[Describe the material weaknesses that were identified and explain their potential effects.]
[A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. We consider the following deficiencies in the Company's internal control to be significant deficiencies:]
[Describe the significant deficiencies that were identified and explain their potential effects.]
[If the auditor is communicating significant deficiencies and did not identify any material weaknesses, the auditor may state that none of the identified significant deficiencies are considered to be material weaknesses.]
This communication is intended solely for the information and use of management, [identify the body or individuals charged with governance], others within the organization, and [identify any governmental authorities to which the auditor is required to report] and is not intended to be, and should not be, used by anyone other than these specified parties.
[Auditor's signature]
[Auditor's city and state]
[Date]
Illustration 3. Auditor's Communication Indicating That No Material Weaknesses Were Identified (AU-C 265.A39)
To Management and [identify the body or individuals charged with governance, such as the entity's board of directors] of NPO Organization:
In planning and performing our audit of the financial statements of NPO Organization (the “Organization”) as of and for the year ended December 31, 20XX, in accordance with auditing standards generally accepted in the United States of America, we considered the Organization's internal control over financial reporting (internal control) as a basis for designing audit procedures that are appropriate in the circumstances for the purpose of expressing our opinion on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the Organization's internal control. Accordingly, we do not express an opinion on the effectiveness of the Organization's internal control.
A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A material weakness is a deficiency, or a combination of deficiencies, in internal control, such that there is a reasonable possibility that a material misstatement of the entity's financial statements will not be prevented, or detected and corrected, on a timely basis.
Our consideration of internal control was for the limited purpose described in the first paragraph and was not designed to identify all deficiencies in internal control that might be material weaknesses. Given these limitations, during our audit we did not identify any deficiencies in internal control that we consider to be material weaknesses. However, material weaknesses may exist that have not been identified.
[If one or more significant deficiencies have been identified, the auditor may add the following:]
Our audit was also not designed to identify deficiencies in internal control that might be significant deficiencies. A significant deficiency is a deficiency, or a combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. We communicated the significant deficiencies identified during our audit in a separate communication dated [date].
This communication is intended solely for the information and use of management, [identify the body or individuals charged with governance], others within the organization, and [identify any governmental authorities to which the auditor is required to report], and is not intended to be, and should not be, used by anyone other than these specified parties.
[Auditor's signature]
[Auditor's city and state]
[Date]
AU-C 300 PLANNING AN AUDIT
AU-C Original Pronouncements
Objective of AU-C Section 300
AU-C Section 300.04 states that:
…the objective of the auditor is to plan the audit so that it will be performed in an effective manner.
Requirements
Preliminary Engagement Activities
It's important for the engagement partner and other key members of the engagement team to be involved in planning the audit. (AU-C 300.05) The auditor should perform the following activities at the beginning of the current audit engagement:
● Perform procedures regarding the continuance of the client relationship and the specific audit engagement. (AU-C 220)
● Evaluate the auditor's compliance with ethical requirements, including independence. (AU-C 220)
● Establish the terms of the engagement. (AU-C 210)
(AU-C 300.06)
The purpose of performing these preliminary engagement activities is to consider any events or circumstances that either may adversely affect the auditor's ability to plan and perform the audit or may pose an unacceptable level of risk to the auditor.
The Overall Audit Strategy
The auditor should establish and document the overall audit strategy for the audit. (AU-C 300.07)
The overall audit strategy involves the determination of:
● The characteristics of the audit that define its scope
● The reporting objectives of the engagement related to the timing of the audit and the required communications
● Important factors that determine the focus of the audit team's efforts
● Factors to be considered from preliminary work or previous engagements
● Nature, timing, and resources needed
(AU-C 300.08)
The audit strategy helps the auditor determine the resources necessary to perform the engagement.
Communications with Those Charged with Governance and Management
As required by AU-C 260, the auditor must discuss elements of planning and the scope with those charged with governance and the entity's management. (AU-C 300.A13)
The Audit Plan
The audit plan is a more detailed, tactical plan that addresses the various audit matters identified in the audit strategy. The auditor must develop and document an audit plan for every audit.
The audit plan should include a description of:
● The nature, timing, and extent of planned risk assessment procedures (AU-C 315)
● The nature, timing, and extent of planned further audit procedures at the relevant assertion level for each material class of transactions, account balance, and disclosure (AU-C 330)
● Other audit procedures to be carried out to comply with GAAS
(AU-C 300.09)
Developing an audit strategy and an audit plan is intended to be an iterative process. As information becomes available over the course of the audit, the auditor should reconsider the audit strategy and audit plan to determine whether they remain relevant. (AU-C 300.10) All changes to audit strategy and plan should be documented.
Establishing