PRACTICAL GUIDE TO DOCUMENTATION FOR AUDIT (including documentation for peer review / Financial Review and other assurance services)
1. Introduction
“The skill of an accountant can always be ascertained by an inspection of his working papers.”— Robert H. Montgomery, Montgomery ’s Auditing, 1912
1.1 Meaning of Documentation
The word “document” is used to refer to a written or printed paper that bears the original, official, or legal form of something and can be used to furnish decisive evidence or information. “Documentation” refers to the act or an instance of the supplying of documents or supporting references or records.
According to Auditing and Assurance standard 3 (AAS 3) issued by the Institute of Chartered Accountants of India “Documentation” refers to the working papers prepared or obtained by the auditor and retained by him , in connection with the performance of the audit.
1.2 Audit
In audit, the Chartered Accountant’s objective is to provide a high (but not absolute) level of assurance on the reliability of financial statements. The auditor provides a positive opinion which essentially states that based on the work performed; the financial statements comply with relevant accounting standards and principles. The level of testing procedures to obtain the evidence necessary to support such an opinion is high.
An audit engagement involves a study and evaluation of internal accounting controls, detailed tests of accounting records, or corroborative evidence through inspection, observation and confirmation which is not usually required in a review engagement.
1.3 Review
In contrast, a review provides a negative assurance report giving only a moderate level of assurance on the reliability of the financial information. The report essentially states that nothing has come to the reviewer’s attention to indicate that the financial information is not presented fairly in accordance relevant accounting standards and principles. Review engagements are designed as a limited review of financial statements; therefore the risk of mistakes, omissions or incorrect disclosures is considerably greater than with an audit.
1.4 Peer review
The dictionary meaning of the word “Peer” is “A person who has equal standing with another or others”.
The term “Review” is defined as “subject to a formal inspection or appraisal and reassessment of the matter in question”.
Thus, peer review for chartered accountants would mean evaluation of a colleague’s work professionally. Peer review applies only to practicing Chartered Accountants as Audit and assurance work can be performed by practicing Chartered Accountants only.
Peer review is conducted with an idea to suggest improvements in the reporting services provided unlike auditing and investigation which are conducted with a focus to comment on the truthfulness of the financial and accounting records.
1.5 Other Assurance services
The other types of assurance services usually provided by an auditor which are not related to Audit include due diligence report.
1.6 Form and content of documentation
The form and content of audit documentation should be designed to meet the circumstances of the particular audit. The information contained in audit documentation constitutes the principal record of the work that the auditors have performed in accordance with standards and the conclusions that the auditors have reached. The quantity, type, and content of audit documentation are a matter of the auditors’ professional judgment. The Audit documentation therefore is not restricted to being only on papers, but can also be on electronic media
Generally the factors that determine the form and content of documentations for a particular engagement are:
a) The nature of the engagement
b) The nature of the business activity of the client
c) The status of the client
d) Reporting format
e) Relevant legislations applicable to the client
f) Records maintained by the client
g) Internal controls in operation
h) Quality of audit assistants engaged in the particular assignment and the need to direct and supervise their work
1.7 Permanent and Current Audit files
In the case of recurring audits, some working paper files may be classified as permanent audit files, which are updated currently with information of continuing importance to succeeding audits. In contrast current audit files contain information relating primarily to the audit of a single period.
A) A permanent audit file normally includes:
a) Copy of initial appointment letter if the engagement is of recurring nature
b) Record of communication with the retiring auditor, if any, before acceptance of the appointment as auditor
c) NOC from previous auditor
d) Information concerning the legal and organisational structure of the entity.
In the case of a company, this includes the Memorandum and Articles of Association.
In the case of a statutory corporation, this includes the Act and Regulations under which the corporation functions .i.e.
i. In case of partnerships- Partnership deed
ii. In case of trusts- Trust deed
iii. In case of societies- Certificate of registration/ Rules and Bye-laws.
e) Organisational structure of the client
f) List of governing body including Name, Address and contact details. For Instance, the List of Directors in case of a company, List of partners in a partnership and list of Trustees in a Trust.
g) Extracts or copies of important legal documents, agreements and minutes relevant to the audit.
h) A record of the study and evaluation of the internal controls related to the accounting system. This might be in the form of narrative descriptions, questionnaires or flow charts, or some combination thereof.
i) Copies of audited financial statements for previous years
j) Analysis of significant ratios and trends
k) Copies of management letters issued by the auditor, if any.
l) Notes regarding significant accounting policies.
m) Significant audit observations of earlier years.
n) Assessment of risks and risk management
o) Major policies related to Purchases and Sales
p) Details of sister concerns
q) Details of Bankers, Registrars, Lawyers etc
r) Systems and Data Security policies
s) Business Continuity Plans
B) A current file normally includes
The current file normally includes:
a) Correspondence relating to acceptance of annual reappointment.
b) Extracts of important matters in the minutes of Board Meetings and General Meetings, as are relevant to the audit.
c) Evidence of the planning process of the audit and audit programme
d) Analysis of transactions and balances.
e) A record of the nature, timing and extent of auditing procedures performed, and the results of such procedures
f) Evidence that the work performed by assistants was supervised and reviewed.
g) Copies of communications with other auditors, experts and other third parties.
h) Copies of letters or notes concerning audit matters communicated to or discussed with the client, including the terms of the engagement and material weaknesses in relevant internal controls.
i) Letters of representation or confirmation received from the client.
j) Conclusions reached by the auditor concerning significant aspects of the audit, including the manner in which exceptions and unusual matters, if any, disclosed by the auditor’s procedures were resolved or treated.
k) Copies of the financial information being reported on and the related audit reports.
l) Audit review points and highlight.
m) Major weakness in Internal control
2. Need for Audit documentation
Documents believed to be related to Enron were destroyed, focusing the attention of regulators and lawmakers on the contents and retention of audit documentation.
The audit working papers (current and permanent) for a client audit engagement should be sufficiently detailed to enable another appropriately experienced and competent auditor who is not familiar with the client to obtain an overall understanding of the engagement.
2.1 The need for Working papers
The need for Working papers can be listed as follows:
a) They aid in the planning and performance of the audit;
b) They aid in the supervision and review of the audit work and to review the quality of work performed, in accordance with AAS 17 “Quality Control for Audit Work”;
c) They provide evidence of the audit work performed to support the auditor’s opinion
d) They document clearly and logically the schedule, results of test, etc.
e) The working papers should evidence compliance with technical standards
f) They document that Internal control has been appropriately studied and evaluated; and
g) They document that the evidence obtained and procedures performed afford a reasonable basis for an opinion.
h) They retain a record of matters of continuing significance to future audits of the entity;
i) They enable an experienced auditor to conduct quality control reviews in accordance with Statement on Peer Review issued by the Institute of Chartered Accountants of India;
j) The process of preparing sufficient audit documentation contributes to the quality of an audit
k) They fulfil the need to document oral discussions of significant matters and communicate to those charged with governance, as discussed in AAS 27, “Communication of Audit Matters with those Charged with Governance.
2.2 Guidance to staff on Audit documentation
Proper guidance should be given to staff regarding the following
a) Filing/keeping of working papers
b) Checklist of documents to be obtained and maintained
c) Indexing of documents/ working papers
d) Proper numbering/ sequencing of working papers
e) Summarizing of overall findings
f) Writing of queries
g) Discussing with seniors on matters of importance
h) Disposing of Query -at staff level/ senior level/ partner level
i) Importance of the working papers to be signed, dated and approved by relevant level of audit staff with sufficient cross reference
j) Importance of depicting the client’s name, file number, accounting period, subject of working paper and reference of working paper with current or permanent file
3. Retention of working papers/ documents
3.1 Period of retention
The auditor should retain the working papers for a period of time sufficient to meet the needs of his practice and satisfy any pertinent legal or professional requirements of record retention.
3.2 Ownership and custody
Working papers are the property of the auditor. The auditor may, at his discretion, make portions of or extracts from his working papers available to his client.
The auditor should adopt reasonable procedures for custody and confidentiality of his working papers
3.3 Requests for access to Working papers-
The following are to be noted in this regard:
1. AAS 1, Basic Principles Governing An Audit, states in para 6, “The auditor should respect the confidentiality of information acquired in the course of his work and should not disclose any such information to a third party without specific authority or unless there is a legal or professional duty to disclose.”
(AAS) 3, Documentation (Paragraph 13), states, “Working papers are the property of the auditor. The auditor may, at his discretion, make portions of or extracts from his working papers available to his client.” AAS 3 further requires (paragraph 14), inter alia, that the “auditor should adopt reasonable procedures for custody and confidentially of his working papers.”
2. Part I of the Second Schedule to the Chartered Accountants Act, 1949 provides that “A Chartered Accountant in practice shall be deemed to be guilty of professional misconduct, if he –
“Discloses information acquired in the course of his professional engagement to any person other than his client so engaging him, without the consent of his client or otherwise than as required by any law for the time being in force.”
3. Requests may be received by the members of the Institute, who have/had been performing the duties as the auditors of an enterprise, to provide access to their audit working papers from the clients or other auditors of the enterprise or its related enterprise such as a parent enterprise.
4. Under the circumstances ICAI has clarified that except to the extent stated in para 5 below, an auditor is not required to provide the client or the other auditors of the same enterprise or its related enterprise such as a parent or a subsidiary, access to his audit working papers. The main auditors of an enterprise do not have right of access to the audit working papers of the branch auditors. In the case of a company, the statutory auditor has to consider the report of the branch auditor and has a right to seek clarifications and/or to visit the branch if he deems it necessary to do so for the performance of the duties as auditor. An auditor can rely on the work of another auditor, without having any right of access to the audit working papers of the other auditor. For this purpose, the term ‘auditor’ includes ‘internal auditor’.
5. As stated in para 4, the client does not have a right to access the working papers of the auditor. However, the auditor may, at his discretion, in cases considered appropriate by him, make portions of or extracts from his working papers available to the client.
4. Tips for Auditors on documentation / working papers
General guidelines for the preparation of working papers are:
a) Clarity and Understanding -As a preparer of audit documentation, step back and read your work objectively. Would it be clear to another auditor?
Working papers should be clear and understandable without supplementary oral explanations. With the information the working papers reveal, a reviewer should be able to readily determine their purpose, the nature and scope of the work done and the preparer's conclusions.
b) Completeness and Accuracy – As a reviewer of documentation, if you have to ask the audit staff basic questions about the audit, the documentation probably does not really serve the purpose.
Work papers should be complete, accurate, and support observations, testing, conclusions, and recommendations. They should also show the nature and scope of the work performed.
c) Pertinence – Limit the Information in working papers to matters that are important and necessary to support the objectives and scope established for the assignment.
d) Logical Arrangement – File the Working papers in a logical order.
e) Legibility and Neatness – Be neat in your work. Working papers should be legible and as neat as practical. Sloppy work papers may lose their worth as evidence. Crowding and writing between lines should be avoided by anticipating space needs and arranging the work papers before writing.
f) Safety- Keep your work papers safe and retrievable
g) Initial and Date- Put your initials and date on every working paper
h) Summary of conclusions- Summarize the results of work performed and identify the overall significance of any weaknesses or exceptions found.
5. Changes to Audit Documentation
5.1 “Subsequent events” occurring between the Balance sheet date and the Audit report- AAS 19
Exceptional circumstances may require the auditor to perform new audit procedures or lead the auditor to reach new conclusions. In such circumstances, the auditor should document the changes necessary to reflect either the performance of the new audit procedures or the new conclusions reached, including:
(a) When and by whom such changes were made, and (where applicable) reviewed;
(b) The specific reasons for the changes; and
(c) The effect, if any, of the changes on the auditor’s conclusions.
5.2 New Information Received after the Date of the Auditor’s Report
Although the auditor has no responsibility to perform audit procedures after the date of the auditor’s report. The auditor may, however, receive new information after that date relating to the audit, for example a belated third party confirmation or confirmation of the final outcome of a material litigation case against the entity that was pending at the period end. Under the circumstances the auditor has to consider whether to perform audit procedures on the new information, taking into account such factors as the nature and significance of the information or whether the passage of time has superseded the relevance of the information.
6.0 Illustrative List of Documents needed for conduct of Audit/ Financial reviews/ due diligence and Peer review
I. Audit
· Specimen Audit engagement letter
· Specimen Letter asking for information about client’s Business
· Specimen letter of Communication with previous auditor
· Specimen of Management representation letter
· Checklist on Compliance with Accounting standards
· Checklist on compliance with Auditing and Assurance standards
· Checklist on compliance with Guidance note
· Draft
· Proforma client register
· Draft Audit programme
· Checklist of documents to be obtained
· Draft Audit report
II. Financial reviews
· Engagement Letter for a Review of Financial Statements
· Procedures that may be performed in an Engagement to Review Financial Statements
· Specimen Unqualified Review Report
· Specimen Review Reports other than Unqualified Qualification for a Departure from an Accounting Standard
III. Due diligence services
· Documents to be obtained from Target Company
· Specimen Engagement letter
· Sample due Diligence Report
IV. Peer review
· Practicing Unit’s Expert consultants’ List
· Draft guidelines of a PU for Maintenance of Professional Skills and standards
· Draft Recruitment policy
· Illustrative checklist of Audit programme of Reviewee
· Illustrative checklist on Review of The General controls observed by PU- viz- Independence, Professional skills and standards, Outside consultation, Staff supervision and development and Office administration
· Illustrative List of Documents to be obtained by a PU
· Illustrative List of certificates to be obtained by a PU
· Specimen Peer Review report
7.0 Technical standards on Audit Documentation
7.1 AAS 3 on Audit documentation issued by The Institute of Chartered Accountants of
The highlights of this standard are as follows:
The auditor should document matters which are important in providing evidence that the audit was carried out in accordance with the generally accepted auditing standards in
· Form and Content: factors affecting form and content, quantum of working papers, permanent audit file, and current audit file.
· Ownership and Custody of Working Papers
The AAS is effective for all audits relating to accounting periods beginning on or after
7.2 AAS 3 on Audit Documentation issued by PCAOB- Public Company Accounting Oversight Board
Mandated by the U.S. Sarbanes-Oxley Act of 2002, the standard states that the board must establish audit standards that require registered public accounting firms to prepare and maintain, for at least seven years, audit documentation that supports the conclusions they reached in the external auditor's reports. The standard, which supersedes the American Institute of Certified Public Accountants' (AICPA's) Statement on Auditing Standard (SAS) No. 96 on audit documentation, is effective for audits of financial statements of companies with fiscal years ending on or after Nov. 15,2004
Among other provisions, the standard says:
· Audit documentation must contain sufficient information to enable an experienced auditor, having no previous connection with the engagement, to understand the work that was performed and the conclusions reached.
· After the report release date, auditors will have 45 days to assemble a complete and final set of audit documentation.
· Changes to the documentation after the audit completion date must be made without deleting or discarding the original documents.
· Audit evidence should be documented at the time the procedures are performed, and oral explanation should not be the primary source of evidence.
· Audit documentation supporting the work performed by other auditors, including auditors associated with other offices of the firm, affiliated firms, or nonaffiliated firms, must be retained by, or be accessible to, the office issuing the auditor's report.
· If the principal auditor decides not to assume responsibility for the work of other auditors, he or she should indicate the division of responsibility between the principal auditor and other auditors in expressing an opinion on the consolidated financial statements.
7.3 ISA 230 on Audit Documentation issued by International Auditing and Assurance Standards Board (IAASB)
The main requirements in ISA 230 are as follows:
Ø It places an emphasis on the timely preparation of audit documentation necessary to provide a sufficient and appropriate record of the basis for the auditor’s report, and evidence that the audit was carried out in accordance with ISAs and applicable legal and regulatory requirements.
Ø Establishes a new requirement that the auditor prepare the audit documentation so as to enable an experienced auditor, having no previous connection with the audit, to understand the audit work performed, the results and audit evidence obtained, and the significant matters identified and conclusions reached thereon. It also defines the meaning of an “experienced auditor.” The previous ISA only suggested that the auditor may find it useful to consider what would be necessary to provide another auditor, having no previous experience with the audit, with an understanding of the work performed and the basis for the main decisions taken.
Ø Establishes a new requirement that, if in exceptional circumstances the auditor judges it necessary to depart from relevant ISA requirements, the auditor document how the alternative audit procedures performed meets the objective of the audit and, if not otherwise clear, the reasons for the departure.
Ø Establishes a new requirement that the auditor complete the assembly of the final audit file on a timely basis after the date of the auditor’s report, and provides guidance indicating that an appropriate time limit for this would ordinarily be 60 days after the date of the auditor’s report. The revised ISA also resulted in the establishment of a new requirement in International Standard on Quality Control (ISQC) 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements, for firms to set up policies and procedures for the timely completion of the assembly of the final engagement files.
Ø Establishes a new requirement that the auditor not delete or discard audit documentation after the final audit file has been assembled, unless the retention period for the audit documentation has elapsed. The revised ISA also resulted in expanded guidance in ISQC 1 on the retention of engagement documentation. This guidance indicates that the retention period for audits ordinarily is no shorter than five years from the date of the auditor’s report, or, if later, the date of the group auditor’s report.
Ø The standard is effective for audits of financial periods beginning on or after
8.0 Useful websites
1) http://www.icai.org/ - The Institute of Chartered Accountants of India
2) http://www.ifac.org/- International Federation of Accountants
3) http://www.pcaobus.org/- Public Company Accounting Oversight Board
4) http://www.aicpa.org/- The American