How to Create an Audit Plan

Audit preparation and planning makes an audit go smoothly. Even if the company underwent an audit last year, the issues this year may be different. Audit planning and control make it easier to answer the questions that worry small business owners the most.

TL;DR (Too Long; Didn't Read)

The first step in planning an audit is for the auditor and client to discuss the client's concerns. Once the auditor understands the issues, they'll draw up a list of documentation required for the audit, research the problems and identify the steps to get the answers. Then the audit begins.

The Importance of Audit Planning

Audit preparation and planning matters because business owners want the audit to be as quick and painless as possible. The auditor can conduct the investigation more efficiently if they make some audit planning notes:

  • What are the risk areas? Is the owner concerned about fraud in the financial statement or that someone on staff is stealing assets?

  • What steps does the auditor need to take answer the client's questions?

  • Are the auditor and the client on the same page about the audit, no misunderstandings?

  • How much is the audit going to cost? Part of the importance of audit planning is that by saving time, it saves the business money. 

Among the questions to discuss before the auditor begins the prep work:

  • Why did the business owner decide to make an audit?

  • What risks does the owner most want to address?

  • How will this audit advance the company's goals? 

  • What documentation does the auditor need to do the job? If, say, the business owner is concerned about purchase fraud, the auditor needs details about the procedure, such as who makes purchases and who approves payment.

Preparing for the Audit

Once the auditor has answers to the initial questions, they can start their preparations.

  • Learning the business. If the auditor's not familiar with the specific processes the owners wants them to look at, they should research it. That involves reading the documentation, meeting the individuals involved and become familiar with the company's procedures.

  • Establishing lines of communication. If the client has questions or wants reassurance, they need to know how to get hold of the auditor. If the auditor needs more information, they should have a contact at the business ready to help them.

  • Taking some walkthroughs. The auditor should visit the business and see how things run. Do people actually follow the procedures that protect against internal theft and fraud? Are any key documents or files left available to people who shouldn't have access?

  • Going into detail about the client's worries. If the owner has multiple concerns, the auditor must identify the ones that represent the priority risks. They should look at the procedures the company uses to minimize risk and see if there are any obvious vulnerabilities.

  • If the auditor needs more information, they shouldn't hesitate to ask for it. 

Study the Controls

The company should already have controls in place for reducing the risk of error or fraud. The auditor will study the controls until they're familiar with them and what they do.

  • Is a given control meant to prevent risk or to detect a problem?
  • Are controls performed constantly, daily, weekly or what?
  • Is the control software-based or performed by people?

The auditor can then decide the best way to test the controls: watching the work, inspecting documentation or independently performing the process themselves.

New vs. Old

If the auditor's working with a new client, the audit preparation may require some added information.

  • How trustworthy is the business owner? An auditor has a duty not only to the client but to anyone looking at the client's finances, such as investors. If the client has a rep for shady dealings, the auditor must be careful not to sign off on them.

  • Is the client financially sound? If they're flirting with bankruptcy and might duck payment, does the auditor want to take on this project?

  • Does their former auditor have any advice to offer?

If it's an old client, it's important the auditor not to make assumptions about the job. Things may have changed since the last audit. The auditor should be aware of the changes and adapt their plan accordingly.