Audit Planning

What is audit planning?

Most planning memos we've inherited from prior years are date-stamped September and never touched again. The fieldwork runs through February, three new risks emerge during interim testing, and the plan still reads exactly as it did before anyone opened a ledger. That is the pattern the AFM and FRC keep flagging, and it is the pattern ISA 300 was written to prevent.

ISA 300.2 frames planning as the foundation of an effective audit. It is not a single step completed at the start of the engagement. It is a continuous process that begins before fieldwork and runs through to the opinion.

Planning has two components. The overall audit strategy ( ISA 300.7 ) sets the scope, timing, direction, and resourcing of the engagement. The detailed audit plan ( ISA 300.9 ) translates that strategy into specific audit procedures to be performed at the assertion level. The strategy is the "what and why"; the plan is the "how."

ISA 300.10 requires the auditor to update the strategy and plan as the audit progresses. New information, unexpected findings, revised risk assessments, or a change in the entity's circumstances may each require revision. Planning is iterative (the initial plan is a starting point, not a fixed deliverable).

ISA 300.5 requires the engagement partner to be involved in planning. In practice that means participating in setting the strategy and key planning decisions, not reviewing a plan the team has already prepared. The EP's involvement must be contemporaneous with the planning process, not retrospective.

Why it matters in practice

The AFM has repeatedly flagged files with no evidence of partner involvement in planning. An EP sign-off on the completed PM (planning memorandum) does not satisfy ISA 300.5 . Inspectors look for evidence that the partner was involved in making planning decisions, not just approving them after the fact. In our experience, this is the finding that generates the most defensive review notes when an inspection letter lands.

Many files show static plans that were never updated during the engagement. The initial PM is dated in September, fieldwork runs through February, and the plan shows no revisions despite new information emerging during testing. ISA 300.10 requires the auditor to revise the strategy and plan when circumstances change, with a documented link between the triggering event and the revision made.

A PM that reads identically to the prior year (with only dates and figures updated) is SALY applied to the one document where it does the most damage. It signals that planning was treated as a roll-forward rather than a fresh assessment of current-year risks. We've seen this on roughly half the files reviewed during peer inspection: the client changed, the team changed, sometimes the standard changed, but the planning narrative did not. At that point the file is not wrong on its face; it just cannot be defended as a current-year exercise in judgment.

Key standard references

• ISA 300.2 : Planning as the foundation of an effective audit.
• ISA 300.5 : Engagement partner involvement in planning.
• ISA 300.7 : Establishing the overall audit strategy.
• ISA 300.9 : Developing the detailed audit plan.
• ISA 300.10 : Updating the strategy and plan during the audit.

Related terms

Related tools

Related reading

Frequently asked questions