Financial Reporting

NFRA’s Interpretation on SA 230 – Audit Documentation

Standard of auditing 230 refers to the auditor’s purpose in constructing documentation of audit, which gives an adequate and relevant record of the basis for the audit documentation, and the audit report is a piece of evidence that the audit was planned and done in line with SAs and applicable legal and regulatory requirements.

This article discusses the interpretation of SA 230 in detail in accordance with the audit quality review performed by NFRA.

What is Audit Documentation?

Audit documentation refers to relevant evidence of the record of the audit process and a summary of the audit that the auditor performs.

It provides evidence of whether the auditor’s purpose was achieved or not and audit was planned and done as per the standard on auditing.

Importance of audit file/audit documentation

The importance of audit documentation and compliance with SA 230 as per the national financial reporting Authority (NFRA) are given below:-

• If CA does not exercise due diligence or is gross negligent in the conduct of his practice shall be considered guilty of misconduct mentioned in clause 7 part I of the Second Schedule to the Chartered accountant Act,1949^[1].
• Before, only the gross negligence that will constitute professional misconduct was there, but now even the non-exercise of due diligence will account for actionable professional misconduct added in clause 7, the portion “does not exercise due diligence”.
• The requirement section of the applicable SAs plays a role in determining what constitutes due diligence. The auditor is entirely responsible for the SAs requirements. With these changes, a strict liability approach has been implemented. Countries such as USA and UK, also lined up with a number of cases that has been decided.
• Failure to act in accordance with the SAs, and particularly the unconditionally necessary obligation part thereafter, would constitute both failure to exercise due diligence and, depending upon the circumstances of gross negligence. Compliance with the SAs, however, continues to be the benchmark.
• The decision about the Compliance with due diligence or the gross diligence of the concerned auditor is based on the evidence; the SAs have the internal mechanism up to the mark of a specific SA 230 on audit documentation.

The duty of “due diligence” owed

The following things about the users of financial information:  The present and potential investor, customers, employees, lenders, suppliers, creditors, government and their agencies and the public is included as the users of financial statements, but it excluded the management of the entity from the user definition, said by the ICAI Framework for the preparation and presentation of financial Statement in accordance with Indian Accounting Standards.

A financial statement’s objective is to give information about the financial performance, position, and cash flows of a business that will be helpful to the users in economic decision-making. To fulfil the users’ information needs, “due diligence” is required. Apparently, the management is not owed the responsibility of due diligence.

Ensure Compliance with “due diligence”

To comply with “due diligence,” one must meet the requirements portion of the SAs. The duty of “due diligence” no longer remains a blurry, unformed responsibility but a distinctly defined duty. Additionally, it is not a situation where the regulator’s judgement or opinion is an alternative to the auditor’s. Delivering the due diligence and successfully claiming it, the auditor must stick to a clear set of the positive obligation imposed by the SAs. Legal authorities that discuss the conception of due diligence broadly have to depend on the common principle.

The duty to be discharged

The auditor must show the skill, competence, and application level commonly expected of such a professional. This is the exclusive minimum. Acknowledge the fact, the users’ interest is different from the management’s interest; SAs also need to keep independence from the management of the auditee entity. Excluding SAs, several limitations and provisions to ensure independence formed into the companies act as such, that require to be followed with. Along with this, the auditor requires to maintain an attitude of professional suspicion, which is defined as “an attitude that involves a doubtful mind, being attentive towards the conditions which may stipulate possible misstatement because of error or fraud, and a difficult evaluation of audit evidence” of SA 200). It also comprises “questioning opposing audit evidence and the accuracy of documents and reply to inquiries and other details obtained from management and those charged with governance “of SA 200).

Interpretation of Fundamental Requirements of SA 230, SQC 1 and SA 220

SA 230 – Audit Documentation

• Audit documentation that satisfy the needs of standard on auditing 203 and the particular documentation needs of other relevant SAs may provide:
  • The achievement of the overall purpose of the auditor conclude on the basis of evidence of the auditor’s.
  • Provide proof that the auditor was planned and performed the audit as stated by SAs and applicable legal and regulatory requirements.

The implementation guide to SA 230 affirms that the particular documentation needs of other SAs do not restrict the application of SA 230. Therefore, the documentation requirements discussed in other SAs are in addition to what is required by SA 230. The guide also mentioned that the state’s lack of documentation requirements in any specific SA does not mean to suggest that no documentation is prepared because of complying with that SAs. The appropriate Documentation for the SA needs to be maintained.

• Audit documentation presents several additional objectives, including the following:
  • Assisting members of the ET responsible for supervision to direct and oversee the audit work and to release their review responsibilities as per SA 220.
  • Facilitate the ET to be answerable for its work.
  • Maintaining a record of matters of continuing importance to future audits.
  • Facilitate quality control reviews and inspections as per the SQC.
  • Enabling external inspections under applicable legal, regulatory or other requirements.
• Audit Documentation – The relevant evidence of the record of the audit process and summary of the audit that the auditor performs. (Terms called “working papers” or “work papers”). 
• Audit File – One or more than one folders or other storage devices, in physical or electronic form, maintaining the records that contain the audit documentation for a particular commitment.
• In the documentation, the timing and extent of the audit process performed by the auditor shall record: 
  • A person who does the audit work and the audit completion date 
  • A person who reviewed the audit work, and what is the date and extent of such review? 
  • After the Final Audit File has been prepared, the auditor shall not remove or destroy audit report before the end of its retention period. 
• In circumstances which are not covered in paragraph 13 where the auditor determines it necessary to change or add existing audit documentation after the completion of the Final Audit File, then regardless of the type of the changes or additions made, the auditor shall, record: 
  • The specific justification for making them  
  • The date and person who made it and by whom documentation was reviewed. 
• An essential factor in determining the content, form, and extent of audit documentation of important matters is the degree to which professional judgment was used in performing the work and assessing the end results. Documentation of the professional judgments prepared, where significant, defines the auditor’s summary and strengthens the judgment’s quality. These matters are of specific interest to those responsible for evaluating the audit documentation, including those who draw further conclusions.

SA 220 – Quality Control for an Audit of Financial Statements

• Until the engagement quality control review is not completed, do not mention the date of the auditor’s report.
• When reviewing the audit engagement, the engagement quality control reviewer must prove that the review is done on or before the date of the auditor’s documentation.

SQC 1

• After finalising the engagement reports, the firm should construct policies and procedures for ET to put together the final engagement files promptly.
• The company should construct policies and procedures to ensure that the quality control system policies and procedures are relevant, accurate, operating effectively and complied with in practice.

Let the Audit File Speak For Itself

According to SA 230, the Audit File should be capable of speaking for itself without requiring other aids for interpretation. The audit documentation should support anything that has been claimed to have been done through audit procedure or gathered as audit evidence. No claim that is not so supported can be taken into consideration. Given this position, there is virtually no scope for oral submissions or discussions in the SAs. To be included in the record and remove the possibility of disputes, oral representation is also reduced to writing. Only such records, backed by pre-existing evidence from the Audit File, can be accepted for the Audit Quality Review (AQR) by NFRA. Unverified claims and oral representations are not considered.

Record on the Basis of Professional Judgements

Standard on auditing 230 affirm that the auditor shall record the “important issues arising at the time of audit, the conclusions reached thereon, and important professional judgments prepare to landing on those conclusions. Therefore, the Audit Firm is required to note the basis of professional judgment while choosing the transaction.

Preparer and Reviewer of Audit Work paper & their Signoffs

SA 230 says, “In the documentation of audit procedures performed, the auditor shall record the following things:

(a) The identifying features of the particular items or matters tested.

(b) A person who performed the audit work, and the date of such work will be completed.

(c) An individual who reviewed the audit work performed, and what was the date and extent of such review?

Signing off of the document is not just a mechanical exercise. As such, if a Work paper does not mention the name of the person who reviewed it along with the date, it decisively proves that the same Work paper is not reviewed. The Audit Firm’s assertion that “Non-signing of Environmental professional on Work paper does not conclude that of Environmental professional has not reviewed the determination of materiality” is not tenable.

SA 230 Audit Documentation Is Also Applicable To Engagement Quality Control Review (EQCR)

Professional standards are applied in EQCR’s work. Judgement, and it is unlikely that EQCR also applies in every condition the ET’s professional judgement is reached. The requirements for documentation of professional judgements in work involving the SAs require that the judgement be made independently of the ETS. In this context, as explained in this AQRR by NFRA, the audit documentation requirements of SA 230 become essential for the EQCR. Therefore, it is evident that the documentation by an EQCR also includes relevant information to allow an experienced auditor, having no past connections with the engagement, to get to know the process performed by the EQCR. This does not state that the EQCR will rebuild all the documentation prepared by the ET, but will document how he used in his assessment the data and the factors examined by the ET to agree or disagree with the conclusions reached by the Audit Firm.

The EQCR team must record the rationale and supporting evidence for its conclusion, such as the review process used, the professional judgement made, the areas in which the EQCR challenged the audit team, the critical issue the EQCR talk with the audit team, the areas of disputes, the resolutions reached, and the additional evidence/documents/explanations considered. Simply providing “Yes or “No” responses in the checklist and signing the WPs of ET does not give any such evidence.

Conclusion

Takeaways for auditors from the above interpretations of SAs and the CA act by NFRA is to do whatever is required but under the rules and regulations, standards on auditing(SAs) and in accordance with the legal provision of the companies act,2013, including CARO 220. Let your audit documentation and file speak for themselves and be your lawyer for free. Include everything in your audit reports or file regarding industry realities. After auditors have any queries after sending the audit file, they can email them with evidence they missed out. The audit documentation of everything the auditor noted is always accurate, relevant and valid as per the Indian auditing standards and Indian laws.

Read Our Article: National Financial Reporting Authority (NFRA) in India