Need Tally
for Clients?

Contact Us! Here

  Tally Auditor

License (Renewal)
  Tally Gold

License Renewal

  Tally Silver

License Renewal
  Tally Silver

New Licence
  Tally Gold

New Licence
 
Open DEMAT Account with in 24 Hrs and start investing now!
Professional Updates »
Open DEMAT Account in 24 hrs
 Empanelment with the O/o C&AG of India for the year 2023-2024 from May 30, 2023 to June 8, 2023
 Seeking Inputs for Measuring Cost of Regulation - As Requested by DPIIT
 Deferment of second phase of Peer Review Mandate
 E-invoice limit reduced from Rs. 10 Crores to Rs. 5 Crores from 01/08/2023.
 Observations of the candidates on the question papers of CA examinations May 2023
 Re-Scheduling of Chartered Accountants Examination scheduled to be held on 10th May 2023 (Wednesday) at the Examinations Centre at Jalandhar (Punjab) and Jharsuguda (Odisha)
 Extension of last date for updation of Member's Profile with GSTIN at Self Service Portal - Till 23rd April, 2023
  Auditing and Assurance Standards Board - Expert Panel for Addressing Queries related to Statutory Audit pertaining to Auditing Aspects
 Granting 4 Structured CPE hours in online mode through Digital Learning Hub and compliance of CPE hrs requirement Calendar year wise from calendar year 2023 onwards.
 Acceptance of certain assignments by the Concurrent Auditor of Bank Branches
 Updation of Member's Profile at Self Service Portal with GSTIN

Implementation Guide to SA 230, Audit Documentation (Revised 2022 Edition)
December, 16th 2022

 

 

 

 

 

Implementation Guide to Standard on Auditing (SA) 230 Audit Documentation (Revised 2022 Edition)

 


 

The Institute of Chartered Accountants of India

(Set up by an Act of Parliament)

New Delhi

 

© The Institute of Chartered Accountants of India.

 

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior permission, in writing, from the publisher.

 

 

 

Revised Edition

:

December 2022

 

Committee

 

:

 

Auditing and Assurance Standards Board

 

Email

 

:

 

aasb@icai.in

 

Website

 

:

 

www.icai.org

 

Price

 

:

 

Rs. 100/-

 

Published by

 

:

 

The Publication and CDS Directorate on behalf of The Institute of Chartered Accountants of India, ICAI Bhawan, Post Box No. 7100, Indraprastha Marg, New Delhi – 110 002.

 

 

 

 

 

 
   

Foreword

 

The Auditing and Assurance Standards Board (AASB) is a non- standing Committee of the Institute of Chartered Accountants of India (ICAI). The main objective of AASB is formulating Engagement and Quality Control Standards (standards on auditing, review, other assurance, quality control and related services). The Board also formulates Guidance Notes on generic as well as industry specific issues in auditing, Technical Guides, Implementation Guides and other publications for guidance of the members. The Board organizes regular awareness programmes on auditing standards, reporting requirements of Companies Act, 2013 and other auditing aspects to update knowledge of the members.

Implementation Guides to Standards on Auditing are an important resource for auditors in applying the principles of these Standards in real life audit scenarios. In 2013, AASB of ICAI had brought out the publication, “Implementation Guide to SA 230, Audit Documentation”. The Implementation Guide was last revised in 2018. I am happy to note that AASB has brought out this thoroughly revised edition of the “Implementation Guide to SA 230, Audit Documentation”. The revised edition of the Implementation Guide has been written in simple and easy to understand language in a “Question-Answer” format containing frequently asked questions (FAQs) on SA 230 and responses to those FAQs.

I wish to compliment CA. (Dr.) Sanjeev Kumar Singhal, Chairman, CA. Vishal Doshi, Vice Chairman and all members of the AASB for their efforts in bringing out this revised edition of the Implementation Guide for the benefit of the members and other stakeholders at large.

 

 

 

 

 

I am confident that the members would find this revised edition of the Implementation Guide very useful in their professional assignments.

 

 

 

December 6, 2022

New Delhi

CA. (Dr.) Debashis Mitra

President, ICAI

 

 Preface

 

Standard on Auditing (SA) 230, “Audit Documentation” prescribes the basic principles of audit documentation. These principles need to be followed by auditors while complying with requirements of SA 230 and specific documentation requirements of other Standards on Auditing. In 2013, the Auditing and Assurance Standards Board (AASB) of ICAI issued the “Implementation Guide to SA 230, Audit Documentation” to provide practical implementation guidance to auditors on this Standard. The Implementation Guide was revised in 2018. Suggestions were received from some stakeholders that more guidance on the aspect of assembly of the final audit file may be included in the Implementation Guide. Based on these suggestions, AASB decided to revise the Implementation Guide.

It gives us immense pleasure to place in hands of the members, this revised edition of “Implementation Guide to SA 230, Audit Documentation” brought out by AASB. The revised edition of the Implementation Guide contains Summary of the Standard, Introduction, FAQs on SA 230, Checklist and Illustrative Working Paper Format. Chapter 3: FAQs on SA 230 of revised edition of the Implementation Guide contains detailed guidance on principles of SA 230 in a Question-Answer format. The revised edition of the Implementation Guide will enable auditors to comply with requirements of SA 230 effectively as it brings out additional clarity on various aspects of SA 230.

We express our sincere thanks to CA. Sandeep Sharma, Special Invitee, AASB for his contribution in finalizing this revised edition of the Implementation Guide.

We would like to thank our Honourable President, CA. (Dr.) Debashis Mitra and Honourable Vice-President, CA. Aniket Sunil Talati for their guidance and support in various endeavours of the Board.

 

 

 

 

 

We wish to place on record high appreciation of all Board members for their valuable suggestions in finalising this revised edition of the Implementation Guide. We also wish to thank CA. Megha Saxena, Secretary, AASB and other staff of AASB for their contribution in updating and finalising this revised edition of the Implementation Guide.

We are confident that this revised edition of the Implementation Guide would be well received by the members and other interested readers.

 

 

 

CA. Vishal Doshi

Vice Chairman, AASB

CA. (Dr.) Sanjeev Kumar Singhal

Chairman, AASB

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

6

 

 

 

 

 

 
   

Contents

 

 

 

 

Chapter 2 Introduction

 

Concept of Documentation

 

2.1 Audit, according to Spicer and Pegler, “may be said to be such an examination of the books, accounts and vouchers of a business as will enable the auditor to satisfy that the Balance Sheet is properly drawn up, so as to give a true and fair view of the state of affairs of the business and the Profit or Loss for the financial period, according to the best of his information and the explanations given to him and as shown by the books, and if not, in what respect he is not satisfied.”

2.2 Though the above definition addresses various aspects of an audit, one of the most important and relevant issues arising out of this definition is that the auditor needs to “satisfy himself that the financial statements are properly drawn up…”, “… according to best of his information and explanations given to him…”, “… and if not, “in what respect the auditor is not satisfied”.

2.3 An auditor, during the course of his audit may come across various materials in the form of deeds, agreements, contracts, invoices, vouchers, etc. which are the supporting materials to evidence the happening of an event/transaction. These are the basis for him to satisfy (or to not satisfy) himself in material aspects as to whether the financial statements give a true and fair view of the state of the affairs of the business and of the profit and loss for that period.

2.4 A document is any material which provides evidence of work performed, action taken or the happening of an event. The audit documentation may be recorded in paper or electronic form as mentioned in paragraph A3 of SA 230. Examples of documents include work papers, copy or abstract of signed agreements, videos, pictures, spreadsheets, transcripts, correspondences, data in electronic form containing the records in systematic manner etc.

 

 

2.5 Oxford dictionary defines documentation “as material that provides official information or evidence or that serves as a record; the process of classifying and annotating texts, photographs, etc”.

2.6 SA 230, “Audit Documentation” defines audit documentation as “The record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached (terms such as “working papers” or “work papers” are also sometimes used”.

2.7 Hence, “document”, in the context of audit refers more to that which is required to be maintained by an auditor to record his findings during the course of the audit.

 

Why is Documentation Important?

2.8 Documentation is considered the backbone of an audit. The work that the auditor performs, the explanations given to the auditor, the conclusions arrived at, all are evidenced by documentation. Inadequate or improper documentation may be considered as deficiency in performing an audit. The auditor may have executed appropriate audit procedures, however, if there is no documentation to prove, it may put question on the work done, in case any material misstatement is reported. Improper and incomplete documentation may put the auditor in difficult situations, such as actions from various regulators.

2.9 Documentation is essential because:

  • It supports the auditor’s basis for a conclusion about achieving the auditor’s objectives.
  • Provides evidence that audit was planned and performed.
  • It assists supervision and review.
  • It results in better conceptual clarity, clarity of thought and expression.
  • It facilitates better understanding and helps avoid misconception.
  • It supports and evidences compliance with standards on auditing, applicable legal & regulatory requirements.

 

 

Form and Content of Documentation

2.10 The form and content of audit documentation should be designed to meet the circumstances as necessary of the particular audit. It should satisfy the requirements of the governing standards and substantiate the conclusions arrived at by the auditor.

2.11 The form and content of documentation depends on various factors such as:

  • Size, nature and type of entity.
  • Risk assessment.
  • Materiality.
  • Sampling methods.
  • Requirements as per laws and regulations.

2.12 Documents are segregated into those forming part of the Permanent Audit File and Current Audit File. Permanent audit file contains those documents, the use of which is not restricted to one time period, and extends to subsequent audits also e.g. Engagement letter, Communication with previous auditor, Memorandum of Association, Articles of Association, Organization structure, List of directors/partners/trustees/bankers/ lawyers, etc. On the other hand, a current audit file contains those documents relevant for that time period of audit.

2.13 Examples of audit documentation may include the following:

  • Understanding the entity.
  • Time and cost details.
  • Audit programme.
  • Risk assessment.
  • List of samples selected for testing and basis of selection thereof.
  • Team discussion.

 

 

  • Working papers pertaining to significant areas.
  • Analyses.
  • Description of audit tools (IT software or other platform) used and computer files obtained from the entity, when an audit tool is used, for example to assist in testing of journal entries.
  • Correspondence (including email) concerning significant matters.
  • Abstract or copies of entity’s records (for example significant and specific contracts and agreements).
  • Communication with those charged with governance.
  • Basis for conclusions, including issues memorandum.
  • Reporting & completion.
  • Quality/ engagement quality control review.
  • Checklists completed by the audit team for compliance with accounting standards and standards on auditing.
  • Communication with previous auditors or other third parties.
  • Letters of confirmation and representation.
  • Documents relating to client acceptance/continuance.
  • Assessment of reliance placed on other auditors or experts.
  • Evidence of nature, timing and extent of procedures performed by internal specialist and professionals, evidence or results obtained from performing those procedures and conclusions reached.

2.14 In general, a working paper may contain the following:

  • Risk and controls relevant to the area.
  • Assertions to be tested and satisfied.
  • Substantive and analytical procedures performed.
  • Persons performing/reviewing the work.
  • Dates on which the work was performed/reviewed.

 

 

  • Extent of review.
  • Documents prepared by client.
  • Nature, type and size of the entity.

2.15 Audit documentation may be lesser in case of less complex entities and small entities as compared to large and complex entities.

 

 

 

 

 

 
   

Chapter 3 FAQs on SA 230

Q1.What is the scope of SA 230?

A1.     SA 230 deals with the auditor’s responsibility to prepare audit documentation for an audit of financial statements. It is to be adapted as necessary in the circumstances when applied to audits of other historical financial information. The specific documentation requirements of other SAs do not limit the application of SA 230. Laws or regulations may establish additional documentation requirements.

Q2. What is the nature and purpose of audit documentation?

A2. Audit documentation that meets the requirements of this SA and the specific documentation requirements of other relevant SAs provides:

(a) Evidence of the auditor’s basis for a conclusion about the achievement of the overall objectives of the auditor; and

(b) Evidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements.

A table has been given stating the specific documentation requirements under various SAs. Refer response to FAQ 37.

Q3. What are the purposes which may be served by audit documentation?

A3. Audit documentation serves a number of purposes, including the following:

  • Assisting the engagement team to plan and perform the audit.

 

 

  • Assisting members of the engagement team responsible for supervision to direct and supervise the audit work, and to discharge their review responsibilities in accordance with SA 220.
  • Enabling the engagement team to be accountable for its work.
  • Retaining a record of matters of continuing significance to future audits.
  • Enabling the conduct of quality control reviews and inspections in accordance with SQC 1.
  • Enabling the conduct of external inspections in accordance with applicable legal, regulatory or other requirements.

Q4.What is the objective of the auditor under SA 230?

A4.      The objective of the auditor is to prepare documentation that provides:

  • A sufficient and appropriate record of the basis for the auditor’s report; and
  • Evidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements.

Q5.What do you mean by audit documentation?

A5. The record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached (terms such as “working papers” or “workpapers” are also sometimes used). It may be noted, that the ‘documents provided by client’ which are used to do audit should be part of audit documentation and checking notes should be attached by auditors on such documents.

Q6.What do you mean by audit file?

A6. One or more files, in physical or electronic form, containing the records that comprise the audit documentation for a specific engagement.

 

 

Q7.What do you mean by experienced auditor?

A7.   An individual (whether internal or external to the firm) who has practical audit experience, and a reasonable understanding of:

  • Audit processes;
  • SAs and applicable legal and regulatory requirements;
  • The business environment in which the entity operates; and
  • Auditing and financial reporting issues relevant to the entity’s industry.

Q8. What would be the form, content and extent of Audit Documentation?

A8. The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor, to understand:

  • The nature, timing, and extent of the audit procedures performed to comply with the SAs and applicable legal and regulatory requirements;
  • The results of the audit procedures performed, and the audit evidence obtained; and
  • Significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions.

Q9. What are influential factors for the form, content and extent of audit documentation?

A9. The form, content and extent of audit documentation depend on factors such as:

  • The size and complexity of the entity.
  • The nature of the audit procedures to be performed.
  • The identified risks of material misstatement.
  • The significance of the audit evidence obtained.
  • The nature and extent of exceptions revealed.

 

 

  • The need to document a conclusion or the basis for a conclusion not readily determinable from the documentation of the work performed or audit evidence obtained.
  • The audit methodology and audit tools used.

Q10.How should the audit documentation be recorded?

A10. Audit documentation may be recorded on paper or on electronic or other media.

Q11.What are the examples of the audit documentation?

A11. Examples of audit documentation include the following:

  • Engagement letter.
  • Audit programmes defined, with details of work carried out and results filled, including planning memorandum.
  • Analyses of various account balances through comparatives and corroborative.
  • Issues memoranda.
  • Summaries of significant matters.
  • Letters of confirmation and representation.
  • Checklists.
  • Correspondence (including e-mail) concerning significant matters.
  • Abstracts or copies of the entity’s records/contracts/ agreements.

Audit documentation, however, is not a substitute for the entity’s accounting records and vice versa.

Q12. Whether Minutes Book, Records, Bills, Vouchers, Fixed Assets Register, legal books etc. are to be obtained by auditor as audit documentation?

A12. No, such records are to be kept and maintained by the management / owner of the entity. Auditor may take abstract of some accounts, records, contracts etc., as he may find relevant as per his judgement.

 

 

 

 
   

Implementation Guide to SA 230(Revised 2022)

 

Oral explanations by the auditor, on their own, do not represent adequate support for the work auditor performed or conclusions the auditor reached, but may be used to explain or clarify information contained in the audit documentation.

Q13. Whether incomplete, initial drafts, superseded audit work papers/documents or a trail from such audit work paper to final audit work paper are to be obtained by auditor as audit documentation? What would the auditor not include in the audit documentation?

A13.    Audit documentation should contain only the final versions of audit workpapers with the date and the name of the engagement team member who prepared and reviewed the documentation. Further, the auditor also need not include in audit documentation:

  • Superseded drafts of working papers and financial statements.
  • Notes that reflect incompleteness.
  • Preliminary thinking.
  • Previous copies of documents corrected for typographical or other errors.
  • Duplicates of documents.
  • Review notes and disposal of review notes.

Q14. Whether confirmation of all parties account balances should be obtained by the management and copy of all should be recorded by the auditor as audit documentation, if not, then to what extent and in which manner the confirmation (direct/third party/obtained by management/ verification from records) is relevant for the audit documentation required to be recorded?

A14. No, the SAs do not prescribe that the confirmation of all account balances is required to be obtained. As it may also not be feasible considering the time and cost involved and to complete the audit in time. It is the auditor’s judgment to

 

 

rely on the running account balances, statements, transactions with the parties and behaviour of the account. In the cases when the auditor has reason to believe that the account balances with the respective parties are material and may have material differences, he should ask for the confirmations of the balances from the respective parties/entities to reduce the risk of material misstatement at low level. The confirmations, if available in other cases also will further support the auditor’s opinion.

As required by SA 330 and SA 505, the auditor should obtain more persuasive audit evidence to respond to the auditor’s assessment of higher risk. In such situation external confirmation is more reliable as an audit evidence. Hence when there is higher risk involved the auditor should reduce the risk by obtaining the external confirmation.

Q15. Laws and regulations are required to be complied by the entity for which appropriate disclosures are included in the illustrative formats and contents of the financial statements as per respective laws and regulations, for example Schedule III to the Companies Act, 2013 in case of corporate entities. The auditor is required to document all matters of non-compliances in material aspects. Whether the additional documentation is required?

A15. The Companies Act, 2013 has given the formats for financial statements in Schedule III, with the manner of disclosure and items required to be disclosed. For high quality of reporting, it is always desired that the disclosure should be more appropriate. The requirements are meant to add value to the users of the financial statements. The auditor should therefore document to support the opinion where there is any material departure from the requirement and which may also materially influence the decision of the user.

Further, in those cases where no specific requirement of the format or disclosure is given, the auditor may agree to the financial  reporting framework being  followed by the

 

 

entity and disclosing those items which are pertinent to the said framework and the applicable requirement under that audit. In such case the auditor should specify the same in the engagement letter issued to the auditee. In case of non-corporate entities, the disclosures as required under the Companies Act, 2013 are not applicable.

Q16. What would be the audit documentation in case of Smaller / Less Complex Entity?

A16. The audit documentation for the audit of a smaller/less complex entity is less extensive than that for the audit of a larger entity. In certain cases it may materially vary as there may be few documentation in some small/less complex entity. Here there may be more personal communication and formally there may only be the representation letter as audit documentation.

When preparing audit documentation, the auditor of a smaller entity may also find it helpful and efficient to record various aspects of the audit together in a single document.

Examples of matters that may be documented together in the audit of a smaller entity include understanding of the entity and its internal control, the overall audit strategy and audit plan, materiality, determined in accordance with SA 320, ‘Materiality in Planning and Performing an Audit’, assessed risks, significant matters noted during the audit, and conclusions reached.

Application and Other Explanatory Material given in the standards on auditing also mention the lesser documentation and deals with considerations specific to smaller entities, the brief of which is explained as below (for details the auditor may refer the relevant standard):

  • SA 260(Revised), “Communication with Those Charged with Governance”, explains that in some smaller entities, however, one person may be charged with governance, for example, the owner-manager where there are no other owners, or a sole trustee.

Also, in some cases, the appropriate person(s) with whom to communicate may not be clearly identifiable

 

 

from the applicable legal framework or other engagement circumstances, for example, entities where the governance structure is not formally defined, such as some family-owned entities, some not-for-profit organizations, and some government entities. In such cases, the auditor may need to discuss and agree with the engaging party (Auditee) the relevant person(s) with whom to communicate.

  • SA 265, “Communicating Deficiencies in Internal Control to Those Charged with Governance and Management”, explains that smaller entities may find that certain types of control activities are not necessary because of controls applied by management. For example, management’s sole authority for granting credit to customers and approving significant purchases can provide effective control over important account balances and transactions, lessening or removing the need for more detailed control activities.
  • SA 240, “The Auditor’s Responsibilities relating to Fraud in an Audit of Financial Statements”, states that in case of small entity where a single owner manages the entity and no one else has governance role. In these cases, there is ordinarily no action on the part of the auditor because there is no oversight separate from the management.
  • SA 300, “Planning an Audit of Financial Statements”, explains that in audits of small entities, the entire audit may be conducted by a very small audit team. Many audits of small entities involve the engagement partner (who may be a sole practitioner) working with one engagement team member (or without any engagement team members). With a smaller team, co- ordination of, and communication between, team members are easier. Establishing the overall audit strategy for the audit of a small entity need not be a complex or time-consuming exercise; it varies according to the size of the entity, the complexity of the audit, and the size of the engagement team. For example, a brief memorandum prepared at the

 

 

completion of the previous audit, based on a review of the working papers and highlighting issues identified in the audit just completed, updated in the current period based on discussions with the owner-manager, can serve as the documented audit strategy for the current audit engagement if it covers the matters noted in paragraph 7 of SA 300.

  • SA 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment”, explains that many small audits are carried out entirely by the engagement partner (who may be a sole practitioner). In such situations, it is the engagement partner who, having personally conducted the planning of the audit, would be responsible for considering the susceptibility of the entity’s financial statements to material misstatement due to fraud or error. Further, smaller entities may not have interim or monthly financial information that can be used for purposes of analytical procedures. In these circumstances, the auditor may be able to perform very limited procedures.
  • SA 320, “Materiality in Planning and Performing an Audit”, explains that when an entity’s profit before tax from continuing operations is consistently nominal, as might be the case for an owner-managed business where the owner takes much of the profit before tax in the form of remuneration, a benchmark such as profit before remuneration and tax may be more relevant for audit documentation.
  • SA 330, “The Auditor’s Responses to Assessed Risks”, explains that in the case of small entities, there may not be many control activities that could be identified by the auditor, or the extent to which their existence or operation have been documented by the entity may be limited.
  • SA 540, “Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures”, explains that obtaining understanding of

 

 

 

 
   

Implementation Guide to SA 230 (Revised 2022)

 

estimates for smaller entities is often less complex as their business activities are often limited and transactions are less complex. Further, often a single person, for example the owner-manager, identifies the need to make an accounting estimate and the auditor may focus inquiries accordingly.

  • SA 570(Revised), “Going Concern”, explains that in many cases, the management of smaller entities may not have prepared a detailed assessment of the entity’s ability to continue as a going concern, but instead may rely on in-depth knowledge of the business and anticipated future prospects. Nevertheless, in accordance with the requirements of this SA, the auditor needs to evaluate management’s assessment of the entity’s ability to continue as a going concern.

Further, continued support by owner-managers is often important to smaller entities’ ability to continue as a going concern. Where a small entity is largely financed by a loan from the owner-manager, it may be important that these funds are not withdrawn. For example, the continuance of a small entity in financial difficulty may be dependent on the owner-manager subordinating a loan to the entity in favour of banks or other creditors, or the owner-manager supporting a loan for the entity by providing a guarantee with his or her personal assets as collateral. In such circumstances, the auditor may obtain appropriate documentary evidence of the subordination of the owner-manager’s loan or of the guarantee. Where an entity is dependent on additional support from the owner-manager, the auditor may evaluate the owner- manager’s ability to meet the obligation under the support arrangement. In addition, the auditor may request written confirmation of the terms and conditions attaching to such support and the owner- manager’s intention or understanding.

 

 

 

 
   

Implementation Guide to SA 230(Revised 2022)

 

Further, in the case of an audit where the engagement partner performs all the audit work, the documentation will not include matters that might have to be documented solely to inform or instruct members of an engagement team, or to provide evidence of review by other members of the team (for example, there will be no matters to document relating to team discussions or supervision). Nevertheless, the engagement team shall prepare audit documentation that can be understood by an experienced auditor having no previous connection with the audit, as the audit documentation may be subject to review by external parties for regulatory or other purposes.

Q17.If the auditor complies with SA 230, will the result be sufficient and appropriate audit documentation?

A17. In principle, compliance with the requirements of this SA will result in the audit documentation being sufficient and appropriate in the circumstances. Other SAs contain specific documentation requirements that are intended to clarify the application of this SA in the particular circumstances of those SAs. Reference may be made to FAQ 37 which covers specific documentation requirements in the respective SAs. While the engagement team comply with SA 230 for principles of the audit documentation requirements for an audit engagement, it should also consider the specific factors applicable to that engagement, for example, the client profile and industry, specific audit matters and professional judgments.

Q18.Do the specific documentation requirements of other SAs limit the application of SA 230?

A18.   No, the specific documentation requirements of other SAs do not limit the application of this SA.

Q19.What will be the consequence, if there is no audit documentation requirement in any SA?

A19. The absence of a documentation requirement in any particular SA is not intended to suggest that there is no

 

 

 

 
   

Implementation Guide to SA 230 (Revised 2022)

 

documentation that needs to be prepared as a result of complying with that SA. Documentation appropriate to the circumstance needs to be maintained.

Q20. Is it necessary for the auditor to document separately (as in a checklist, for example) compliance with matters for which compliance is demonstrated by documents included within the audit file?

A20. No, audit documentation provides evidence that the audit complies with SAs. However, it is neither necessary nor practicable for the auditor to document every matter considered, or professional judgment made, in an audit. Further, it is not necessary for the auditor to document separately (as in a checklist, for example) compliance with matters for which compliance is demonstrated by documents included within the audit file. For example:

  • The existence of an adequately documented audit plan demonstrates that the auditor has planned the audit.
  • The existence of a signed engagement letter in the audit file demonstrates that the auditor has agreed the terms of the audit engagement with management, or where appropriate, those charged with governance.
  • An auditor’s report containing an appropriately qualified opinion demonstrates that the auditor has complied with the requirement to express a qualified opinion under the circumstances specified in the SAs.
  • In relation to requirements that apply generally throughout the audit, there may be a number of ways in which compliance with them may be demonstrated within the audit file:
    • For example, there may be no single way in which the auditor’s professional skepticism is documented. But the audit documentation may nevertheless provide evidence of the auditor’s exercise of professional skepticism in accordance

 

 

 

 
   

Implementation Guide to SA 230(Revised 2022)

 

with SAs. Such evidence may include specific procedures performed to corroborate management’s responses to the auditor’s inquiries.

  • Similarly, that the engagement partner has taken responsibility for the direction, supervision and performance of the audit in compliance with the SAs may be evidenced in a number of ways within the audit documentation. This may include documentation of the engagement partner’s timely involvement in aspects of the audit, such as participation in the team discussion required by SA 315.

Q21.What are the examples of significant matters?

A21. Judging the significance of a matter requires an objective analysis of the facts and circumstances. Examples of significant matters include:

  • Matters that give rise to significant risks. As defined in SA 315, significant risks mean an identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special audit consideration.
  • Results of audit procedures indicating (a) that the financial statements could be materially misstated, or

(b) a need to revise the auditor’s previous assessment of the risks of material misstatement and the auditor’s responses to those risks.

  • Circumstances that cause the auditor significant difficulty in applying necessary audit procedures.
  • Findings that could result in a modification to the audit opinion or the inclusion of an Emphasis of Matter paragraph in the auditor’s report.

Q22. What are the important factors in determining the form, content and extent of audit documentation of significant matters?

 

 

 

 
   

Implementation Guide to SA 230 (Revised 2022)

 

A22. An important factor in determining the form, content and extent of audit documentation of significant matters is the extent of professional judgment exercised in performing the work and evaluating the results. Documentation of the professional judgments made, where significant, serves to explain the auditor’s conclusions and to reinforce the quality of the judgment. Such matters are of particular interest to those responsible for reviewing audit documentation, including those carrying out subsequent audits, when reviewing matters of continuing significance (for example, when performing a retrospective review of accounting estimates).

Q23. Give examples of circumstances in which, it is appropriate to prepare audit documentation relating to the use of professional judgment?

A23. Some examples of circumstances in which, it is appropriate to prepare audit documentation relating to the use of professional judgment include, where the matters and judgments are significant:

  • The rationale for the auditor’s conclusion when a requirement provides that the auditor ‘shall consider’ certain information or factors, and that consideration is significant in the context of the particular engagement.
  • The basis for the auditor’s conclusion on the reasonableness of areas of subjective judgments (for example, the reasonableness of significant accounting estimates).
  • The basis for the auditor’s conclusions about the authenticity of a document when further investigation (such as making appropriate use of an expert or of confirmation procedures) is undertaken in response to conditions identified during the audit that caused the auditor to believe that the document may not be authentic.

The auditor may consider it helpful to prepare and retain as

 

 

 

 
   

Implementation Guide to SA 230(Revised 2022)

 

part of the audit documentation a summary (sometimes known as a completion memorandum) that describes the significant matters identified during the audit and how they were addressed, or that includes cross-references to other relevant supporting audit documentation that provides such information. Such a summary may facilitate effective and efficient reviews and inspections of the audit documentation, particularly for large and complex audits. Further, the preparation of such a summary may assist the auditor’s consideration of the significant matters. It may also help the auditor to consider whether, in light of the audit procedures performed and conclusions reached, there is any individual relevant SA objective that the auditor cannot achieve that would prevent the auditor from achieving the overall objectives of the auditor. It is however to be noted that the audit documentation for use of the professional judgment will be materially lesser in case of audit of small entities and where the engagement partner himself is dealing with the audit of such entities in all respect.

Q24. What should the auditor record in documenting the nature, timing and extent of audit procedures performed?

A24. The auditor should record:

  • The identifying characteristics of the specific items or matters tested;
  • Who performed the audit work and the date such work was completed; and
  • Who reviewed the audit work performed and the date and extent of such review.

SA 220 requires the auditor to review the audit work performed through review of the audit documentation. The requirement to document who reviewed the audit work performed does not imply a need for each specific working paper to include evidence of review. The requirement,

 

 

 

 
   

Implementation Guide to SA 230 (Revised 2022)

 

however, means documenting what audit work was reviewed, who reviewed such work, and when it was reviewed.

Q25. In documenting the nature, timing and extent of audit procedures performed, what are purposes of recording the identifying characteristics of the specific items or matters tested?

A25. In documenting the nature, timing and extent of audit procedures performed, recording the identifying characteristics of the specific items or matters tested serves a number of purposes. For example, it enables the engagement team to be accountable for its work and facilitates the investigation of exceptions or inconsistencies. Identifying characteristics will vary with the nature of the audit procedure and the item or matter tested. For example:

  • For a detailed test of entity-generated purchase orders, the auditor may identify the documents selected for testing by their dates and unique purchase order numbers.
  • For a procedure requiring selection or review of all items over a specific amount from a given population, the auditor may record the scope of the procedure and identify the population (for example, all journal entries over a specified amount from the journal register).
  • For a procedure requiring systematic sampling from a population of documents, the auditor may identify the documents selected by recording their source, the starting point and the sampling interval (for example, a systematic sample of shipping reports selected from the shipping log for the period April 1 to September 30, starting with report number 12345 and selecting every 125th report).
  • For a procedure requiring inquiries of specific entity personnel, the auditor may record the dates of the

 

 

inquiries and the names and job designations of the entity personnel.

  • For an observation procedure, the auditor may record the process or matter being observed, the relevant individuals, their respective responsibilities, and where and when the observation was carried out.

Q26. What all should the auditor document for communication/discussion with management?

A26. The auditor shall document discussions of significant matters with management, those charged with governance, and others, including the nature of the significant matters discussed and when and with whom the discussions took place. The documentation is not limited to records prepared by the auditor but may include other appropriate records such as minutes of meetings prepared by the entity’s personnel and agreed by the auditor. Others with whom the auditor may discuss significant matters may include other personnel within the entity, and external parties, such as persons providing professional advice to the entity. The auditor should specifically deal with key audit matters documentation as specified in SA 701 and other audit conclusion and reporting standards.

Q27. What should the auditor document if the auditor identified information that is inconsistent with the auditor’s final conclusion regarding a significant matter?

A27. As mentioned in paragraph 11 of SA 230, the auditor shall document how the auditor addressed the inconsistency. The requirement to document how the auditor addressed inconsistencies in information does not imply that the auditor needs to retain documentation that is incorrect or superseded.

 

 

Q28. What will the auditor do when it is necessary to depart from a relevant requirement in a SA?

A28. The auditor should document how the alternative audit procedures performed achieve the aim of that requirement, and the reasons for the departure, if, in exceptional circumstances, the auditor judges it necessary to depart from a relevant requirement in a SA. The requirements of the SAs are designed to enable the auditor to achieve the objectives specified in the SAs, and thereby the overall objective of the auditor. Accordingly, other than in exceptional circumstances, the SAs call for compliance with each requirement that is relevant in the circumstances of the audit.

Q29. Under which situation is a documentation requirement not necessary?

A29. The documentation requirement applies only to requirements that are relevant in the circumstances. A requirement is not relevant only in the cases where:

  • The entire SA is not relevant [for example, if an entity does not have an internal audit function, nothing in SA 610(Revised) is relevant]; or
  • The requirement is conditional and the condition does not exist (for example, the requirement to modify the auditor’s opinion where there is an inability to obtain sufficient appropriate audit evidence, and there is no such inability).

Q30. What will be the audit documentation, if, in exceptional circumstances, the auditor performs new or additional audit procedures or draws new conclusions after the date of the auditor’s report?

A30. The auditor is required to document:

  • The circumstances encountered;

 

 

  • The new or additional audit procedures performed, audit evidence obtained, and conclusions reached, and their effect on the auditor’s report; and
  • When and by whom the resulting changes to audit documentation were made and reviewed. While changes are made by the engagement team, these are reviewed by the engagement partner and /or engagement quality control reviewer (where applicable).

Q31. Give examples of exceptional circumstances – Matters arising after the Date of the Auditor’s Report?

A31. Examples of exceptional circumstances include facts which become known to the auditor after the date of the auditor’s report but which existed at that date and which, if known at that date, might have caused the financial statements to be amended or the auditor to modify the opinion in the auditor’s report. Reference may be made to examples given in FAQ 38 in this Implementation Guide. The resulting changes to the audit documentation are reviewed in accordance with the review responsibilities set out in SA 220, with the engagement partner taking final responsibility for the changes.

Q32. When should the auditor complete the administrative process of assembling the final audit file?

A32. The auditor should complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report. SQC 1 requires firms to establish policies and procedures for the timely completion of the assembly of audit files. An appropriate time limit within which to complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor’s report.

Q33.   Whether the administrative process of completion of the assembly of the final audit file after the date of the auditor’s report construes as performance of new audit procedures or the drawing of new conclusions?

 

 

If not, what are the changes permissible in the audit documentation during the final assembly process?

A33. SA 230 permits only administrative changes to be made to audit documentation after the date of the auditor’s report and states the following requirements in this regard:

The completion of the assembly of the final audit file after the date of the auditor’s report is an administrative process that does not involve the performance of new audit procedures or the drawing of new conclusions. Changes may, however, be made to the audit documentation during the final assembly process if they are administrative in nature. Examples of such changes include:

  • Deleting or discarding superseded documentation.
  • Sorting, collating and cross referencing working papers.
  • Signing off on completion checklists relating to the file assembly process.
  • Documenting audit evidence that the auditor has obtained, discussed, and agreed with the relevant members of the engagement team before the date of the auditor’s report.

When assembling the documentation, engagement team should review the documentation to determine that it has a complete and final set of documentation to support the auditor’s opinion.

In addition to the examples provided in SA 230, the following illustrative examples can be considered as administrative changes:

  • Adding original confirmations previously received by fax or email.
  • Review notes are temporary documents and are not part of audit documentation as per SA 230. So, deleting these review notes is also an administrative task provided it does not result in performing a new procedure and does not affect the quality of

 

 

documentation, conclusions reached or any other matter that may affect auditor’s report.

  • Organizing the external hardcopy paper file to include audit evidence obtained before the date of the auditor’s report.
  • Transferring correspondence items containing audit evidence, obtained before the date of the auditor’s report, into the audit file.
  • Removing or replacing incorrect cross references within the engagement files.
  • Adding electronic documents produced outside of the engagement file that include evidence obtained before the date of auditor’s report.
  • Accepting revisions in word documents when the track changes functionality was used.

While the abovementioned activities are regarded as permissible activities, in practice, it is difficult to substantiate that the audit evidence was obtained, discussed and agreed prior to the date of the audit report. Therefore, while it is advisable to complete all documentation on a contemporaneous basis, the abovementioned activities certainly need to be completed before the final assembly of the audit file.

SA 230 allows deleting or discarding superseded documentation during final assembly of audit file, thus incomplete, initial drafts or superseded documents should not be retained in final audit file. Further, a track changes version of every change made to a superseded workpaper to arrive at final workpaper during final file assembly process is not required to be maintained.

Q34. What is the retention period for the audit documentation?

A34. The retention period of documentation for audit engagements, as per SQC 1, ordinarily is no shorter than seven years from the date of the auditor’s report, or, if later, the date of the group auditor’s report.

 

 

Q35. What will be the audit documentation in the circumstances where the auditor finds it necessary to modify existing audit documentation or add new audit documentation after the assembly of the final audit file has been completed?

A35. After the assembly of the final audit file has been completed, the auditor shall not delete or discard audit documentation of any nature before the end of its retention period.

In circumstances other than those envisaged in FAQ 38, where the auditor finds it necessary to modify existing audit documentation or add new audit documentation after the assembly of the final audit file has been completed, the auditor shall, regardless of the nature of the modifications or additions, document:

  • The specific reasons for making them; and
  • When and by whom they were made and reviewed.

Some common examples of documentation that may be added after the archive date, but are not limited to:

  • Additions to the documentation as a result of remediating findings from internal or external inspections.
  • Adding the final copy of communications with those charged with governance.
  • Determining that an incorrect version of a document was archived.

In such situations, in accordance with the firm’s policies and procedures, the engagement team should document modifications to audit documentation after the date of assembly of the final audit file in a copy of the engagement file identified as a copy, which should then be assembled in the same manner as prescribed in paragraphs 14 to 16 and paragraphs A21 to A25 of SA 230 (also refer FAQ 38).

 

 

This would result in retaining both the originally assembled file and subsequently assembled file.

Q36. Who is the owner of the audit documentation?

A36. Standard on Quality Control (SQC) 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements”, issued by the ICAI, provides that, unless otherwise specified by law or regulation, audit documentation is the property of the auditor. He may at his discretion, make portions of, or extracts from, audit documentation available to clients, provided such disclosure does not undermine the validity of the work performed, or, in the case of assurance engagements, the independence of the auditor or of his personnel.

A37. Provide the specific audit documentation requirements in other SAs?

A37. The specific audit documentation requirements in the respective SAs are given below. Since the standards on auditing are in alignment of the international standards on auditing prepared keeping in mind the requirements of the listed entities and public interest entities with a view to oversee the public interest, the specific documentation requirements have been given accordingly. The same may be adjusted (in case of small/ less complex entities as also briefed in the application material of the respective Standards) according to the requirements based on the size, nature, type of the entity being audited and complexities involved.

SA 220, Quality Control for an Audit of Financial Statements

 

Para Ref.

Issue

Documentation Needed

24.

  • Compliance with

The auditor shall document:

 

 

 

the Relevant Ethical and independence

Requirements.

  • Issues identified with respect to compliance with relevant ethical requirements and how they were

resolved.

  • Acceptance and Continuance of client relationship and audit engagements.
  • Consultations.
    • Confirmation of independence and documenting the same.
    • Conclusions on compliance with independence requirements that apply to the audit engagement, and any relevant discussions with the firm that support these conclusions.
 

 

  • Conclusions reached regarding the acceptance and continuance of client relationships and audit engagements.

 

  • The nature and scope of, and conclusions resulting from, consultations undertaken during the course of the audit engagement.

25

Engagement Quality Control Review - Timing and Procedures.

The engagement quality control reviewer shall document:

  • The procedures required by the firm’s policies on engagement quality control review have been performed; and activities performed with respect to this could be documented;

 

 

  • The engagement quality control review has been completed on or before the date of the auditor’s report; and

 

 

  • The reviewer is not aware of any unresolved matters that would

 

 

 

 

cause the reviewer to believe that the significant judgments the engagement team made and the conclusions they reached were not appropriate.

A35

Documentation of Consultations

Documentation of consultations with other professionals that involve difficult or contentious matters that is sufficiently complete and detailed contributes to an understanding of:

  • The issue on which consultation was sought; and
  • The results of the consultation, including any decisions taken, the basis for those decisions and how they were implemented.

 

SA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements

 

Para Ref.

Issue

Documentation Needed

44

  • Understanding the entity & its environment
  • Assessment of risks of material misstatements
    • The significant decisions reached during the discussion among the engagement team regarding the susceptibility of the entity’s financial statements to material misstatement due to fraud; and

 

  • The identified and assessed risks of material misstatement due to fraud at the financial statement level and at the assertion level.

 

 

45

Responses to assessed risks

  • The overall responses to the assessed risks of material misstatement due to fraud at the financial statement level and the nature, timing and extent of audit procedures, and the linkage of those procedures with the assessed risks of material misstatement due to fraud at the assertion level; and
  • The results of the audit procedures, including those designed to address the risk of management override of controls.

46

Communications about fraud

Communications about fraud made to management, those charged with governance, regulators and others.

47

Fraud in revenue recognition

Reasons for concluding the presumption that there is a risk of material misstatement due to fraud related to revenue recognition is not applicable in the circumstances of the engagement, or checks performed and found satisfactory with reference to the procedures.

SA 250, Consideration of Laws and Regulations in an Audit of Financial Statements

 

Para Ref

Issue

Documentation Needed

29

  • Non-compliance
  • Discussions
  • Identified or suspected non- compliance with laws and regulations.
 

 

 

 

 

  • Results of discussions with :
    • Management;
    • those charged with governance (where applicable); and
    • other parties outside the entity.

A21

Non compliance

  • Documentation may include:
    • Copies of records or documents.
    • Minutes of discussions held with management, those charged with governance or parties outside the entity.

SA 260(Revised), Communication with Those Charged with Governance

 

Para Ref

Issue

Documentation Needed

23

Oral & written communications to those charged with governance

  • Matters required by this SA to be communicated are communicated orally, document following aspects:
    • The matter;
      • When communication was made; and
      • To whom communication was made.
      • Matters required by this SA to be communicated are communicated in writing, retain a copy of the communication.

A54

Oral communication

May include a copy of minutes prepared by entity retained as part

 

 

 

 

of audit documentation where those minutes are an appropriate record of the communication.

SA 265, Communicating Deficiencies in Internal Control to Those Charged with Governance and Management

 

Para Ref

Issue

Documentation Needed

A13

Written communication of significant deficiencies

  • Receipt of such communication.
  • Documentation of written communication of significant deficiencies.

 

SA 300, Planning an Audit of Financial Statements

 

Para Ref

Issue

Documentation Needed

11

Planning

  • The overall audit strategy;
  • The audit plan; and
  • Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the reasons for such changes.

A17- A20

  • Overall audit strategy
  • Audit plan
  • Significant changes made in the above two
  • In respect of overall audit strategy, document:
    • the key decisions considered necessary to properly plan the audit – scope, timing, conduct of audit; and
    • communicate significant matters communicated to the engagement team.
    • May summarize the overall audit strategy in the form of a
 

 

 

 

 

memorandum.

  • Documentation of the audit plan is record of planned nature, timing and extent of risk assessment procedures and further audit procedures at the assertion level in response to the assessed risks.
  • May use standard audit programs and/or audit completion checklists, tailored as needed to reflect the particular engagement circumstances.
  • A record of the significant changes to the overall audit strategy and the audit plan should document:
    • resulting changes to the planned nature, timing and extent of audit procedures.
    • reasons for significant changes made.
    • overall audit strategy and audit plan finally adopted for the audit.
    • Response to the significant changes occurring during the audit.
    • In smaller entities a suitable, brief memorandum may serve as the documented strategy for the audit of a smaller entity.

 

SA 315, Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment

 

 

Para Ref

Issue

Documentation Needed

32(a)

Discussion among the engagement Team

  • The discussion among the engagement team where required by paragraph 10 of SA 315, and the significant decisions reached:
    • the susceptibility of the entity’s financial statements to material misstatement; and
    • the application of the applicable financial reporting framework to the entity’s facts and circumstances.

32(b)

Understanding of each of the aspects of the entity and its environment specified in paragraph 11

  • Relevant industry, regulatory, and other external factors including the applicable financial reporting framework.
  • The nature of the entity, including:
    • its operations;
      • its ownership and governance structures;
      • the types of investments that the entity is making and plans to make, including investments in special purpose entities; and
      • the way that the entity is structured and how it is financed.
      • The   entity’s    selection    and

application of accounting policies, including the reasons

 

 

 

 

for changes thereto.

  • Auditor’s evaluation of whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry.
  • The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement.
  • The measurement and review of the entity’s financial performance.

32(b)

Understanding of each of the internal control components specified in paragraphs 14-24

  • Control environment – Auditor’s evaluation of whether:
    • Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behaviour;
    • The strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control; and
    • Whether those other components are not undermined by deficiencies in the control environment.
    • Entity’s risk assessment process

 

 

 

 

for:

  • Identifying business risks relevant to financial reporting objectives;
  • Estimating the significance of the risks;
  • Assessing the likelihood of their occurrence; and
  • Deciding about actions to address those risks.
  • Management’s failure to identify a risk otherwise expected to have been identified:
    • Why that process failed to identify it; and
    • Evaluation of whether the process is appropriate to its circumstances or determine whether it represent a significant deficiency in internal control with regard to the entity’s risk assessment process.
    • If the entity has not established such a process or has an ad hoc process:
      • Discussion with management regarding whether business risks relevant to financial reporting objectives have been identified and how they have been addressed.
      • Information system, including the related business processes, relevant to financial reporting,

 

 

 

 

including the following areas:

  • The classes of transactions in the entity’s operations that are significant to the financial statements;
  • The procedures, within both information technology (IT) and manual systems, by which those transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the financial statements;
  • The related accounting records, supporting information and specific accounts in the financial statements that are used to initiate, record, process and report transactions; this includes the correction of incorrect information and how information is transferred to the general ledger. The records may be in either manual or electronic form;
  • How the information system captures events and conditions, other than transactions, that are significant to the financial statements;

 

 

 

 

  • The financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures; and
  • Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions or adjustments.
  • Entity’s communication of financial reporting roles and responsibilities and significant matters relating to financial reporting, including:
    • Communications between management and those charged with governance; and
    • External communications, such as those with regulatory authorities.
    • Control activities relevant to the audit:
      • Understanding of control activities relevant to the audit; and
      • Entity’s response to IT risks.
      • Monitoring of controls:
        • Understanding of entity’s major activities to monitor internal control over financial reporting; and

 

 

 

  • How the entity initiates remedial actions to deficiencies in its controls.
  • Understanding of the relevance of the Internal Audit Function:
    • The nature of the internal audit function’s

responsibilities and how the internal audit function fits in the entity’s organisational structure; and

  • The activities performed, or to be performed, by the internal audit function.
  • Entities having uncomplicated businesses and processes relevant to financial reporting, documentation:
    • Simple and brief.
    • Not necessary to document the entirety of the auditor’s understanding of the entity and matters related to it.
    • Document only key elements of understanding.
    • Extent of documentation may also reflect the experience and capabilities of the members of the audit engagement team.
    • For recurring audits, certain documentation may be carried forward, updated as necessary to reflect changes

in the entity’s business or

 

 

 

 

processes.

32(b)

Sources of

information from

which the

understanding was obtained and risk assessment procedures performed

  • Sources of the information used in the entity’s monitoring activities.
  • Basis upon which management considers the information to be sufficiently reliable for the purpose.
  • Documentation about risk assessment procedures performed.

32(c)

Risks of material misstatement (in terms of para 25 of the standard)

  • Risks of material misstatement identified and assessed:
    • at the financial statement level; and
    • at the assertion level for classes of transactions, account balances and disclosures.

32(d)

Risks requiring

special audit considerations

The risks identified, and related controls about which the auditor has obtained an understanding, as a result of the requirements in paragraphs 27-30 of the Standard.

SA 320, Materiality in Planning and Performing an Audit

 

Para Ref.

Issue

Documentation Needed

14(a)

& (b)

Materiality for the financial statements as a whole or

materiality level(s) for

particular classes

  • Materiality for the financial statements as a whole:
    • For establishing the overall audit strategy.
    • Materiality level(s) for particular classes of transactions, account

 

 

 

of transactions, account balances or disclosures

balances or disclosures:

  • Determine materiality level(s) to be applied to particular classes of transactions, account balances or disclosures, which could be expected to influence the economic decisions of the users.

14(c)

Performance materiality

  • Determine performance materiality:
    • For assessing the risks of material misstatement; and
    • Determining the nature, timing and extent of further audit procedures.

14(d)

Revisions as the Audit Progresses

  • Revise materiality for the financial statements as a whole or materiality level(s) for particular classes of transactions, account balances or disclosures:

 

 

  • If the auditor becomes aware of information during the audit that would have caused the auditor to have determined      a      different

amount (or amounts) initially.

 

 

  • If the auditor concludes that a lower materiality than that initially determined is appropriate:

 

 

  • Determine whether it is necessary to revise performance materiality, and

 

 

  • Whether the nature, timing

 

 

 

 

and extent of the further audit procedures remain appropriate.

 

SA 330, The Auditor’s Responses to Assessed Risks

 

Para Ref

 

Issue

 

Documentation Needed

28(a)

Overall responses

Overall responses to address the assessed risks of material misstatement at the financial statement level, and the nature, timing and extent of the further audit procedures performed.

28(b)

Linkages

Linkage of those procedures with the assessed risks at the assertion level.

28(c)

& A63

Results

  • The results of the audit procedures, including the conclusions where these are not otherwise clear.
    • The form and extent of audit documentation is a matter of professional judgment, and is influenced by:
      • nature, size and complexity of the entity and its internal control;
      • availability of information; and
      • audit methodology and technology used in the audit.

 

 

29

Audit         evidence

about operating effectiveness of controls obtained in

previous audits

  • Document the conclusions reached about relying on such controls that were tested in a previous audit.

30

Financial statements agreeing or

reconciling with

underlying accounting records.

  • The auditors’ documentation shall demonstrate that the financial statements agree or reconcile with the underlying accounting records.

 

SA 450, Evaluation of Misstatements Identified during the Audit

 

Para Ref.

Issue

Documentation Needed

15 & A25

Uncorrected Misstatements

  • The amount below which misstatements would be regarded as clearly trivial.
  • All misstatements accumulated during the audit and whether they have been corrected:
    • Communication with management to correct the misstatement.
    • Communication with those charged with governance:
      • Uncorrected misstatements; and
      • Effect that they, individually or in aggregate, may have on the opinion in the auditor’s report.
      • The auditor’s conclusion as to whether uncorrected

 

 

 

 

misstatements are material, individually or in aggregate, and the basis for that conclusion. Auditor should consider:

  • The size and nature of the misstatements, both in relation to particular classes of transactions, account balances or disclosures and the financial statements as a whole, and the particular circumstances of their occurrence; and
  • The effect of uncorrected misstatements related to prior periods on the relevant classes of transactions, account balances or disclosures, and the financial statements as a whole.
  • The auditor’s documentation of uncorrected misstatements may take into account:
    • The consideration of the aggregate effect of uncorrected misstatements;
    • The evaluation of whether the materiality level or levels for particular classes of transactions, account balances or disclosures, if any, have been exceeded; and
    • The evaluation of the effect of uncorrected misstatements on key ratios or trends, and compliance       with       legal,

regulatory   and    contractual

 

 

 

 

requirements (for example, debt covenants).

SA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures

 

Para Ref

Issue

Documentation Needed

23(a)

Auditor’s conclusion

  • The basis for the auditor’s conclusions about the reasonableness of accounting estimates and their disclosure that give rise to significant risks.

23(b)

and A128

Management bias

  • Indicators of possible management bias, if any.
    • Assists the auditor in concluding whether the auditor’s risk assessment and related responses remain appropriate, and
    • Evaluating whether the financial statements as a whole are free from material misstatement.

SA 550, Related Parties

 

Para Ref

Issue

Documentation Needed

28

Related parties

  • Names of the identified related parties.
  • Nature of the related party relationships.

SA 570(Revised), Going Concern

 

Para Ref

Issue

Documentation Needed

 

 

17

Auditor’s Conclusion

  • Evaluate whether sufficient appropriate audit evidence has been obtained.
  • Conclude on the appropriateness of management’s use of the going concern basis of accounting in the preparation of the financial statements.

18.

Whether, in the auditor’s judgment, a material

uncertainty exists

  • Appropriate documentation required about material uncertainty exists when the magnitude of its potential impact and likelihood of occurrence is such that disclosure of the nature and implications of the uncertainty is necessary for:
    • In the case of a fair presentation financial reporting framework, the fair presentation of the financial statements; or
    • In the case of a compliance framework, the financial statements not to be misleading.

SA 600, Using the Work of Another Auditor

 

Para Ref

Issue

Documentation Needed

18

Components and component auditors

  • Components whose financial information was audited by other auditors.
  • Such components’ significance to the financial information of the entity as a whole.
  • Names of the other auditors.
  • Any   conclusions    reached    that

 

 

 

 

individual components are not material.

  • Procedures performed and the conclusions reached.
  • Where component auditor’s report is other than unmodified, document how principal auditor has dealt with the qualifications or adverse remarks contained in the other auditor’s report in framing his own report.

SA 610(Revised), Using the Work of Internal Auditors

 

Para Ref.

Issue

Documentation Needed

36

External auditor using the work of the internal auditors

  • The evaluation of:
    • Whether the function’s organizational status and relevant policies and procedures adequately support the objectivity of the internal auditors;
    • The level of competence of the function; and
    • Whether the function applies a systematic and disciplined approach, including quality control;
    • The nature and extent of the work used and the basis for that decision; and
    • The audit procedures performed by the external auditor to evaluate the adequacy of the work used.

 

 

37

External     auditor

uses internal auditor to provide direct assistance

  • The evaluation of the existence and significance of threats to the objectivity of the internal auditors, and the level of competence of the internal auditors used to provide direct assistance;
  • The basis for the decision regarding the nature and extent of the work performed by the internal auditors;
  • Who reviewed the work performed and the date and extent of that review in accordance with SA 230;
  • The written agreements obtained from an authorized representative of the entity and the internal auditors under paragraph 33 of this SA; and
  • The working papers prepared by the internal auditors who provided direct assistance on the audit engagement.

SA 701, Communicating Key Audit Matters in the Independent Auditor’s Report

 

Para Ref.

Issue

Documentation Needed

18

Documentation: Key audit matters

Audit documentation shall include:

  • The matters that required significant auditor attention; and

Rationale for the auditor’s determination as to whether or not each of these matters is a key

audit matter.

 

 

 

 

  • The rationale for the auditor’s determination that there are no key audit matters to communicate in the auditor’s report.
  • The rationale for the auditor’s determination not to communicate in the auditor’s report a matter determined to be

a key audit matter.

A64

Documentation: Key Audit Matters

  • Basis of determination of the matters that required significant auditor attention, from the matters communicated with those charged with governance.
  • The auditor’s judgments to be supported by the documentation of the auditor’s communications with those charged with governance and the audit documentation relating to each

individual matter.

 

SA 720(Revised), The Auditor’s Responsibilities Relating to Other Information

 

Para Ref.

Issue

Documentation Needed

25

Documentation relating to Other Information

Audit documentation shall include :

  • Documentation of the procedures performed under this SA.
  • The final version of the other information on which the auditor has performed the work.

 

 

Q38. What are the matters to be considered while making changes to documentation after the date of auditor’s report but before archive date, which are other than administrative in nature?

A38. Circumstances may arise that require changes or additions to audit documentation that are not administrative in nature after the date of the auditor’s report. FAQ 33 describes administrative changes that may be made to the documentation during the assembly process. Any changes or additions that are not considered as administrative change constitute new audit evidence and means that the audit procedures were either not completed or documented on or before the date of the auditor’s report.

When changes or additions that are not administrative are made to the audit documentation after the date of the auditor’s report but before the archive date, the engagement team should document:

  • An explanation describing what information was added or changed.
  • When the evidence was obtained.
  • The date the information was added and reviewed.
  • The name of the person who prepared and reviewed the additional information.
  • The circumstances encountered and the reasons for adding the information.
  • The new or additional audit procedures performed, audit evidence obtained, and conclusions reached.
  • When the conclusions in respect of the new information were approved by the engagement manager, engagement partner and / or engagement quality control reviewer (where applicable).
  • The effect on the auditor’s report.

Accordingly, when engagement team has obtained audit evidence before the date of the auditor’s report but

 

 

documented this audit evidence after the date of the auditor’s report or make substantive changes to documentation that existed at the date of the auditor’s report, engagement team shall record these matters.

Above information may be recorded in the respective work paper which was modified after date of auditor’s report and also in a memo for all such changes, such memo to be included in the audit file. This needs to be completed before the final assembly of the audit file.

The following are examples of circumstances that require changes or additions to the documentation that are not administrative after the date of the auditor’s report:

Example #1

Subsequent to the date of the auditor’s report, the engagement team becomes aware of additional facts regarding a current litigation matter that existed at the date of the auditor’s report. If the engagement team had been aware of the additional facts prior to the date of the auditor’s report, that may have affected the financial statements and the audit opinion. This circumstance may require the engagement team to make additions or changes to the documentation that are not administrative in nature.

The engagement team should include these additional facts in the documentation and document the elements required above (i.e. the date the information was added and reviewed; the name of the person who prepared and reviewed the additional information; the circumstances encountered and the reasons for adding the information; the new or additional audit procedures performed, audit evidence obtained, and conclusions reached; and the effect on the auditor’s report, etc.).

Example #2

Subsequent to the date of the auditor’s report, the engagement team identifies workpapers without proper

 

 

signoffs. Adding sign-offs to the audit workpapers represents a change that is not administrative because the documentation did not meet requirements (i.e., reviewer did not sign and date the workpaper to evidence his or her review at the right time). The engagement team should document the sign-offs, any changes to the workpapers and the elements required above.

After the date of the auditor’s report, the engagement team may also discover that, considering the facts and circumstances at the time of the audit, one or more additional audit procedures have been omitted.

In those limited situations when the engagement team is performing procedures and obtaining and documenting evidence after the date of the auditor’s report, the engagement team does not discard any related documentation that previously existed.

Q39. What are the requirements on maintaining the confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation after the completion of assembly of the audit file?

A39. The auditor is required to comply with following requirements of the Standard on Quality Control (SQC) 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements”:

  • The firm should establish policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation;
  • Relevant ethical requirements establish an obligation for the firm’s personnel to observe at all times the confidentiality of information contained in engagement documentation, unless specific client authority has been given to disclose information, or there is a legal or professional duty to do so. Specific laws or regulations may impose additional obligations on the

 

 

firm’s personnel to maintain client confidentiality, particularly where data of a personal nature are concerned; and

  • Whether engagement documentation is in paper, electronic or other media, the integrity, accessibility or retrievability of the underlying data may be compromised if the documentation could be altered, added to or deleted without the firm’s knowledge, or if it could be permanently lost or damaged.

Accordingly, the audit firm designs and implements appropriate controls for engagement documentation to:

(a) enable the determination of when and by whom engagement documentation was created, changed or reviewed;

(b) protect the integrity of the information at all stages of the engagement, especially when the information is shared within the engagement team or transmitted to other parties via the Internet;

(c) prevent unauthorized changes to the engagement documentation; and

(d) allow access to the engagement documentation by the engagement team and other authorized parties as necessary to properly discharge their responsibilities.

Controls that the firm may design and implement to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation include, for example:

  • the use of a password among engagement team members to restrict access to electronic engagement documentation to authorized users.
  • appropriate back-up routines for electronic engagement documentation at appropriate stages during the engagement.
  • procedures for properly distributing engagement documentation to the team members at the start of

 

 

engagement, processing it during engagement, and collating it at the end of engagement.

  • procedures for restricting access to, and enabling proper distribution and confidential storage of, hardcopy engagement documentation.

For practical reasons, original paper documentation may be electronically scanned for inclusion in engagement files. In that case, the firm implements appropriate procedures requiring engagement teams to:

(a) Generate scanned copies that reflect the entire content of the original paper documentation, including manual signatures, cross-references and annotations;

(b) Integrate the scanned copies into the engagement files, including indexing and signing off on the scanned copies as necessary; and

(c) Enable the scanned copies to be retrieved and printed as necessary.

The firm considers whether to retain original paper documentation that has been scanned for legal, regulatory or other reasons.

Q40. When should an auditor prepare audit documentation?

A40 It is appropriate that the auditor should prepare audit documentation on a timely basis i.e. at the time audit work is performed. Preparing sufficient and appropriate audit documentation on a timely basis helps to enhance the quality of the audit and facilitates the effective review and evaluation of the audit evidence obtained and conclusions reached before the auditor’s report is finalised. Documentation prepared after the audit work has been performed is likely to be less accurate than documentation prepared at the time such work is performed and is also susceptible to risk that the work was performed after the auditor’s report was issued.

 

 

 

 

 

 
   

Chapter 4 Checklist

 

 

S.No.

Particulars

Yes/No/ NA

Remarks/ WP Ref

1.

Whether the audit documentation is prepared on a timely basis?

 

 

2.

Whether the audit documentation is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the following?

(a) The nature, timing, and extent of the audit procedures performed to comply with the SAs and applicable legal and regulatory requirements;

(b) The results of the audit procedures performed, and the audit evidence obtained; and

(c) Significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions.

 

 

3.

While documenting the nature, timing and extent of audit procedures performed, whether the following were recorded?

(a) The identifying characteristics of the specific items or matters

 

 

 

 

 

tested;

(b) Who performed the audit work and the date such work was completed; and

(c) Who reviewed the audit work performed and the date and extent of such review.

 

 

4.

Whether the documentation includes discussions of significant matters with management, those charged with governance, and others, including the nature of the significant matters discussed and when and with whom the discussions took place?

 

 

5.

Where it is identified that information is inconsistent with the auditor’s final conclusion regarding a significant matter, whether it is documented as to how the inconsistency was addressed?

 

 

6.

Where it is considered necessary in exceptional circumstances to depart from a relevant requirement in a SA, whether the audit documentation reflects how the alternative audit procedures performed achieved the aim of that requirement and the reasons for the departure?

 

 

7.

Where in exceptional circumstances, new or additional audit procedures are performed or

new conclusions are reached after

 

 

 

 

 

the date of the audit report, whether the following were documented?

(a) The circumstances encountered;

(b) The new or additional audit procedures performed, audit evidence obtained, and conclusions reached, and their effect on the auditor’s report; and

(c) When and by whom the resulting changes to audit documentation were made and reviewed.

 

 

8.

Is it ensured that after the assembly of the final audit file has been completed, no deletion or discard of audit documentation of any nature has taken place before the end of its retention period?

 

 

9.

Where it is necessary to modify existing audit documentation or add new audit documentation after the assembly of the final audit file has been completed, whether the following were documented?

(a) The specific reasons for making them; and

(b) When and by whom they were made and reviewed.

 

 

 

 

 

 
   

Appendix

 

Illustrative Working Paper Format

 
   

 

Home | About Us | Terms and Conditions | Contact Us
Copyright 2023 CAinINDIA All Right Reserved.
Designed and Developed by Ritz Consulting