Quality Review Program
Review of Engagements Questionnaire
To be completed for audits of financial reporting periods commencing on or after 1 July 2006
Review Code: «reviewId»
Date questionnaire completed: What type of entity was audited?
(For publicly listed entities and superannuation fund audits, please use separate questionnaire.)
Engagement reference code: Company
Non-corporate disclosing entity
Revenue and/or assets of engagement: • public not listed (including company Other unincorporated body
limited by guarantee)
Engagement year end: • large proprietary Solicitor’s trust account
• small proprietary Real estate agent trust account
Initial that client consent has been sighted: Other (please specify)
Was this an honorary audit?
Auditquestionnaire January 2008 Page 1 of 15
About this questionnaire
This questionnaire has been designed to help you, the reviewer, assess whether the audit under review was conducted in accordance with Australian Auditing Standards, and other
relevant professional standards and legislation.
Throughout the questionnaire the questions in bold relate to mandatory elements of the Auditing Standards and other professional standards or to matters required by legislation. You
must answer yes or no to these questions, or explain why they do not relate to this audit engagement. References have been included to assist you. The questions in normal print
relate to the audit procedures which a practice would commonly carry out to comply with Auditing Standards.
We suggest you start with an overall review of the whole audit, which will enable you to answer most of the questions. From this review identify one significant audit risk, and examine
this area in detail. Question 5.7 asks for your assessment of this area. You should then have enough information to make your overall assessment of the audit in Section 7.
1. Audit independence and quality control Reviewer's Comments
1.1 Is there evidence the engagement partner formed and
documented a conclusion on compliance with
independence requirements that applied to this
1.2 Were any threats to independence identified for this
engagement which were clearly not insignificant?
APES 110 (290.23)
If no, go to 1.5.
Situations which may give rise to threats to independence
• financial interest in clients;
• loans or guarantees to or from the client;
• close business relationships with the client or its directors/
• close family or personal relationships with the client’s
• employment of ex-partners or staff with the client, or client
staff with the firm;
• serving as an officer or director of the client;
• long association of senior personnel with the client;
• provision of non-assurance services to the client; and
• dependence of the firm on the client for a significant
portion of the firm’s fees.
1.3 If yes, have the threat/s and related safeguards been
APES 110 (290.27)
(Note that not all threats can be eliminated or reduced to an
1.4 Have the threats and related safeguards been notified to
the assurance practice?
APES 320.19 and .20
(Not appropriate for small practices.)
1.5 Did the firm provide any bookkeeping services to the
If so, how was the self-review threat reduced to an
APES 110 (290.158) The firm may provide a non-listed audit client
with accounting and bookkeeping services provided any self-
review threat is reduced to an acceptable level.
See also independence questions in Section 5 of the Quality
Control for Firms Questionnaire.
1.6 (a) Was this audit carried out under the Corporations
(b) If yes:
(i) were the general and specific independence
requirements of the Act complied with?
An overview of these requirements is given in the
Quality Control for Firms Questionnaire and the
Questionnaire for the Review of a Practice with an
Internal Review Program.
(ii) was an independence declaration issued to the
directors in accordance with s.307C?
2.1 Is there written evidence that the practice considered the
client relationship before commencing this audit?
APES 320.28, ASA 220.17
2.2 Is there evidence that the auditor and the client agreed on
the terms of the engagement? ASA 210 requires the
auditor to agree on the engagement terms, record them in
writing and forward them to the entity.
Where the terms of the engagement have changed, has
the auditor agreed on the new terms with the client and
confirmed them in writing?
2.3 Does it appear all members of the audit team (including
the engagement partner) had the necessary capabilities,
competence and time to perform this engagement?
APES 320.44; ASA 220.23
2.4 Did the auditor perform analytical procedures as risk
assessment procedures at the planning stage of the
Did the auditor consider whether unusual or unexpected
relationships might indicate a risk of material
misstatement due to fraud?
2.5 Has the auditor established and documented an overall
strategy for the audit?
This ordinarily involves:
• determining the scope of the engagement
• ascertaining the reporting objectives of the engagement
• considering factors such as risk areas and internal control.
Has the auditor made a preliminary assessment of
2.6 Has the auditor developed and documented an audit plan
for the audit?
The audit plan is more detailed than the audit strategy and
• a description of the nature, timing and extent of planned
risk assessment procedures
• a description of the nature, timing and extent of planned
further procedures at the assertion level
• other procedures such as plans for obtaining solicitor’s
For small audits, the audit strategy and the audit plan may be
2.7 Where the audit is being performed pursuant to a statute other
than the Corporations Act 2001 (eg solicitor’s trust account,
Local Government Act) have the audit strategy and plan been
constructed to assess compliance with those statutes?
2.8 Is there evidence the engagement team discussed the
susceptibility of the financial report to material
misstatements, including from fraud?
ASA 315.20; ASA 240.30 & .32
3. Risk Assessment and Internal Controls
3.1 To the extent appropriate for this client, has the practice
documented its understanding of:
(a) relevant industry, regulatory and other external
factors including the applicable financial reporting
framework and relevant laws and regulations?
ASA 315.28; ASA 250.20, .23
(b) the nature of the entity?
(c) the entity’s selection and application of accounting
(d) the entity’s objectives and strategies and the related
business risks that may result in a material
misstatement in the financial report?
(e) the measurement and review of the entity’s financial
3.2 ASA 315 requires auditors to obtain an understanding of
internal control relevant to the audit. It divides internal control
into five components, with specific mandatory requirements
applicable to each. The five components are:
• the control environment
• the entity’s risk assessment process
• the information system
• control activities
• monitoring of controls
Internal controls that are ‘relevant to the audit’ are generally
those that relate to the entity’s objective of preparing a
financial report for external purposes.
To the extent appropriate for this client, has the practice
(a) its understanding of the entity’s control
(b) the entity’s process for identifying business risks
relevant to financial reporting objectives and
deciding about actions to address those risks?
(c) the information system relevant to financial
reporting, including the following (ASA 315.95, .103):
(i) the classes of transactions in the entity’s
operations that are significant to the
(ii) the procedures by which those
transactions are initiated, recorded,
processed and reported in the financial
(iii) the related accounting records, supporting
information and specific accounts in the
(iv) how the information system captures
events and conditions that are significant
to the financial report (eg impairment of
(v) the financial reporting process used to
prepare the entity’s financial report,
including significant accounting estimates
(vi) how the entity communicates financial
reporting roles and responsibilities related
to financial reporting?
(d) control activities sufficient to enable it to
(i) assess the risks of material misstatement at
the assertion level?
(ii) design further audit procedures responsive to
(Control activities include authorisation,
information processing, physical controls and
segregation of duties.)
(e) the major types of activities that the entity uses to
monitor internal control over financial reporting
and how the entity initiates corrective action to its
3.3 Has the practice documented the inquiries made of
management and those charged with governance with
regard to fraud?
ASA 240.38, .42, .50
3.4 Has the practice identified, assessed and documented the
risks of material misstatement (including fraud) at the
financial report level and at the assertion level for classes
of transactions, account balances and disclosures?
ASA 315.117; ASA 240.61
3.5 As part of risk assessment:
(a) has the practice identified and documented any risks
where it is not possible to obtain sufficient evidence
only from substantive procedures?
(b) for any such risks, has the practice evaluated the
design of the related controls and determined
whether they have been implemented (i.e. performed
tests of controls)? Have these tests been
3.6 As part of the risk assessment, have significant audit
risks been identified and documented? (Significant audit
risks are expected to arise on most audits. Where there is
a risk of material misstatement due to fraud (especially in
relation to revenue recognition), this must be classified as
a significant audit risk.)
ASA 315.126; ASA 240.61
3.7 For any significant audit risks, has the practice:
(a) evaluated the design of the related controls and
determined whether they have been implemented?
ASA 315.132; ASA 240.61
(b) planned substantive procedures that are specifically
responsive to that risk?
ASA 330.71; ASA 240.65
4. Audit evidence
4.1 Are there audit working papers on file?
If compilation workpapers are being used to support the audit
opinion, they must contain evidence of the audit procedures
4.2 Was the final engagement file(s) compiled within 60 days
of the audit report being finalised?
APES 320.73a; ASA 230.28
4.3 Are the audit working papers sufficiently complete and
detailed to provide an understanding of the audit?
Was the audit conducted in accordance with the audit plan and
the audit program?
Are the steps in the audit program signed off?
Does it appear changes were made to the audit plan and/or
audit program during the audit, where appropriate?
Are working papers adequate? Consider the following:
• sources of information indicated;
• the meaning of tick marks included;
• purpose of client prepared schedules indicated; and
• apparently insignificant areas were not over-audited.
Can you trace the amounts from the audited lead
schedules, or equivalent, to the final financial report?
4.4 Is there evidence that audit procedures were performed to
ensure all material events occurring after balance date
and up to the date of the audit report were identified?
4.5 Where the practice has used information produced by the
entity (eg. ageing analysis of receivables) to perform
procedures, has evidence been obtained about the
accuracy and completeness of the information?
Specific areas If the auditor did not carry out the specific procedures in questions 4.6 to 4.17 as the area did not
exist or was not material, note this next to the question.
4.6 Have external confirmations been used to verify relevant
balances (eg receivables)?
If not, has sufficient appropriate alternative evidence been
4.7 Where inventory was material, did the auditor attend the
physical inventory count?
If not, did the auditor take or observe some physical
counts on an alternative date and, when necessary,
perform audit procedures on intervening transactions?
4.8 Did the auditor obtain evidence about compliance with
those laws and regulations likely to have an effect on the
determination of material amounts and disclosures in the
4.9 Where material legal matters existed, did the auditor
endeavour to obtain written representations from all
lawyers with whom management consulted?
4.10 Has the auditor performed procedures designed to obtain
evidence regarding the identification and disclosure of
related parties and related party transactions?
4.11 Did the auditor endeavour to obtain written management
• where other sufficient appropriate evidence did not
• in relation to fraud?
• in relation to compliance with laws and regulations?
4.12 Is there a bank audit certificate dated before the audit report?
If not, did the auditor obtain sufficient, appropriate audit
evidence in relation to bank balances and treasury operations
4.13 Were audit procedures performed which were specifically
responsive to risks assessed at the planning stage?
4.14 Where the auditor planned to rely on controls, were tests
of controls performed?
ASA 330.30, .33, .38
4.15 Have assertions been used to design and perform audit
4.16 In determining sample sizes, did the auditor consider
whether sampling risk was reduced to an acceptably low
Sampling risk arises from the possibility that the auditor’s
conclusions, based on a sample, may be different from the
conclusion reached if the entire population was tested.
Sample sizes may be determined statistically or judgementally.
4.17 Did the auditor record the identifying characteristics
(eg invoice numbers, dates and amounts) of the specific
items or matters being tested?
4.18 Does it appear appropriate security and confidentiality
was maintained over the engagement workpapers?
APES 320.73d; ASA 230.37
5. Assessment of audit evidence
5.1 Do the audit working papers record:
• the results of the audit procedures and the evidence
• significant matters arising during the audit and the
conclusions reached thereon?
5.2 Is there evidence that:
• the financial report was agreed to the underlying
• material journal entries/adjustments were examined?
ASA 240.80; ASA 330.69
• accounting estimates were reviewed for bias?
5.3 Were uncorrected misstatements assessed to determine
whether they were material either individually or in
Did the auditor consider whether misstatements identified
could be indicative of fraud?
Did the auditor inform those charged with governance of
any uncorrected misstatements that were determined by
management to be immaterial?
5.4 Was management’s assessment of the going concern
assumption evaluated and documented at the final stage
of the audit?
5.5 Were analytical review procedures applied and
documented at the final stage of the audit?
Did the practice consider whether analytical procedures
indicated a previously unrecognised risk of material
misstatement due to fraud?
5.6 Does it appear the engagement partner took responsibility
for the direction, supervision and performance of the
engagement in accordance with Auditing Standards?
Ordinarily this involves, for example:
• informing members of the audit team of their
• tracking the progress of the engagement
• addressing significant issues arising during the
• determining review responsibilities on the basis that more
experienced team members review work performed by
less experienced team members.
5.7 Select one significant audit risk (or if none, select a material
account) and review this area in detail.
• Were audit assertions at risk identified, and were
substantive procedures performed that were responsive
to that risk?
• Was there an appropriate review of the information
system and related internal controls?
• Were tests performed to ensure controls related to the
significant audit risk had been implemented?
• Was the extent of reliance on controls to reduce
substantive testing appropriate under the circumstances?
• Were the substantive audit procedures selected
• Was appropriate use made of computer audit specialists
in the evaluation of controls?
• Were the results from computer audit testing
incorporated into the audit files?
• Do the work papers adequately document the work
performed and the conclusions reached?
• Do the work papers adequately document the resolution
of all significant issues?
• Were any errors or weaknesses found dealt with
appropriately, given their impact on:
• audit strategy/plan and risk assessment?
• audit scope?
• extent of testing?
• assessment of misstatements?
5.8 If the auditor also prepared the financial report, did the
auditor ensure that client management accepted
responsibility for the preparation and presentation of the
ASA 200.42, .45; ASA 580.07
How did the auditor ensure management accepted
6.1 Is there evidence the engagement partner reviewed the
audit documentation and was satisfied sufficient,
appropriate audit evidence had been obtained prior to the
audit report being issued?
6.2 Does the audit report contain the following elements:
• title including the word ‘independent’?
• addressed as required by the circumstances of the
• an introductory paragraph clearly identifying the entity
whose financial report has been audited, the title/page
numbers of the financial statements that comprise the
financial report (including, where relevant, the
Director’s Declaration) and specifying the date and
period covered by the financial report?
• a statement that those charged with governance are
responsible for the preparation and presentation of the
• a description of the auditor’s responsibilities, including
a description of an audit?
• if relevant, a section headed ‘basis for qualification’
clearly setting out the qualification?
• a section headed ‘auditor’s opinion’ or ‘qualified
• if relevant, a section describing any emphasis of
matter relevant to the auditor’s report?
• date signed in the name of the appointed auditor?
ASA 700; ASA 701
If there is a modification (qualification or emphasis of matter),
does it appear the type of modification is in accordance with
For a reporting entity:
Is the financial report presented in accordance with:
• applicable Accounting Standards; and
• other requirements for the type of entity being
SMO (IFAC statement of member obligations) 1.19.
For a non-reporting entity:
Do the financial report and the audit report clearly state:
• that the financial report is a special purpose report;
• the purpose for which it has been prepared; and
• the extent to which Accounting Standards have, or
have not, been adopted?
6.3 Is the audit report based on the audit evidence in the audit
Is the audit report dated after the date of the audit working
6.4 Were significant matters (including fraud, suspected
fraud, material weaknesses in control or non-compliance
with laws and regulations) reported to management and/or
those charged with governance?
ASA 260.05; ASA 240.99, .101, .106, .108; ASA 250.34, .40, .42, .43.
Were the matters reported in written form?
If reported orally, was this documented (eg via meeting
Was there evidence of follow up of matters identified in
If previously reported matters were not corrected, was their
impact considered in the audit strategy and audit plan?
6.5 Have any suspected (significant) contraventions of the
Corporations Act been reported to ASIC?
s.311 of the Corporations Act and ASIC Practice Note 34
• attempts by the audit client to manipulate or mislead a
member of the audit team;
• attempts by the audit client to interfere with the proper
conduct of the audit;
• insolvent trading;
• failure to comply with accounting standards;
• fraud by officers or employees of the client.
7. Overall assessment Answer “no” unless there is evidence that the engagement was unsatisfactory.
Based on your review of the audit engagement, is there
any indication that:
7.1 the audit was not conducted in accordance with
Australian Auditing Standards?
7.2 the audit opinion was not based on sufficient appropriate