The document discusses views on effective audit documentation from standard-setters, regulators, and practitioners. It notes that while audit documentation requirements are intended to improve audit quality, excessive documentation focused only on compliance can actually undermine quality by taking up too much audit time. Regulators find issues like insufficient evidence of professional skepticism and inconsistencies between risk assessments and procedures. The document provides resources on documenting skepticism and offers that stakeholders must work together to balance documentation needs with practical application in audits.

1. Page 1 | Confidential and Proprietary Information
Effective Documentation
Katharine Bagshaw
IFAC SMP Committee Member
Trainers’ Seminar
June 4, 2013
Kampala, Uganda

2. Page 2 | Confidential and Proprietary Information
Outline
• Standard-setter views
• Regulator observations
• Practitioner views
• The growth of audit documentation
• Audit documentation in Africa

3. Page 3 | Confidential and Proprietary Information
Standard-Setter Views
What’s the problem?
• ISA 230 on documentation is one of the shortest ISAs
• 9 requirements
• 22 specific requirements in other ISAs listed in the
appendix

4. Page 4 | Confidential and Proprietary Information
Standard-Setter Views
• Must be in detail (e.g. specific items sampled) and show
who did what and when (paragraph 9)
• Document discussions of significant matters,
inconsistencies, and departures from requirements
(paragraphs 10-12)
• The remainder covers matters arising after the audit report
is signed, and assembly of the file.

5. Page 5 | Confidential and Proprietary Information
Regulator Observations
• www.acra.gov.sg - Singapore’s Accounting and Corporate
Regulatory Authority
• www.pcaobus.org - The USA’s Public Company
Accounting Oversight Board
• www.asic.gov.au - Australia’s Securities and Investments
Commission

6. Page 6 | Confidential and Proprietary Information
Regulator Observations
• www.frc.org.uk - UK’s Financial Reporting Council
• Produced its 2012 annual inspection report last
Wednesday
– http://frc.org.uk/Our-Work/Publications/Audit-Quality-Review/Audit-
Quality-Inspections-Annual-Report-2012-13.aspx
• ICAEW’s QAD Audit Monitoring Report 2012
– www.icaew.com/~/media/Files/Technical/Audit-and-
assurance/audit/working-in-the-regulated-area-of-audit/audit-
monitoring-2012.pdf

7. Page 7 | Confidential and Proprietary Information
Regulator Observations – Common Themes
• Inefficient audit methodologies lead to over-auditing and
under-auditing
• Too much documentation in some established areas and
not enough in other difficult areas
• Little evidence of professional scepticism – insufficient
evidence of challenge
• Poor evidence of the link between risk analysis and
procedures performed – problems are identified but not
addressed

8. Page 8 | Confidential and Proprietary Information
Regulator Observations – Too Much and Not Enough
• Not enough showing the thought processes– but how do
you document a thought process?
• Sample sizes being cut, materiality levels being raised,
analytical procedures are not being used much - without
documentation for the justification of this – big issues
• Nothing at all being done in some low risk areas
• Too much in low risk areas and areas in which audit
procedures are well established

9. Page 9 | Confidential and Proprietary Information
Regulator Observations – Documenting Scepticism
• ISA 200: scepticism is an attitude including a questioning
mind, being alert to conditions which may indicate possible
misstatement, and a critical assessment of audit evidence
• Scepticism is not cynicism, it does not require distrusting
everything you see and hear. May assume documents are
genuine unless there is reason to suspect otherwise
• Scepticism specifically mentioned in ISAs on fraud, laws
and regulations, related parties

10. Page 10 | Confidential and Proprietary Information
Regulator Observations – Documenting Scepticism
• Scepticism is
– Challenging assumptions
– Actively considering the possibility of bias
– Not rebutting the presumption of fraud in revenue recognition too
easily
• Asking the client ≠ sufficient audit evidence
• Insufficient evidence of challenge to client assumptions
about impairments, going concern, and discount rates
used. Often, the challenge took place in meetings but was
not documented

11. Page 11 | Confidential and Proprietary Information
Help with Scepticism and Documentation
• http://www.icaew.com/en/technical/audit-and-
assurance/professional-scepticism
• Series of 11 videos produced by the UK’s FRC on
regulatory findings and in particular on audit
documentation, professional scepticism and group audits
featuring:
– John Kellas CBE: former KPMG partner and IAASB chair who
oversaw the Clarity Project
– Martyn Jones: Current ICAEW President, former Deloitte partner,
founder of ICAEW’s ISA Implementation group

12. Page 12 | Confidential and Proprietary Information
Help with Scepticism and Documentation

13. Page 13 | Confidential and Proprietary Information
Help with Scepticism and Documentation

14. Page 14 | Confidential and Proprietary Information
Practitioner Views
• Practitioners need help from professional bodies and
standard setters.
• Good quality checklists used judiciously are necessary
and improve audit efficiency and quality.
• Poor checklists used indiscriminately without thought are a
drain on audit efficiency and quality.
• New documentation requirements need to be clearly
thought out.
• Good quality methodologies need to be developed and
maintained.

15. Page 15 | Confidential and Proprietary Information
The Growth of Audit Documentation
Excessive documentation for ‘compliance’ purposes work is
real problem. It keeps auditors in the audit room and stops
them from engaging with the client. It is a product of:
• The requirements of auditing standards
• Over-engineered and poor audit methodologies
• The approach taken by regulators

16. Page 16 | Confidential and Proprietary Information
The Growth of Audit Documentation
• Poor documentation by auditors – keeping interesting but
irrelevant information on the file, full documents rather
than extracts and not making use of facilities for electronic
cross-referencing, for example
• Auditors, standard-setters and regulators have a role to
play in ensuring that compliance with audit documentation
requirements do not damage audit quality

17. Page 17 | Confidential and Proprietary Information
Audit Documentation in Africa
What are the issues?
What are the solutions?

18. www.ifac.org/SMP