Statement on Auditing Standard – SA 230

Statement on Auditing Standard – SA 230 

SA 230 provides guidance to auditors on how to prepare audit documentation for an audit of financial statements. The purpose of audit documentation is to provide evidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements, and to support the auditor’s basis for their conclusions about the achievement of the overall objectives of the audit.

Scope and objectives 

This Auditing standard SA 230 provides guidance to auditors on how to prepare audit documentation for an audit of financial statements. The purpose of audit documentation is to provide evidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements, and to support the auditor’s basis for their conclusions about the achievement of the overall objectives of the audit.

In addition to these primary purposes, audit documentation can also assist the engagement team to plan and perform the audit, assist with supervision and review responsibilities, enable accountability for the work performed, retain a record of matters of continuing significance, and facilitate quality control reviews and external inspections.

The SA 230 applies to audits of financial statements for periods beginning on or after April 1, 2009. The objective of the auditor is to prepare documentation that provides a sufficient and appropriate record of the basis for the auditor’s report and evidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements.

The SA 230 also provides definitions of key terms, including “audit documentation,” which is defined as the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached. “Audit file” refers to the one or more folders or other storage media, in physical or electronic form, containing the records that comprise the audit documentation for a specific engagement. Finally, an “experienced auditor” is defined as an individual who has practical audit experience, a reasonable understanding of audit processes, SAs and applicable legal and regulatory requirements, the business environment in which the entity operates, and auditing and financial reporting issues relevant to the entity’s industry.

Requirements

 Preparing documentation as the audit work is being performed helps to ensure that the documentation is accurate and reliable. This is important because the documentation serves as evidence of the audit procedures performed, the evidence obtained, and the conclusions reached.

If the documentation is not prepared on a timely basis, it may be less accurate and complete, making it difficult to review and evaluate the evidence and conclusions before finalizing the auditor’s report. Timely preparation of documentation also helps to ensure that the audit is conducted efficiently and effectively, as any issues or concerns can be identified and addressed promptly.

In preparing sufficient and appropriate audit documentation on a timely basis is essential for enhancing the quality of the audit and facilitating the effective review and evaluation of the evidence and conclusions reached before the auditor’s report is finalized.

Documentation of the Audit Procedures Performed and Audit Evidence Obtained

The document of audit procedure requires for preparing audit documentation, which is the record of the auditor’s work during an audit engagement. The main purpose of audit documentation is to provide evidence that the audit was conducted in compliance with auditing standards and applicable legal and regulatory requirements.

The form, content, and extent of audit documentation will depend on various factors, such as the size and complexity of the entity being audited, the nature of the audit procedures, and the risks of material misstatement identified. Examples of audit documentation include audit programs, analyses, summaries of significant matters, letters of confirmation and representation, and correspondence concerning significant matters.

SA 230 also explains that the auditor does not need to document every matter considered or professional judgment made during the audit. However, they should document significant matters that give rise to significant risks, results of audit procedures indicating that the financial statements could be materially misstated; circumstances that cause significant difficulty in applying necessary audit procedures, and findings that could result in a modification to the audit opinion.

The auditor should use professional judgment in determining the form, content, and extent of audit documentation, and should document professional judgments made when they are significant. The audit documentation should be sufficient to enable an experienced auditor to understand the nature, timing, and extent of the audit procedures performed, the results of the audit procedures, and the significant matters arising during the audit and the conclusions reached thereon.

Overall, the audit procedure emphasizes the importance of preparing adequate and appropriate audit documentation to ensure compliance with auditing standards and applicable legal and regulatory requirements.

Identification of Specific Items or Matters Tested

The auditor is required to record the identifying characteristics of the specific items or matters tested, such as dates and unique purchase order numbers, when conducting audit procedures. This documentation allows the engagement team to be accountable for their work and enables the investigation of exceptions or inconsistencies. The auditor may also document who performed the audit work and when it was completed, as well as who reviewed the audit work performed and when and to what extent the review was conducted.

The auditor must document discussions of significant matters with management, those charged with governance, and others, including the nature of the significant matters discussed and when and with whom the discussions took place. These records may include minutes of meetings prepared by the entity’s personnel and agreed by the auditor. The auditor is also required to document how any inconsistencies in information were addressed, but is not required to retain documentation that is incorrect or superseded.

The extent of audit documentation for a smaller entity may be less than that for a larger entity. For example, the documentation may not include matters that would only be documented to inform or instruct members of an engagement team or to provide evidence of review by other team members. However, the audit documentation must still be prepared in a way that can be understood by an experienced auditor and may be subject to review by external parties for regulatory or other purposes.

In the case of a smaller entity, the auditor may find it helpful and efficient to record various aspects of the audit together in a single document, with cross-references to supporting working papers as appropriate. This may include documentation of the understanding of the entity and its internal control, the overall audit strategy and plan, materiality, assessed risks, significant matters noted during the audit, and conclusions reached.

Departure from a Relevant Requirement

An auditor may need to depart from a relevant requirement in a SA (Statement of Auditing Standards) in exceptional circumstances. In such cases, the auditor is required to document how the alternative audit procedures performed achieve the aim of the requirement, and the reasons for the departure.

The relevant requirements clarifies that the requirements of the SAs are designed to enable the auditor to achieve the objectives specified in the SAs and the overall objectives of the auditor. Therefore, except in exceptional circumstances, the SAs require compliance with each requirement that is relevant to the audit.

The documentation requirement applies only to the requirements that are relevant in the circumstances. A requirement is not relevant in cases where the entire SA is not relevant, or the requirement is conditional, and the condition does not exist. For example, if an entity does not have an internal audit function, nothing in SA 610 (Revised) is relevant, or if the requirement is to modify the auditor’s opinion where there is an inability to obtain sufficient appropriate audit evidence, and there is no such inability.

Matters arising after the Date of the Auditor’s Report

The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements, deals with the auditor’s responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement due to fraud. The standard provides guidance to auditors on how to identify and assess the risks of material misstatement due to fraud, obtain and evaluate evidence to support the audit opinion, communicate with management and those charged with governance about identified or suspected fraud, and document the auditor’s findings and conclusions related to fraud.

The auditor is responsible for designing and implementing audit procedures that are responsive to the risks of material misstatement due to fraud, including obtaining an understanding of the entity’s internal control relevant to the audit, assessing the risk of material misstatement due to fraud, and responding to identified risks.

SA 230 also requires the auditor to exercise professional scepticism throughout the audit, including being alert to the possibility of fraud, making inquiries of management and others, and obtaining corroboration of management’s explanations.

In addition, the auditor is required to communicate with management and those charged with governance about identified or suspected fraud, including the nature, timing, and extent of the communication. The auditor must also document the auditor’s findings and conclusions related to fraud, including the auditor’s response to identified or suspected fraud, the auditor’s consideration of the implications for the audit opinion, and the auditor’s communication with management and those charged with governance.

Assembly of the Final Audit File

SA 230 requires the auditor to assemble all the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report. The audit documentation must be retained for a period of no less than seven years from the date of the auditor’s report, or the date of the group auditor’s report if later.

SQC 1 requires firms to establish policies and procedures for the timely completion of the assembly of audit files. The appropriate time limit to complete the assembly of the final audit file is generally not more than 60 days after the date of the auditor’s report. The completion of the final audit file assembly process is an administrative process that does not involve the performance of new audit procedures or the drawing of new conclusions. Changes may, however, be made to the audit documentation during the final assembly process if they are administrative in nature, such as deleting or discarding superseded documentation, sorting and collating working papers, and signing off on completion checklists relating to the file assembly process.

If the auditor needs to modify existing audit documentation or add new audit documentation after the assembly of the final audit file has been completed, the auditor must document the specific reasons for making the modifications or additions, as well as when and by whom they were made and reviewed. Examples of circumstances that may require the modification or addition of audit documentation include the need to clarify existing audit documentation arising from comments received during monitoring inspections performed by internal or external parties.

Lastly, unless otherwise specified by law or regulation, audit documentation is the property of the auditor. Portions of, or extracts from, audit documentation may be made available to clients at the auditor’s discretion, provided that such disclosure does not undermine the validity of the work performed or the independence of the auditor or their personnel in the case of assurance engagements. The material modifications to ISA 230, which is a standard related to audit documentation. 

Material Modifications to ISA 230, “Audit Documentation”

The first addition to the standard specifies that the minimum period for retaining engagement documentation is seven years, which is longer than the previous requirement of five years. This change aligns with the provisions of the Chartered Accountants Act, 1949, and the regulations made under it, which also require the retention of working papers for at least seven years.

The second addition to ISA 230 relates to ownership of audit documentation and is taken from the Standard on Quality Control (SQC) 1. The addition specifies that audit documentation is the property of the auditor, and the auditor may disclose portions or extracts of the documentation to clients, provided that such disclosure does not compromise the validity of the work performed or the independence of the auditor or their personnel.

Overall, these material modifications aim to provide greater clarity and guidance on the retention and ownership of audit documentation, which is critical for ensuring the quality and reliability of the audit process.

Quiz on Audit Documentation:

 1. What is the purpose of audit documentation?

a) To provide evidence of the audit procedures performed

b) To support the auditor’s basis for their conclusions

c) To assist with supervision and review responsibilities

d) All of the above

Answer: d)

 2. When does SA 230, which provides guidance on audit documentation, apply?

a) Audits of financial statements for periods beginning on or after April 1, 2009

b) Audits of financial statements for periods beginning on or after April 1, 2010

c) Audits of financial statements for periods beginning on or after January 1, 2009

d) Audits of financial statements for periods beginning on or after January 1, 2010

Answer: a)

 3. What does “audit documentation” refer to?

a) The record of audit procedures performed

b) The relevant audit evidence obtained

c) The conclusions the auditor reached

d) All of the above

Answer: d)

4.What should an auditor document in the audit documentation?

a) Every matter considered or professional judgment made during the audit

b) Only significant matters that give rise to significant risks

c) Only findings that could result in a modification to the audit opinion

d) All of the above

Answer: b)

5.What is the purpose of recording the identifying characteristics of specific items or matters tested?

a) To enable the investigation of exceptions or inconsistencies

b) To hold the engagement team accountable for their work

c) To provide evidence of review by other team members

d) All of the above

Answer: d)

6. In what circumstances may an auditor need to depart from a relevant requirement in a SA?

a) When there is an inability to obtain sufficient appropriate audit evidence

b) When the requirement is conditional, and the condition does not exist

c) When the entire SA is not relevant

d) All of the above

Answer: d)

 7. How long should audit documentation be retained?

a) No less than five years from the date of the auditor’s report

b) No less than seven years from the date of the auditor’s report

c) No less than ten years from the date of the auditor’s report

d) No less than three years from the date of the auditor’s report

Answer: b)

 8. What is the appropriate time limit to complete the assembly of the final audit file?

a) Not more than 30 days after the date of the auditor’s report

b) Not more than 45 days after the date of the auditor’s report

c) Not more than 60 days after the date of the auditor’s report

d) Not more than 90 days after the date of the auditor’s report

Answer: c)

9. When can portions of or extracts from audit documentation be made available to clients?

a) Only with the client’s explicit permission

b) At the discretion of the auditor, as long as it doesn’t undermine the validity of the work performed or the auditor’s independence

c) Only after the retention period of the audit documentation has expired

d) Only when required by law or regulation

Answer: b)

 10. What is one material modification made to ISA 230, “Audit Documentation”?

a) The minimum period for retaining engagement documentation is now seven years.

b) Audit documentation is now the property of the client.

c) The requirement for retaining working papers is now five years.

d) The provisions of the Chartered Accountants Act, 1949, are no longer applicable to audit documentation.

Answer: d)

Additional questions

 11. Which auditing standard provides guidance on how to prepare audit documentation for an audit of financial statements?

a) SA 200 – Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing

b) SA 230 – Audit Documentation

c) SA 500 – Audit Evidence

d) SA 800 – Special Considerations – Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks

Answer: b)

 12.. What are some examples of audit documentation?

a) Audit programs

b) Summaries of significant matters

c) Letters of confirmation and representation

d) All of the above

Answer: d)

 13.. True or False: The auditor is required to document every matter considered or professional judgment made during the audit.

Answer: False

14.. What should the audit documentation be sufficient to enable an experienced auditor to understand?

a) The nature, timing, and extent of the audit procedures performed

b) The results of the audit procedures

c) The significant matters arising during the audit and the conclusions reached

d) All of the above

Answer: d)

15. When should the assembly of the final audit file be completed?

a) Within 30 days after the date of the auditor’s report

b) Within 60 days after the date of the auditor’s report

c) Within 90 days after the date of the auditor’s report

d) Within 120 days after the date of the auditor’s report

Answer: b)

1 6. What is the minimum period for retaining audit documentation?

a) 3 years from the date of the auditor’s report

b) 5 years from the date of the auditor’s report

c) 7 years from the date of the auditor’s report

d) 10 years from the date of the auditor’s report

Answer: c)

 1 7. What should an auditor do if they need to depart from a relevant requirement in a SA?

a) Notify the audit committee immediately

b) Consult with legal counsel before making any changes

c) Document how the alternative audit procedures performed achieve the aim of the requirement and the reasons for the departure

d) Seek approval from the regulatory authorities

Answer: c)

18. Which factor(s) may influence the form, content, and extent of audit documentation?

a) Size and complexity of the entity being audited

b) Nature of the audit procedures

c) Risks of material misstatement identified

d) All of the above

Answer: d)

19. What is the purpose of documenting discussions of significant matters with management and those charged with governance?

a) To provide evidence of the audit team’s communication efforts

b) To record the nature, timing, and extent of the discussions

c) To ensure transparency in the audit process

d) All of the above

Answer: d)

20. True or False: Audit documentation is the property of the client, and the auditor has no control over its disclosure.

Answer: False

Statement on Auditing Standards – SA 210

Statement on Auditing Standards – SA 220

Statement on Auditing Standards – SA 230

Statement on Auditing Standards – SA 240

Statement on Auditing Standards – SA 250

Statement on Auditing Standards – SA 260

Statement on Auditing Standards – SA 265

Statement on Auditing Standards – SA 299

Statement on Auditing Standards – SA 300

 Statement on Auditing Standards – SA 315

Statement on Auditing Standards – SA 320

Statement on Auditing Standards – SA 330

Statement on Auditing Standards – SA 402

Statement on Auditing Standards – SA 450

Statement On Auditing Standards – SA 500

Statement on Auditing Standards – SA 501

Statement on Auditing Standards – SA 505

Statement on Auditing Standards – SA 510

Statement on Auditing Standards – SA 520

Statement on Auditing Standards – SA 530

Statement on Auditing Standards – SA 540

Statement on Auditing Standards – SA 560

Statement on Auditing Standards – SA 570

Statement on Auditing Standards – SA 580

Statement on Auditing Standards – SA 600

Statement on Auditing Standards – SA 610

Statement on Auditing Standards – SA 620

Statement on Auditing Standards – SA 700

Statement on Auditing Standards – SA 701

Statement on Auditing Standards – SA 705

Statement on Auditing Standards – SA 706

 Statement on Auditing Standards – SA 710

Statement on Auditing Standards – SA 720

Statement on Auditing Standards – SA 800

Statement on Auditing Standards – SA 805

Statement on Auditing Standards – SA 810

Statement on Auditing Standards – SAE 3400

Statement on Auditing Standards – SAE 3402

Statement on Auditing Standards – SRE 2400

Statement on Auditing Standards – SRE 2410

Statement on Auditing Standards – SRS 4400

Statement on Auditing Standards – SRS 4410

Audit trail in software requirements

Standard on Quality Control

Statement on developmental and regulatory policies