PERSONAL FINANCE
+ Return to investing
+ US real estate
+ Post-work worries
+ More...
SMEs
+ Use your assets
+ Surviving in tough times
+ How CAs can add value
+ Entering foreign markets
+ Valuing small firms
+ Expanding the biz
+ More...
IFRS AND ISA
+ IFRS and Canadian GAAP
+ New auditing standards
+ Gauging ISA adoption
+ IFRS and audit firms
+ More...
TECHNOLOGY
+ ERP and PSA survey
+ BI/CPM survey
+ CRM survey
+ More...
WORKPLACE
+ Diversity in the profession
+ CSR is worth it
+ Health and productivity
+ Preventing fraud
+ Chronological resumes
+ Expense fraud on rise
+ Gen X, Gen Y
+ Meeting time-savers
+ Bonuses still top reward
+ More...
CA STUDENTS
+ Articling in industry
+ Destination: CA
EXPERTISE
+ Global transfer pricing
+ More...
How much is enough?
By Eric Turner
Illustration: Geneviève Côté
Engineering is usually required to create cultured pearls; similarly intervention is needed to achieve a PEARL system
Whenever the Auditing and Assurance Standards Board (AASB) issues a new auditing standard, one of the first questions practitioners ask is, does this new standard require more documentation in my audit files? Documenting audit work takes time and is a major component of the cost of an audit. Proper documentation, though, can help improve the quality of an audit in various ways. AASB staff examined the documentation implications of the 36 new Canadian auditing standards (CASs) that come into effect for financial statement periods ending on or after December 14, 2010.
The examination focused on three key matters: the factors that determine the overall extent of documentation required; how the new standards affect the documentation relating to assessing and responding to risks of material misstatement, and other changes in the nature, timing and extent of documentation that will need to be made when the CASs are implemented.
To answer these questions, AASB staff focused on CAS 230, Audit Documentation, and the standard it will replace, Documentation, Sec. 5145, as a starting point. These standards set out the requirements and guidance on audit documentation.
Extent of documentation
CAS 230, para. 8, and Sec. 5145, para. 12, are essentially identical. They both require that audit documentation should be sufficient “to enable an experienced auditor, having no previous connection” with the audit, to understand the nature, timing and extent of the audit procedures performed to comply with the relevant auditing standards.
An experienced reviewer of an audit file may focus on whether the documentation supports that the objectives of the audit have been achieved. Each CAS contains one or more objectives that the auditor uses when planning and performing the audit. CASs do not require the auditor to document separately that individual objectives have been achieved. However, documentation of a failure to achieve an individual objective is required. Such documentation helps the auditor to evaluate whether such a failure has prevented the auditor from achieving the overall objectives of the audit.
It is also vital that the experienced reviewer understand how the auditor has dealt with an exceptional circumstance when the auditor has judged it necessary to depart from the audit procedures in a requirement. To comply with CAS 230, para. 12, the auditor must document how the alternative audit procedures performed achieved the aim of that requirement and the reasons for the departure. Authority of Auditing and Assurance Standards and Other Guidance, Sec. 5021, para. 4, contains a similar requirement.
The experienced reviewer will also focus on whether the auditor’s documentation clearly supports the basis for an auditor’s conclusions from the audit and, in particular, the professional judgments made by the auditor in reaching those conclusions. CAS 230 requires the auditor to document significant professional judgments. “Professional judgment” is defined in CAS 200, “Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Canadian Auditing Standards,” and clarifies that professional judgment is not to be used as the justification for decisions that are not otherwise supported by the facts and circumstances of the engagement or sufficient appropriate audit evidence. Both CAS 200 and CAS 230 provide application and explanatory material about the use and documentation of professional judgment in an audit.
Documentation requirements under the audit risk model
The audit risk model is often described as the engine room of the audit. Overarching auditing standards deal with how the auditor should identify and respond to the risks of material misstatement of the financial statements. There is no substantive difference between CASs 315, “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment,” and 330, “The Auditor’s Responses to Assessed Risks,” and previous Sec. 5141, Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement, and 5143, The Auditor’s Procedures in Response to Assessed Risks, the key audit risk model standards.
Auditors of smaller entities have struggled with the nature and extent of documentation required when obtaining an understanding of the entity and its environment, including its internal controls.
Significant changes to documentation requirements CAS 220, “Quality Control for an Audit of Financial Statements,” requires the engagement quality control reviewer to document certain specific elements relating to the audit engagement reviewed, whereas the previous requirement was that the engagement quality control review be “appropriately documented.” CAS 250, “Consideration of Laws and Regulations in an Audit of Financial Statements,” requires the auditor to document identified or suspected noncompliance with laws and regulations and the results of discussion with management and, where applicable, those charged with governance and other parties out-side the entity. CAS 260, “Communications with those Charged with Governance,” requires the auditor, if communicating orally, to document when and to whom matters required to be communicated have been communicated. Where matters have been communicated in writing, the auditor is also required to retain a copy of the communication as part of the audit documentation. CAS 450, “Evaluation of Misstatements Identified during the Audit,” requires the auditor to document the amount below which misstatements would be regarded as clearly trivial, all misstatements accumulated during the audit and whether they have been corrected and the auditor’s conclusion as to whether uncorrected misstatements are material. CAS 540, “Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures,” requires the auditor to document the basis for conclusions about the reasonableness of accounting estimates and their disclosure that give rise to significant risks, and indicators of possible management bias, if any. CAS 550, “Related Parties,” requires the auditor to document the names of the identified related parties and the nature of the related party relationships. CAS 600, “Special Considerations — Audit of Group Financial Statements (including the Work of Component Auditors),” re-quires the group engagement team to document specific matters relating to the analysis of components, the group engagement team’s involvement in the work performed by component auditors on significant components, and written communications about the group engagement team’s requirements of the component auditors. CAS 610, “Using the Work of Internal Auditors,” requires that the auditor document conclusions reached regarding the evaluation of the adequacy of the internal auditors’ work and the audit procedures performed by the external auditor on that work. |
In August 2009, to highlight how the design of the International Standards on Auditing (ISAs) enables them to be applied in a manner proportionate to the size and complexity of the entity, staff at the International Auditing and Assurance Standards Board issued a Staff Questions and Answers, “Applying ISAs Proportionately with the Size and Complexity of an Entity.” Auditors of smaller entities may find these questions and answers helpful in effectively implementing the CASs.
Significant changes to documentation requirements
In reviewing the documentation requirements set out in the CASs, staff identified the following areas where the CASs have new, or more specific, documentation requirements than the existing standards:
- detailing the engagement quality control review;
- recording identified or suspected non-compliance with laws and regulations;
- communicating with those charged with governance;
- evaluating misstatements identified during the audit;
- detailing related parties and related party relationships;
- concluding on the reasonableness of accounting estimates;
- matters relating to group audit engagements; and
- concluding on the work of internal audit.
These matters are shown in the table “Significant changes to documentation requirements” on page 50.
There are also two other significant documentation differences relating to:
- the need for an engagement completion document; and
- the time frames to complete the assembly of the final audit file.
“The CICA’s Guide to New CASs in Canada,” which is available on the CICA’s website at www.cica.ca/isa/ and compares each CAS with the standard it is replacing, explains these differences in more detail.
Engagement completion documents
Sec. 5145 requires the auditor to identify all significant findings or issues in an engagement completion document. The form of documentation for identifying findings or issues is not specified in the CASs.
Time frames to complete the assembly of the audit file
CAS 230 states that an appropriate time limit for completing the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor’s report. Sec. 5145, on the other hand, requires the auditor to assemble the complete and final audit file as at a date not more than 45 days after the report release date. The difference between the documentation completion dates in the respective standards therefore depends on the timing of the audit report date and the report release date.
Concluding comments
In summary, the overall required extent of audit documentation, including documentation related to identifying, assessing and responding to risks of material misstatement, are identical between the CASs and the existing standards. There are, however, significant differences between the documentation requirements in certain standards.
Both sets of standards provide the auditor with the ability to exercise professional judgment in determining the specific nature and extent of documentation that best responds to circumstances encountered in a particular audit.
Eric Turner, CA, is a principal in the CICA’s Assurance Standards department
Technical editor: Ron Salole, VP, Standards, CICA
