500 (75% of overall materiality). Clearly trivial threshold: €25,500 (5% of overall materiality). Benchmark rationale: revenue selected because profit fluctuates significantly between years (2024 profit: €1.8M; 2023 loss: €0.4M). Revenue is more stable. Prior year materiality was €480,000 (0.75% of €64M revenue). The increase reflects revenue growth. No specific materiality set for individual balances.

Documentation note: Cross-reference to the ISA 320 materiality working paper. Record the prior-year comparison. If the benchmark or percentage changed from the prior year, state the reason.

Key risks and planned response

Revenue recognition (Van der Berg Logistics B.V.): the subsidiary recognises revenue from freight forwarding contracts at point of delivery. ISA 240.26 presumed fraud risk not rebutted. Planned response: test a sample of revenue transactions around year-end for cut-off (15 transactions either side of year-end), agree a sample of freight contracts to delivery confirmations and invoices, and perform analytical procedures on monthly revenue by customer segment.

Investment property valuation (Van der Berg Property B.V.): the subsidiary holds €22M of investment property measured at fair value under RJ 213. Two properties were revalued externally in 2024 but not in 2025. Planned response: obtain management's internal valuation, test the assumptions against market data, and assess whether a fresh external valuation is needed under ISA 540.13.

Documentation note: For each risk, state the ISA reference governing the risk identification and the ISA reference governing the planned response. Cross-reference to the audit programme section where the detailed procedures are documented.

Team and timeline

Budgeted hours: 620 (planning: 80, interim: 120, year-end: 340, completion: 80).

Documentation note: If the timeline shifts during the engagement, update this section and record the reason per ISA 300.A20.

Changes from prior year

Two changes require a response this year:

1. New contract type: Van der Berg Logistics B.V. entered a new contract type in Q2 2025 (temperature-controlled pharmaceutical logistics) with different revenue recognition triggers. The audit programme includes specific procedures for this revenue stream.
2. Prior-year management letter finding: the prior-year management letter flagged a weakness in the property subsidiary's segregation of duties for journal entry approval. Follow-up procedures are planned at interim to assess whether management has implemented the recommended control.

The completed memorandum for Van der Berg Holding N.V. runs to four pages. A reviewer can read it in ten minutes and understand every key decision. That is the test.

Practical checklist for your planning memorandum

1. State the entity, financial reporting framework, audit period, and opinion type in the first paragraph. A reviewer who opens the memo should know what engagement this is within five seconds (ISA 300.A16).
2. Record overall materiality, performance materiality, and the trivial threshold with the benchmark, the percentage, and the rationale. Compare to prior year. If unchanged, state that explicitly (ISA 320.A4).
3. Identify every significant risk at the assertion level and state the planned response in one or two sentences per risk. Cross-reference each response to the audit programme (ISA 300.9, ISA 330).
4. State the ISA 240.26 revenue recognition presumption and whether it has been rebutted. If rebutted, the memo must explain why.
5. List the team, the timeline, and the key dates. Update this section if any date changes during the engagement and record the reason (ISA 300.A20).
6. For recurring engagements, write the “changes from prior year” section before you open last year's file. This forces the update to be evidence-based, not copy-based.

Common mistakes reviewers flag

• The AFM's inspection reports for non-PIE firms have repeatedly identified planning memoranda that contain no reference to materiality. ISA 300.A8 includes materiality as a matter to consider when establishing the overall audit strategy. A planning memo without a materiality section is incomplete.
• Quality reviewers flag memoranda where the risk assessment section lists risks but does not state the planned response. A risk without a response is not an assessment. It is a list. ISA 300.9 requires the plan to describe the nature, timing, and extent of further audit procedures at the assertion level.

Related Ciferi content

Related guides:

Put audit concepts into practice with these free tools:

Frequently asked questions

Further reading and source references

• IAASB Handbook 2024: the authoritative source for the complete ISA 300 text, including all application material and the appendix on considerations in establishing the overall audit strategy.
• ISA 315 (Revised 2019), Identifying and Assessing Risks of Material Misstatement: the risk assessment that feeds directly into the planning memorandum.
• ISA 320, Materiality in Planning and Performing an Audit: the materiality determination documented in the planning memorandum.
• ISA 240, The Auditor's Responsibilities Relating to Fraud: the fraud risk assessment including the revenue recognition presumption.
• ISA 330, The Auditor's Responses to Assessed Risks: the link between risks identified in the strategy and procedures documented in the audit plan.