From RiskWiki
Jump to: navigation, search



The auditor should have unlimited access to any evidence until, in their professional judgement:

  • sufficient;
  • competent;
  • relevant;
  • reliable; and
  • useful

evidence has been collected to support audit results and their reports.

Audit evidence consists of at least:

  • authoritative evidence, eg. contracts, confirmations from third parties;
  • calculations by the auditor;
  • internal control, eg. authorisations and approvals;
  • interrelationships among the data, eg. analytical review;
  • physical evidence, eg. documents such as cheques, invoices, receiving reports and purchase orders;
  • statements by clients;
  • statements by third parties;
  • subsequent events; and
  • subsidiary records.

Basis for selecting Audit Evidence.

Audit evidence should be selected:

  • to allow the auditor to form an opinion that the following assertions underlying the system are being met;
    • existence or occurrence
    • completeness
    • rights and obligations
    • valuation or allocation
    • presentation and disclosure
  • to satisfy specific client requirements;
  • in accordance with materiality considerations;
  • in accordance with the nature and degree of inherent and control risk  ;
  • in accordance with potential key controls;
  • in accordance with the reliability of the evidence available, ie. the less reliable the evidence obtained, the more that is required to support conclusions etc;
  • in accordance with the efficiency of audit procedures available to internal auditors.

The assessment of inherent and control risk permits the determination of the allowable level of detection risk for a particular assertion given the level to which the auditor seeks to restrict overall audit risk. The concepts of inherent, control and audit risks is covered in RIAM:VLA:DOCUMENTING & ANALYSING THE SYSTEM OF INTERNAL CONTROL

Contents and Standards for Working Paper Documentation. (IAS 420)

Internal Audit Standard 420 states that "Working papers that document the audit should be prepared by the auditor and reviewed by management of the internal audit department. These papers should record the information obtained and the analyses made and should support the bases for the findings and recommendations to be reported."

The primary purpose of working papers is to support the auditor's report by providing the details necessary to prepare the report. Working papers may be important if a dispute arises or the matters covered during the audit become the subject of legal action because they should clearly show the nature, timing and extent of audit work done.

Functions of Working Papers & Files:

  • provision of evidence to support the internal auditor's report;
  • aids in the planning, performance and review of audits;
  • documents whether the audit objectives were achieved;
  • facilitates third party reviews eg. Australian National Audit Office;
  • provides a basis for evaluating the internal audit department's quality control program;
  • aids in the professional development of the internal auditors;
  • provides evidence and support in circumstances such as disputes and lawsuits; and
  • demonstrates internal audit's compliance with the "Standards for the Professional Practice of Internal Auditing".

Contents - Permanent Audit Files

A permanent audit file is usually established for each auditee area. It contains data of recurring importance including:

  • prior audit reports and auditee's responses;
  • records of prior reviews with management;
  • post audit comments by the previous auditor, including any problem areas;
  • records of reports to management;
  • audit programs and questionnaires, Broad Audit Guides;
  • organisation charts;
  • flowcharts;
  • important long-term auditee contacts;
  • historical financial information;
  • summaries of audit budgets;

Contents - Task files (Current Files)

Contents of Task files include:

  • copy of the final audit report;
  • engagement letters, contracts and contacts;
  • action plan, client follow-up and correspondence;
  • planning documents and audit programs;
  • background and organisational details;
  • memorandums on reviews of controls (control strengths and weaknesses);
  • control system documentation (questionnaires, flowcharts, checklists and narratives);
  • records of interview;
  • legislative and management directions; and
  • results and analysis of audit testing and how exceptions were handled.

Working Paper Design

Working papers should usually contain:

  • headings including auditee, period covered and work paper subject matter;
  • a key of all tickmarks and symbols used;
  • the date of preparation and preparer's initials; and
  • a reference number which individually identifies the working paper.

Working papers should be consistently and efficiently prepared so as to facilitate review. They should be:

  • neat, not crowded and only written on one side;
  • uniform in size and appearance;
  • economical, avoiding unnecessary duplication (copies of client records is one way of reducing the time taken in completing workpapers); and
  • arranged in uniform style.

Working papers should have summaries throughout which provide the reviewer with a concise statement of data contained in subsequent schedules.

A good indexing system for working papers should be simple and capable of easy expansion. Working papers should be well cross-referenced simplifying the finding of related information and the preparation of the report.

Cross referencing should follow at least these rules:

  1. Surround reference in angle brackets: " < > ".
  2. Use a colour different from the main writing colour for the <>.
  3. Referencing towards the front of the file, from this Line/Page, place reference on the LEFT hand side of the subject.
  4. Referencing towards the back of the file, from this Line/Page, place reference on the RIGHT hand side of the subject.

Sources of data should be clearly identified.

All sample documents should be uniquely labelled with a document numbering system, to allow clear references throughout the file.

The RIAM (DRT Internal Audit Methodology) Audit File - an overview of its contents.

The RIAM Audit File structure has been based upon the concepts outlined above. Below we reproduce the contents page from the Task File (Current File). An alternative contents page may be found at the end of this Volume.

1 Final Audit Report and Other Relevant Files
2 Supervisor, Manager & Director Reviews and Follow Up
3 Engagement Letters and Contacts
4 Action Plan, Client Follow Up and Correspondence
5 Matters for Manager & Director Attention
6 Matters for Review Next Audit
7 Planning Documents and Audit Program
8 Work & Time recording Schedule
9 Background and Organisation Details
10 Organisation Objectives, Operating & Financial Policies, and Performance Measures
11 Strength & Weakness Schedule
12 Control System Documentation and Conclusion

(Control Questionnaires, flowcharts, checklists and narratives)

13 Records of Interview
14 Legislation and Management Directives - Compliance

(Including Important Contracts and Agreements)

15 Analysis and Tests of Transactions, Processes and Account Balances
16 Other Background Data and Notes