“If it’s not documented, it’s not done.” This often-used line by audit peer reviewers may sound cliché but it’s true. Insufficient audit documentation continues to be a hot-button peer review issue and it’s not going away any time soon. Why this judgement? Audit standard ISA 230 specifically requires the auditor to sufficiently document their work so that an independent experienced auditor would be able to reach the same conclusion. Therefore, a peer reviewer can’t give credit for non-existent work. Audit work papers are the auditor’s communication vehicle.
Quality is the foundation of every good CPA firm. Quality in this trade is judged by documentation. What does sufficient audit documentation mean? What exactly should be posted in your audit work programmes? How much is enough? What really is necessary? Are questions that auditors grapple with. should be in our work papers? How much is necessary? Before we even attempt to answer these questions, we need to be brutally honest with ourselves by asking a more searching question which is – what drives inadequate audit documentation? The answer is profits! More documentation means more work, more professional hours spent and that erodes profitability.
The cutthroat competition and undercutting on professional fees boils down to an unhealthy deprivation of professional hours committed to an audit. Corners are cut. Planning is disregarded. Confirmations, walkthroughs, fraud inquiries are omitted. And yes, unfortunately quality suffers. Quality documentation takes more time and may erode earnings. Ducks are known by their quack; audit work papers tell the story of a CPA firm’s character.
Creating Clarity in audit work papers
Any good communicator makes it their job to speak or write in an understandable way. The communicator assumes responsibility for clear messages. In creating work papers, we are the communicators. The responsibility for transmitting messages lies with us (the auditors creating work papers). Help your reviewers by ensuring that your work papers include the following:
- The objective statement (what are you trying to achieve?)
- Information evidence (how was it obtained? How was it interpreted? who provided it?)
- Who prepared the work paper? Was it reviewed?
- A conclusion (does the audit evidence meet the objective?)
As you prepare the work papers, you will need to consider those who will interact with the work. All too often, the person creating a work paper understands what he is doing, but the reviewer doesn’t. Why? The message is not clear. Just because I know why I am doing something does not mean that someone else will. It is your duty as the auditor to create that clarity.
Perform risk assessments.
Performing risk assessments is a critical component of the audit process that enables the auditor to identify and evaluate the risks associated with the client’s operations. To perform risk assessments, the auditor should identify the risks that could materially impact the financial statements. These risks could include fraud, errors, and omissions, or other operational risks. The auditor should then assess the identified risks, considering their likelihood and potential impact. This assessment should be based on the auditor’s professional judgment and experience, as well as any available data or information. Next, the auditor should determine the materiality level for the audit, which is the threshold above which misstatements or omissions would be considered material to the financial statements and finally he should develop a risk response plan that outlines the specific audit procedures to be performed to address the identified risks. This plan should also consider the availability of evidence, the effectiveness of controls, and the degree of complexity or judgment involved in the audit procedure.
Provide detailed walkthrough tests on significant risks.
Conducting detailed walkthrough tests for significant risks is a crucial aspect of the audit process. The auditor must use their professional judgment and experience to identify the significant risks that could materially impact the financial statements. A comprehensive walkthrough plan should be developed, outlining specific procedures and individuals to be interviewed. The walkthrough tests involve tracing a transaction from its initiation to its final disposition, evaluating the effectiveness of the internal controls in place to mitigate identified risks. Documentation of the procedures performed, issues identified, and recommendations made for improving internal controls is necessary. The results of the walkthrough tests must be evaluated, focusing on the effectiveness of the controls in mitigating significant risks and ensuring financial statement accuracy. The auditor must communicate their findings and recommendations to the client’s management and audit committee.
Provide a linkage between documents reviewed and audit opinion.
Providing a linkage between the documents reviewed and the audit opinion is a crucial step for auditors to ensure that they have sufficient evidence to support their audit findings and conclusions. To establish this linkage, the auditor should follow these steps:
- Develop an audit plan: The auditor should develop a comprehensive audit plan that outlines the objectives, scope, and methodology of the audit. This plan should also identify the key documents that need to be reviewed to support the audit opinion.
- Review the relevant documents: The auditor should review the relevant documents identified in the audit plan, such as financial statements, accounting records, and internal control documentation. The auditor should also consider any other relevant information obtained during the audit.
- Test the controls: The auditor should test the internal controls to ensure that they are operating effectively and efficiently. This testing should include an assessment of the design and implementation of the controls and their operating effectiveness.
- Evaluate the results: The auditor should evaluate the results of the audit tests and other evidence obtained during the audit. The auditor should determine whether there are any material misstatements or weaknesses in the internal controls that could impact the financial statements.
- Form an audit opinion: Based on the results of the audit, the auditor should form an audit opinion. This opinion should be supported by the evidence obtained during the audit, including the documents reviewed and the results of the control testing.
- Document the linkage: The auditor should document the linkage between the documents reviewed and the audit opinion. This documentation should include a description of the documents reviewed, the results of the control testing, and the evidence used to support the audit opinion.
Process area maps/ work programme areas
Include process area maps in your file which makes it easier to find your work papers. It also provides a birds-eye view of what you have done. Using an audit tool such as auditproo helps you to easily create and map out the process area and define the work done.
Audit documentation continues to be a significant peer review problem. We can enhance audit quality by remembering we are not just auditing. We are communicating. It is our responsibility to provide a clear message.