CSAS-2 Auditing Standard on Audit Process and Documentation deals with responsibilities, duties and powers of the Auditor with respect to Audit Process to be followed by him in performing the audit function and maintaining proper documentation with respect to the audit.
Contents
Scope
Effective Date
Objective
Definitions
i. Auditor
ii. Auditee
iii. Auditee Units
iv. Management
Requirements
1. Audit Planning
2. Risk Profiling
3. Information about Auditee
4. Audit Checklists
5. Verification, scrutiny of documents & records, collection & evaluation of Audit Evidence
6. Analysis of Audit Evidence
7. Documentation
8. Materiality
9. Confirmation
10. Record Keeping
Scope
This Auditing Standard (‘the Standard’) is applicable to the Auditor undertaking any audit assignment under the Companies Act, 2013 or SEBI Act, 1992 or any other law for the time being in force. The Standard deals with responsibilities, duties and powers of the Auditor with respect to Audit Process to be followed by him in performing the audit function and maintaining proper documentation with respect to the audit.
Effective Date
This Standard is effective for audit engagements accepted by the Auditor on or after
Objective
The objective of this Standard is to prescribe principles for an Auditor:
(i)to perform the audit function as per the specified audit process;
(ii) to prepare the documentation that provides:
(a) a sufficient and appropriate record to form the basis for the Auditor’s report; and
(b) evidence that the audit was planned and performed in accordance with Standards and applicable legal and regulatory requirements.
Definitions
For the purpose of this Standard, the following terms have the meaning attributed below:
i. Auditor
Auditor means a Member of the Institute of Company Secretaries of India undertaking the Audit.
ii. Auditee
An Auditee includes a person subject to audit under any law for the time being in force.
iii. Auditee Unit
An Audit Unit includes a unit, which has one or more of the following attributes:
- substantial devolution of administrative and financial powers;
- functional autonomy; and
- operational significance with reference to achievement of objectives of the Auditee.
iv. Management
Management includes the Board of Directors, those charged with governance and compliances, KMPs or any other person authorised by the Auditee.
Requirements
1. Audit Planning
1.1. The Auditor shall make the audit plan to conduct the audit as per audit engagement terms.
1.2. Audit planning includes establishing and developing the overall audit process, which includes but not limited to:
– Identification of broad audit areas;
– Allocation of audit resources for the audits to be undertaken
– Risk profiling;
– Preparation of audit Schedule;
– Selection of Auditee units for audit ;
– Determination of specific subject matter/Audit areas requiring special attention, where considered necessary.
1.3. Audit shall be planned in a manner which ensures that a qualitative audit is carried out in an efficient and effective way and in a timely manner. Adequate planning will ensure that appropriate attention is accorded to crucial areas of audit and that potential problems are identified in a timely manner. The Auditor shall plan the audit with an attitude of professional scepticism and exercise professional judgment.
1.4. The audit plan shall be adhered to the extent possible; however, it may be modified in circumstances like unexpected events, changes in conditions, or as a result of the audit evidence obtained during the course of audit.
2.Risk Profiling
2.1 Risk profiling of the Auditee and their Audit Units shall be done considering their structures, roles they are expected to perform and compliance requirements. The Auditor shall apply the risk assessment methodology by evaluating high risk areas/activities of Auditee relating to:
– Internal control environment, systems and processes of the Auditee for adherence to the constitutional documents, applicable laws, Rules, Regulations and standards, Compliance level of applicable laws, Rules, Regulations and standards, etc.; and
– Transparency, prudence and probity.
2.2 The risk assessment methodology shall include a review of the following:
– Major policy initiatives of Government impacting the Auditee;
– Reports of Legislative Committees impacting the Auditee;
– Changes in any laws impacting the Auditee;
– Changes in economic environment impacting the Auditee;
– Finance & Appropriation Accounts;
– Geographical location;
– Past audit coverage;
– Past Audit findings/ Inspection Reports /Internal Audit Reports;
– Court orders, litigation history and prosecutions, if any;
– Audit Committee suggestions/recommendations, if any;
– Number of notices received and replies to questions given to the statutory authorities;
– Media reports and visibility of topics;
– Trend of expenditure and /or receipts with Industry benchmark;
– Volume and value of Related party transaction;
– Contingent liability and its likely impact on Auditee.
3. Information about Auditee
Auditor shall obtain sufficient information which is necessary for conduct of audit and expression of opinion.
4. Audit Checklists
The Auditor shall use thorough, systematic and comprehensive checklist for performance of Audit ensure that no compliance point is missed from verification while conducting audit.
5. Verification,scrutiny of documents & records, collection & evaluation of Audit Evidence
5.1 The Auditor shall verify compliance with applicable laws, Rules and Regulations and highlight deviations, if any. Further, the Auditor shall obtain competent, relevant and reasonable evidence to support his judgment as well as conclusions regarding the organisation, programme, activity or function under audit.
5.2 The evidence collection and evaluation is a simultaneous, systematic and an iterative process and involves:
– collection of evidence by performing appropriate audit procedures;
– Evaluating the evidence obtained as to its sufficiency (quantity) and appropriateness (quality);
– Re-assessing risk and gathering further evidence, if necessary.
5.3 The evidence gathering and evaluation process shall continue until the Auditor is satisfied that sufficient and appropriate evidence exists to provide a basis for formation of the audit conclusions.
5.4 Audit evidence may be gathered using a variety of techniques such as the following:
– Sampling
– Document scrutiny
– Physical inspection/site visits
– Observation
– Questionnaires
– Confirmation
– Analytical procedures
6. Analysis of Audit Evidence
6.1 After evaluating the evidence and considering its materiality, the Auditor shall decide how best to conclude in the light of the evidence collected and which would be the supporting key documents to arrive at audit conclusions.
6.2 While evaluating evidence Auditor shall find that audit evidence is conflicting i.e. while some evidence supports the subject matter information other evidences seem to contradict it. In such situations the Auditor shall weigh the extent and credibility of conflicting evidence in order to reach a conclusion or collect more evidence to resolve the conflict.
7.Documentation
7.1 Documentation of audit evidence supports audit conclusions and confirms that the audit was carried out in accordance with relevant standards.
7.2 Auditor shall adequately document the audit evidence in working papers, including the basis and extent of planning, work performed and the findings of audit. Working papers shall contain sufficient information to enable the Auditor, having no previous connection with the audit, to ascertain from those evidence that supports the Auditor’s significant findings and conclusions.
7.3 Adequate documentation is important for several reasons which inter alia includes:
– confirm and support the Auditor’s opinion and report;
– increase the efficiency and effectiveness of audit;
– evidence that the audit was planned and performed in accordance with Standards and applicable legal and regulatory requirements;
– serve as a source of information for preparing reports or answering any; enquiries from the Auditee or from any other party;
– serve as evidence of the Auditor’s compliance with Auditing Standards;
– facilitate planning and supervision;
– records for peer review; and
– provide evidence of work done for future reference
7.4 Audit Documentation shall take place throughout the entire audit process. The confidentiality of documentation shall be maintained and shall be retained for a period sufficient to meet the professional, legal and statutory requirement, if any.
7.5 Audit Documentation shall comprise of audit file and working papers
7.6 Audit file shall be maintained in one or more folders or other storage media in physical or electronic form, therefore contains documents that summarize the specific audit engagement. Audit file shall be properly indexed, referenced with and supplemented by the set of working papers.
7.7 Working papers for each audit comprise of all documents collected during the audit process. It shall include the documents relating to the nature, timing and extent of audit procedures that were performed by individual members of the audit team, details of contracts! agreements that were examined, etc., evidences that were gathered, evaluation of evidences, consideration of written responses from concerned officers !agents of the Auditee supporting key documents and the process of arriving at the results of audit procedures – audit findings and conclusions. The working papers could be in one or more folders, but shall be properly indexed, referenced and retrievable.
7.8 Working papers serve as a link between the field work and the audit report and shall, therefore, be complete and appropriately detailed to provide a clear trail of audit.
7.9 Some of the broad characteristics of working papers are set out below:
– Completeness and accuracy: Provide support to audit conclusions.
– Clarity and conciseness: Facilitates understanding the entire audit process without need for any supplementary examination.
– Legibility and neatness: Applies particularly to photocopies.
– Relevance: Working papers shall be restricted to matters, which are important, pertinent and useful for the intended purpose.
– Ease of reference: Working papers shall be organised in volumes in a manner that facilitates easy reference. An omnibus, easy to follow, index may be created for all the volumes with a proper narration to broadly explain their contents. Each of the volumes may further be internally indexed.
– Ease of review: Working papers should contain cross references to discussion papers, audit observations, etc.(including note issued to management and their response for discussion)and the audit report as the case may be to enable Auditor to link the working papers to audit findings and conclusions.
– Complete audit trail of analysis: Working papers should provide a complete trail of the audit procedures performed, evidence that were gathered and evaluated, audit findings and conclusions that were drawn. This should contain evidence for positive findings as well.
– Documentation of significant audit findings.
8. Materiality
8.1 Auditor may consider materiality throughout the audit process. However, if Audit engagement requires/demands thorough verification of each event/aspect, the Auditor shall make appropriate verification of non-material events/aspects also.
8.2 Determining materiality is a matter of professional judgment and depends on the Auditor’s interpretation of the users’ needs. A matter can be judged material if knowledge of it would be likely to influence the decisions of the intended users. This judgment may relate to an individual item or to a group of items taken together.
8.3 Materiality consists of both quantitative and qualitative factors.
8.4 Issues that may be considered material even if the monetary value is not significant would include the following:
– Fraud;
– Intentional unlawful acts or non-compliance;
– Incorrect or incomplete information to governing body and KMPs, the Auditor or to the regulators, banks FI, lenders concealment);
– Intentional disregard to the executive, authoritative bodies or Auditor; and
– Events and transactions made event or transaction.
– Reporting of Whistle blower events
– Major noncompliance on affecting the going concern existence of the Auditee.
8.5 The basis for the materiality shall be recorded in writing in the audit file.
9. Confirmation
Auditor shall obtain a reply independently from third party with regard to those information which is related to third parties.
Illustrations:
a) Certificate from the bankers on Dividend account balances;
b) Letter from the internal Auditor and/or statutory Auditor on any identification of fraud or any despite knowledge of the lack of legal basis to carry out the particular weaknesses in the systems and processes during their audit.
c) Letter from the banker on the date of transfer of Unpaid Dividend Account.
d) Letter from the Independent directors on the familiarization programme attended by them.
e) Certificate from the Chairman of Independent Directors on conduct of the meeting of the independent directors, if the minutes are not available/provided for verification.
f) Report on status of compliances from Stock Exchange or other regulators.
10.Record Keeping
10.1 Audit documentation shall be assembled for retention within a reasonable period of time after the Auditor’s report is released. Such reasonable period of time shall not exceed forty five days.
10.2 Auditor shall record all information in writing. In case any information is provided orally, the same shall be documented by the Auditor immediately.
10.3 Auditor shall establish policies and procedures for retention of engagement documentation for a period sufficient to meet the needs of the firm or as required by law or regulation.
******
Also read-
CSAS-1 Auditing Standard on Audit Engagement
