ICAEW.com works better with JavaScript enabled.
Exclusive

Audit & Beyond

Tips on audit documentation

Author: ICAEW

Published: 12 May 2023

Exclusive content
Access to our exclusive resources is for specific groups of students, subscribers, users and members.
post it sticky notes files paperwork ICAEW Audit Beyond tips documentation

There are plenty of opportunities for firms to enhance their audit documentation.

Audit documentation is an area where weaknesses are commonly found during audit quality reviews by the Financial Reporting Council, ICAEW’s Quality Assurance Department and others conducting hot and cold file reviews. The following tips are drawn from their numerous findings and recommendations. They may offer many firms scope to improve audit documentation, by helping them to avoid and address areas of weakness and adopt good practices that have been identified by reviewers or required by enhancements in some recently revised International Standards on Auditing (ISAs).

Signpost the way

Audit documentation needs to present information on the audit in a way that makes it easy to find and to navigate. The audit file should allow an external reviewer or inspector to understand and, if necessary, reperform the audit work.

Good practices

  • A highlights summary for each key section.
  • Summary working papers identifying key relevant assertions (particularly in material areas), with links to detailed audit work.Clear cross-referencing from programmes and checklists to the underlying audit work. 

Document and communicate clearly

Think carefully about ways to record and explain how judgements in the audit were made and the rationale and quality of evidence for decisions to aid understanding by the engagement team and relevant third parties, such as file reviewers.

Good practices

  • Memos for judgements, with evaluation of contradictory/conflicting evidence, challenge of management and a clear trail in support of the conclusion – particularly in complex/significant areas and/or where matters are not clear cut. 
  • Detailed step-by-step templates to drive consideration of all relevant factors in complex and judgemental areas. 
  • Considering areas where reviewers sometimes find documentation and evidence for judgements and conclusions are missing or insufficient, such as:
    • whether ethical threats are significant and whether safeguards are adequate;
    • completeness of provision for slow-moving stock or outstanding debtors; and
    • valuation of major assets. 

Tell the story of aspects of the audit

Provide a narrative for key audit work explaining the critical thinking of team members. Careful documentation can help to make the most complex and significant aspects of an audit much easier to understand. 

Good practices

  • Doing the right work at the right time. Telling the story as it unfolds and key decisions are made, not merely summarising the final position.
  • Clearly articulating the route to conclusions based on evidence obtained, rather than just describing audit processes.
  • Structuring a narrative by detailing, for instance: 
    • the identified audit risk;
    • the approach taken, explaining how and why;
    • what was discussed with management; 
    • how management were challenged;
    • evidence identified and evaluated to support or contradict a position; and
    • reasoning behind the final conclusion. 

Show relevant and current knowledge

Audit documentation needs to demonstrate understanding of the client, the business environment in which each audit client operates, relevant auditing and financial reporting issues (and standards), and how those who own, manage and are employed by the client work. 

Good practices

  • Approaching the audit with an open mind. Client familiarity and reliance on the prior-year audit file can lead to poorer documentation. 
  • Appropriate use of disclosure checklists, reflecting client specifics such as size, structure, risk and significant changes. Disclosure reviews by second audit manager and/or partner.
  • Risk assessment demonstrating depth of understanding of the client’s business, structure and controls, with identified risks linked to planned audit procedures.

Highlight professional scepticism and challenge of management

Documentation needs to demonstrate how the auditor has exercised professional scepticism throughout the audit: across planning, fieldwork, completion, between audit team members and in communications with management and those charged with governance. 

Good practices

  • Clear evidence on file to show the auditor has robustly challenged management and evaluated contradictory evidence as well as corroborative evidence.
  • Evidence of robust discussions about fraud with management and within engagement team discussions. 
  • Critical assessment of management forecasts and estimates, with robust challenge of underlying fundamentals and assumptions – especially in more judgemental areas such as long-term contracts, goodwill impairment, valuation of assets and/or financial instruments, and going concern.
  • Full team discussions at various points during the audit to drive timely debate on key issues, challenge of management and judgements.

Document all relevant audit evidence

It’s vital to ensure that sufficient appropriate corroborative and contradictory audit evidence has not only been obtained and assessed but adequately documented.

Good practices

  • Keep a record of all relevant correspondence, meetings and conversations, with the client and between audit team members, with links to appropriate audit evidence.
  • Address common areas of weakness. For example:
    • as well as identifying related parties and transactions, follow through with details of the risk assessment and response and document evidence;
    • if accounts preparation work provides audit evidence, properly identify and document it, rather than merely including the accounts preparation file;
    • check that all key working papers are attached to electronic files; and
    • ensure adequate consideration of the use of service organisations by the audited entity.

Minimise pointless clutter

Too much unnecessary or irrelevant documentation can obscure what is important – such as knowledge of the entity, what’s required by the ISAs and which risks are most significant. Reviewers sometimes find too much documentation on low-risk areas and not enough on more difficult higher risk areas.

Good practices

  • Carry forward documentation from prior periods only if it is relevant and up to date. 
  • Don’t file all material provided by the client regardless of relevance. 
  • Review and update permanent information each year.

Look beyond ISA 230

ISA 230 isn’t the only standard that can or may affect aspects of audit documentation. For example, various clarifications and enhancements made over recent years in revisions to ISA 315, ISA 540 and ISA (UK) 240 have resulted in the need for enhanced or more audit documentation. 

Good practices

  • Regularly review revisions to ISAs for changes that directly or indirectly affect audit documentation.
  • Assess and address consequent changes to the firm’s processes and resources.
  • Ensure that audit documentation reflects any new or amended ISA requirements and demonstrates that they have been adhered to.
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250