Audit working papers

Last updated

Audit working papers are the documents which record during the course of audit evidence obtained during financial statements auditing, internal management auditing, information systems auditing, and investigations. Audit working papers are used to support the audit work done in order to provide the assurance that the audit was performed in accordance with the relevant auditing standards. They show the audit was:

The Institute of Internal Auditors, a global professional audit standards body, has issued practice advisory 2330-1 stating the goals of audit working papers are to: [1]

The audit working paper are divided into two parts: The first group consists of the current file and second group contains the permanent file.

  1. The material relating to the current year only is placed in current file
  2. The data to be used for a number of years placed in permanent file. The auditor can rely on the facts and figures recorded in permanent files.

Audit working papers are the property of the auditor. In order to keep professional ethic, it cannot reveal to third parties without client consent unless limited specified situations mentioned in ISA 230 Documentation and required by law, the examples are court order, for public interest and so on.

The forms of documentation may be flowchart, manual, narrative note, checklist, or questionnaire.

Proper features or purpose

Features of Audit documentation are defined by related audit standards ie. IFRS, [2] USGAAP. [3] Following features might be considered as minimum:

Related Research Articles

<span class="mw-page-title-main">Audit</span> Systematic and independent examination of books, accounts, documents and vouchers of an organization

An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.

<span class="mw-page-title-main">Financial audit</span> Type of audit

A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.

<span class="mw-page-title-main">Auditor's report</span> Type of written document

An auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an independent external auditor as a result of an internal or external audit, as an assurance service in order for the user to make decisions based on the results of the audit.

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

Computer-assisted audit tool (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the IT audit profession. CAATs is the practice of using computers to automate the IT audit processes. CAATs normally include using basic office productivity software such as spreadsheets, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

<span class="mw-page-title-main">Public Company Accounting Oversight Board</span> American overseer of audits of public companies

The Public Company Accounting Oversight Board (PCAOB) is a nonprofit corporation created by the Sarbanes–Oxley Act of 2002 to oversee the audits of US-listed public companies. The PCAOB also oversees the audits of broker-dealers, including compliance reports filed pursuant to federal securities laws, to promote investor protection. All PCAOB rules and standards must be approved by the U.S. Securities and Exchange Commission (SEC).

<span class="mw-page-title-main">Generally Accepted Auditing Standards</span> Standards which judge audits

Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).

A software audit review, or software audit, is a type of software review in which one or more auditors who are not members of the software development organization conduct "An independent examination of a software product, software process, or set of software processes to assess compliance with specifications, standards, contractual agreements, or other criteria".

<span class="mw-page-title-main">Internal audit</span> Independent, objective assurance and consulting activity

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. Internal auditing might achieve this goal by providing insight and recommendations based on analyses and assessments of data and business processes. With commitment to integrity and accountability, internal auditing provides value to governing bodies and senior management as an objective source of independent advice. Professionals called internal auditors are employed by organizations to perform the internal auditing activity.

ISA 230 Audit Documentation is one of the International Standards on Auditing. It serves to direct the documentation of audit working papers in order to assist the audit planning and performance; the supervision and review of the audit work; and the recording of audit evidence resulting from the audit work in order to support the auditor's opinion.

Audit evidence is evidence obtained by auditors during a financial audit and recorded in the audit working papers.

Internal control, as defined by accounting and auditing, is a process for assuring of an organization's objectives in operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.

<span class="mw-page-title-main">SOX 404 top–down risk assessment</span>

In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under SOX 404, management must test its internal controls; a TDRA is used to determine the scope of such testing. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.

<span class="mw-page-title-main">Continuous auditing</span>

Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.

<span class="mw-page-title-main">Commission for Academic Accreditation (United Arab Emirates)</span> UAE government agency

The Commission for Academic Accreditation (CAA) is the national quality assurance and regulatory agency responsible for evaluation and accreditation of higher educational institutions and universities in the United Arab Emirates. Established in 2000, it comes under the country's Ministry of Education.

The chief audit executive (CAE), director of audit, director of internal audit, auditor general, or controller general is a high-level independent corporate executive with overall responsibility for internal audit.

Audit planning is a vital area of the [audit], primarily conducted at the beginning of audit process, to ensure that appropriate attention is devoted to important areas, potential problems are promptly identified, work is completed expeditiously and work is properly coordinated. "Audit planning" means developing a general strategy and a detailed approach for the expected nature, timing and extent of the audit. The auditor plans to perform the audit in an efficient and timely manner. In simple words, developing an overall strategy for the effective conduct and scope of the examination.

MS 1722:2011 – Occupational Safety and Health Management Systems – Requirements is a Malaysian Standard that provides requirements on Occupational Safety and Health Management Systems (OSHMS) and basis for the development OSH systems in an organisation. The MS 1722 standard enable an organization to manage its OHS risks and improve its OHS performance. The requirements of the standard are intended to address OHS for employees, temporary employees, contractors and other personnel on site rather than the safety of products and services. The standards provide a more effective method of protecting employees and others from workplace injuries and illnesses and demonstrate management commitment in meeting OHS requirements.

References

  1. "Producing Quality Workpapers". IIA. Archived from the original on 2014-04-07. Retrieved 2014-04-02.
  2. "INTERNATIONAL STANDARD ON AUDITING 230" (PDF). IFAC.
  3. "AU-C Section 230" (PDF). AICPA.