Implementation Guide to

Standard on Auditing (SA) 230

Audit Documentation
(Revised 2022 Edition)

The Institute of Chartered Accountants of India

(Set up by an Act of Parliament)
New Delhi
© The Institute of Chartered Accountants of India.

All rights reserved. No part of this publication may be reproduced,

stored in a retrieval system, or transmitted, in any form, or by any
means, electronic, mechanical, photocopying, recording, or
otherwise, without prior permission, in writing, from the publisher.

Revised Edition : December 2022

Committee : Auditing and Assurance Standards Board

Email : [email protected]

Website : www.icai.org

Price : ₹ 100/-

ISBN : 978-81-8441-632-9

Published by : The Publication & CDS Directorate on behalf of

The Institute of Chartered Accountants of India,
ICAI Bhawan, Post Box No. 7100,
Indraprastha Marg, New Delhi - 110 002 (India)

Printed by : SAP Print Solutions Pvt. Ltd.

28A, Lakshmi Industrial Estate,
S. N. Path, Lower Parel, Mumbai - 400 013
February | 2023 | P3286 (Revised)
 Foreword

The Auditing and Assurance Standards Board (AASB) is a non-

standing Committee of the Institute of Chartered Accountants of
India (ICAI). The main objective of AASB is formulating
Engagement and Quality Control Standards (standards on
auditing, review, other assurance, quality control and related
services). The Board also formulates Guidance Notes on generic
as well as industry specific issues in auditing, Technical Guides,
Implementation Guides and other publications for guidance of the
members. The Board organizes regular awareness programmes
on auditing standards, reporting requirements of Companies Act,
2013 and other auditing aspects to update knowledge of the
members.

Implementation Guides to Standards on Auditing are an important

resource for auditors in applying the principles of these Standards
in real life audit scenarios. In 2013, AASB of ICAI had brought out
the publication, “Implementation Guide to SA 230, Audit
Documentation”. The Implementation Guide was last revised in
2018. I am happy to note that AASB has brought out this
thoroughly revised edition of the “Implementation Guide to SA
230, Audit Documentation”. The revised edition of the
Implementation Guide has been written in simple and easy to
understand language in a “Question-Answer” format containing
frequently asked questions (FAQs) on SA 230 and responses to
those FAQs.

I wish to compliment CA. (Dr.) Sanjeev Kumar Singhal, Chairman,

CA. Vishal Doshi, Vice Chairman and all members of the AASB
for their efforts in bringing out this revised edition of the
Implementation Guide for the benefit of the members and other
stakeholders at large.
I am confident that the members would find this revised edition of
the Implementation Guide very useful in their professional
assignments.

December 6, 2022 CA. (Dr.) Debashis Mitra

New Delhi President, ICAI
 Preface
Standard on Auditing (SA) 230, “Audit Documentation” prescribes
the basic principles of audit documentation. These principles need
to be followed by auditors while complying with requirements of
SA 230 and specific documentation requirements of other
Standards on Auditing. In 2013, the Auditing and Assurance
Standards Board (AASB) of ICAI issued the “Implementation
Guide to SA 230, Audit Documentation” to provide practical
implementation guidance to auditors on this Standard. The
Implementation Guide was revised in 2018. Suggestions were
received from some stakeholders that more guidance on the
aspect of assembly of the final audit file may be included in the
Implementation Guide. Based on these suggestions, AASB
decided to revise the Implementation Guide.

It gives us immense pleasure to place in hands of the members,

this revised edition of “Implementation Guide to SA 230, Audit
Documentation” brought out by AASB. The revised edition of the
Implementation Guide contains Summary of the Standard,
Introduction, FAQs on SA 230, Checklist and Illustrative Working
Paper Format. Chapter 3: FAQs on SA 230 of revised edition of
the Implementation Guide contains detailed guidance on
principles of SA 230 in a Question-Answer format. The revised
edition of the Implementation Guide will enable auditors to comply
with requirements of SA 230 effectively as it brings out additional
clarity on various aspects of SA 230.

We express our sincere thanks to CA. Sandeep Sharma, Special

Invitee, AASB for his contribution in finalizing this revised edition
of the Implementation Guide.

We would like to thank our Honourable President, CA. (Dr.)

Debashis Mitra and Honourable Vice-President, CA. Aniket Sunil
Talati for their guidance and support in various endeavours of the
Board.
We wish to place on record high appreciation of all Board
members for their valuable suggestions in finalising this revised
edition of the Implementation Guide. We also wish to thank CA.
Megha Saxena, Secretary, AASB and other staff of AASB for their
contribution in updating and finalising this revised edition of the
Implementation Guide.

We are confident that this revised edition of the Implementation

Guide would be well received by the members and other
interested readers.

CA. Vishal Doshi CA. (Dr.) Sanjeev Kumar Singhal

Vice Chairman, AASB Chairman, AASB
 Contents

Foreword

Preface

Chapter 1: Summary of the Standard ................................ 1-3

Chapter 2: Introduction ..................................................... 4-8

Chapter 3: FAQs on SA 230 ............................................ 9-59

Chapter 4: Checklist....................................................... 60-62

Appendix: Illustrative Working Paper Format ...................... 63

 Chapter 1
Summary of the Standard
Implementation Guide to SA 230(Revised 2022)

2
Implementation Guide to SA 230 (Revised 2022)

3
 Chapter 2
Introduction

Concept of Documentation

2.1 Audit, according to Spicer and Pegler, “may be said to be

such an examination of the books, accounts and vouchers of a
business as will enable the auditor to satisfy that the Balance
Sheet is properly drawn up, so as to give a true and fair view of
the state of affairs of the business and the Profit or Loss for the
financial period, according to the best of his information and the
explanations given to him and as shown by the books, and if not,
in what respect he is not satisfied.”

2.2 Though the above definition addresses various aspects of

an audit, one of the most important and relevant issues arising out
of this definition is that the auditor needs to “satisfy himself that
the financial statements are properly drawn up…”, “… according
to best of his information and explanations given to him…”,
“… and if not, “in what respect the auditor is not satisfied”.

2.3 An auditor, during the course of his audit may come across
various materials in the form of deeds, agreements, contracts,
invoices, vouchers, etc. which are the supporting materials to
evidence the happening of an event/transaction. These are the
basis for him to satisfy (or to not satisfy) himself in material
aspects as to whether the financial statements give a true and fair
view of the state of the affairs of the business and of the profit and
loss for that period.

2.4 A document is any material which provides evidence of

work performed, action taken or the happening of an event. The
audit documentation may be recorded in paper or electronic form
as mentioned in paragraph A3 of SA 230. Examples of documents
include work papers, copy or abstract of signed agreements,
videos, pictures, spreadsheets, transcripts, correspondences, data
in electronic form containing the records in systematic manner etc.
 Implementation Guide to SA 230 (Revised 2022)

2.5 Oxford dictionary defines documentation “as material that

provides official information or evidence or that serves as a
record; the process of classifying and annotating texts,
photographs, etc”.
2.6 SA 230, “Audit Documentation” defines audit
documentation as “The record of audit procedures performed,
relevant audit evidence obtained, and conclusions the auditor
reached (terms such as “working papers” or “work papers” are
also sometimes used”.
2.7 Hence, “document”, in the context of audit refers more to
that which is required to be maintained by an auditor to record his
findings during the course of the audit.

Why is Documentation Important?

2.8 Documentation is considered the backbone of an audit.
The work that the auditor performs, the explanations given to the
auditor, the conclusions arrived at, all are evidenced by
documentation. Inadequate or improper documentation may be
considered as deficiency in performing an audit. The auditor may
have executed appropriate audit procedures, however, if there is
no documentation to prove, it may put question on the work done,
in case any material misstatement is reported. Improper and
incomplete documentation may put the auditor in difficult
situations, such as actions from various regulators.
2.9 Documentation is essential because:

• It supports the auditor’s basis for a conclusion about

achieving the auditor’s objectives.
• Provides evidence that audit was planned and performed.
• It assists supervision and review.
• It results in better conceptual clarity, clarity of thought and
expression.
• It facilitates better understanding and helps avoid
misconception.
• It supports and evidences compliance with standards on
auditing, applicable legal & regulatory requirements.

5
Implementation Guide to SA 230(Revised 2022)

Form and Content of Documentation

2.10 The form and content of audit documentation should be
designed to meet the circumstances as necessary of the particular
audit. It should satisfy the requirements of the governing
standards and substantiate the conclusions arrived at by the
auditor.

2.11 The form and content of documentation depends on

various factors such as:

• Size, nature and type of entity.

• Risk assessment.
• Materiality.
• Sampling methods.
• Requirements as per laws and regulations.
2.12 Documents are segregated into those forming part of the
Permanent Audit File and Current Audit File. Permanent audit file
contains those documents, the use of which is not restricted to
one time period, and extends to subsequent audits also e.g.
Engagement letter, Communication with previous auditor,
Memorandum of Association, Articles of Association, Organization
structure, List of directors/partners/trustees/bankers/ lawyers, etc.
On the other hand, a current audit file contains those documents
relevant for that time period of audit.

2.13 Examples of audit documentation may include the

following:
• Understanding the entity.
• Time and cost details.
• Audit programme.
• Risk assessment.
• List of samples selected for testing and basis of selection
thereof.
• Team discussion.

6
 Implementation Guide to SA 230 (Revised 2022)

• Working papers pertaining to significant areas.

• Analyses.
• Description of audit tools (IT software or other platform) used
and computer files obtained from the entity, when an audit
tool is used, for example to assist in testing of journal entries.
• Correspondence (including email) concerning significant
matters.
• Abstract or copies of entity’s records (for example significant
and specific contracts and agreements).
• Communication with those charged with governance.
• Basis for conclusions, including issues memorandum.
• Reporting & completion.
• Quality/ engagement quality control review.
• Checklists completed by the audit team for compliance with
accounting standards and standards on auditing.
• Communication with previous auditors or other third parties.
• Letters of confirmation and representation.
• Documents relating to client acceptance/continuance.
• Assessment of reliance placed on other auditors or experts.
• Evidence of nature, timing and extent of procedures
performed by internal specialist and professionals, evidence
or results obtained from performing those procedures and
conclusions reached.
2.14 In general, a working paper may contain the following:

• Risk and controls relevant to the area.

• Assertions to be tested and satisfied.
• Substantive and analytical procedures performed.
• Persons performing/reviewing the work.
• Dates on which the work was performed/reviewed.

7
Implementation Guide to SA 230(Revised 2022)

• Extent of review.
• Documents prepared by client.
• Nature, type and size of the entity.
2.15 Audit documentation may be lesser in case of less
complex entities and small entities as compared to large and
complex entities.

8
 Chapter 3
FAQs on SA 230

Q1. What is the scope of SA 230?

A1. SA 230 deals with the auditor’s responsibility to prepare
audit documentation for an audit of financial statements. It
is to be adapted as necessary in the circumstances when
applied to audits of other historical financial information.
The specific documentation requirements of other SAs do
not limit the application of SA 230. Laws or regulations
may establish additional documentation requirements.
Q2. What is the nature and purpose of audit
documentation?
A2. Audit documentation that meets the requirements of this
SA and the specific documentation requirements of other
relevant SAs provides:
(a) Evidence of the auditor’s basis for a conclusion about
the achievement of the overall objectives of the
auditor; and
(b) Evidence that the audit was planned and performed in
accordance with SAs and applicable legal and
regulatory requirements.
A table has been given stating the specific documentation
requirements under various SAs. Refer response to FAQ
37.
Q3. What are the purposes which may be served by audit
documentation?
A3. Audit documentation serves a number of purposes,
including the following:
• Assisting the engagement team to plan and perform
the audit.
• Assisting members of the engagement team
responsible for supervision to direct and supervise the
Implementation Guide to SA 230(Revised 2022)

audit work, and to discharge their review

responsibilities in accordance with SA 220.
• Enabling the engagement team to be accountable for
its work.
• Retaining a record of matters of continuing
significance to future audits.
• Enabling the conduct of quality control reviews and
inspections in accordance with SQC 1.
• Enabling the conduct of external inspections in
accordance with applicable legal, regulatory or other
requirements.

Q4. What is the objective of the auditor under SA 230?

A4. The objective of the auditor is to prepare documentation
that provides:
• A sufficient and appropriate record of the basis for the
auditor’s report; and
• Evidence that the audit was planned and performed in
accordance with SAs and applicable legal and
regulatory requirements.

Q5. What do you mean by audit documentation?

A5. The record of audit procedures performed, relevant audit

evidence obtained, and conclusions the auditor reached
(terms such as “working papers” or “workpapers” are also
sometimes used). It may be noted, that the ‘documents
provided by client’ which are used to do audit should be part
of audit documentation and checking notes should be
attached by auditors on such documents.

Q6. What do you mean by audit file?

A6. One or more files, in physical or electronic form, containing
the records that comprise the audit documentation for a
specific engagement.

10
 Implementation Guide to SA 230 (Revised 2022)

Q7. What do you mean by experienced auditor?

A7. An individual (whether internal or external to the firm) who
has practical audit experience, and a reasonable
understanding of:
• Audit processes;
• SAs and applicable legal and regulatory requirements;
• The business environment in which the entity
operates; and
• Auditing and financial reporting issues relevant to the
entity’s industry.
Q8. What would be the form, content and extent of Audit
Documentation?

A8. The auditor shall prepare audit documentation that is

sufficient to enable an experienced auditor, to understand:

• The nature, timing, and extent of the audit procedures

performed to comply with the SAs and applicable legal
and regulatory requirements;
• The results of the audit procedures performed, and the
audit evidence obtained; and
• Significant matters arising during the audit, the
conclusions reached thereon, and significant
professional judgments made in reaching those
conclusions.
Q9. What are influential factors for the form, content and
extent of audit documentation?

A9. The form, content and extent of audit documentation

depend on factors such as:
• The size and complexity of the entity.

• The nature of the audit procedures to be performed.

• The identified risks of material misstatement.

11
Implementation Guide to SA 230(Revised 2022)

• The significance of the audit evidence obtained.

• The nature and extent of exceptions revealed.

• The need to document a conclusion or the basis for a

conclusion not readily determinable from the
documentation of the work performed or audit
evidence obtained.
• The audit methodology and audit tools used.
Q10. How should the audit documentation be recorded?

A10. Audit documentation may be recorded on paper or on

electronic or other media.
Q11. What are the examples of the audit documentation?

A11. Examples of audit documentation include the following:

• Engagement letter.
• Audit programmes defined, with details of work carried
out and results filled, including planning memorandum.
• Analyses of various account balances through
comparatives and corroborative.
• Issues memoranda.
• Summaries of significant matters.
• Letters of confirmation and representation.
• Checklists.
• Correspondence (including e-mail) concerning
significant matters.
• Abstracts or copies of the entity’s records/contracts/
agreements.
Audit documentation, however, is not a substitute for the
entity’s accounting records and vice versa.

12
 Implementation Guide to SA 230 (Revised 2022)

Q12. Whether Minutes Book, Records, Bills, Vouchers,

Fixed Assets Register, legal books etc. are to be
obtained by auditor as audit documentation?

A12. No, such records are to be kept and maintained by the

management / owner of the entity. Auditor may take
abstract of some accounts, records, contracts etc., as he
may find relevant as per his judgement.

Oral explanations by the auditor, on their own, do not

represent adequate support for the work auditor performed
or conclusions the auditor reached, but may be used to
explain or clarify information contained in the audit
documentation.

Q13. Whether incomplete, initial drafts, superseded audit

work papers/documents or a trail from such audit work
paper to final audit work paper are to be obtained by
auditor as audit documentation? What would the
auditor not include in the audit documentation?

A13. Audit documentation should contain only the final versions

of audit workpapers with the date and the name of the
engagement team member who prepared and reviewed
the documentation. Further, the auditor also need not
include in audit documentation:

• Superseded drafts of working papers and financial

statements.
• Notes that reflect incompleteness.
• Preliminary thinking.
• Previous copies of documents corrected for
typographical or other errors.
• Duplicates of documents.
• Review notes and disposal of review notes.

13
Implementation Guide to SA 230(Revised 2022)

Q14. Whether confirmation of all parties account balances

should be obtained by the management and copy of all
should be recorded by the auditor as audit
documentation, if not, then to what extent and in which
manner the confirmation (direct/third party/obtained by
management/ verification from records) is relevant for
the audit documentation required to be recorded?

A14. No, the SAs do not prescribe that the confirmation of all
account balances is required to be obtained. As it may also
not be feasible considering the time and cost involved and
to complete the audit in time. It is the auditor’s judgment to
rely on the running account balances, statements,
transactions with the parties and behaviour of the account.
In the cases when the auditor has reason to believe that
the account balances with the respective parties are
material and may have material differences, he should ask
for the confirmations of the balances from the respective
parties/entities to reduce the risk of material misstatement
at low level. The confirmations, if available in other cases
also will further support the auditor’s opinion.
As required by SA 330 and SA 505, the auditor should
obtain more persuasive audit evidence to respond to the
auditor’s assessment of higher risk. In such situation
external confirmation is more reliable as an audit evidence.
Hence when there is higher risk involved the auditor should
reduce the risk by obtaining the external confirmation.
Q15. Laws and regulations are required to be complied by
the entity for which appropriate disclosures are
included in the illustrative formats and contents of the
financial statements as per respective laws and
regulations, for example Schedule III to the Companies
Act, 2013 in case of corporate entities. The auditor is
required to document all matters of non-compliances
in material aspects. Whether the additional
documentation is required?

14
 Implementation Guide to SA 230 (Revised 2022)

A15. The Companies Act, 2013 has given the formats for
financial statements in Schedule III, with the manner of
disclosure and items required to be disclosed. For high
quality of reporting, it is always desired that the disclosure
should be more appropriate. The requirements are meant
to add value to the users of the financial statements. The
auditor should therefore document to support the opinion
where there is any material departure from the requirement
and which may also materially influence the decision of the
user.
Further, in those cases where no specific requirement of
the format or disclosure is given, the auditor may agree to
the financial reporting framework being followed by the
entity and disclosing those items which are pertinent to the
said framework and the applicable requirement under that
audit. In such case the auditor should specify the same in
the engagement letter issued to the auditee. In case of
non-corporate entities, the disclosures as required under
the Companies Act, 2013 are not applicable.

Q16. What would be the audit documentation in case of

Smaller / Less Complex Entity?
A16. The audit documentation for the audit of a smaller/less
complex entity is less extensive than that for the audit of a
larger entity. In certain cases it may materially vary as
there may be few documentation in some small/less
complex entity. Here there may be more personal
communication and formally there may only be the
representation letter as audit documentation.
When preparing audit documentation, the auditor of a
smaller entity may also find it helpful and efficient to record
various aspects of the audit together in a single document.
Examples of matters that may be documented together in
the audit of a smaller entity include understanding of the
entity and its internal control, the overall audit strategy and
audit plan, materiality, determined in accordance with SA
320, ‘Materiality in Planning and Performing an Audit’,

15
Implementation Guide to SA 230(Revised 2022)

assessed risks, significant matters noted during the audit,

and conclusions reached.
Application and Other Explanatory Material given in the
standards on auditing also mention the lesser
documentation and deals with considerations specific to
smaller entities, the brief of which is explained as below
(for details the auditor may refer the relevant standard):
• SA 260(Revised), “Communication with Those
Charged with Governance”, explains that in some
smaller entities, however, one person may be charged
with governance, for example, the owner-manager
where there are no other owners, or a sole trustee.
Also, in some cases, the appropriate person(s) with
whom to communicate may not be clearly identifiable
from the applicable legal framework or other
engagement circumstances, for example, entities
where the governance structure is not formally
defined, such as some family-owned entities, some
not-for-profit organizations, and some government
entities. In such cases, the auditor may need to
discuss and agree with the engaging party (Auditee)
the relevant person(s) with whom to communicate.
• SA 265, “Communicating Deficiencies in Internal
Control to Those Charged with Governance and
Management”, explains that smaller entities may find
that certain types of control activities are not
necessary because of controls applied by
management. For example, management’s sole
authority for granting credit to customers and
approving significant purchases can provide effective
control over important account balances and
transactions, lessening or removing the need for more
detailed control activities.
• SA 240, “The Auditor’s Responsibilities relating to
Fraud in an Audit of Financial Statements”, states that
in case of small entity where a single owner manages
the entity and no one else has governance role. In
these cases, there is ordinarily no action on the part of

16
 Implementation Guide to SA 230 (Revised 2022)

the auditor because there is no oversight separate

from the management.
• SA 300, “Planning an Audit of Financial Statements”,
explains that in audits of small entities, the entire audit
may be conducted by a very small audit team. Many
audits of small entities involve the engagement partner
(who may be a sole practitioner) working with one
engagement team member (or without any
engagement team members). With a smaller team, co-
ordination of, and communication between, team
members are easier. Establishing the overall audit
strategy for the audit of a small entity need not be a
complex or time-consuming exercise; it varies
according to the size of the entity, the complexity of
the audit, and the size of the engagement team. For
example, a brief memorandum prepared at the
completion of the previous audit, based on a review of
the working papers and highlighting issues identified in
the audit just completed, updated in the current period
based on discussions with the owner-manager, can
serve as the documented audit strategy for the current
audit engagement if it covers the matters noted in
paragraph 7 of SA 300.
• SA 315, “Identifying and Assessing the Risks of
Material Misstatement Through Understanding the
Entity and Its Environment”, explains that many small
audits are carried out entirely by the engagement
partner (who may be a sole practitioner). In such
situations, it is the engagement partner who, having
personally conducted the planning of the audit, would
be responsible for considering the susceptibility of the
entity’s financial statements to material misstatement
due to fraud or error. Further, smaller entities may not
have interim or monthly financial information that can
be used for purposes of analytical procedures. In
these circumstances, the auditor may be able to
perform very limited procedures.

17
Implementation Guide to SA 230(Revised 2022)

• SA 320, “Materiality in Planning and Performing an

Audit”, explains that when an entity’s profit before tax
from continuing operations is consistently nominal, as
might be the case for an owner-managed business
where the owner takes much of the profit before tax in
the form of remuneration, a benchmark such as profit
before remuneration and tax may be more relevant for
audit documentation.
• SA 330, “The Auditor’s Responses to Assessed
Risks”, explains that in the case of small entities, there
may not be many control activities that could be
identified by the auditor, or the extent to which their
existence or operation have been documented by the
entity may be limited.
• SA 540, “Auditing Accounting Estimates, Including
Fair Value Accounting Estimates, and Related
Disclosures”, explains that obtaining understanding of
estimates for smaller entities is often less complex as
their business activities are often limited and
transactions are less complex. Further, often a single
person, for example the owner-manager, identifies the
need to make an accounting estimate and the auditor
may focus inquiries accordingly.
• SA 570(Revised), “Going Concern”, explains that in
many cases, the management of smaller entities may
not have prepared a detailed assessment of the
entity’s ability to continue as a going concern, but
instead may rely on in-depth knowledge of the
business and anticipated future prospects.
Nevertheless, in accordance with the requirements of
this SA, the auditor needs to evaluate management’s
assessment of the entity’s ability to continue as a
going concern.

Further, continued support by owner-managers is

often important to smaller entities’ ability to continue
as a going concern. Where a small entity is largely
financed by a loan from the owner-manager, it may be

18
 Implementation Guide to SA 230 (Revised 2022)

important that these funds are not withdrawn. For

example, the continuance of a small entity in financial
difficulty may be dependent on the owner-manager
subordinating a loan to the entity in favour of banks or
other creditors, or the owner-manager supporting a
loan for the entity by providing a guarantee with his or
her personal assets as collateral. In such
circumstances, the auditor may obtain appropriate
documentary evidence of the subordination of the
owner-manager’s loan or of the guarantee. Where an
entity is dependent on additional support from the
owner-manager, the auditor may evaluate the owner-
manager’s ability to meet the obligation under the
support arrangement. In addition, the auditor may
request written confirmation of the terms and
conditions attaching to such support and the owner-
manager’s intention or understanding.
Further, in the case of an audit where the engagement
partner performs all the audit work, the documentation will
not include matters that might have to be documented
solely to inform or instruct members of an engagement
team, or to provide evidence of review by other members
of the team (for example, there will be no matters to
document relating to team discussions or supervision).
Nevertheless, the engagement team shall prepare audit
documentation that can be understood by an experienced
auditor having no previous connection with the audit, as
the audit documentation may be subject to review by
external parties for regulatory or other purposes.
Q17. If the auditor complies with SA 230, will the result be
sufficient and appropriate audit documentation?

A17. In principle, compliance with the requirements of this SA

will result in the audit documentation being sufficient and
appropriate in the circumstances. Other SAs contain
specific documentation requirements that are intended to
clarify the application of this SA in the particular
circumstances of those SAs. Reference may be made to

19
Implementation Guide to SA 230(Revised 2022)

FAQ 37 which covers specific documentation requirements

in the respective SAs. While the engagement team comply
with SA 230 for principles of the audit documentation
requirements for an audit engagement, it should also
consider the specific factors applicable to that
engagement, for example, the client profile and industry,
specific audit matters and professional judgments.

Q18. Do the specific documentation requirements of other

SAs limit the application of SA 230?
A18. No, the specific documentation requirements of other SAs
do not limit the application of this SA.

Q19. What will be the consequence, if there is no audit

documentation requirement in any SA?

A19. The absence of a documentation requirement in any

particular SA is not intended to suggest that there is no
documentation that needs to be prepared as a result of
complying with that SA. Documentation appropriate to the
circumstance needs to be maintained.
Q20. Is it necessary for the auditor to document separately
(as in a checklist, for example) compliance with
matters for which compliance is demonstrated by
documents included within the audit file?
A20. No, audit documentation provides evidence that the audit
complies with SAs. However, it is neither necessary nor
practicable for the auditor to document every matter
considered, or professional judgment made, in an audit.
Further, it is not necessary for the auditor to document
separately (as in a checklist, for example) compliance with
matters for which compliance is demonstrated by
documents included within the audit file. For example:

• The existence of an adequately documented audit

plan demonstrates that the auditor has planned the
audit.

20
 Implementation Guide to SA 230 (Revised 2022)

• The existence of a signed engagement letter in the

audit file demonstrates that the auditor has agreed the
terms of the audit engagement with management, or
where appropriate, those charged with governance.
• An auditor’s report containing an appropriately
qualified opinion demonstrates that the auditor has
complied with the requirement to express a qualified
opinion under the circumstances specified in the SAs.
• In relation to requirements that apply generally
throughout the audit, there may be a number of ways
in which compliance with them may be demonstrated
within the audit file:
o For example, there may be no single way in which
the auditor’s professional skepticism is
documented. But the audit documentation may
nevertheless provide evidence of the auditor’s
exercise of professional skepticism in accordance
with SAs. Such evidence may include specific
procedures performed to corroborate
management’s responses to the auditor’s
inquiries.
o Similarly, that the engagement partner has taken
responsibility for the direction, supervision and
performance of the audit in compliance with the
SAs may be evidenced in a number of ways
within the audit documentation. This may include
documentation of the engagement partner’s timely
involvement in aspects of the audit, such as
participation in the team discussion required by
SA 315.
Q21. What are the examples of significant matters?

A21. Judging the significance of a matter requires an objective

analysis of the facts and circumstances. Examples of
significant matters include:

• Matters that give rise to significant risks. As defined in

SA 315, significant risks mean an identified and

21
Implementation Guide to SA 230(Revised 2022)

assessed risk of material misstatement that, in the

auditor’s judgment, requires special audit
consideration.
• Results of audit procedures indicating (a) that the
financial statements could be materially misstated, or
(b) a need to revise the auditor’s previous assessment
of the risks of material misstatement and the auditor’s
responses to those risks.
• Circumstances that cause the auditor significant
difficulty in applying necessary audit procedures.
• Findings that could result in a modification to the audit
opinion or the inclusion of an Emphasis of Matter
paragraph in the auditor’s report.
Q22. What are the important factors in determining the
form, content and extent of audit documentation of
significant matters?

A22. An important factor in determining the form, content and

extent of audit documentation of significant matters is the
extent of professional judgment exercised in performing
the work and evaluating the results. Documentation of the
professional judgments made, where significant, serves to
explain the auditor’s conclusions and to reinforce the
quality of the judgment. Such matters are of particular
interest to those responsible for reviewing audit
documentation, including those carrying out subsequent
audits, when reviewing matters of continuing significance
(for example, when performing a retrospective review of
accounting estimates).

Q23. Give examples of circumstances in which, it is

appropriate to prepare audit documentation relating to
the use of professional judgment?

A23. Some examples of circumstances in which, it is

appropriate to prepare audit documentation relating to the
use of professional judgment include, where the matters
and judgments are significant:

22
 Implementation Guide to SA 230 (Revised 2022)

• The rationale for the auditor’s conclusion when a

requirement provides that the auditor ‘shall consider’
certain information or factors, and that consideration is
significant in the context of the particular engagement.
• The basis for the auditor’s conclusion on the
reasonableness of areas of subjective judgments (for
example, the reasonableness of significant accounting
estimates).
• The basis for the auditor’s conclusions about the
authenticity of a document when further investigation
(such as making appropriate use of an expert or of
confirmation procedures) is undertaken in response to
conditions identified during the audit that caused the
auditor to believe that the document may not be
authentic.
The auditor may consider it helpful to prepare and retain as
part of the audit documentation a summary (sometimes
known as a completion memorandum) that describes the
significant matters identified during the audit and how they
were addressed, or that includes cross-references to other
relevant supporting audit documentation that provides
such information. Such a summary may facilitate effective
and efficient reviews and inspections of the audit
documentation, particularly for large and complex audits.
Further, the preparation of such a summary may assist the
auditor’s consideration of the significant matters. It may
also help the auditor to consider whether, in light of the
audit procedures performed and conclusions reached,
there is any individual relevant SA objective that the
auditor cannot achieve that would prevent the auditor from
achieving the overall objectives of the auditor. It is however
to be noted that the audit documentation for use of the
professional judgment will be materially lesser in case of
audit of small entities and where the engagement partner
himself is dealing with the audit of such entities in all
respect.

23
Implementation Guide to SA 230(Revised 2022)

Q24. What should the auditor record in documenting the

nature, timing and extent of audit procedures
performed?

A24. The auditor should record:

• The identifying characteristics of the specific items or
matters tested;
• Who performed the audit work and the date such work
was completed; and
• Who reviewed the audit work performed and the date
and extent of such review.
SA 220 requires the auditor to review the audit work
performed through review of the audit documentation. The
requirement to document who reviewed the audit work
performed does not imply a need for each specific working
paper to include evidence of review. The requirement,
however, means documenting what audit work was
reviewed, who reviewed such work, and when it was
reviewed.
Q25. In documenting the nature, timing and extent of audit
procedures performed, what are purposes of recording
the identifying characteristics of the specific items or
matters tested?
A25. In documenting the nature, timing and extent of audit
procedures performed, recording the identifying
characteristics of the specific items or matters tested
serves a number of purposes. For example, it enables the
engagement team to be accountable for its work and
facilitates the investigation of exceptions or
inconsistencies. Identifying characteristics will vary with the
nature of the audit procedure and the item or matter
tested. For example:

• For a detailed test of entity-generated purchase

orders, the auditor may identify the documents

24
 Implementation Guide to SA 230 (Revised 2022)

selected for testing by their dates and unique

purchase order numbers.
• For a procedure requiring selection or review of all
items over a specific amount from a given population,
the auditor may record the scope of the procedure and
identify the population (for example, all journal entries
over a specified amount from the journal register).

• For a procedure requiring systematic sampling from a

population of documents, the auditor may identify the
documents selected by recording their source, the
starting point and the sampling interval (for example, a
systematic sample of shipping reports selected from
the shipping log for the period April 1 to September
30, starting with report number 12345 and selecting
every 125th report).
• For a procedure requiring inquiries of specific entity
personnel, the auditor may record the dates of the
inquiries and the names and job designations of the
entity personnel.
• For an observation procedure, the auditor may record
the process or matter being observed, the relevant
individuals, their respective responsibilities, and where
and when the observation was carried out.
Q26. What all should the auditor document for
communication/discussion with management?

A26. The auditor shall document discussions of significant

matters with management, those charged with
governance, and others, including the nature of the
significant matters discussed and when and with whom the
discussions took place. The documentation is not limited to
records prepared by the auditor but may include other
appropriate records such as minutes of meetings prepared
by the entity’s personnel and agreed by the auditor. Others
with whom the auditor may discuss significant matters may

25
Implementation Guide to SA 230(Revised 2022)

include other personnel within the entity, and external

parties, such as persons providing professional advice to
the entity. The auditor should specifically deal with key
audit matters documentation as specified in SA 701 and
other audit conclusion and reporting standards.
Q27. What should the auditor document if the auditor
identified information that is inconsistent with the
auditor’s final conclusion regarding a significant
matter?

A27. As mentioned in paragraph 11 of SA 230, the auditor shall

document how the auditor addressed the inconsistency.
The requirement to document how the auditor addressed
inconsistencies in information does not imply that the
auditor needs to retain documentation that is incorrect or
superseded.
Q28. What will the auditor do when it is necessary to depart
from a relevant requirement in a SA?

A28. The auditor should document how the alternative audit

procedures performed achieve the aim of that requirement,
and the reasons for the departure, if, in exceptional
circumstances, the auditor judges it necessary to depart
from a relevant requirement in a SA. The requirements of
the SAs are designed to enable the auditor to achieve the
objectives specified in the SAs, and thereby the overall
objective of the auditor. Accordingly, other than in
exceptional circumstances, the SAs call for compliance
with each requirement that is relevant in the circumstances
of the audit.

Q29. Under which situation is a documentation requirement

not necessary?

A29. The documentation requirement applies only to

requirements that are relevant in the circumstances. A
requirement is not relevant only in the cases where:

26
 Implementation Guide to SA 230 (Revised 2022)

• The entire SA is not relevant [for example, if an entity

does not have an internal audit function, nothing in SA
610(Revised) is relevant]; or

• The requirement is conditional and the condition does

not exist (for example, the requirement to modify the
auditor’s opinion where there is an inability to obtain
sufficient appropriate audit evidence, and there is no
such inability).
Q30. What will be the audit documentation, if, in exceptional
circumstances, the auditor performs new or additional
audit procedures or draws new conclusions after the
date of the auditor’s report?

A30. The auditor is required to document:

• The circumstances encountered;
• The new or additional audit procedures performed,
audit evidence obtained, and conclusions reached,
and their effect on the auditor’s report; and
• When and by whom the resulting changes to audit
documentation were made and reviewed. While
changes are made by the engagement team, these
are reviewed by the engagement partner and /or
engagement quality control reviewer (where
applicable).
Q31. Give examples of exceptional circumstances – Matters
arising after the Date of the Auditor’s Report?

A31. Examples of exceptional circumstances include facts which

become known to the auditor after the date of the auditor’s
report but which existed at that date and which, if known at
that date, might have caused the financial statements to be
amended or the auditor to modify the opinion in the
auditor’s report. Reference may be made to examples
given in FAQ 38 in this Implementation Guide. The
resulting changes to the audit documentation are reviewed

27
Implementation Guide to SA 230(Revised 2022)

in accordance with the review responsibilities set out in SA

220, with the engagement partner taking final responsibility
for the changes.
Q32. When should the auditor complete the administrative
process of assembling the final audit file?
A32. The auditor should complete the administrative process of
assembling the final audit file on a timely basis after the
date of the auditor’s report. SQC 1 requires firms to
establish policies and procedures for the timely completion
of the assembly of audit files. An appropriate time limit
within which to complete the assembly of the final audit file
is ordinarily not more than 60 days after the date of the
auditor’s report.
Q33. Whether the administrative process of completion of
the assembly of the final audit file after the date of the
auditor’s report construes as performance of new
audit procedures or the drawing of new conclusions?
If not, what are the changes permissible in the audit
documentation during the final assembly process?
A33. SA 230 permits only administrative changes to be made to
audit documentation after the date of the auditor’s report
and states the following requirements in this regard:
The completion of the assembly of the final audit file after
the date of the auditor’s report is an administrative process
that does not involve the performance of new audit
procedures or the drawing of new conclusions. Changes
may, however, be made to the audit documentation during
the final assembly process if they are administrative in
nature. Examples of such changes include:
• Deleting or discarding superseded documentation.
• Sorting, collating and cross referencing working
papers.
• Signing off on completion checklists relating to the file
assembly process.
• Documenting audit evidence that the auditor has
obtained, discussed, and agreed with the relevant

28
 Implementation Guide to SA 230 (Revised 2022)

members of the engagement team before the date of

the auditor’s report.
When assembling the documentation, engagement team
should review the documentation to determine that it has a
complete and final set of documentation to support the
auditor’s opinion.
In addition to the examples provided in SA 230, the
following illustrative examples can be considered as
administrative changes:
• Adding original confirmations previously received by
fax or email.
• Review notes are temporary documents and are not
part of audit documentation as per SA 230. So,
deleting these review notes is also an administrative
task provided it does not result in performing a new
procedure and does not affect the quality of
documentation, conclusions reached or any other
matter that may affect auditor’s report.
• Organizing the external hardcopy paper file to include
audit evidence obtained before the date of the
auditor’s report.
• Transferring correspondence items containing audit
evidence, obtained before the date of the auditor’s
report, into the audit file.
• Removing or replacing incorrect cross references
within the engagement files.
• Adding electronic documents produced outside of the
engagement file that include evidence obtained before
the date of auditor’s report.
• Accepting revisions in word documents when the track
changes functionality was used.
While the abovementioned activities are regarded as
permissible activities, in practice, it is difficult to
substantiate that the audit evidence was obtained,

29
Implementation Guide to SA 230(Revised 2022)

discussed and agreed prior to the date of the audit report.

Therefore, while it is advisable to complete all
documentation on a contemporaneous basis, the
abovementioned activities certainly need to be completed
before the final assembly of the audit file.
SA 230 allows deleting or discarding superseded
documentation during final assembly of audit file, thus
incomplete, initial drafts or superseded documents should
not be retained in final audit file. Further, a track changes
version of every change made to a superseded workpaper
to arrive at final workpaper during final file assembly
process is not required to be maintained.

Q34. What is the retention period for the audit

documentation?

A34. The retention period of documentation for audit

engagements, as per SQC 1, ordinarily is no shorter than
seven years from the date of the auditor’s report, or, if
later, the date of the group auditor’s report.

Q35. What will be the audit documentation in the

circumstances where the auditor finds it necessary to
modify existing audit documentation or add new audit
documentation after the assembly of the final audit file
has been completed?
A35. After the assembly of the final audit file has been
completed, the auditor shall not delete or discard audit
documentation of any nature before the end of its retention
period.

In circumstances other than those envisaged in FAQ 38,

where the auditor finds it necessary to modify existing audit
documentation or add new audit documentation after the
assembly of the final audit file has been completed, the
auditor shall, regardless of the nature of the modifications
or additions, document:

• The specific reasons for making them; and

30
 Implementation Guide to SA 230 (Revised 2022)

• When and by whom they were made and reviewed.

Some common examples of documentation that may be
added after the archive date, but are not limited to:
• Additions to the documentation as a result of
remediating findings from internal or external
inspections.
• Adding the final copy of communications with those
charged with governance.
• Determining that an incorrect version of a document
was archived.

In such situations, in accordance with the firm’s policies

and procedures, the engagement team should document
modifications to audit documentation after the date of
assembly of the final audit file in a copy of the engagement
file identified as a copy, which should then be assembled
in the same manner as prescribed in paragraphs 14 to 16
and paragraphs A21 to A25 of SA 230 (also refer FAQ 38).
This would result in retaining both the originally assembled
file and subsequently assembled file.
Q36. Who is the owner of the audit documentation?

A36. Standard on Quality Control (SQC) 1, “Quality Control for

Firms that Perform Audits and Reviews of Historical
Financial Information, and Other Assurance and Related
Services Engagements”, issued by the ICAI, provides that,
unless otherwise specified by law or regulation, audit
documentation is the property of the auditor. He may at his
discretion, make portions of, or extracts from, audit
documentation available to clients, provided such
disclosure does not undermine the validity of the work
performed, or, in the case of assurance engagements, the
independence of the auditor or of his personnel.

31
Implementation Guide to SA 230(Revised 2022)

A37. Provide the specific audit documentation requirements

in other SAs?

A37. The specific audit documentation requirements in the

respective SAs are given below. Since the standards on
auditing are in alignment of the international standards on
auditing prepared keeping in mind the requirements of the
listed entities and public interest entities with a view to
oversee the public interest, the specific documentation
requirements have been given accordingly. The same may
be adjusted (in case of small/ less complex entities as also
briefed in the application material of the respective
Standards) according to the requirements based on the
size, nature, type of the entity being audited and
complexities involved.

SA 220, Quality Control for an Audit of Financial Statements

Para
Issue Documentation Needed
Ref.
24. • Compliance with The auditor shall document:
the Relevant
• Issues identified with respect to
Ethical and
compliance with relevant ethical
independence
requirements and how they were
Requirements.
resolved.
• Acceptance and
• Confirmation of independence
Continuance of
and documenting the same.
client
relationship and • Conclusions on compliance with
audit independence requirements that
engagements. apply to the audit engagement,
• Consultations. and any relevant discussions
with the firm that support these
conclusions.
• Conclusions reached regarding
the acceptance and continuance
of client relationships and audit

32
 Implementation Guide to SA 230 (Revised 2022)

engagements.
• The nature and scope of, and
conclusions resulting from,
consultations undertaken during
the course of the audit
engagement.
25 Engagement The engagement quality control
Quality Control reviewer shall document:
Review - Timing • The procedures required by the
and Procedures. firm’s policies on engagement
quality control review have been
performed; and activities
performed with respect to this
could be documented;
• The engagement quality control
review has been completed on
or before the date of the
auditor’s report; and
• The reviewer is not aware of any
unresolved matters that would
cause the reviewer to believe
that the significant judgments the
engagement team made and the
conclusions they reached were
not appropriate.
A35 Documentation of Documentation of consultations with
Consultations other professionals that involve
difficult or contentious matters that is
sufficiently complete and detailed
contributes to an understanding of:
• The issue on which consultation
was sought; and
• The results of the consultation,
including any decisions taken,
the basis for those decisions and

33
Implementation Guide to SA 230(Revised 2022)

how they were implemented.

SA 240, The Auditor’s Responsibilities Relating to Fraud in an

Audit of Financial Statements

Para
Issue Documentation Needed
Ref.

44 • Understanding • The significant decisions

the entity & its reached during the discussion
environment among the engagement team
regarding the susceptibility of the
• Assessment of entity’s financial statements to
risks of material material misstatement due to
misstatements fraud; and

• The identified and assessed

risks of material misstatement
due to fraud at the financial
statement level and at the
assertion level.

45 Responses to • The overall responses to the

assessed risks assessed risks of material
misstatement due to fraud at the
financial statement level and the
nature, timing and extent of audit
procedures, and the linkage of
those procedures with the
assessed risks of material
misstatement due to fraud at the
assertion level; and

• The results of the audit

procedures, including those
designed to address the risk of
management override of
controls.

34
 Implementation Guide to SA 230 (Revised 2022)

46 Communications Communications about fraud made

about fraud to management, those charged with
governance, regulators and others.

47 Fraud in revenue Reasons for concluding the

recognition presumption that there is a risk of
material misstatement due to fraud
related to revenue recognition is not
applicable in the circumstances of
the engagement, or checks
performed and found satisfactory
with reference to the procedures.

SA 250, Consideration of Laws and Regulations in an Audit of

Financial Statements
Para
Issue Documentation Needed
Ref
29 • Non-compliance • Identified or suspected non-
• Discussions compliance with laws and
regulations.
• Results of discussions with :
▪ Management;
▪ those charged with
governance (where
applicable); and
▪ other parties outside the
entity.
A21 Non compliance • Documentation may include:
▪ Copies of records or
documents.
▪ Minutes of discussions held
with management, those
charged with governance or
parties outside the entity.

35
Implementation Guide to SA 230(Revised 2022)

SA 260(Revised), Communication with Those Charged with

Governance

Para Issue Documentation Needed

Ref

23 Oral & written • Matters required by this SA to

communications to be communicated are
those charged with communicated orally, document
governance following aspects:
▪ The matter;
▪ When communication was
made; and
▪ To whom communication
was made.
• Matters required by this SA to
be communicated are
communicated in writing, retain
a copy of the communication.

A54 Oral communication May include a copy of minutes

prepared by entity retained as part
of audit documentation where those
minutes are an appropriate record
of the communication.

SA 265, Communicating Deficiencies in Internal Control to

Those Charged with Governance and Management

Para Issue Documentation Needed

Ref

A13 Written • Receipt of such communication.

communication of
• Documentation of written
significant
communication of significant
deficiencies
deficiencies.

36
 Implementation Guide to SA 230 (Revised 2022)

SA 300, Planning an Audit of Financial Statements

Para
Issue Documentation Needed
Ref
11 Planning • The overall audit strategy;
• The audit plan; and
• Any significant changes made
during the audit engagement to
the overall audit strategy or the
audit plan, and the reasons for
such changes.
A17- • Overall audit • In respect of overall audit
A20 strategy strategy, document:
• Audit plan ▪ the key decisions considered
• Significant necessary to properly plan
changes made the audit – scope, timing,
in the above two conduct of audit; and
▪ communicate significant
matters communicated to the
engagement team.
• May summarize the overall audit
strategy in the form of a
memorandum.
• Documentation of the audit plan
is record of planned nature,
timing and extent of risk
assessment procedures and
further audit procedures at the
assertion level in response to the
assessed risks.
• May use standard audit
programs and/or audit
completion checklists, tailored as
needed to reflect the particular
engagement circumstances.
• A record of the significant

37
Implementation Guide to SA 230(Revised 2022)

changes to the overall audit

strategy and the audit plan
should document:
▪ resulting changes to the
planned nature, timing and
extent of audit procedures.
▪ reasons for significant
changes made.
▪ overall audit strategy and
audit plan finally adopted for
the audit.
▪ Response to the significant
changes occurring during the
audit.
• In smaller entities a suitable,
brief memorandum may serve as
the documented strategy for the
audit of a smaller entity.

SA 315, Identifying and Assessing the Risks of Material

Misstatement Through Understanding the Entity and Its
Environment
Para
Issue Documentation Needed
Ref
32(a) Discussion among • The discussion among the
the engagement engagement team where
Team required by paragraph 10 of SA
315, and the significant
decisions reached:
▪ the susceptibility of the
entity’s financial statements
to material misstatement;
and
▪ the application of the
applicable financial reporting
framework to the entity’s

38
 Implementation Guide to SA 230 (Revised 2022)

facts and circumstances.

32(b) Understanding of • Relevant industry, regulatory,
each of the aspects and other external factors
of the entity and its including the applicable financial
environment reporting framework.
specified in • The nature of the entity,
paragraph 11 including:
▪ its operations;
▪ its ownership and
governance structures;
▪ the types of investments that
the entity is making and
plans to make, including
investments in special
purpose entities; and
▪ the way that the entity is
structured and how it is
financed.
• The entity’s selection and
application of accounting
policies, including the reasons
for changes thereto.
• Auditor’s evaluation of whether
the entity’s accounting policies
are appropriate for its business
and consistent with the
applicable financial reporting
framework and accounting
policies used in the relevant
industry.
• The entity’s objectives and
strategies, and those related
business risks that may result in
risks of material misstatement.
• The measurement and review of

39
Implementation Guide to SA 230(Revised 2022)

the entity’s financial

performance.
32(b) Understanding of • Control environment – Auditor’s
each of the internal evaluation of whether:
control components ▪ Management, with the
specified in oversight of those charged
paragraphs 14-24 with governance, has
created and maintained a
culture of honesty and
ethical behaviour;
▪ The strengths in the control
environment elements
collectively provide an
appropriate foundation for
the other components of
internal control; and
▪ Whether those other
components are not
undermined by deficiencies
in the control environment.
• Entity’s risk assessment process
for:
▪ Identifying business risks
relevant to financial
reporting objectives;
▪ Estimating the significance
of the risks;
▪ Assessing the likelihood of
their occurrence; and
▪ Deciding about actions to
address those risks.
• Management’s failure to identify
a risk otherwise expected to
have been identified:
▪ Why that process failed to

40
Implementation Guide to SA 230 (Revised 2022)

identify it; and

▪ Evaluation of whether the
process is appropriate to its
circumstances or determine
whether it represent a
significant deficiency in
internal control with regard
to the entity’s risk
assessment process.
• If the entity has not established
such a process or has an ad hoc
process:
▪ Discussion with
management regarding
whether business risks
relevant to financial
reporting objectives have
been identified and how they
have been addressed.
• Information system, including
the related business processes,
relevant to financial reporting,
including the following areas:
▪ The classes of transactions
in the entity’s operations that
are significant to the
financial statements;
▪ The procedures, within both
information technology (IT)
and manual systems, by
which those transactions are
initiated, recorded,
processed, corrected as
necessary, transferred to the
general ledger and reported
in the financial statements;

41
Implementation Guide to SA 230(Revised 2022)

▪ The related accounting

records, supporting
information and specific
accounts in the financial
statements that are used to
initiate, record, process and
report transactions; this
includes the correction of
incorrect information and
how information is
transferred to the general
ledger. The records may be
in either manual or
electronic form;
▪ How the information system
captures events and
conditions, other than
transactions, that are
significant to the financial
statements;
▪ The financial reporting
process used to prepare the
entity’s financial statements,
including significant
accounting estimates and
disclosures; and
▪ Controls surrounding journal
entries, including non-
standard journal entries
used to record non-
recurring, unusual
transactions or adjustments.
• Entity’s communication of
financial reporting roles and
responsibilities and significant
matters relating to financial
reporting, including:

42
Implementation Guide to SA 230 (Revised 2022)

▪ Communications between
management and those
charged with governance;
and
▪ External communications,
such as those with
regulatory authorities.
• Control activities relevant to the
audit:
▪ Understanding of control
activities relevant to the
audit; and
▪ Entity’s response to IT risks.
• Monitoring of controls:
▪ Understanding of entity’s
major activities to monitor
internal control over financial
reporting; and
▪ How the entity initiates
remedial actions to
deficiencies in its controls.
• Understanding of the relevance
of the Internal Audit Function:
▪ The nature of the internal
audit function’s
responsibilities and how the
internal audit function fits in
the entity’s organisational
structure; and
▪ The activities performed, or
to be performed, by the
internal audit function.
• Entities having uncomplicated
businesses and processes
relevant to financial reporting,

43
Implementation Guide to SA 230(Revised 2022)

documentation:
▪ Simple and brief.
▪ Not necessary to document
the entirety of the auditor’s
understanding of the entity
and matters related to it.
▪ Document only key
elements of understanding.
▪ Extent of documentation
may also reflect the
experience and capabilities
of the members of the audit
engagement team.
▪ For recurring audits, certain
documentation may be
carried forward, updated as
necessary to reflect changes
in the entity’s business or
processes.
32(b) Sources of • Sources of the information used
information from in the entity’s monitoring
which the activities.
understanding was • Basis upon which management
obtained and risk considers the information to be
assessment sufficiently reliable for the
procedures purpose.
performed
• Documentation about risk
assessment procedures
performed.
32(c) Risks of material • Risks of material misstatement
misstatement (in identified and assessed:
terms of para 25 of ▪ at the financial statement
the standard) level; and
▪ at the assertion level for
classes of transactions,

44
 Implementation Guide to SA 230 (Revised 2022)

account balances and

disclosures.

32(d) Risks requiring The risks identified, and related

special audit controls about which the auditor has
considerations obtained an understanding, as a
result of the requirements in
paragraphs 27-30 of the Standard.

SA 320, Materiality in Planning and Performing an Audit

Para
Issue Documentation Needed
Ref.

14(a) Materiality for the • Materiality for the financial

& (b) financial statements as a whole:
statements as a
▪ For establishing the overall
whole or
audit strategy.
materiality
level(s) for • Materiality level(s) for particular
particular classes classes of transactions, account
of transactions, balances or disclosures:
account balances ▪ Determine materiality level(s)
or disclosures to be applied to particular
classes of transactions,
account balances or
disclosures, which could be
expected to influence the
economic decisions of the
users.
14(c) Performance • Determine performance
materiality materiality:
▪ For assessing the risks of
material misstatement; and
▪ Determining the nature,
timing and extent of further
audit procedures.

45
Implementation Guide to SA 230(Revised 2022)

14(d) Revisions as the • Revise materiality for the

Audit Progresses financial statements as a whole
or materiality level(s) for
particular classes of
transactions, account balances
or disclosures:
▪ If the auditor becomes aware
of information during the
audit that would have caused
the auditor to have
determined a different
amount (or amounts) initially.
• If the auditor concludes that a
lower materiality than that initially
determined is appropriate:
▪ Determine whether it is
necessary to revise
performance materiality, and
▪ Whether the nature, timing
and extent of the further audit
procedures remain
appropriate.

SA 330, The Auditor’s Responses to Assessed Risks

Para
Issue Documentation Needed
Ref
28(a) Overall responses Overall responses to address the
assessed risks of material
misstatement at the financial
statement level, and the nature,
timing and extent of the further audit
procedures performed.

28(b) Linkages Linkage of those procedures with

the assessed risks at the assertion
level.

46
 Implementation Guide to SA 230 (Revised 2022)

28(c) Results • The results of the audit

& procedures, including the
A63 conclusions where these are not
otherwise clear.
▪ The form and extent of audit
documentation is a matter of
professional judgment, and
is influenced by:
➢ nature, size and
complexity of the entity
and its internal control;
➢ availability of information;
and
➢ audit methodology and
technology used in the
audit.
29 Audit evidence • Document the conclusions
about operating reached about relying on such
effectiveness of controls that were tested in a
controls obtained in previous audit.
previous audits
30 Financial • The auditors’ documentation
statements shall demonstrate that the
agreeing or financial statements agree or
reconciling with reconcile with the underlying
underlying accounting records.
accounting records.

SA 450, Evaluation of Misstatements Identified during the

Audit
Para
Issue Documentation Needed
Ref.

15 & Uncorrected • The amount below which

A25 Misstatements misstatements would be
regarded as clearly trivial.

47
Implementation Guide to SA 230(Revised 2022)

• All misstatements accumulated

during the audit and whether they
have been corrected:
▪ Communication with
management to correct the
misstatement.
▪ Communication with those
charged with governance:
➢ Uncorrected
misstatements; and
➢ Effect that they, individually
or in aggregate, may have
on the opinion in the
auditor’s report.
• The auditor’s conclusion as to
whether uncorrected
misstatements are material,
individually or in aggregate, and
the basis for that conclusion.
Auditor should consider:
▪ The size and nature of the
misstatements, both in relation
to particular classes of
transactions, account
balances or disclosures and
the financial statements as a
whole, and the particular
circumstances of their
occurrence; and
▪ The effect of uncorrected
misstatements related to prior
periods on the relevant
classes of transactions,
account balances or
disclosures, and the financial
statements as a whole.
• The auditor’s documentation of

48
 Implementation Guide to SA 230 (Revised 2022)

uncorrected misstatements may

take into account:
▪ The consideration of the
aggregate effect of
uncorrected misstatements;
▪ The evaluation of whether the
materiality level or levels for
particular classes of
transactions, account
balances or disclosures, if any,
have been exceeded; and
▪ The evaluation of the effect of
uncorrected misstatements on
key ratios or trends, and
compliance with legal,
regulatory and contractual
requirements (for example,
debt covenants).

SA 540, Auditing Accounting Estimates, Including Fair Value

Accounting Estimates, and Related Disclosures
Para
Issue Documentation Needed
Ref

23(a) Auditor’s conclusion • The basis for the auditor’s

conclusions about the
reasonableness of accounting
estimates and their disclosure
that give rise to significant risks.
23(b) Management bias • Indicators of possible
and management bias, if any.
A128
▪ Assists the auditor in
concluding whether the
auditor’s risk assessment
and related responses
remain appropriate, and
▪ Evaluating whether the

49
Implementation Guide to SA 230(Revised 2022)

financial statements as a
whole are free from material
misstatement.

SA 550, Related Parties

Para
Issue Documentation Needed
Ref
28 Related parties • Names of the identified related
parties.
• Nature of the related party
relationships.

SA 570(Revised), Going Concern

Para
Issue Documentation Needed
Ref
17 Auditor’s • Evaluate whether sufficient
Conclusion appropriate audit evidence has
been obtained.
• Conclude on the
appropriateness of
management’s use of the going
concern basis of accounting in
the preparation of the financial
statements.
18. Whether, in the • Appropriate documentation
auditor’s judgment, required about material
a material uncertainty exists when the
uncertainty exists magnitude of its potential impact
and likelihood of occurrence is
such that disclosure of the
nature and implications of the
uncertainty is necessary for:
▪ In the case of a fair
presentation financial
reporting framework, the fair
presentation of the financial
statements; or

50
 Implementation Guide to SA 230 (Revised 2022)

▪ In the case of a compliance

framework, the financial
statements not to be
misleading.

SA 600, Using the Work of Another Auditor

Para
Issue Documentation Needed
Ref
18 Components • Components whose financial
and component information was audited by other
auditors auditors.
• Such components’ significance to
the financial information of the entity
as a whole.
• Names of the other auditors.
• Any conclusions reached that
individual components are not
material.
• Procedures performed and the
conclusions reached.
• Where component auditor’s report is
other than unmodified, document
how principal auditor has dealt with
the qualifications or adverse
remarks contained in the other
auditor’s report in framing his own
report.

SA 610(Revised), Using the Work of Internal Auditors

Para
Issue Documentation Needed
Ref.
36 External auditor • The evaluation of:
using the work of ▪ Whether the function’s
the internal organizational status and
auditors relevant policies and
procedures adequately
support the objectivity of the

51
Implementation Guide to SA 230(Revised 2022)

internal auditors;
▪ The level of competence of the
function; and
▪ Whether the function applies a
systematic and disciplined
approach, including quality
control;
• The nature and extent of the work
used and the basis for that
decision; and
• The audit procedures performed
by the external auditor to
evaluate the adequacy of the
work used.
37 External auditor • The evaluation of the existence
uses internal and significance of threats to the
auditor to provide objectivity of the internal auditors,
direct assistance and the level of competence of
the internal auditors used to
provide direct assistance;
• The basis for the decision
regarding the nature and extent
of the work performed by the
internal auditors;
• Who reviewed the work
performed and the date and
extent of that review in
accordance with SA 230;
• The written agreements obtained
from an authorized representative
of the entity and the internal
auditors under paragraph 33 of
this SA; and
• The working papers prepared by
the internal auditors who provided
direct assistance on the audit
engagement.

52
 Implementation Guide to SA 230 (Revised 2022)

SA 701, Communicating Key Audit Matters in the Independent

Auditor’s Report

Para
Issue Documentation Needed
Ref.

18 Documentation: Audit documentation shall include:

Key audit matters • The matters that required
significant auditor attention; and
Rationale for the auditor’s
determination as to whether or
not each of these matters is a key
audit matter.
• The rationale for the auditor’s
determination that there are no
key audit matters to communicate
in the auditor’s report.
• The rationale for the auditor’s
determination not to
communicate in the auditor’s
report a matter determined to be
a key audit matter.
A64
Documentation: • Basis of determination of the
Key Audit Matters matters that required significant
auditor attention, from the matters
communicated with those
charged with governance.
• The auditor’s judgments to be
supported by the documentation
of the auditor’s communications
with those charged with
governance and the audit
documentation relating to each
individual matter.

53
Implementation Guide to SA 230(Revised 2022)

SA 720(Revised), The Auditor’s Responsibilities Relating to

Other Information

Para
Issue Documentation Needed
Ref.

25 Documentation Audit documentation shall include :

relating to Other • Documentation of the procedures
Information performed under this SA.
• The final version of the other
information on which the auditor
has performed the work.

Q38. What are the matters to be considered while making

changes to documentation after the date of auditor’s
report but before archive date, which are other than
administrative in nature?

A38. Circumstances may arise that require changes or additions

to audit documentation that are not administrative in nature
after the date of the auditor’s report. FAQ 33 describes
administrative changes that may be made to the
documentation during the assembly process. Any changes
or additions that are not considered as administrative
change constitute new audit evidence and means that the
audit procedures were either not completed or
documented on or before the date of the auditor’s report.
When changes or additions that are not administrative are
made to the audit documentation after the date of the
auditor’s report but before the archive date, the
engagement team should document:
• An explanation describing what information was added
or changed.
• When the evidence was obtained.
• The date the information was added and reviewed.

54
 Implementation Guide to SA 230 (Revised 2022)

• The name of the person who prepared and reviewed

the additional information.
• The circumstances encountered and the reasons for
adding the information.
• The new or additional audit procedures performed,
audit evidence obtained, and conclusions reached.
• When the conclusions in respect of the new information
were approved by the engagement manager,
engagement partner and / or engagement quality
control reviewer (where applicable).
• The effect on the auditor’s report.
Accordingly, when engagement team has obtained audit
evidence before the date of the auditor’s report but
documented this audit evidence after the date of the
auditor’s report or make substantive changes to
documentation that existed at the date of the auditor’s
report, engagement team shall record these matters.
Above information may be recorded in the respective work
paper which was modified after date of auditor’s report and
also in a memo for all such changes, such memo to be
included in the audit file. This needs to be completed
before the final assembly of the audit file.
The following are examples of circumstances that require
changes or additions to the documentation that are not
administrative after the date of the auditor’s report:
Example #1
Subsequent to the date of the auditor’s report, the
engagement team becomes aware of additional facts
regarding a current litigation matter that existed at the date
of the auditor’s report. If the engagement team had been
aware of the additional facts prior to the date of the
auditor’s report, that may have affected the financial
statements and the audit opinion. This circumstance may
require the engagement team to make additions or
changes to the documentation that are not administrative
in nature.

55
Implementation Guide to SA 230(Revised 2022)

The engagement team should include these additional

facts in the documentation and document the elements
required above (i.e. the date the information was added
and reviewed; the name of the person who prepared and
reviewed the additional information; the circumstances
encountered and the reasons for adding the information;
the new or additional audit procedures performed, audit
evidence obtained, and conclusions reached; and the
effect on the auditor’s report, etc.).
Example #2
Subsequent to the date of the auditor’s report, the
engagement team identifies workpapers without proper
signoffs. Adding sign-offs to the audit workpapers
represents a change that is not administrative because the
documentation did not meet requirements (i.e., reviewer
did not sign and date the workpaper to evidence his or her
review at the right time). The engagement team should
document the sign-offs, any changes to the workpapers
and the elements required above.
After the date of the auditor’s report, the engagement team
may also discover that, considering the facts and
circumstances at the time of the audit, one or more
additional audit procedures have been omitted.
In those limited situations when the engagement team is
performing procedures and obtaining and documenting
evidence after the date of the auditor’s report, the
engagement team does not discard any related
documentation that previously existed.
Q39. What are the requirements on maintaining the
confidentiality, safe custody, integrity, accessibility
and retrievability of engagement documentation after
the completion of assembly of the audit file?
A39. The auditor is required to comply with following
requirements of the Standard on Quality Control (SQC) 1,
“Quality Control for Firms that Perform Audits and Reviews
of Historical Financial Information, and Other Assurance
and Related Services Engagements”:

56
 Implementation Guide to SA 230 (Revised 2022)

• The firm should establish policies and procedures

designed to maintain the confidentiality, safe custody,
integrity, accessibility and retrievability of engagement
documentation;
• Relevant ethical requirements establish an obligation
for the firm’s personnel to observe at all times the
confidentiality of information contained in engagement
documentation, unless specific client authority has
been given to disclose information, or there is a legal
or professional duty to do so. Specific laws or
regulations may impose additional obligations on the
firm’s personnel to maintain client confidentiality,
particularly where data of a personal nature are
concerned; and
• Whether engagement documentation is in paper,
electronic or other media, the integrity, accessibility or
retrievability of the underlying data may be
compromised if the documentation could be altered,
added to or deleted without the firm’s knowledge, or if
it could be permanently lost or damaged.
Accordingly, the audit firm designs and implements
appropriate controls for engagement documentation to:
(a) enable the determination of when and by whom
engagement documentation was created, changed or
reviewed;
(b) protect the integrity of the information at all stages of
the engagement, especially when the information is
shared within the engagement team or transmitted to
other parties via the Internet;

(c) prevent unauthorized changes to the engagement

documentation; and

(d) allow access to the engagement documentation by the

engagement team and other authorized parties as
necessary to properly discharge their responsibilities.

57
Implementation Guide to SA 230(Revised 2022)

Controls that the firm may design and implement to

maintain the confidentiality, safe custody, integrity,
accessibility and retrievability of engagement
documentation include, for example:
• the use of a password among engagement team
members to restrict access to electronic engagement
documentation to authorized users.

• appropriate back-up routines for electronic

engagement documentation at appropriate stages
during the engagement.
• procedures for properly distributing engagement
documentation to the team members at the start of
engagement, processing it during engagement, and
collating it at the end of engagement.
• procedures for restricting access to, and enabling
proper distribution and confidential storage of,
hardcopy engagement documentation.

For practical reasons, original paper documentation may

be electronically scanned for inclusion in engagement files.
In that case, the firm implements appropriate procedures
requiring engagement teams to:
(a) Generate scanned copies that reflect the entire
content of the original paper documentation, including
manual signatures, cross-references and annotations;
(b) Integrate the scanned copies into the engagement
files, including indexing and signing off on the scanned
copies as necessary; and

(c) Enable the scanned copies to be retrieved and printed

as necessary.

The firm considers whether to retain original paper

documentation that has been scanned for legal, regulatory
or other reasons.

58
 Implementation Guide to SA 230 (Revised 2022)

Q40. When should an auditor prepare audit documentation?

A40 It is appropriate that the auditor should prepare audit
documentation on a timely basis i.e. at the time audit work
is performed. Preparing sufficient and appropriate audit
documentation on a timely basis helps to enhance the
quality of the audit and facilitates the effective review and
evaluation of the audit evidence obtained and conclusions
reached before the auditor’s report is finalised.
Documentation prepared after the audit work has been
performed is likely to be less accurate than documentation
prepared at the time such work is performed and is also
susceptible to risk that the work was performed after the
auditor’s report was issued.

59
 Chapter 4
Checklist

S.No. Particulars Yes/No/ Remarks/

NA WP Ref

1. Whether the audit documentation

is prepared on a timely basis?

2. Whether the audit documentation

is sufficient to enable an
experienced auditor, having no
previous connection with the audit,
to understand the following?
(a) The nature, timing, and extent
of the audit procedures
performed to comply with the
SAs and applicable legal and
regulatory requirements;
(b) The results of the audit
procedures performed, and
the audit evidence obtained;
and
(c) Significant matters arising
during the audit, the
conclusions reached thereon,
and significant professional
judgments made in reaching
those conclusions.
3. While documenting the nature,
timing and extent of audit
procedures performed, whether
the following were recorded?

(a) The identifying characteristics

of the specific items or matters
 Implementation Guide to SA 230 (Revised 2022)

tested;
(b) Who performed the audit work
and the date such work was
completed; and
(c) Who reviewed the audit work
performed and the date and
extent of such review.

4. Whether the documentation

includes discussions of significant
matters with management, those
charged with governance, and
others, including the nature of the
significant matters discussed and
when and with whom the
discussions took place?

5. Where it is identified that

information is inconsistent with the
auditor’s final conclusion regarding
a significant matter, whether it is
documented as to how the
inconsistency was addressed?

6. Where it is considered necessary

in exceptional circumstances to
depart from a relevant requirement
in a SA, whether the audit
documentation reflects how the
alternative audit procedures
performed achieved the aim of that
requirement and the reasons for
the departure?

7. Where in exceptional
circumstances, new or additional
audit procedures are performed or
new conclusions are reached after

61
Implementation Guide to SA 230(Revised 2022)

the date of the audit report,

whether the following were
documented?
(a) The circumstances
encountered;
(b) The new or additional audit
procedures performed, audit
evidence obtained, and
conclusions reached, and their
effect on the auditor’s report;
and
(c) When and by whom the
resulting changes to audit
documentation were made
and reviewed.

8. Is it ensured that after the

assembly of the final audit file has
been completed, no deletion or
discard of audit documentation of
any nature has taken place before
the end of its retention period?

9. Where it is necessary to modify

existing audit documentation or
add new audit documentation after
the assembly of the final audit file
has been completed, whether the
following were documented?
(a) The specific reasons for
making them; and
(b) When and by whom they were
made and reviewed.

62
 Implementation Guide to SA 230 (Revised 2022)

Appendix

Illustrative Working Paper Format

XYZ Limited Audit Firm’s name

Nature of Assignment Article Assistants name

HO/Unit:

For the period___ Date of audit

Reviewed by:

Area:

Sub-area:

Balance as per Balance Sheet:

Balance as per General Ledger:

Difference:

Reason for difference if any:

Checking Notes:

Observations:

Conclusions:

63