How to Write an Audit Planning Memorandum Under ISA 300

What ISA 300 actually requires you to document

ISA 300.12 requires the auditor to document the overall audit strategy and the audit plan, including any significant changes made during the engagement. That is the mandatory requirement. ISA 300 .A16 then explains that the documentation of the strategy is a record of the key decisions considered necessary to properly plan the audit, and the auditor may summarise it as a memorandum.

The standard does not prescribe a format. It does not require a specific template. It requires that the documentation records the key decisions regarding scope and conduct, including the timing of each phase. For a smaller entity, ISA 300 .A21 confirms that a brief memorandum prepared at the completion of the previous audit (updated for the current period based on discussions with the owner-manager) can serve as the documented strategy. For a larger or more complex entity, the memorandum will be more detailed, but the principle is the same: record the decisions, not a restatement of the standard.

The appendix to ISA 300 lists matters the auditor may consider when establishing the overall audit strategy. These include the characteristics of the engagement that define its scope, the reporting objectives, the nature of the entity’s business, the applicable financial reporting framework, audit areas with higher risk of material misstatement, materiality for planning purposes, preliminary engagement activities, and resource allocation. Not all of these will be relevant to every engagement. The planning memorandum should cover each one that is relevant and omit those that are not, with a brief note explaining the omission.

A point that practitioners frequently miss: ISA 300.10 requires the auditor to update and change the overall audit strategy and the audit plan as necessary during the course of the audit. ISA 300 .A20 requires the auditor to document significant changes and the reasons for them. A planning memorandum that is identical at completion to the version produced at planning is either evidence of a perfectly predictable audit (rare) or evidence that the auditor did not respond to emerging information (common, and a finding).

Strategy versus plan: why the distinction matters for your file

ISA 300 draws a distinction between the overall audit strategy ( ISA 300.7 -8) and the audit plan ( ISA 300.9 ). The strategy sets the scope and direction of the audit, including its timing. The plan describes the nature and extent of planned risk assessment procedures ( ISA 315 ), their timing, and the further audit procedures at the assertion level ( ISA 330 ).

In practice, many mid-tier firms merge them into a single document. ISA 300 does not prohibit this. But the distinction matters for one reason: the strategy drives the plan, not the other way around. If your planning memorandum jumps straight to a list of procedures without first recording why those procedures were chosen (what risks were assessed, what materiality was set, what areas were identified as significant), then a reviewer has no way to evaluate whether the procedures are appropriate.

The planning memorandum documents the strategy. The audit programme documents the plan. They should cross-reference each other. A risk identified as significant in the planning memorandum should have a corresponding response in the audit programme. If it doesn’t, the file has a gap.

For firms using the ciferi ISA 300 guide, the structure maps directly to the memorandum sections described below.

The sections every planning memorandum needs

The following sections are not prescribed by ISA 300 . They are a practical structure that captures what the standard requires and what reviewers look for. Adapt the headings to your firm’s terminology, but cover all the content.

Engagement overview

One paragraph. State the entity name, the financial reporting framework (IFRS or local GAAP), the period under audit, the type of opinion expected, and whether this is an initial or recurring engagement. For initial engagements, reference the ISA 510 opening balance procedures and any communication with the predecessor auditor under ISA 300 .A22. For group audits, reference ISA 600 and identify the components.

Scope and reporting objectives

State what is being audited (standalone or consolidated financial statements, management report if applicable) and any additional reporting obligations (regulatory filings, management letter). If the engagement includes specific requirements beyond the financial statement audit (for example, a Dutch 403-declaration or a German Lagebericht), state them here. ISA 300 .A8 lists these as matters to consider when establishing the strategy.

Materiality

State overall materiality and performance materiality, with the benchmark used and the percentage applied. State the rationale for the chosen benchmark ( ISA 320 .A4). If materiality has changed from the prior year, state why. If a specific materiality has been set for particular classes of transactions or balances, state the amount and the reason ( ISA 320.10 ). Cross-reference to the materiality calculator working paper if one is used.

Understanding the entity and risk assessment

Summarise the key risks of material misstatement at both the financial statement level and the assertion level. For each significant risk, state the financial statement area affected and the nature of the risk (inherent risk factors per ISA 315 .A222-A230). Then state the planned response. Do not repeat the full risk assessment from the ISA 315 working papers. Summarise the conclusions and reference the supporting documents. If the entity’s IT environment is relevant ( ISA 315.25 -26), note the general IT controls identified and whether they will be tested.

Significant areas and key audit matters

For listed entities, identify the areas expected to be communicated as key audit matters under ISA 701 . For all entities, identify the areas that will require the most audit effort or the most judgment. Typical examples: revenue recognition ( ISA 240.26 -27), estimates with high estimation uncertainty ( ISA 540 ), going concern ( ISA 570 ), and related party transactions ( ISA 550 ). For each area, note the nature of the planned procedures in one or two sentences.

Fraud risk assessment

ISA 240.26 requires the auditor to treat revenue recognition as a presumed risk of material misstatement due to fraud unless the presumption is rebutted. State whether the presumption has been rebutted, and if so, why. State any other identified fraud risks and the planned response. Reference the ISA 240 discussion among the engagement team.

Team composition and resource allocation

List the engagement partner, the manager (if applicable), the senior, and the number of staff. Note any specialists involved (IT auditor, valuations expert, tax specialist) and the basis for their involvement ( ISA 620 ). State the planned hours for each phase of the audit, or at minimum the total budgeted hours and any significant allocations.

Timeline

State the key dates: planning meeting, interim fieldwork (if applicable), year-end fieldwork start and end, partner review, draft report to management, and signing date. If the entity has a tight reporting deadline, note it and explain how the timeline accommodates it.

Communication plan

Note the planned communications with those charged with governance under ISA 260 (scope and timing overview at planning, audit findings at completion). Note any required communications with management (management letter, internal control deficiencies under ISA 265 ).

Changes from prior year

For recurring engagements, this is the most valuable section. State what has changed since the prior year: new risks, changes in the entity’s business, changes in the regulatory environment, findings from the prior year that require follow-up, and any changes to materiality. ISA 300 .A15 recognises that the planning process for a recurring engagement benefits from prior knowledge, but that knowledge must be updated, not assumed to be current.

How to avoid the “copy forward” trap

The most common planning memorandum deficiency is not a missing section. It is a memorandum that someone copied from the prior year, changed the dates, and updated nothing else. Regulatory inspectors look for this specifically. The FRC’s 2022-23 Tier 2 and Tier 3 inspection cycle flagged planning documentation as an area where prior-year reliance was excessive, with auditors failing to update risk assessments for changed circumstances.

The fix is a habit, not a procedure. Before opening last year’s planning memo, write a half-page note listing everything that has changed since the prior year. New transactions, management changes, covenant breaches, industry developments, and prior-year findings. Then open the prior-year memo and update it against that list. Any section that remains unchanged should stay because the facts support it, not because nobody checked.

ISA 300 .A6 makes this point directly: the nature and extent of planning activities vary with the size and complexity of the entity, but also with changes in circumstances that occur during the audit. A planning memorandum for a recurring engagement that does not reference any changes is either evidence that nothing changed (document that conclusion) or evidence that the auditor did not look.

Worked example: Van der Berg Holding N.V.

Client profile: Van der Berg Holding N.V., a Dutch holding company with two operating subsidiaries (Van der Berg Logistics B.V. and Van der Berg Property B.V.). Consolidated revenue: €68M. Reporting framework: Dutch GAAP (Titel 9, Boek 2 BW). Recurring engagement, year four.

Engagement overview

Van der Berg Holding N.V. consolidated financial statements for the year ended 31 December 2025. Dutch GAAP. Unmodified opinion expected. Recurring engagement. Two wholly-owned subsidiaries audited by this firm (no component auditors). No 403-declaration in place. Management report required under Titel 9.

Documentation note: Reference the engagement letter (dated 15 September 2025), the ISA 210 terms confirmation, and the ISA 220 independence confirmation for all team members.

Materiality

Overall materiality: €510,000 (0.75% of consolidated revenue of €68M). Performance materiality: €382,500 (75% of overall materiality). Clearly trivial threshold: €25,500 (5% of overall materiality). Benchmark rationale: revenue selected because profit fluctuates significantly between years (2024 profit: €1.8M; 2023 loss: €0.4M). Revenue is more stable. Prior year materiality was €480,000 (0.75% of €64M revenue). The increase reflects revenue growth. No specific materiality set for individual balances.

Documentation note: Cross-reference to the ISA 320 materiality working paper. Record the prior-year comparison. If the benchmark or percentage changed from the prior year, state the reason.

Key risks and planned response

Revenue recognition (Van der Berg Logistics B.V.): the subsidiary recognises revenue from freight forwarding contracts at point of delivery. ISA 240.26 presumed fraud risk not rebutted. Planned response: test a sample of revenue transactions around year-end for cut-off (15 transactions either side of year-end) and agree a sample of freight contracts to delivery confirmations and invoices. Perform analytical procedures on monthly revenue by customer segment. Investment property valuation (Van der Berg Property B.V.): the subsidiary holds €22M of investment property measured at fair value under RJ 213. Two properties were revalued externally in 2024 but not in 2025. Planned response: obtain management’s internal valuation and test the assumptions against market data. Assess whether a fresh external valuation is needed under ISA 540.13 .

Documentation note: For each risk, state the ISA reference governing the risk identification and the ISA reference governing the planned response. Cross-reference to the audit programme section where the detailed procedures are documented.

Team and timeline

Engagement partner: J. Bakker. Manager: S. de Vries. Senior: L. van Dijk. Staff: two. IT specialist: not required (no complex IT environment; general IT controls assessed as low risk per ISA 315.25 ). Budgeted hours: 620 (planning: 80, interim: 120, year-end: 340, completion: 80). Planning meeting: 2 October 2025. Interim fieldwork: 10-21 November 2025. Year-end fieldwork: 19 January-6 February 2026. Partner review: 10-14 February 2026. Draft report to management: 18 February 2026. Signing: 28 February 2026.

Documentation note: If the timeline shifts during the engagement, update this section and record the reason per ISA 300 .A20.

Changes from prior year

Two changes require a response this year. First, Van der Berg Logistics B.V. entered a new contract type in Q2 2025 (temperature-controlled pharmaceutical logistics) with different revenue recognition triggers. The audit programme includes specific procedures for this revenue stream. Second, the prior-year management letter flagged a weakness in the property subsidiary’s segregation of duties for journal entry approval. Follow-up procedures are planned at interim to assess whether management has implemented the recommended control.

Documentation note: List every significant change and the planned audit response. Reference the prior-year management letter findings and the follow-up status.

Practical checklist for your planning memorandum

Common mistakes reviewers flag

• The AFM’s inspection reports for non-PIE firms have repeatedly identified planning memoranda that contain no reference to materiality. ISA 300 .A8 includes materiality as a matter to consider when establishing the overall audit strategy. A planning memo without a materiality section is incomplete.
• Quality reviewers flag memoranda where the risk assessment section lists risks but does not state the planned response. A risk without a response is not an assessment. It is a list. ISA 300.9 requires the plan to describe the nature, timing, and extent of further audit procedures at the assertion level.

Related content

• Materiality glossary entry: Covers ISA 320 materiality calculation and the relationship between overall materiality and performance materiality.
• Materiality calculator tool: The ciferi materiality calculator produces working paper output that can be cross-referenced directly from the planning memorandum’s materiality section.
• ISA 300 : planning an audit of financial statements: The full ciferi ISA 300 guide, including the strategy-versus-plan distinction and the ISA 300 appendix checklist.

Related ciferi content

Related guides:

Put audit concepts into practice with these free tools:

Frequently asked questions

Further reading and source references

• IAASB Handbook 2024: the authoritative source for the complete ISA 300 text, including all application material and the appendix on considerations in establishing the overall audit strategy.
• ISA 315 (Revised 2019), Identifying and Assessing Risks of Material Misstatement: the risk assessment that feeds directly into the planning memorandum.
• ISA 320 , Materiality in Planning and Performing an Audit: the materiality determination documented in the planning memorandum.
• ISA 240 , The Auditor's Responsibilities Relating to Fraud: the fraud risk assessment including the revenue recognition presumption.
• ISA 330 , The Auditor's Responses to Assessed Risks: the link between risks identified in the strategy and procedures documented in the audit plan.