COPYRIGHT NOTICE - This audit manual is intended for internal use. It may be reproduced and distributed (in print and electronic format) only for OAG employees and provincial auditors general, the Auditor General of Bermuda, and their respective audit staff. This manual cannot be distributed to or reproduced by third parties. This includes email, fax, mail, hand delivery or use of any other method of distribution. The CICA Handbook sections are reproduced here for your use with the permission of the Canadian Institute of Chartered Accountants (the “CICA”). They may not be modified, copied, or distributed in any form, as this would infringe the CICA’s copyright.
1111 Nature, purpose, and extent of audit documentation
The discussion of the nature, purpose, and extent of audit documentation is related to the discussion of sufficient appropriate audit evidence found in OAG Audit 1051 Sufficient appropriate audit evidence and OAG Audit 1052 Audit procedures for obtaining audit evidence.
Sufficient appropriate evidence involves the quantity and quality of evidence.
This section describes the documentation of such evidence, including
- the experienced auditor principle;
- the nature and purpose of audit documentation;
- the form, content, and extent of audit documentation;
- the need to be able to identify within documentation the specific items tested;
- documentation of compliance with professional standards;
- audit programs; and
- best practices for effective and efficient audit documentation.
CICA Assurance Standards
Performance Audit, Special Examination, and Other Assurance Engagements
CAS 230.A13 CAS 220
Auditors shall prepare audit documentation adhering to the experienced auditor principle, while recording who performed the audit work and the date such work was completed. [Nov-2011]
Experienced auditor principle
Auditors shall prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand:
(a) The nature, timing and extent of the audit procedures performed to comply with GAAS and applicable legal and regulatory requirements;
The results of the audit procedures performed, and the audit evidence obtained; and
Significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions.
Nature and purpose of audit documentation
The nature and extent of audit documentation for a particular audit, while required to meet professional standards and Office policy, are largely a matter of professional judgment, based on the unique circumstances of each audit. Neither professional standards nor Office policy prohibits the audit team members from including documentation in the file that they believe necessary to support their work.
Documentation serves multiple purposes: it aids the planning and performance of the audit, it facilitates and supports review, it helps demonstrate the application of the requirements of applicable professional standards, and it supports the evaluation of the sufficiency and appropriateness of evidence obtained and the drawing of conclusions. Documentation further supports practice reviews and inspections performed, according to CSQC1 and by external bodies.
Sufficient appropriate evidence and procedures for obtaining such evidence is explained in OAG Audit 1051 and OAG Audit 1052 respectively. The evaluation of sufficiency and appropriateness of audit evidence is outlined in OAG Audit 7021.
The objective is to document the audit so that, when it is complete, the audit file tells the story of how the audit team arrived at its conclusions. This does not mean a step-by-step narrative of every aspect of how the audit was conducted. It is also important to ensure documentation has a clear purpose and link to the audit objectives and procedures applied.
To properly document the nature and extent of the audit procedures performed, auditors need to show
- linkages between significant risks and how these risks were addressed;
- how evidence gathered from the planning phase links with judgments and/or decisions about how much audit work was needed;
- how evidence gathered through risk assessment and the work performed on internal control links to the subject of the audit (for example, the financial statement areas and assertions);
- how the audit team reached its conclusions and whether the supporting evidence supports those conclusions;
- compliance with relevant assurance standards, Office policies, and methodology; and
- how audit programs conclude on the objectives of the audit and the line of enquiry.
Form and content of audit documentation
The form and content of audit documentation is dependent on the following factors:
- the size and complexity of the entity and/or its operations;
- the nature of the audit procedures to be performed;
- the identified risk of material misstatement, significant deficiency, or significant finding;
- the significance of the audit evidence obtained;
- the nature and extent of exceptions identified; and
- the audit methodology and audit tools used.
Specific considerations on the extent of documentation
In determining the nature and extent of the documentation for a particular audit area or procedure step, auditors generally need more documentation when
- the risk is greater (the risk associated with conducting the audit or the risk of a material misstatement, significant deficiency, or significant finding);
- more judgment is needed in performing the work or evaluating the results; and
- the evidence is more significant (i.e., the evidence is critical to conclude on the objectives of the audit).
Auditors should document an overall conclusion, including the reasons for it, if the documentation of the results of the testing do not make the conclusion apparent.
The audit team includes sufficient documentation regarding significant risk areas and/or matters of significant judgment, addressing issues that, in the audit team's judgment, are significant, actions taken to address them (including additional evidence obtained), and the basis for the conclusions reached. OAG Audit 1143 provides guidance on documenting significant matters and significant professional judgments.
Identification of items tested
Taking note of the identifying characteristics of an item or matter to be tested serves a number of purposes. For example, it enables the audit team to be accountable for its work and facilitates the investigation of exceptions or inconsistencies. Identifying characteristics will vary with the nature of the procedure steps and the item or matter being tested.
Documentation of compliance with professional standards
It is neither necessary nor practicable for the auditor to document every matter considered or professional judgment made in an audit. Further, it is unnecessary for the auditor to document separately (as in a checklist, for example) compliance with matters for which compliance is demonstrated by documents included within the audit file. For example:
- The existence of an adequately documented audit plan shows that the auditor has planned the audit.
- There may be no single way in which the auditor's professional skepticism is documented, but the audit documentation may nevertheless provide evidence of the auditor's exercise of professional skepticism. Such evidence may include specific procedures performed to corroborate management's responses to the auditor's inquiries.
- The audit documentation may show evidence of the engagement leader taking responsibility for the direction, supervision, and performance of the audit in a number of ways. This may include documentation that demonstrates the engagement leader's timely involvement in aspects of the audit.
Audit programs provide a comprehensive definition of work to be performed. Each product line has standard TeamMate libraries and TeamStores that are updated periodically, and the work that is performed in response to audit programs is documented in the TeamMate file. A good audit program provides detailed guidance to the auditor doing the work regarding the nature, timing, and extent of the procedures to be performed. Further, it can provide details of evidence obtained (results) and conclusions drawn to allow for an effective review.
The use of audit programs reduces the amount of additional documentation needed following the completion of the procedures. It also aids in the preparation of the audit file in subsequent years for attest audits and helps the audit team prepare the substantiation for performance audits and special examinations. Information contained in the audit program, such as criteria and audit steps, can be used again for attest audits in the following year, in follow-up chapters for performance audits, or for future Crown-specific audit projects for special examinations. Basing the audit program on previous work is an effective and efficient basis for starting the development of the audit program for these products. Changes to the audit programs may be needed in light of the entity's circumstances, risks, and any other changes that have been identified during the planning phase of the audit.
The audit steps and the documented results need to be looked at together to determine whether audit documentation is sufficient. For example, an audit step with only the word “Done” documented as the result will often not meet documentation requirements because it is not possible to identify the items tested, extent of audit work performed, or conclusions drawn. If an audit step is not applicable, the audit documentation needs to record why this is the case or whether the audit steps are amended accordingly.
Modifications to audit programs and associated audit steps need to be completed before the start of the work in the examination phase. If there are any potential amendments to the audit program, auditors communicate these changes and raise any other issues on a timely basis with the senior members of the audit team. In instances where modifications did not take place before the start of field work, auditors modify the audit steps as the work progresses; obtain approval for changes to audit programs; and include appropriate information on the nature, timing, and extent of steps to be performed.
Effective and efficient documentation
The following is a checklist of best practices for every audit step:
- Purpose—auditors write the audit steps with sufficient detail to understand the objective and/or purpose of the audit procedures.
- Source—auditors indicate the source of documents, e.g., prepared by entity (PBE) or prepared by the OAG or a third party (name of third party).
- Conclusion/result—auditors document conclusions and/or results from the evidence for every audit step.
- Extent—the extent of documentation is sufficient for an experienced auditor having no previous connection with the audit to understand the nature, timing, extent, results of procedures performed, evidence obtained, and conclusions reached.
- Nature—documentation of audit steps, which involve the review of documents or confirmation, tests of operating effectiveness of controls, and tests of details, includes identification of items reviewed (sources from which items were selected and the specific selection criteria). Documentation of audit steps related to the review of significant contracts or agreements with financial impact includes abstracts or copies of the documents.
- Timing—auditors obtain and review all evidence to support the audit report before finalizing the audit report.