ISA 230 DEALS with the auditor’s responsibility to PREPARE audit documentation for an ‘Audit‘ of Financial Statements.
What is ISA 230?
Audit documentation also referred to as working papers forms the backbone of every audit engagement. ISA 230 establishes minimum expectations for what must be documented, how it should be prepared, and how it is assembled into the final audit file.
The standard applies to all audits of financial statements performed in accordance with ISAs. It works in conjunction with the specific documentation requirements found in other ISAs for instance, the risk assessment documentation required under ISA 315, the response requirements under ISA 330, and the quality management obligations under ISA 220.
Provides a record of the auditor’s basis for conclusions and evidence that the audit complied with ISAs and applicable legal requirements.
Facilitates direction, supervision, and review of work performed by engagement team members throughout the audit.
Enables external quality control reviews, regulatory inspections, and peer reviews to assess compliance with standards.
Supports the engagement team’s accountability and allows investigation of exceptions or inconsistencies.
Audit documentation is not a substitute for the entity’s accounting records. It supports the audit opinion, it does not replace the underlying financial records of the audited entity.
Objective of ISA 230
The objective of the auditor under ISA 230 is to prepare documentation that provides a sufficient and appropriate record of the basis for the auditor’s report. This encompasses two primary purposes:
Evidence that supports the auditor’s conclusions about the overall objectives of the audit engagement.
Proof that the audit was planned and performed in accordance with ISAs and applicable legal and regulatory requirements.
The “Experienced Auditor” Standard
A central concept in ISA 230 is the experienced auditor test (Para. 8). Documentation must be sufficient for an experienced auditor, one with no prior connection to the audit to understand:
- The nature, timing, and extent of audit procedures performed
- The results of audit procedures and audit evidence obtained
- Significant matters arising during the audit
- Conclusions reached and the professional judgments applied
- When and by whom audit work was performed and reviewed
Oral explanations alone are not sufficient support for work performed or conclusions reached (Para. 11). While they may clarify what is documented, the audit file must effectively stand on its own.
Key Documentation Requirements
ISA 230 imposes both general and specific requirements on auditors. The table below outlines the primary obligations set out in the standard:
| Requirement | Paragraph | Description |
|---|---|---|
| Timely Preparation | Para. 7 | The auditor shall prepare documentation on a timely basis. Timely preparation supports quality, since matters are fresh and detail is preserved. |
| Form, Content & Extent | Para. 8 | Documentation must be designed so the experienced auditor can understand the audit procedures, evidence obtained, and significant matters without needing to contact the original auditor. |
| Significant Matters | Para. 10 | Matters involving difficult or contentious professional judgments, or any findings that could affect the auditor’s report, must be documented in sufficient detail. |
| Identifying Characteristics | Para. 9 | When testing specific items or making selections from a population, the auditor shall record identifying characteristics to enable accountability and investigation of exceptions. |
| Departures from ISAs | Para. 12 | If the auditor departs from a relevant basic principle or essential procedure, the alternative procedures performed, their objectives, and reasons for departure must be documented. |
| Discrepancies & Inconsistencies | Para. 11 | If the auditor identifies information inconsistent with the final conclusion on a significant matter, the resolution of that inconsistency must be documented. |
Factors Influencing the Form and Extent of Documentation
ISA 230 acknowledges that professional judgment governs the extent of documentation. Key influencing factors (from Para. A2) include:
- The size and complexity of the entity
- The nature of the audit procedures to be performed
- The identified risks of material misstatement
- The significance of audit evidence obtained
- The nature and extent of exceptions identified
- The audit methodology and tools used
Working Papers [Form and Content]
Audit working papers may be prepared in paper or electronic form. ISA 230 does not prescribe a specific format, but the application guidance identifies the types of documentation commonly included in an audit file.
Planned audit procedures, documented in advance, including any modifications made during fieldwork.
Written records of significant issues identified during the audit and how they were resolved.
Emails and letters concerning significant matters, including confirmation and representation letters.
Used to demonstrate compliance with procedural requirements across various audit areas.
Summaries of significant matters, sometimes called a completion memorandum are especially useful for large and complex audits.
Selected extracts or copies of entity records (e.g., contracts, board minutes) where they support audit conclusions.
The Completion Memorandum
Para. A11 notes that auditors may prepare a completion memorandum, a summary document describing the significant matters identified during the audit and how they were addressed. This summary does not replace detailed working papers; rather, it aids reviewers and inspectors by providing context and cross-references.
Where the auditor exercises significant Professional Judgment particularly on difficult or contentious matters, documentation of both the judgment and the supporting reasoning is essential. This applies especially to matters arising under ISA 315 (risk assessment) and ISA 540 (accounting estimates).
Assembly of the Final Audit File
Following the date of the auditor’s report, the engagement team must assemble the final audit file within a reasonable time. ISA 230 specifies that this assembly process should ordinarily be completed within 60 days of the auditor’s report date.
Once the final audit file is assembled, the auditor must not delete or discard any documentation before the end of the retention period. This applies regardless of the storage medium i.e. paper or electronic.
Changes to Documentation After the Auditor’s Report
In exceptional circumstances for example, when new information comes to light that, had it been known, would have led the auditor to amend the audit procedures or conclusions, changes to audit documentation may be required after the date of the auditor’s report.
ISA 230 establishes strict requirements for any such additions or changes. The auditor must document:
- The specific reason for making the change or addition
- The date of the amendment
- Who made and reviewed the amendment
- The effect (if any) on the auditor’s conclusions
Changes that do not affect the auditor’s conclusions such as correcting typographical errors or administrative updates are permissible during file assembly but must not alter the substantive audit record. The original documentation must be preserved alongside any subsequent amendments.
Core Definitions
ISA 230 (Para. 6) provides the following definitions that underpin the standard’s requirements:
The record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached (also referred to as working papers).
One or more folders or other storage media, in physical or electronic form, containing records that comprise the audit documentation for a specific engagement.
An individual with practical audit experience and a reasonable understanding of audit processes, ISAs, the applicable financial reporting framework, and the entity’s industry.
Informal term widely used in practice to refer to audit documentation. May be in paper, electronic, or any other form.
A summary document describing significant matters arising during the audit and their resolution, cross-referencing supporting documentation.
Documentation prepared while the engagement team’s recollection of matters is fresh, generally during or immediately after audit fieldwork.
The Core Principle of ISA 230
ISA 230 requires timely, sufficient audit documentation enabling an experienced auditor with no prior connection to the engagement to understand the procedures performed, the evidence obtained, and the conclusions reached without needing to speak with the original engagement team.
Frequently Asked Questions
What is the difference between audit documentation and audit evidence?
Audit evidence refers to the information obtained and evaluated by the auditor to support conclusions. Audit documentation is the record of that evidence; the medium in which it is captured, organised, and retained. Documentation demonstrates that evidence was obtained; it does not itself constitute the primary evidence. For example, a bank confirmation letter is audit evidence; the working paper recording the auditor’s review and conclusion based on that letter is audit documentation.
How much documentation is “sufficient”?
Sufficiency is assessed by reference to the experienced auditor test (Para. 8). There is no prescribed volume; it depends on the size and complexity of the entity, the nature of the risks, the significance of the matters, and the professional judgments exercised. ISA 230 clarifies that it is neither necessary nor practicable to document every matter considered during an audit. The standard requires judgment, not mechanical completeness.
Can working papers be stored electronically?
Yes. ISA 230 is media-neutral i.e. documentation may be in paper, electronic, or any other form. In practice, most modern audit engagements are conducted using electronic audit file platforms. Firms must ensure that electronic records are stored securely, are retrievable for the full retention period, and satisfy the firm’s quality management policies under ISQC 1 or ISQM 1.
What happens if the auditor departs from an ISA requirement?
Where the auditor departs from a relevant basic principle or essential procedure, ISA 230 (Para. 12) requires documentation of: the reason why the principle or procedure was not applicable in the circumstances, and the alternative procedures performed and how they achieved the objective of the departed requirement. Departures are uncommon but may arise in highly unusual engagements.
Who owns the audit working papers?
Audit working papers are the property of the auditor (or audit firm), not the client. This is consistent with the independence of the auditor. The client cannot demand the destruction or removal of working papers, and the auditor is obligated to retain them for the required retention period.
How does ISA 230 interact with ISA (UK) 230?
ISA (UK) 230 is the UK version of the standard, issued by the Financial Reporting Council (FRC). It is based on the IAASB’s ISA 230 but may include additional UK-specific requirements or guidance. Auditors practising in the UK must comply with ISA (UK) 230, while auditors in other jurisdictions that have adopted IAASB standards directly apply ISA 230. The core principles and documentation philosophy are consistent between the two.
Does ISA 230 apply to reviews and other assurance engagements?
No. ISA 230 applies specifically to audits of financial statements conducted in accordance with ISAs. Review engagements are governed by the International Standard on Review Engagements (ISRE 2400/2410), and other assurance engagements fall under ISAE 3000. Those standards contain their own documentation requirements, which differ in scope but share similar underlying principles of timely and sufficient record-keeping.
(Qualified) Chartered Accountant – ICAP
Master of Commerce – HEC, Pakistan
Bachelor of Accounting (Honours) – AeU, Malaysia