Formalize the Audit Program—Step 9

October 2007

We are so close to being done with the steps of the audit… so exciting. I am ready to move on with my life… you?

To refresh your memory, here are the steps to conducting an audit:

1. receive vague audit assignment
2. gather information about audit subject
3. determine audit criteria
4. perform a risk assessment
5. refine audit objective and sub-objectives
6. choose methodologies
7. budget each methodology
8. document the audit plan
9. formalize the audit program
10. Perform audit steps
11. Document results in the working papers
12. Review working papers
13. Write findings
14. Confer on findings with client
15. Conclude
16. Finalize report

Please go to www.auditskills.com to look up previous newsletters that covered steps 1–8. Now it is time to discuss the audit program—the lifeline of any brand new auditor. The audit program is the map to the audit and tells an auditor what to do next.

9. Formalize the audit program

Now that you have thought through each methodology in step 6, budgeted each methodology in step 7, and—after looking at the project from a holistic, big-picture perspective—defined your project (objective, scope, and combinations of methodologies) in Step 8, it is time to create the audit program.

The audit program is simply a formal list of your methodologies.

Start the audit program with your least intense methodology and then build up to your most intense, time-consuming methodology. Hopefully, you will be able to answer your objective or prove your point before you have to get to the intense methodologies at the end of your program.

Under the SASs, you must document a written audit program (remember, they are trying to confuse us by calling the audit program the "audit plan").

SAS 108: 19. The auditor must develop an audit plan in which the auditor documents the audit procedures to be used that, when performed, are expected to reduce audit risk to an acceptably low level

SAS 108: 20. The audit plan is more detailed than the audit strategy and includes the nature, timing, and extent of audit procedures

SAS 108: 21. The audit plan should include:

• A description of the nature, timing and extent of planned risk assessment procedures
• Description of the nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material class of transactions, account balance, and disclosure… this includes planned control and substantive procedures
• A description of other audit procedures to be carried out in order to comply with generally accepted auditing standards (example: direct communication with the entity’s lawyers)

Do you want to see some example audit programs? Check out the following website: www.auditnet.org.

Here are some benefits to a well-developed audit program:

• provides a means of controlling and evaluating the progress of the audit work
• permits audit supervisors to compare what was performed with what was planned
• helps train inexperienced audit staff on the steps involved in the audit
• reduces the amount of direct supervision needed
• serves as a link between the audit objectives and the procedures performed
• sets forth a systematic plan for each phase of the audit work
• provides a basis for assigning work to auditors
• familiarizes subsequent auditors with the work carried out
• summarizes the work done

Next month: Fieldwork!