Within Audit Assistant on the Control Page A1 we state: “We must communicate with those charged with governance an overview of the planned scope and timing of our work, including the significant risks we identify” - referencing para 15 and 18 of ISA 260.
There is an option to then create an audit planning letter describing the scope and timing of the work. The user is also prompted to create a paragraph for inclusion in the planning letter outlining risks identified. The ISA 260 guidance (A12-A13) indicates if there is any significant risk or risks that obviously affect the scope or process of the audit this must be communicated as soon as possible.
The obvious difficulty is that at the point that the planning letter is sent these risks may not be fully understood or articulated. So the auditor should keep in mind that at any point in the audit where significant risks are identified these should be communicated and this be documented.
If no issues have been identified when the letter is prepared we suggest adding a comment to the effect that: "No significant risks have been identified in our initial planning, however if any are identified during the course of our work we will communicate these to you."
For smaller entities there is a reduced requirement: In the case of audits of smaller entities, the auditor may communicate in a less structured manner with those charged with governance than in the case of listed or larger entities (paragraph A40).
So while there is no direct compulsion to use our annual audit planning letter, there must be some explanation of how these points - including significant risks identified - have been communicated. This may be in another letter or (in a smaller entity) perhaps by email or in discussion. This must be properly documented.