Audit Documentation
|
GAO-03-673G Government Auditing Standards > Chapter 4 Field Work Standards for Financial Audits > Audit Documentation
4.22 The standard related to audit documentation for financial audits performed in accordance with GAGAS is:
Audit documentation related to planning, conducting, and reporting on the audit should contain sufficient information to enable an experienced auditor who has had no previous connection with the audit to ascertain from the audit documentation the evidence that supports the auditors’ significant judgments and conclusions. Audit documentation should contain support for findings, conclusions, and recommendations before auditors issue their report.
4.23 AICPA standards and GAGAS require auditors to prepare and maintain audit documentation. The form and content of audit documentation should be designed to meet the circumstances of the particular audit. The information contained in audit documentation constitutes the principal record of the work that the auditors have performed in accordance with professional standards and the conclusions that the auditors have reached. The quantity, type, and content of audit documentation are a matter of the auditors’ professional judgment.
4.24 Audit documentation serves to (1) provide the principal support for the auditors’ report, (2) aid auditors in conducting and supervising the audit, and
(3) allow for the review of audit quality. The preparation of audit documentation should be appropriately detailed to provide a clear understanding of its purpose and source and the conclusions the auditors reached, and it should be appropriately organized to provide a clear link to the findings, conclusions, and recommendations contained in the audit report. Audit documentation for financial audits performed under GAGAS should contain the following additional items not explicitly addressed in the AICPA standards or elsewhere in GAGAS:
a. the objectives, scope, and methodology of the audit.
b. the auditors’ determination that certain additional government auditing standards do not apply or that an applicable standard was not followed, the reasons therefor, and the known effect that not following the applicable standard had, or could have had, on the audit.
c. the auditors’ consideration that the planned audit procedures are designed to achieve audit objectives when evidential matter obtained is highly dependent on computerized information systems and is material to the objective of the audit and that the auditors are not relying on the effectiveness of internal control over those computerized systems that produced the information. The audit documentation should specifically address (1) the rationale for determining the nature, timing, and extent of planned audit procedures; (2) the kinds and competence of available evidential matter produced outside a computerized information system and/or plans for direct testing of data produced from a computerized information system; and (3) the effect on the audit report if evidential matter to be gathered does not afford a reasonable basis for achieving the objectives of the audit. 1
d. evidence of supervisory review, before the audit report is issued, of the work performed that supports findings, conclusions, and recommendations contained in the audit report.
4.25 Underlying GAGAS audits is the premise that federal, state, and local governments and other organizations cooperate in auditing programs of common interest so that auditors may use others’ work and avoid duplication of audit efforts. Auditors should make arrangements to make audit documentation available, upon request, in a timely manner to other auditors or reviewers. Contractual arrangements for GAGAS audits should provide for full and timely access to audit documentation to facilitate reliance by others on the auditors’ work.
4.26 Audit organizations need to adequately safeguard the audit documentation associated with any particular engagement. Audit organizations should develop clearly defined policies and criteria to deal with situations where requests are made by outside parties to obtain access to audit documentation, especially in connection with situations where an outside party attempts to obtain indirectly through the auditor information that it is unable to obtain directly from the audited entity. In developing such policies, audit organizations need to consider applicable laws and regulations that apply to the audit organizations or the audited entity.
1This documentation requirement does not increase the auditors’ responsibility for testing internal control but is intended to assist the auditors in ensuring that audit objectives are met and audit risk is reduced to an acceptable level.
|