Regulatory updates

Standard on Auditing (SA) 230, Audit Documentation prescribes the basic principles of audit documentation that should be complied by auditors while performing audits of financial statements.

In 2013, the Institute of Chartered Accountants of India (ICAI) had issued the ‘Implementation Guide to SA 230, Audit Documentation’ (the IG)³ to provide practical implementation guidance to auditors in the form of various Frequently Asked Questions (FAQs).

Recently, on 15 December 2022, ICAI revised the implementation guide (revised IG) to provide more guidance on the aspect of assembly of the final audit file.

The revised IG (like its earlier version) includes summary of the standard, introduction, FAQs on SA 230, a checklist and also an illustrative working paper format. Some of the key guidance pertaining to the assembly of the final audit file include:

• Assembly of the final audit file after the date of the auditors’ report: SA 230 permits only administrative changes to be made to audit documentation after the date of the auditor’s report, therefore the revised IG advises that all audit documentation should be prepared on a timely basis – i.e. at the time the audit work is performed⁴. When assembling an audit file, an engagement team should ensure that it has a complete and final set of documents that support an auditor’s opinion. The revised IG also provides certain illustrative examples of activities that would be considered as administrative changes that are required to be completed before the final assembly of the audit file.
• Changes to audit documentation which are other than administrative in nature: The revised IG provides guidance on documentation requirements⁵ by an engagement team when changes or additions that are not administrative in nature are made to the audit documentation after the date of the auditor’s report but before the archive date. The revised IG has also provided examples of circumstances that require changes or additions to the documentation that are not administrative after the date of an auditor’s report. In certain cases, an engagement team may discover that, considering the facts and circumstances at the time of the audit, one or more additional audit procedures may have been omitted to be performed. In such situations, when the engagement team is performing procedures and obtaining and documenting evidence after the date of the auditor’s report, the engagement team does not discard any related documentation that previously existed.
• Confidentiality, safe custody, integrity, accessibility and retrievability of documentation: Auditors should comply with the requirements of the Standard on Quality Control (SQC) 1, Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements. As per SQC 1, audit firms should establish policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of documentation of an engagement. For this purpose, appropriate controls may be designed and implemented to:
  1. Enable determination of when and by whom engagement documentation was created, changed or reviewed
  2. Protect the integrity of the information at all stages of the engagement
  3. Prevent unauthorised changes to the documentation of an engagement
  4. Allow access to the documentation by authorised persons to properly discharge their responsibilities
  For practical reasons, original paper documentation may be electronically scanned for inclusion in engagement files.

3. The implementation guide was subsequently revised in 2018.
4. Timely audit documentation enhances the quality of audit and facilitates the effective review and evaluation of audit evidence obtained and conclusions reached before an auditors’ report is finalised.
5. Such documentation includes:

• An explanation describing what information was added or changed.
• When the evidence was obtained.
• The date the information was added and reviewed
• The name of the person who prepared and reviewed the additional information.
• The circumstances encountered and the reasons for adding the information.
• The new or additional audit procedures performed, audit evidence obtained, and conclusions reached.
• When the conclusions in respect of the new information were approved by the engagement manager, engagement partner and / or engagement quality control reviewer (where applicable).
• The effect on an auditor’s report.

To access the text of the ED, please click here