Within Audit Assistant on the Control Page A1 we state: “We must communicate with those charged with governance an overview of the planned scope and timing of our work, including the significant risks we identify” - referencing para 15 and 18 of ISA 260.
There is an option to then create an audit planning letter describing the scope and timing of the work. This is often less formal and more detailed than an engagement letter, identifying who will be doing the work, intended dates of visits, work completion etc.
If an engagement letter has already been created, covering this, an additional letter is not mandatory, however, if an engagement letter is still applicable from a prior period this letter could be a good alternative.
The user is also prompted to create a paragraph for inclusion in the planning letter outlining the risks identified. The ISA 260 guidance (A12-A13) indicates if there is any significant risk or risks that obviously affect the scope or process of the audit this must be communicated as soon as possible.
These will probably not be known at the time of creating the engagement letter, so it makes sense that this be communicated once the bulk of the planning is complete.
The obvious difficulty is that at the point that the planning letter is sent these risks may not be fully understood or articulated.
So the auditor should keep in mind that at any point in the audit where significant risks are identified, these should be communicated and this should be documented.
If no issues have been identified when the letter is prepared we suggest adding a comment to the effect that: "No significant risks have been identified in our initial planning, however, if any are identified during the course of our work we will communicate these to you."
For smaller entities, there is a reduced requirement.
In the case of audits of smaller entities, the auditor may communicate in a less structured manner with those charged with governance than in the case of listed or larger entities (paragraph A40).
So while there is no direct compulsion to use our annual audit planning letter, there must be some explanation of how these points - including significant risks identified - have been communicated.
This may be in another letter or (in a smaller entity) perhaps by email or in discussion. This must be properly documented.