Peer Review: Is Your Audit Documentation Up to Standard?
The AICPA’s Peer Review Program has been performing “enhanced oversights” to ensure audit quality since 2014, and the results aren’t overwhelmingly great: nearly 1 in 4 engagements selected for oversight was materially non-conforming.
The culprit in most cases is a lack of adequate documentation.
To obtain reasonable assurance, auditors need to have access to sufficient appropriate audit evidence to reduce risk to an acceptably low level, thereby allowing them to issue a sound opinion. If sufficient appropriate audit evidence necessary to support the audit opinion was not appropriately documented, then the audit was not conducted in accordance with Generally Accepted Auditing Standards, and the auditor would not have a basis to render an opinion.
Common examples of missing documentation include, but are not limited to, tests of controls over compliance in a single audit, direct and material compliance requirement determinations, eligibility testing in EBP audits and consideration of SOC 1 reports.
What else do peer reviewers look for regarding audit documentation to ensure audit quality? While not an exhaustive checklist, here are some of the more important pieces to document.
Auditors need to create documentation on any procedure that provides audit evidence necessary to support their audit opinion in such a way that an experienced auditor, having no previous connection with the audit, can understand:
- the nature, timing and extent of the audit procedures performed to comply with GAAS and applicable legal and regulatory requirements, which includes recording:
- the identifying characteristics of the specific items or matters tested;
- who performed the audit work and the date such work was completed; and
- who reviewed the audit work performed and the date and extent of such review.
- the results of the audit procedures performed, and the audit evidence obtained; and
- significant findings or issues arising during the audit, the conclusions reached and significant professional judgments made in reaching those conclusions.
Other items to document include audit plans, analyses, issues memorandums, letters of confirmation and representation, and checklists. Auditors don’t need to include superseded drafts of working papers and financial statements, notes that reflect incomplete or preliminary thinking, previous copies of documents corrected for typographical or other errors, or duplicates of documents. While oral explanations by the auditor do not represent adequate support for the work performed or conclusions the auditor reached, they may be used to explain or clarify information contained in the audit documentation.
AU-C Section 230, which addresses proper audit documentation procedures, points out a few specific instances:
- For audit procedures related to the inspection of significant contracts or agreements, auditors should include abstracts or copies of those contracts or agreements in the documentation
- Auditors also should document discussions of significant findings or issues with management, those responsible for governance, and others, including the nature of the significant findings or issues discussed, and when and with whom the discussions took place.
- If an auditor identified information that is inconsistent with their final conclusion regarding a significant finding or issue, the auditor should document how they addressed the inconsistency.
- If in the off chance an auditor judges it necessary to depart from a relevant preemptively mandatory requirement, the auditor must document the justification for the departure and how the alternative audit procedures performed in the circumstances were sufficient to achieve the intent of that requirement.
There are some items that don’t need to be documented, including compliance with matters for which compliance is demonstrated by documents included within the audit file. Examples include:
- The existence of an adequately documented audit plan demonstrates the auditor has planned the audit.
- The existence of a signed engagement letter in the audit file demonstrates that the auditor has agreed to the terms of the audit engagement with management or, when appropriate, those charged with governance.
- An auditor’s report containing an appropriately qualified opinion on the financial statements demonstrates that the auditor has complied with the requirement to express a qualified opinion under the circumstances in accordance with GAAS.
Documenting the assembly and retention of the final audit report also is crucial.
Auditors should document the release date, assemble the audit documentation in an audit file and complete assembly no later than 60 days following the report release date. After the documentation completion date, auditors should not delete or discard audit documentation of any nature before the end of the specified retention period, which typically is at least five years.
How Does Insufficient Documentation Impact Peer Review Results?
A peer reviewer’s job is to determine whether an auditor has obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and support the opinion. Meeting the requirements of AU-C 230 provides evidence of the auditor’s basis for the audit opinion as well as evidence the audit was planned and performed in accordance with GAAS.
If a peer reviewer determines audit evidence was not documented accordingly, the reviewer may conclude that the audit was not conducted in accordance with GAAS and that the auditor failed to obtain sufficient appropriate audit evidence to support the audit opinion, thus resulting in a pass with deficiency or failure.
As the AICPA says in their training for audit professional to be compliant with AU-C Section 230, if it’s not documented, it’s not done. Take the time and avoid the shortcuts to ensure the highest level of audit quality. Doing so can give a firm a huge advantage.
About Ericksen Krentel
Ericksen Krentel CPAs and Consultants, founded in New Orleans, Louisiana in 1960 with offices in New Orleans and Mandeville, believes that serving as the clients’ most trusted adviser is grounded in going beyond the numbers.
That includes helping clients achieve their business and personal financial goals by providing innovative and exceptional services in the following areas: audit and assurance services, tax compliance and planning, outsourced CFO services and business valuations for a variety of industries; employee benefit plan audits; fraud and forensic accounting; business planning; IT consulting; loss calculations; and estate planning.
Learn more at www.ericksenkrentel.com.