Auditing Standard No.

Audit Documentation
Supersedes AU sec. 339, Audit Documentation; and AU sec. 9339, Audit Documentation: Auditing Interpretations of Section 339
Effective Date: For audits of financial statements, which may include an audit of internal control over financial reporting, with respect to fiscal years ending on or after November 15, 2004. For other engagements conducted pursuant to the standards of the PCAOB, including reviews of interim financial information, this standard takes effect beginning with the first quarter ending after the first financial statement audit covered by this standard. Final Rule: PCAOB Release No. 2004-006
Summary Table of Contents

(1) Introduction (2 - 3) Objectives of Audit Documentation (4 - 9) Audit Documentation Requirement (10 - 13) Documentation of Specific Matters (14 - 20) Retention of and Subsequent Changes to Audit Documentation [21] Appendix A Background and Basis for Conclusions

Introduction
1. This standard establishes general requirements for documentation the auditor should prepare and retain in connection with engagements conducted pursuant to the standards of the Public Company Accounting Oversight Board ("PCAOB"). Such engagements include an audit of financial statements, an audit of internal control over financial reporting, and a review of interim financial information. This standard does not replace specific documentation requirements of other standards of the PCAOB.

Objectives of Audit Documentation

2. Audit documentation is the written record of the basis for the auditor's conclusions that provides the support for the auditor's representations, whether those representations are contained in the auditor's report or otherwise. Audit documentation also facilitates the planning, performance, and supervision of the engagement, and is the basis for the review of the quality of the work because it provides the reviewer with written documentation of the evidence supporting the auditor's significant conclusions. Among other things, audit documentation includes records of the planning and performance of the work, the procedures performed, evidence obtained, and

conclusions reached by the auditor. Audit documentation also may be referred to as work papers or working papers . Note: An auditor's representations to a company's board of directors or audit committee, stockholders, investors, or other interested parties are usually included in the auditor's report accompanying the financial statements of the company. The auditor also might make oral representations to the company or others, either on a voluntary basis or if necessary to comply with professional standards, including in connection with an engagement for which an auditor's report is not issued. For example, although an auditor might not issue a report in connection with an engagement to review interim financial information, he or she ordinarily would make oral representations about the results of the review. 3. Audit documentation is reviewed by members of the engagement team performing the work and might be reviewed by others. Reviewers might include, for example: a. Auditors who are new to an engagement and review the prior year's documentation to understand the work performed as an aid in planning and performing the current engagement. [The following subparagraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.] b. Supervisory personnel who review documentation prepared by other members of the engagement team. c. Engagement supervisors and engagement quality reviewers who review documentation to understand how the engagement team reached significant conclusions and whether there is adequate evidential support for those conclusions. d. A successor auditor who reviews a predecessor auditor's audit documentation. e. Internal and external inspection teams that review documentation to assess audit quality and compliance with auditing and related professional practice standards; applicable laws, rules, and regulations; and the auditor's own quality control policies. f. Others, including advisors engaged by the audit committee or representatives of a party to an acquisition.

Audit Documentation Requirement

4. The auditor must prepare audit documentation in connection with each engagement conducted pursuant to the standards of the PCAOB. Audit documentation should be prepared in sufficient detail to provide a clear understanding of its purpose, source, and the conclusions reached. Also, the documentation should be appropriately organized to provide a clear link to the significant findings or issues. 1/ Examples of audit documentation include memoranda, confirmations, correspondence, schedules, audit programs, and letters of representation. Audit documentation may be in the form of paper, electronic files, or other media.

5. Because audit documentation is the written record that provides the support for the representations in the auditor's report, it should: a. Demonstrate that the engagement complied with the standards of the PCAOB, b. Support the basis for the auditor's conclusions concerning every relevant financial statement assertion, and c. Demonstrate that the underlying accounting records agreed or reconciled with the financial statements. 6. The auditor must document the procedures performed, evidence obtained, and conclusions reached with respect to relevant financial statement assertions. 2/ Audit documentation must clearly demonstrate that the work was in fact performed. This documentation requirement applies to the work of all those who participate in the engagement as well as to the work of specialists the auditor uses as evidential matter in evaluating relevant financial statement assertions. Audit documentation must contain sufficient information to enable an experienced auditor, having no previous connection with the engagement: a. To understand the nature, timing, extent, and results of the procedures performed, evidence obtained, and conclusions reached, and b. To determine who performed the work and the date such work was completed as well as the person who reviewed the work and the date of such review. Note: An experienced auditor has a reasonable understanding of audit activities and has studied the company's industry as well as the accounting and auditing issues relevant to the industry. 7. In determining the nature and extent of the documentation for a financial statement assertion, the auditor should consider the following factors:

Nature of the auditing procedure; Risk of material misstatement associated with the assertion; Extent of judgment required in performing the work and evaluating the results, for example, accounting estimates require greater judgment and commensurately more extensive documentation; Significance of the evidence obtained to the assertion being tested; and Responsibility to document a conclusion not readily determinable from the documentation of the procedures performed or evidence obtained.

Application of these factors determines whether the nature and extent of audit documentation is adequate. 8. In addition to the documentation necessary to support the auditor's final conclusions, audit documentation must include information the auditor has identified relating to significant findings or issues that is inconsistent with or contradicts the auditor's final conclusions. The relevant records to be retained include, but are not limited to, procedures performed in response to the information, and records documenting consultations on, or resolutions of, differences in

professional judgment among members of the engagement team or between the engagement team and others consulted. 9. If, after the documentation completion date (defined in paragraph 15), the auditor becomes aware, as a result of a lack of documentation or otherwise, that audit procedures may not have been performed, evidence may not have been obtained, or appropriate conclusions may not have been reached, the auditor must determine, and if so demonstrate, that sufficient procedures were performed, sufficient evidence was obtained, and appropriate conclusions were reached with respect to the relevant financial statement assertions. To accomplish this, the auditor must have persuasive other evidence. Oral explanation alone does not constitute persuasive other evidence, but it may be used to clarify other written evidence.

If the auditor determines and demonstrates that sufficient procedures were performed, sufficient evidence was obtained, and appropriate conclusions were reached, but that documentation thereof is not adequate, then the auditor should consider what additional documentation is needed. In preparing additional documentation, the auditor should refer to paragraph 16. If the auditor cannot determine or demonstrate that sufficient procedures were performed, sufficient evidence was obtained, or appropriate conclusions were reached, the auditor should comply with the provisions of AU sec. 390, Consideration of Omitted Procedures After the Report Date .

[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004.] 9A. Documentation of risk assessment procedures and responses to risks of misstatement should include (1) a summary of the identified risks of misstatement and the auditor's assessment of risks of material misstatement at the financial statement and assertion levels and (2) the auditor's responses to the risks of material misstatement, including linkage of the responses to those risks.

Documentation of Specific Matters

10. Documentation of auditing procedures that involve the inspection of documents or confirmation, including tests of details, tests of operating effectiveness of controls, and walkthroughs, should include identification of the items inspected. Documentation of auditing procedures related to the inspection of significant contracts or agreements should include abstracts or copies of the documents. Note: The identification of the items inspected may be satisfied by indicating the source from which the items were selected and the specific selection criteria, for example:

If an audit sample is selected from a population of documents, the documentation should include identifying characteristics (for example, the specific check numbers of the items included in the sample).

If all items over a specific dollar amount are selected from a population of documents, the documentation need describe only the scope and the identification of the population (for example, all checks over $10,000 from the October disbursements journal). If a systematic sample is selected from a population of documents, the documentation need only provide an identification of the source of the documents and an indication of the starting point and the sampling interval (for example, a systematic sample of sales invoices was selected from the sales journal for the period from October 1 to December 31, starting with invoice number 452 and selecting every 40th invoice).

11. Certain matters, such as auditor independence, staff training and proficiency and client acceptance and retention, may be documented in a central repository for the public accounting firm ("firm") or in the particular office participating in the engagement. If such matters are documented in a central repository, the audit documentation of the engagement should include a reference to the central repository. Documentation of matters specific to a particular engagement should be included in the audit documentation of the pertinent engagement. [The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.] 12. The auditor must document significant findings or issues, actions taken to address them (including additional evidence obtained), and the basis for the conclusions reached in connection with each engagement. Significant findings or issues are substantive matters that are important to the procedures performed, evidence obtained, or conclusions reached, and include, but are not limited to, the following: a. b. c. Significant matters involving the selection, application, and consistency of accounting principles, including related disclosures.2A/ Results of auditing procedures that indicate a need for significant modification of planned auditing procedures, the existence of material misstatements (including omissions in the financial statements), the existence of significant deficiencies, or material weaknesses in internal control over financial reporting. Accumulated misstatements and evaluation of uncorrected misstatements, including the quantitative and qualitative factors the auditor considered to be relevant to the evaluation.2B/ Disagreements among members of the engagement team or with others consulted on the engagement about final conclusions reached on significant accounting or auditing matters, including the basis for the final resolution of those disagreements. If an engagement team member disagrees with the final conclusions reached, he or she should document that disagreement. Circumstances that cause significant difficulty in applying auditing procedures. Significant changes in the auditor's risk assessments, including risks that were not identified previously, and the modifications to audit procedures or additional audit procedures performed in response to those changes.2C/ Risks of material misstatement that are determined to be significant risks and the results of the auditing procedures performed in response to those risks. Any matters that could result in modification of the auditor's report.

d. e. f. f1. g.

13. The auditor must identify all significant findings or issues in an engagement completion document . This document may include either all information necessary to understand the significant findings, issues or cross-references, as appropriate, to other available supporting audit documentation. This document, along with any documents cross-referenced, should collectively be as specific as necessary in the circumstances for a reviewer to gain a thorough understanding of the significant findings or issues. Note: The engagement completion document prepared in connection with the annual audit should include documentation of significant findings or issues identified during the review of interim financial information.

Retention of and Subsequent Changes to Audit Documentation

14. The auditor must retain audit documentation for seven years from the date the auditor grants permission to use the auditor's report in connection with the issuance of the company's financial statements ( report release date ), unless a longer period of time is required by law. If a report is not issued in connection with an engagement, then the audit documentation must be retained for seven years from the date that fieldwork was substantially completed. If the auditor was unable to complete the engagement, then the audit documentation must be retained for seven years from the date the engagement ceased. 15. Prior to the report release date, the auditor must have completed all necessary auditing procedures and obtained sufficient evidence to support the representations in the auditor's report. A complete and final set of audit documentation should be assembled for retention as of a date not more than 45 days after the report release date ( documentation completion date ). If a report is not issued in connection with an engagement, then the documentation completion date should not be more than 45 days from the date that fieldwork was substantially completed. If the auditor was unable to complete the engagement, then the documentation completion date should not be more than 45 days from the date the engagement ceased. 16. Circumstances may require additions to audit documentation after the report release date. Audit documentation must not be deleted or discarded after the documentation completion date, however, information may be added. Any documentation added must indicate the date the information was added, the name of the person who prepared the additional documentation, and the reason for adding it. 17. Other standards require the auditor to perform procedures subsequent to the report release date in certain circumstances. For example, in accordance with AU sec. 711, Filings Under Federal Securities Statutes , auditors are required to perform certain procedures up to the effective date of a registration statement. 3/ The auditor must identify and document any additions to audit documentation as a result of these procedures consistent with the previous paragraph. 18. The office of the firm issuing the auditor's report is responsible for ensuring that all audit documentation sufficient to meet the requirements of paragraphs 4-13 of this standard is

prepared and retained. Audit documentation supporting the work performed by other auditors (including auditors associated with other offices of the firm, affiliated firms, or non-affiliated firms), must be retained by or be accessible to the office issuing the auditor's report. 4/ [The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.] 19. In addition, the office issuing the auditor's report must obtain, and review and retain, prior to the report release date, the following documentation related to the work performed by other auditors (including auditors associated with other offices of the firm, affiliated firms, or nonaffiliated firms): a. An engagement completion document consistent with paragraphs 12 and 13. Note: This engagement completion document should include all cross-referenced, supporting audit documentation. b. A list of significant risks, the auditors responses, and the results of the auditors related procedures. c. Sufficient information relating to any significant findings or issues that are inconsistent with or contradict the final conclusions, as described in paragraph 8. d. Any findings affecting the consolidating or combining of accounts in the consolidated financial statements. e. Sufficient information to enable the office issuing the auditor's report to agree or to reconcile the financial statement amounts audited by the other auditor to the information underlying the consolidated financial statements. f. A schedule of accumulated misstatements, including a description of the nature and cause of each accumulated misstatement, and an evaluation of uncorrected misstatements, including the quantitative and qualitative factors the auditor considered to be relevant to the evaluation. g. All significant deficiencies and material weaknesses in internal control over financial reporting, including a clear distinction between those two categories. h. Letters of representations from management. i. All matters to be communicated to the audit committee. If the auditor decides to make reference in his or her report to the audit of the other auditor, however, the auditor issuing the report need not perform the procedures in this paragraph and, instead, should refer to AU sec. 543, Part of Audit Performed by Other Independent Auditors . 20. The auditor also might be required to maintain documentation in addition to that required by this standard. 5/ [Paragraph deleted, effective for fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here.]

Documentation and auditing

Tags:

Administrators

-> 451 Maintaining an effective and comprehensive audit trail for an integrated impact assessment is vital for a number of reasons: 1. The process of doing an assessment is often complicated, involves many different individuals, and may include a number of false turns and adjustments; to ensure that the process does not become chaotic, it is essential that every step is properly recorded, and justification for every decision can be reviewed if necessary. 2. Integrated assessments often have far-reaching implications for policy-makers and other users. If they are to be convinced that the results are valid and merit a response, then they need to be able to scrutinise the procedures used in the assessment, and satisfy themselves that the decisions taken in the process were valid. 3. Experience in doing integrated assessments is scarce, and we can all learn from what others have done; providing access to clear documentation about what was done, and to details explaining the rationale, helps others learn good practice in integrated assessment. Specific standards and tools for documentation of integrated assessments have not been established, and the methods used need to be developed to work within the context of the assessment and organisations involved. Useful ways of ensuring effective documentation, however, include: 1. Annotating the assessment protocol (in the form of cross-referenced annexes and supplements) to provide specific detail on the decisions or changes in approach made during the process, and the methods used at each step in the analysis; 2. Supplementing the assessment protocol with a clear critical path diagram, and annotating this to record key decisions, methods and outcomes; 3. Maintaining a rigorous 'versioning' procedure (including naming and archiving) for all elements of the assessment (e.g. conceptual models, data files, analytical models, results) so that the steps involved in reaching the final outputs of the assessent can always be retraced; 4. Developing comprehensive metadata for all derived materials (including both intermediate and final results), which dscribe the procedures used to generate the information.

Auditing Documentation and Processes at tcworld11

Posted on 26 October 2011 by Kai Auditing your documentation, and your processes, can help you to gauge estimates and issues as you prepare for localization or content migration. Thats what I learned in Kit Brown-Hoekstras useful 2-hour workshop at tcworld (tekoms international half). You can easily do the audit yourself: Take a little time, step back from your documentation, and identify weaknesses and areas for improvement. Acting on your audit results, you can

Improve customer satisfaction Decrease localization costs Establish a baseline and a direction to develop your documentation Calculate costs and benefits of changes

If you dont have an express mandate for the audit, it can be worth it to do sort of a draft audit. It may come out a little patchy in places, but I think it can give you a first idea of where you stand. With the initial results and measures you can more easily get the time to do an in-depth audit. (But dont be surprised if colleagues or managers hold you to the improvements youve uncovered )

What to audit
The organization level
Perform a strategic SWOT analysis of Strengths, Weaknesses, Opportunities and Threats of your role in your organization. Internal strengths and external opportunities (mainly) will give you useful arguments to get buy-in from management for changes and further developments you plan. Internal weaknesses and external threats (mainly) help you to assess and manage risk as you proceed.

Strengths, for example, may include technical expertise and an understanding of user needs and tasks. Weaknesses, for example, are poor self-marketing or resistance to change. Opportunities, for example, can include agile development (which gives writers a better position in the process) and social media (if you adapt to them and moderate augmenting user-generated content). Threats, for example, might be smaller documentation budgets or social media (if you do not adapt or cannot keep up with user-generated ontent).

Note how threats can be turned into opportunities, if you tackle them wisely! Or vise versa

The process level

Assess your documentation process through all stages: Requirements > Design > Writing > Review > Edit > Localization > Publication > Feedback > Modification > Deletion Answer the following questions:

Are all stages well-defined? Is it clear when and how you get from one stage to the next? Do all participants in a stage know what to expect and what to deliver? Can you measure the success of your process?

For the sake of an efficient process, imagine each hand-over between participants or stages as an interface and try to define whats handed over when and how as well as possible.

The product level

Identify qualities and issues of the product you document to distinguish them from those in your documentation. Weaknesses in documentation often mirror weaknesses or issues in the product, e.g., a poorly designed user interface or a workaround thats required to complete the user workflow. You need to know about these issues separately, because they hurt your documentation, but you usually cannot fix them yourself. You can only supply band aid.

The documentation level

Assess the structural quality of your documentation (not the quality of a manual or each topic). Answer these questions:

Do you have a suitable information model? This is an architecure that defines the structure of your documentation on the level of deliverables (such as a manual or online help) and on module level (such as a topic or a section). To what extent does your documentation comply with that information model? Do you write documentation so the topics or sections are reusable? Do you reuse topics or sections to the extent that is possible? Do you write documentation so it is ready and easy to localize? o Do you use standardized sentences for warnings and recurring steps to minimize localization efforts? o Do you leave sufficient white space to accommodate for longer languages? For example, German and Russian require up to 30% more characters to say the same as English.

Also assess the content quality of your documentation (now look at some manuals and topics):

Is it appropriate for your audience and their tasks?

Is it correct, concise, comprehensible? Remember to audit localized documentation, too.

Its usually enough to audit 10-20% of them to spot 80-90% of the issues.

Audit for efficiency

Be objective. as objective as you can, if youre auditing your own documentation. Collect issues. You can use a simple spreadsheet to collect your findings: Enter the issue, its impact, its current cost, and the cost to fix it. Prioritize improvements. Ensure that a lower future cost makes the improvement worth doing, after youve added up the current cost and the cost to implement the improvement. Start with changes that cost the least and will save you the most.

Bonus tool
To really dive into quality assessment of your documentation, you can totally combine Kits audit process with Alice Jane Emanuels Tech Author Slide Rule which focuses on content quality. Use both and you have a good handle on your documentation and more improvement opportunities than you can shake a stick at!

The New Audit Documentation Requirements

SAS no. 96 raises the bar for audit documentation adding specific requirements in several areas.
BY RAY WHITTINGTON AND GRETCHEN FISCHBACH APRIL 2002

EXECUTIVE SUMMARY STATEMENT ON AUDITING STANDARDS (SAS) no. 96, Audit Documentation, marks the first big change in the requirements auditors must observe when documenting their audit work. It provides general guidance on the nature and extent of documentation necessary to support the auditors report, and it reaffirms documentations role as the principal support for that report and as a tool that helps the auditor conduct and supervise the audit. WHILE AUDITORS NEED NOT DOCUMENT all evidence, findings and conclusions from an audit, the documentation still must meet all of SAS no. 96s specific requirements, which are effective for audits of financial statements for periods beginning on or after May 15, 2002. SAS NO. 96 EXPLICITLY REQUIRES that audit documentation be sufficient to enable engagement team reviewing or supervising members to understand the evidence other team

members obtained and the nature, timing, extent and results of audit procedures they performed. THE AUDITING STANDARDS BOARD added a requirement to document significant audit findings or issuescurrently a best practice among firms of various sizes. SAS NO. 96 REQUIRES AUDITORS TO RETAIN documentation long enough to meet the needs of their practices and to satisfy any applicable legal or regulatory requirements. THE NEW STATEMENT ADDS SPECIFIC documentation requirements to SAS no. 47, Audit Risk and Materiality in Conducting an Audit, SAS no. 56, Analytical Procedures, and SAS no. 59, The Auditors Consideration of an Entitys Ability to Continue as a Going Concern. Ray Whittington, CPA, is a member of the ASB and the SAS no. 96 task force and is director of the School of Accountancy and Management Information Systems at DePaul University in Chicago. His e-mail address is rwhittin@wppost.depaul.edu . GRETCHEN FISCHBACH is a technical manager on the AICPA audit and attest standards team. Her e-mail address is gfischbach@aicpa.org .

he AICPA issued its first standard on audit working papers in 1967. Now, working papers which often consist of electronic files and have been renamed audit documentationare the subject of new guidance from the auditing standards board (ASB). Issued in January, Statement on Auditing Standards (SAS) no. 96, Audit Documentation, provides general guidance on the nature and extent of documentation necessary to support an auditors report and specific documentation guidance for several other SASs. The new statement is effective for audits of financial statements for periods beginning on or after May 15, 2002, although earlier application is permitted. This article discusses SAS no. 96s major requirements and how they affect auditors. Among these changes are factors the auditor should consider in determining the nature and extent of documentation for a particular audit procedure. In addition, the statement requires the auditor to document certain types of audit evidence and significant audit findings or issues. The exhibit compares the major requirements of SAS no. 96 with those of the superseded SAS no. 41, Working Papers. SAS no. 96s provisions address peer reviewers concerns about the quality of documentation of audit evidence and significant conclusions. As a result of the SAS no. 96 guidance, auditors may be able to better demonstrate compliance with GAAS. SAS no. 96 also responds to some of the issues and recommendations the Public Oversight Boards Panel on Audit Effectiveness raised in its August 2000 Report and Recommendations (See Front Line Views , JofA, Dec.00, page 20).

AUDIT DOCUMENTATION Supports the auditors report. Helps the auditor conduct and supervise an audit. AUDIT DOCUMENTATION OBJECTIVES SAS no. 41 said that audit documentation serves mainly to provide the principal support for the auditors report and to help the auditor conduct and supervise the audit. SAS no. 96 reaffirms these objectives. Its not feasible for auditors to document all the evidence they obtain and conclusions they reach on an engagement. Therefore, the board carried forward a SAS no. 41 footnote that stated there is no intention to imply the auditor would be precluded from supporting his or her report by other means in addition to [audit documentation]. This enables auditors, when necessary, to supplement or clarify information in the audit documentation, which itself must meet all the new statements requirements. A CPA firm may want to use audit documentation for purposes other than those stated in SAS no. 96. For example, it understandably may choose to examine audit documentation to determine whether an engagement complied with the firms quality control policies and procedures. Also, certain third parties may want to use the documentation for other purposes. But given the overall objective of a GAAS auditto express an opinion on the fairness with which the financial statements present, in all material respects, the financial position, results of operations and cash flows in conformity with GAAPthe ASB developed guidance that would satisfy the needs of those parties involved in the performance, supervision and review of the audit. DOCUMENTATION OF AUDIT EVIDENCE Under the new guidance, the documentation should be sufficient to Enable engagement team members with supervision and review responsibilities to understand the evidence obtained and the nature, timing, extent and results of auditing procedures performed. Indicate the engagement team member(s) who performed and reviewed the work. For the purposes of these requirements, the ASB intendedalthough the statement does not specifically say sothat auditors consider any applicable second-partner reviewer a member of the engagement team. SAS no. 96 introduces factors the auditor must consider in determining the nature and extent of documentation for a particular audit area or procedure. Although the auditor exercises

professional judgment in making this determination, he or she must take into account each of the factors, which are Risk of material misstatement associated with the assertion or with the account or class of transactions. Extent of judgment the auditor exercises in performing the work and evaluating the results. Nature of the auditing procedure. Significance, to the assertion being tested, of the evidence the auditor obtains. Nature and extent of exceptions the auditor identifies. The need to document a conclusion or the basis for a conclusion not evident from the documentation of the work the auditor performed. SAS no. 96 includes two requirements dealing with certain types of audit evidence. The ASB developed these in response to comments practitioners involved in the peer review process made about the quality of audit documentation and to the concerns of the Panel on Audit Effectiveness. One requirement is that the documentation must include abstracts or copies of significant contracts or agreements the auditor examined to evaluate the accounting for significant transactions. The other is that audit documentation for tests of operating effectiveness of controls and substantive tests of details involving inspection of documents or confirmation should include an identification of the items tested. How the auditor identifies the tested items depends on how he or she selected them. For example, if the auditor selected from a particular accounting record all items meeting certain criteria (for instance, items that are over a specified dollar amount), he or she can simply identify that record and those criteria. In other situationsfor example, when an auditor uses statistical samplingthe documentation may need to include identifying characteristics (such as the specific invoice numbers) of the selected items. The key question auditors should ask themselves is whether another auditor on the engagement team would be able to identifyby reviewing the audit program and related documentationthe particular items the original auditor selected for testing. The board considered it impractical to develop specific documentation guidance for substantive tests of details that involve procedures other than inspection of documents and confirmation. This is because auditors can use these other types of procedures, such as observation, for a variety of purposes and can execute them in a number of different ways. The board, however, soon will issue an audit interpretation that will clarify how the audit documentation requirements in SAS no. 96 apply to observations of inventory counts. Other standards, laws and regulations also may include specific documentation requirements

applicable to an engagement. Auditors therefore will need to consider them in addition to the ones in SAS no. 96. Some, such as the ones in Government Auditing Standards (also known as the yellow book), may be more rigorous than the requirements in SAS no. 96. DOCUMENTING SIGNIFICANT AUDIT FINDINGS OR ISSUES SAS no. 96 requires the auditor to document certain audit findings or issues he or she considers significantan existing best practice among firms of many sizes. Generally, these findings or issues are so important that they would affect the auditors report if not resolved. They include the following: Matters that are significant and involve issues regarding the appropriate selection, application and consistency of accounting principles pertaining to the financial statements, including related disclosures. Such matters often relate to accounting for complex or unusual transactions or to estimates and uncertainties and any applicable management assumptions. Results of auditing procedures that indicate the financial statements or disclosures could be materially misstated or that the auditing procedures need to be significantly modified. Circumstances that cause the auditor significant difficulty in applying auditing procedures he or she considers necessary. Other findings that could result in modification of the auditors report. DEVELOPING RETENTION PROCEDURES SAS no. 96 stresses that the auditor owns the audit documentation. It also requires an auditor to adopt reasonable procedures to retain such documentation long enough to meet the needs of his or her practice and to satisfy any applicable legal or regulatory requirements for records retention. Because laws and regulations vary by jurisdiction and the nature of the engagement, SAS no. 96 does not say how long the retention period should be. It simply requires the auditor to adopt procedures that enable him or her to gain access to the documentation throughout that period. One way for auditors to accomplish this is by creating a policy to maintain electronic documentation in a format that ensures its compatibility with newer versions of audit software or by retaining older versions of such software and, if necessary, the hardware on which it runs. AMENDMENTS TO OTHER SASs SAS no. 96 includes amendments that add documentation requirements to three other statements: SAS no. 47, Audit Risk and Materiality in Conducting an Audit, SAS no. 56, Analytical Procedures, and SAS no. 59, The Auditors Consideration of an Entitys Ability to

Continue as a Going Concern. Audit risk and materiality. The amended SAS no. 47 requires an auditor to document the nature and effect of aggregated misstatements and his or her conclusion as to whether they cause the financial statements to be materially misstated. This facilitates compliance with the requirement in SAS no. 89, Audit Adjustments, that a summary of uncorrected financial statement misstatements aggregated by the auditor be included in or attached to managements written representation regarding its belief that the uncorrected misstatements are immaterial, both individually and in the aggregate. Substantive analytical procedures. The amendment to SAS no. 56 responds to a recommendation by the Panel on Audit Effectiveness; it requires auditors to document certain aspects of substantive analytical procedures they perform as a principal audit test of a significant financial statement assertion. Three requirements apply. First, auditors now must document the factors they considered in developing the expectation for a particular analytical procedure. They also have to document the expectation if it is not apparent from the documentation of the work they performed. To illustrate this requirement, assume that auditors perform a substantive test of sales and accounts receivable by developing an expectation of the number of days sales in accounts receivable based on relationships in prior years. The documentation should include the number ofor range ofdays sales expected for the current year and the factors, such as current economic conditions, considered in developing this expectation. The amended SAS no. 56s other two requirements will oblige auditors to document The results of their comparison of the expectation with the recorded amounts or the ratios the auditors develop from those amounts. Any additional auditing procedures they perform in response to significant unexpected differences arising from analytical procedures and those additional auditing procedures results. These requirements add more structure to situations in which analytical procedures provide substantial evidence about a significant balance or class of transactions. This amendment to SAS no. 56 applies only to substantive analytical procedures that an auditor performs as a principal audit test of a significant financial statement assertion. For all other analytical procedures, auditors should refer to the general documentation guidance in SAS no. 96. Going concern considerations. The Panel on Audit Effectiveness called for improvement in the documentation of the auditors consideration of an entitys ability to continue as a going concern, especially as it relates to his or her evaluation of prospective financial information

that is significant to management plans. SAS no. 96s amendment to SAS no. 59 addresses the panels recommendation and requires the auditor to document The conditions or events that led him or her to believe there is substantial doubt about the entitys ability to continue as a going concern. The work performed in connection with the auditors evaluation of managements plans. The auditors conclusion as to whether substantial doubt remains about the entitys ability to continue as a going concern for a reasonable period of time. The consideration and effect of that conclusion on the financial statements, disclosures and the audit report. MOVING IN THE RIGHT DIRECTION SAS no. 96 provides overall documentation requirements for GAAS audits. The ASB will use the statements documentation concepts and guidance when developing more specific requirements in future SASs. Because some of the content in SAS no. 96 is relevant to practitioners performing attest engagements, in January the ASB issued Statement on Standards for Attestation Engagements (SSAE) no. 11, Attest Documentation, which incorporates SAS no. 96s concepts and terminology and consolidates all documentation guidance in the attestation standards. (See Official Releases, page 105.) SSAE no. 11 is effective for attest engagements when the subject matter or assertion is as of, or for a period ending on or after, December 15, 2002. The ASB does, however, permit earlier application. plication. Comparison of Audit Documentation Requirements SAS no. 41, Working Papers Nature and extent of documentation Provides no explicit guidance other than a mention of some factors at the engagement level that affect the auditors judgment regarding the quantity, type and content of Identifies six factors the auditor should consider in determining the nature and extent of the documentation for a particular audit area or auditing procedure. SAS no. 96, Audit Documentation

working papers. Requires audit documentation to include abstracts or copies of significant contracts or agreements that auditors examined to evaluate the accounting for significant transactions. Requires documentationfor tests of operating effectiveness of controls and substantive tests of details that involve inspection of documents or confirmationto include an identification of the items tested. Sufficiency of audit documentation Says that working papers should be sufficient Incorporates the guidance in SAS no. 41 and to show that the accounting records agree or expands it by also requiring that audit reconcile with the financial statements or other documentation be sufficient to information reported on and that the applicable standards of fieldwork have been observed. Enable members of the engagement team with supervision and review responsibilities to understand the evidence obtained and the nature, timing, extent and results of the auditing procedures performed. Indicate the engagement team member(s) who performed and reviewed the work. Documentation of significant findings or issues Has no equivalent requirement. States the auditor should document audit findings or issues that in his or her judgment are significant, actions taken to address them (including any additional evidence obtained) and the basis for the final conclusions he or she reached.

Retention of audit documentation Says the auditor should adopt reasonable procedures for safe custody of his or her working papers and should retain them for a period sufficient to meet the needs of his or her practice and to satisfy any pertinent legal requirements of records retention. Says the audit procedures should enable the auditor to access electronic audit documentation throughout the retention period. Requires the auditor to adopt reasonable procedures to maintain the confidentiality of

client information in audit documentation. Requires the auditor to adopt reasonable procedures to prevent unauthorized access to the audit documentation.

Document Audit Procedures

By emma On December 13, 2010 Leave a Comment In Business News, ISO 9001 News, ISO Standards News All ISO certification puts significant emphasis on documentation and manuals, particularly throughout ISO 9001. Documenting is strict because the document audit procedure acts as evidence that an established process or procedure was adhered to in order to satisfy customer requirements. Registrars and Internal Auditors will always focus on the quality, continuity and flow of documentation; inconsistencies in this flow of information will indicate a problem and generate a non-conformance. Non-conformances will mean that your organisation does not meet with ISO standard requirements and you will not be certified. It is therefore vital that your organisation implements and maintains a robust document and record management system. To better understand the difference between a document and a record, the following explains that:

A Document is information and its supporting medium A Record is a document stating results achieved or providing evidence of activities performed

Throughout the quality management system procedure, some of the new documentation might become a burden, but you will become familiar with the quality standard and as you do, the documentation processes will seem less so. During implementation of the quality management system, you may generate new documents and begin keeping records that you may not have in the past. An organisation must:

Approve documents before your distribute them

Provide the correct version of documents at points of use Review and re-approve documents whenever you update them Specify the current revision status of your documents Monitor documents that come from external sources Prevent the accidental use of obsolete documents Preserve the usability of your quality documents

In order for any organisation to demonstrate the effective implementation of its quality management system, it may be necessary, in some cases, to develop documents other than documented procedures such as records. A record is a document that provides traceability; it declares results or presents evidence that the activities undertaken meet customer requirements. It is important to identify relevant quality records as you progress your documentation and ensure that records are defined within a procedure or by a system and that it exists and is controlled. You are in control of the documents and records and not vice versa. Only document and record what is necessary the fewer you keep, the fewer things that need to be audited, and the more time you can spend on actually running your business.

Audit Documentation
"The skill of an accountant can always be ascertained by an inspection of his working papers." Robert H. Montgomery, Montgomery's Auditing, 1912. During the performance of an audit, it is obvious that the auditor may have come across issues which were a subject matter of discussion with the management, an expert's opinion had to be called for or a reservation was expressed by either the management or the auditor on treatment of a particular transaction. It ultimately boils down to what was the final conclusion and how was it treated in the financial statements? It is imperative for the auditor to design audit plan in such a manner that the audit procedures brings into light all material and relevant factors that go in as part of the audit and finally finds its place in the Audit Report. The first aid of defense is the documentation of audit plans, which is transparent enough to prove that audit was conducted in adherence to the standards. So, what is documentation? Documentation refers to the working papers prepared and obtained by the auditor and retained by him in connection with performance of an audit. International Standard on Auditing 230 (Revised) defines Audit Documentation as: "Audit documentation" means the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached. Further, the Australian Standard on Auditing 208 also includes, the documents stored in electronic media. So, when should the auditor prepare the documents? The entire process of documentation can be expressed diagrammatically as follows:

After the audit report is issued, there may be circumstances wherein questions can be raised on the financial statements of the organization, or the integrity of the auditor might itself be challenged. The importance of audit documentation is well known in the case of Enron. The case against Andersen for its audit of Enron was focused on the destruction of documents. What were these documents? These documents were pertaining to the audit of the client i.e., the working papers. Proper audit documentation will aid the auditor in defending the case. So how does documentation of audit work help an auditor? The audit documents prove the following:

The fact that audit was carried out in tune with the scope, The objective of the audit was attained, The audit was planned and systematic, All Auditing and Assurance Standards applicable were adhered to, To aid the auditor in peer review, To aid legal and professional requirements,

Reporting on True and fairness of the financial statements: The primary question that arises is how does the auditor satisfy himself about the truth and fairness of the financial statements, or rather going down to the level of transaction itself? It is with the help of vouchers, supporting bills, correspondence with external and internal parties, expert opinions, etc., all these act as evidence for the assertions made by the management. If the auditor is satisfied with the evidence presented, he vouches for the genuineness of the transaction. All these evidences, in turn help the auditor to form an opinion on the financial statements. Relying on Management Representations: Transactions like choosing accounting policies, classification of investments, and provision for bad and doubtful debts wherein the judgment of the management is required, management letters

are prepared and presented to the auditors. These management letters acts as useful evidence for events which forms part of the audit report. Does audit assure the readers the financial health of the entity? Let us remember that audit report does not give assurance of the financial statements, it is an expression of opinion by an expert. Therefore, no audit is free from risk of material misstatement, detection of any error or frauds, etc., So, in this scenario, it is the duty of the auditor to detect such risks and take steps (by increasing the checking percentage or look for alternative evidences) to mitigate such risks. All the actions of the auditor taken to reduce risks is to be documented, indicating that the risks were indeed identified, quantified and appropriate action was taken to mitigate the risk. Co-ordination with other auditors: Welcome, to the age of big corporate. It is now not possible for any one auditor to audit and report on the accounts of huge corporate house, because of the sheer size and complexity of the business. Therefore, more than one auditor is appointed. Unless there is division of work, the joint auditors would trespass their respective areas and audit is hampered. Documenting the do's and don'ts of each other would make sure that the audit is properly planned and executed. Extent of documentation: Another question that arises in the mind of all the readers, is it required for the auditor to document all the evidences procured during the process of audit? No. It depends on the gravity of the transaction and its importance for the reader of the financial statements. This is called as materiality. What is material and what is immaterial is judgmental? It is left to the wisdom of the auditor to decide from time to time and in certain circumstances to decide what is material and immaterial. How has the auditor arrived at such a conclusion is required in forming the audit report? Documentation is required to prove the procedures taken to arrive at such conclusion. Extent of test checking to form an opinion: It is not possible to cover all the transactions under audit. A random sample is taken out of a population. And such samples are taken on some basis or on some judgment. This is to be recorded, to ensure there is consistency in applying the formula, unless circumstances call for a differentiated approach. Or, to ensure that the formula used to collect the sample was right or wrong, the sample has to be recorded. Quality of the Audit: The quality of the audit would be reflected in the acceptance of the audit report by the stakeholders. To maintain the quality of the work, certain procedures have to be reworked on a continuous basis and have to be modified to suit the changing environment. To keep track of the quality of the work done, it is imperative to record the procedures of work done and compare them over a period of time. Applicability of Laws: Another issue which is of prime importance is applicability of law and its implementation by the client. An auditor is not an expert in law. How can he be sure that the client is a law abiding citizen? If there is any contravention of law, the client could face both economic and goodwill loss in the market. So, a legal opinion has to be considered to be sure about the legal status of the client. Therefore, he has to document or record the implications in consultation with the client and legal expert before reporting. The auditor should be sure about the scope of the audit lest his services would be of little use. To understand and confirm the scope of the audit, it is necessary that the scope is mentioned in detail in the engagement letter. Engagement letter once documented and confirmed by the client,

casts a duty upon the auditor to work within such scope and the client is also sure about the responsibility of the auditor. Unless, the scope is determined it is not possible for the auditor perform his duties? Transparency is the key word in documentation. Internal Auditing Standard requires: The auditor should prepare the audit documentation so as to enable an experienced auditor, having no previous connection with the audit, to understand: a. The nature, timing, and extent of the audit procedures performed to comply with ISAs and applicable legal and regulatory requirements, b. The results of the audit procedures and the audit evidence obtained; and c. Significant matters arising during the audit and the conclusions reached thereon. The form and content of the documentation depends on: a. Nature of the audit, b. Audit procedures intended to be carried out, c. Audit evidences to be collected, d. Significance of such evidences, e. Audit methodology and tools used. Working papers are the most crucial part of documentation. So, is there any prescribed format of working papers? NO. It is again a judgment an auditor has to make. However, the working papers should be designed such that a new auditor with no previous experience of the audit should be able to review the audit work done and should come to a conclusion that yes, the audit was done based on some standards. Some countries have prescribed minimum period of 5-6 years retention of the documents, but again it is very subjective. International Auditing Standards require the documents be assembled or stored in the audit engagement file within 60 days from the date of audit report. Working papers should state:

So, whatever be the document and it's classification it should adhere to the principles of auditing and should be an aid to the auditor in forming a report. It is the duty of the auditor to retain the custody of the working papers as required legally and professionally. Remember, the working papers are the property of the auditor and it's safe custody is in the hands of the auditor. Any change or modification in the file or the contents of the documents can be done but keeping in view the implications on the audit conclusions arrived at and professional ethics. Further, the auditor should document under what circumstances such modification in the contents were made, person responsible for such a alteration, and whether any review was conducted again to retain the transparency of the documentation procedures. Source : -