Audit Documentation
|
GAO-03-673G Government Auditing Standards > Chapter 7 Field Work Standards for Performance Audits > Audit Documentation
7.66 The field work standard related to audit documentation for performance audits performed in accordance with GAGAS is:
Auditors should prepare and maintain audit documentation. Audit documentation related to planning, conducting, and reporting on the audit should contain sufficient information to enable an experienced auditor, who has had no previous connection with the audit, to ascertain from the audit documentation the evidence that supports the auditors’ significant judgments and conclusions. Audit documentation should contain support for findings, conclusions, and recommendations before auditors issue their report.
7.67 The form and content of audit documentation should be designed to meet the circumstances of the particular audit. The information contained in audit documentation constitutes the principal record of the work that the auditors have performed in accordance with standards and the conclusions that the auditors have reached. The quantity, type, and content of audit documentation are a matter of the auditors’ professional judgment.
7.68 Audit documentation serves to (1) provide the principal support for the auditors’ report, (2) aid auditors in conducting and supervising the audit, and
(3) allow for the review of audit quality. Audit documentation should be appropriately detailed to provide a clear understanding of its purpose and source and the conclusions the auditors reached, and it should be appropriately organized to provide a clear link to the findings, conclusions, and recommendations contained in the audit report. Audit documentation for performance audits should contain the following items not explicitly addressed elsewhere in GAGAS:
a. the objectives, scope, and methodology of the audit, including sampling and other selection criteria used;
b. the auditors’ determination that certain standards do not apply or that an applicable standard was not followed, the reasons therefor, and the known effect that not following the applicable standard had, or could have had, on the audit;
c. the work performed to support significant judgments and conclusions, including descriptions of transactions and records examined; 1 and
d. evidence of supervisory reviews, before the audit report is issued, of the work performed that supports findings, conclusions, and recommendations contained in the audit report.
7.69 Audit organizations should establish reasonable policies and procedures for the safe custody and retention of audit documentation for a time sufficient to satisfy legal and administrative requirements. Audit documentation allows for the review of audit quality by providing the reviewer with documentation, either in written or electronic formats, of the evidence supporting the auditors’ significant judgments and conclusions. If audit documentation is only retained electronically, the audit organization should ensure that the electronic documentation is capable of being accessed throughout the specified retention period established for audit documentation and that it is safeguarded through sound computer security.
7.70 Underlying GAGAS audits is the premise that federal, state, and local governments and other organizations cooperate in auditing programs of common interest so that the auditors may use others’ work and avoid duplication of effort. Auditors should make arrangements to make audit documentation available, upon request, in a timely manner to other auditors or reviewers. Contractual arrangements for GAGAS audits should provide for full and timely access to audit documentation to facilitate reliance by others on the auditors’ work.
7.71 Audit organizations need to adequately safeguard the audit documentation associated with any particular engagement. Audit organizations should develop clearly defined policies and criteria to deal with situations where requests are made by outside parties to obtain access to audit documentation, especially in connection with situations where an outside party attempts to obtain indirectly through the auditor information that it is unable to obtain directly from the audited entity. In developing such policies, audit organizations need to consider applicable laws and regulations applying to the audit organizations or the audited entity.
1Auditors may meet this requirement by listing file numbers, case numbers, or other means of identifying specific documents they examined. They are not required to include copies of documents they examined as part of the audit documentation, nor are they required to list detailed information from those documents.
|