International

ISA 230 (Redrafted)

Auditing December 2007
and Assurance
Standards Board

Redrafted International Standard on Auditing

ISA 230, Audit Documentation

 International Auditing and Assurance Standards Board
International Federation of Accountants
545 Fifth Avenue, 14th Floor
New York, New York 10017 USA

This International Standard on Auditing (ISA) 230 (Redrafted), “Audit Documentation” was
prepared by the International Auditing and Assurance Standards Board (IAASB), an independent
standard-setting body within the International Federation of Accountants (IFAC). The objective of
the IAASB is to serve the public interest by setting high-quality auditing and assurance standards
and by facilitating the convergence of international and national standards, thereby enhancing the
quality and uniformity of practice throughout the world and strengthening public confidence in the
global auditing and assurance profession.

This publication may be downloaded free-of-charge from the IFAC website: http://www.ifac.org.
The approved text is published in the English language.

The mission of IFAC is to serve the public interest, strengthen the worldwide accountancy profession
and contribute to the development of strong international economies by establishing and promoting
adherence to high-quality professional standards, furthering the international convergence of such
standards and speaking out on public interest issues where the profession’s expertise is most
relevant.

Copyright © December 2007 by the International Federation of Accountants (IFAC). All rights
reserved. Permission is granted to make copies of this work provided that such copies are for use in
academic classrooms or for personal use and are not sold or disseminated and provided that each
copy bears the following credit line: “Copyright © December 2007 by the International Federation
of Accountants (IFAC). All rights reserved. Used with permission of IFAC. Contact
[email protected] for permission to reproduce, store or transmit this document.” Otherwise,
written permission from IFAC is required to reproduce, store or transmit, or to make other similar
uses of, this document, except as permitted by law. Contact [email protected].
ISBN: 978-1-934779-05-7

2
 INTERNATIONAL STANDARD ON AUDITING 230
(REDRAFTED)
AUDIT DOCUMENTATION
(Effective for audits of financial statements for periods beginning on or after December 15, 2009)

CONTENTS

Paragraph

Introduction
Scope of this ISA ........................................................................................................... 1-3
Effective Date ................................................................................................................ 4
Objective ....................................................................................................................... 5
Definitions ..................................................................................................................... 6
Requirements
Timely Preparation of Audit Documentation ................................................................ 7
Documentation of the Audit Procedures Performed and Audit Evidence Obtained ..... 8-13
Assembly of the Final Audit File ................................................................................... 14-16
Application and Other Explanatory Material
Timely Preparation of Audit Documentation ................................................................ A1
Documentation of the Audit Procedures Performed and Audit Evidence Obtained ..... A2-A20
Assembly of the Final Audit File ................................................................................... A21-A24
Appendix: Specific Audit Documentation Requirements in Other ISAs

International Standard on Auditing (ISA) 230 (Redrafted), “Audit Documentation” should be read in
conjunction with [proposed] ISA 200 (Revised and Redrafted), “Overall Objective of the
Independent Auditor, and the Conduct of an Audit in Accordance with International Standards on
Auditing.”

3
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

Introduction
Scope of this ISA
1. This International Standard on Auditing (ISA) deals with the auditor’s responsibility to
prepare audit documentation for an audit of financial statements. It is to be adapted as
necessary in the circumstances when applied to audits of other historical financial
information. The Appendix lists other ISAs that contain specific documentation requirements
and guidance. The specific documentation requirements of other ISAs do not limit the
application of this ISA. Laws or regulations may establish additional documentation
requirements.

Nature and Purposes of Audit Documentation

2. Audit documentation that meets the requirements of this ISA and the specific documentation
requirements of other relevant ISAs provides:
(a) Evidence of the auditor’s basis for a conclusion about the achievement of the overall
objective of the auditor; and
(b) Evidence that the audit was planned and performed in accordance with ISAs and
applicable legal and regulatory requirements.
3. Audit documentation serves a number of additional purposes, including the following:
• Assisting the engagement team to plan and perform the audit.
• Assisting members of the engagement team responsible for supervision to direct and
supervise the audit work, and to discharge their review responsibilities in accordance
with [proposed] ISA 220 (Redrafted).1
• Enabling the engagement team to be accountable for its work.
• Retaining a record of matters of continuing significance to future audits.
• Enabling the conduct of quality control reviews and inspections in accordance with
[proposed] ISQC 1 (Redrafted).2
• Enabling the conduct of external inspections in accordance with applicable legal,
regulatory or other requirements.

Effective Date
4. This ISA is effective for audits of financial statements for periods beginning on or after
December 15, 2009.

1
[Proposed] ISA 220 (Redrafted), “Quality Control for an Audit of Financial Statements,” paragraphs [14-17].
2
[Proposed] ISQC 1 (Redrafted), “Quality Control for Firms that Perform Audits and Reviews of Financial
Statements, and Other Assurance and Related Services Engagements,” paragraphs [41, 43-45, and 55-56].

4
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

Objective
5. The objective of the auditor is to prepare documentation that provides:
(a) A sufficient and appropriate record of the basis for the auditor’s report; and
(b) Evidence that the audit was planned and performed in accordance with ISAs and
applicable legal and regulatory requirements.

Definitions
6. For purposes of the ISAs, the following terms have the meanings attributed below:
(a) Audit documentation – The record of audit procedures performed, relevant audit
evidence obtained, and conclusions the auditor reached (terms such as “working
papers” or “workpapers” are also sometimes used).
(b) Audit file – One or more folders or other storage media, in physical or electronic form,
containing the records that comprise the audit documentation for a specific
engagement.
(c) Experienced auditor – An individual (whether internal or external to the firm) who has
practical audit experience, and a reasonable understanding of:
(i) Audit processes;
(ii) ISAs and applicable legal and regulatory requirements;
(iii) The business environment in which the entity operates; and
(iv) Auditing and financial reporting issues relevant to the entity’s industry.

Requirements
Timely Preparation of Audit Documentation
7. The auditor shall prepare audit documentation on a timely basis. (Ref: Para. A1)

Documentation of the Audit Procedures Performed and Audit Evidence Obtained

Form, Content and Extent of Audit Documentation
8. The auditor shall prepare audit documentation that is sufficient to enable an experienced
auditor, having no previous connection with the audit, to understand: (Ref: Para. A2-A5, A16-
A17)
(a) The nature, timing, and extent of the audit procedures performed to comply with the
ISAs and applicable legal and regulatory requirements; (Ref: Para. A6-A7)
(b) The results of the audit procedures performed, and the audit evidence obtained; and
(c) Significant matters arising during the audit, the conclusions reached thereon, and
significant professional judgments made in reaching those conclusions. (Ref: Para. A8-
A11)

5
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

9. In documenting the nature, timing and extent of audit procedures performed, the auditor shall
record:
(a) The identifying characteristics of the specific items or matters tested; (Ref: Para. A12)
(b) Who performed the audit work and the date such work was completed; and
(c) Who reviewed the audit work performed and the date and extent of such review. (Ref:
Para. A13)
10. The auditor shall document discussions of significant matters with management, those
charged with governance, and others, including the nature of the significant matters
discussed and when and with whom the discussions took place. (Ref: Para. A14)
11. If the auditor identified information that is inconsistent with the auditor’s final conclusion
regarding a significant matter, the auditor shall document how the auditor addressed the
inconsistency. (Ref: Para. A15)

Departure from a Relevant Requirement

12. If, in exceptional circumstances, the auditor judges it necessary to depart from a relevant
requirement in an ISA, the auditor shall document how the alternative audit procedures
performed achieve the aim of that requirement, and the reasons for the departure. (Ref: Para.
A18-A19)

Matters Arising after the Date of the Auditor’s Report

13. If, in exceptional circumstances, the auditor performs new or additional audit procedures or
draws new conclusions after the date of the auditor’s report, the auditor shall document: (Ref:
Para. A20)

(a) The circumstances encountered;

(b) The new or additional audit procedures performed, audit evidence obtained, and
conclusions reached, and their effect on the auditor’s report; and
(c) When and by whom the resulting changes to audit documentation were made and
reviewed.

Assembly of the Final Audit File

14. The auditor shall assemble the audit documentation in an audit file and complete the
administrative process of assembling the final audit file on a timely basis after the date of the
auditor’s report. (Ref: Para. A21-A22)

15. After the assembly of the final audit file has been completed, the auditor shall not delete or
discard audit documentation of any nature before the end of its retention period. (Ref: Para.
A23)
16. In circumstances other than those envisaged in paragraph 13 where the auditor finds it
necessary to modify existing audit documentation or add new audit documentation after the

6
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

assembly of the final audit file has been completed, the auditor shall, regardless of the nature
of the modifications or additions, document: (Ref: Para. A24)
(a) The specific reasons for making them; and
(b) When and by whom they were made and reviewed.

***

Application and Other Explanatory Material

Timely Preparation of Audit Documentation (Ref: Para. 7)
A1. Preparing sufficient and appropriate audit documentation on a timely basis helps to
enhance the quality of the audit and facilitates the effective review and evaluation of the
audit evidence obtained and conclusions reached before the auditor’s report is finalized.
Documentation prepared after the audit work has been performed is likely to be less
accurate than documentation prepared at the time such work is performed.

Documentation of the Audit Procedures Performed and Audit Evidence Obtained

Form, Content and Extent of Audit Documentation (Ref: Para. 8)
A2. The form, content and extent of audit documentation depend on factors such as:
• The size and complexity of the entity.
• The nature of the audit procedures to be performed.
• The identified risks of material misstatement.
• The significance of the audit evidence obtained.
• The nature and extent of exceptions identified.
• The need to document a conclusion or the basis for a conclusion not readily
determinable from the documentation of the work performed or audit evidence
obtained.
• The audit methodology and tools used.
A3. Audit documentation may be recorded on paper or on electronic or other media. Examples
of audit documentation include:
• Audit programs.
• Analyses.
• Issues memoranda.
• Summaries of significant matters.
• Letters of confirmation and representation.
• Checklists.

7
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

• Correspondence (including e-mail) concerning significant matters.

The auditor may include abstracts or copies of the entity’s records (for example, significant
and specific contracts and agreements) as part of audit documentation. Audit
documentation, however, is not a substitute for the entity’s accounting records.
A4. The auditor need not include in audit documentation superseded drafts of working papers
and financial statements, notes that reflect incomplete or preliminary thinking, previous
copies of documents corrected for typographical or other errors, and duplicates of
documents.
A5. Oral explanations by the auditor, on their own, do not represent adequate support for the
work the auditor performed or conclusions the auditor reached, but may be used to explain
or clarify information contained in the audit documentation.

Documentation of Compliance with ISAs (Ref: Para. 8(a))

A6. In principle, compliance with the requirements of this ISA will result in the audit
documentation being sufficient and appropriate in the circumstances. Other ISAs contain
specific documentation requirements that are intended to clarify the application of this ISA
in the particular circumstances of those other ISAs. The specific documentation
requirements of other ISAs do not limit the application of this ISA. Furthermore, the
absence of a documentation requirement in any particular ISA is not intended to suggest
that there is no documentation that will be prepared as a result of complying with that ISA.
A7. Audit documentation provides evidence that the audit complies with the ISAs. However, it
is neither necessary nor practicable for the auditor to document every matter considered, or
professional judgment made, in an audit. Further, it is unnecessary for the auditor to
document separately (as in a checklist, for example) compliance with matters for which
compliance is demonstrated by documents included within the audit file. For example:
• The existence of an adequately documented audit plan demonstrates that the auditor
has planned the audit.
• The existence of a signed engagement letter in the audit file demonstrates that the
auditor has agreed the terms of the audit engagement with management or, where
appropriate, those charged with governance.
• An auditor’s report containing an appropriately qualified opinion demonstrates that
the auditor has complied with the requirement to express a qualified opinion under
the circumstances specified in the ISAs.
• In relation to requirements that apply generally throughout the audit, there may be a
number of ways in which compliance with them may be demonstrated within the
audit file:
○ For example, there may be no single way in which the auditor’s professional
skepticism is documented. But the audit documentation may nevertheless
provide evidence of the auditor’s exercise of professional skepticism in

8
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

accordance with the ISAs. Such evidence may include specific procedures
performed to corroborate management’s responses to the auditor’s inquiries.
○ Similarly, that the engagement partner has taken responsibility for the direction,
supervision and performance of the audit in compliance with the ISAs may be
evidenced in a number of ways within the audit documentation. This may
include documentation of the engagement partner’s timely involvement in
aspects of the audit, such as participation in the team discussions required by
ISA 315 (Redrafted).3

Documentation of Significant Matters and Related Significant Professional Judgments (Ref: Para. 8(c))
A8. Judging the significance of a matter requires an objective analysis of the facts and
circumstances. Examples of significant matters include:
• Matters that give rise to significant risks (as defined in ISA 315 (Redrafted4)).
• Results of audit procedures indicating (a) that the financial statements could be
materially misstated, or (b) a need to revise the auditor’s previous assessment of the
risks of material misstatement and the auditor’s responses to those risks.
• Circumstances that cause the auditor significant difficulty in applying necessary audit
procedures.
• Findings that could result in a modification to the audit opinion or the inclusion of an
Emphasis of Matter paragraph in the auditor’s report.
A9. An important factor in determining the form, content and extent of audit documentation of
significant matters is the extent of professional judgment exercised in performing the work
and evaluating the results. Documentation of the professional judgments made, where
significant, serves to explain the auditor’s conclusions and to reinforce the quality of the
judgment. Such matters are of particular interest to those responsible for reviewing audit
documentation, including those carrying out subsequent audits when reviewing matters of
continuing significance (for example, when performing a retrospective review of
accounting estimates).
A10. Some examples of circumstances in which, in accordance with paragraph 8, it is
appropriate to prepare audit documentation relating to the use of professional judgment
include, where the matters and judgments are significant:
• The rationale for the auditor’s conclusion when a requirement provides that the
auditor ‘shall consider’ certain information or factors, and that consideration is
significant in the context of the particular engagement.

3
ISA 315 (Redrafted), “Identifying and Assessing the Risks of Material Misstatement Through Understanding the
Entity and Its Environment,” paragraph 10.
4
ISA 315 (Redrafted), paragraph 4(e).

9
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

• The basis for the auditor’s conclusion on the reasonableness of areas of subjective
judgments (for example, the reasonableness of significant accounting estimates).
• The basis for the auditor’s conclusions about the authenticity of a document when
further investigation (such as making appropriate use of an expert or of confirmation
procedures) is undertaken in response to conditions identified during the audit that
caused the auditor to believe that the document may not be authentic.
A11. The auditor may consider it helpful to prepare and retain as part of the audit documentation
a summary (sometimes known as a completion memorandum) that describes the significant
matters identified during the audit and how they were addressed, or that includes cross-
references to other relevant supporting audit documentation that provides such
information. Such a summary may facilitate effective and efficient reviews and inspections
of the audit documentation, particularly for large and complex audits. Further, the
preparation of such a summary may assist the auditor’s consideration of the significant
matters. It may also help the auditor to consider whether, in light of the audit procedures
performed and conclusions reached, there is any individual relevant ISA objective that the
auditor has not met or is unable to meet that would prevent the auditor from achieving the
auditor’s overall objective.

Identification of Specific Items or Matters Tested, and of the Preparer and Reviewer (Ref: Para. 9)
A12. Recording the identifying characteristics serves a number of purposes. For example, it
enables the engagement team to be accountable for its work and facilitates the
investigation of exceptions or inconsistencies. Identifying characteristics will vary with the
nature of the audit procedure and the item or matter tested. For example:
• For a detailed test of entity-generated purchase orders, the auditor may identify the
documents selected for testing by their dates and unique purchase order numbers.
• For a procedure requiring selection or review of all items over a specific amount
from a given population, the auditor may record the scope of the procedure and
identify the population (for example, all journal entries over a specified amount from
the journal register).
• For a procedure requiring systematic sampling from a population of documents, the
auditor may identify the documents selected by recording their source, the starting
point and the sampling interval (for example, a systematic sample of shipping reports
selected from the shipping log for the period from April 1 to September 30, starting
with report number 12345 and selecting every 125th report).
• For a procedure requiring inquiries of specific entity personnel, the auditor may
record the dates of the inquiries and the names and job designations of the entity
personnel.
• For an observation procedure, the auditor may record the process or matter being
observed, the relevant individuals, their respective responsibilities, and where and
when the observation was carried out.

10
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

A13. [Proposed] ISA 220 (Redrafted) requires the auditor to review the audit work performed
through review of the audit documentation.5 The requirement to document who reviewed
the audit work performed does not imply a need for each specific working paper to include
evidence of review. The requirement, however, means documenting what audit work was
reviewed, who reviewed such work, and when it was reviewed.

Documentation of Discussions of Significant Matters with Management, Those Charged with

Governance, and Others (Ref: Para. 10)
A14. The documentation is not limited to records prepared by the auditor but may include other
appropriate records such as minutes of meetings prepared by the entity’s personnel and
agreed by the auditor. Others with whom the auditor may discuss significant matters may
include other personnel within the entity, and external parties, such as persons providing
professional advice to the entity.

Documentation of How Inconsistencies have been Addressed (Ref: Para. 11)

A15. The requirement to document how the auditor addressed inconsistencies in information
does not imply that the auditor needs to retain documentation that is incorrect or
superseded.

Considerations Specific to Smaller Entities (Ref. Para. 8)

A16. The audit documentation for the audit of a smaller entity is generally less extensive than
that for the audit of a larger entity. Further, in the case of an audit where the engagement
partner performs all the audit work, the documentation will not include matters that might
have to be documented solely to inform or instruct members of an engagement team, or to
provide evidence of review by other members of the team (for example, there will be no
matters to document relating to team discussions or supervision). Nevertheless, the
engagement partner complies with the overriding requirement in paragraph 8 to prepare
audit documentation that can be understood by an experienced auditor, as the audit
documentation may be subject to review by external parties for regulatory or other
purposes.
A17. When preparing audit documentation, the auditor of a smaller entity may also find it
helpful and efficient to record various aspects of the audit together in a single document,
with cross-references to supporting working papers as appropriate. Examples of matters
that may be documented together in the audit of a smaller entity include the understanding
of the entity and its internal control, the overall audit strategy and audit plan, materiality,
assessed risks, significant matters noted during the audit, and conclusions reached.

5
[Proposed] ISA 220 (Redrafted), paragraph [16]. [Proposed] ISA 220 (Redrafted), paragraph [A12], describes the
nature of a review.

11
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

Departure from a Relevant Requirement (Ref: Para. 12)

A18. The objectives and requirements in ISAs are designed to support the achievement of the
overall objective of the auditor.6 Accordingly, other than in exceptional circumstances, the
ISAs call for compliance with each requirement that is relevant in the circumstances of the
audit.

A19. The documentation requirement applies only to requirements that are relevant in the
circumstances. A requirement is not relevant7 only in the cases where:
(a) The ISA is not relevant (for example, in a continuing engagement, nothing in
[proposed] ISA 510 (Redrafted)8 is relevant); or
(b) The circumstances envisioned do not apply because the requirement is conditional
and the condition does not exist (for example, the requirement to modify the
auditor’s opinion where there is an inability to obtain sufficient appropriate audit
evidence, and there is no such inability).

Matters Arising after the Date of the Auditor’s Report (Ref: Para. 13)
A20. Examples of exceptional circumstances include facts which become known to the auditor
after the date of the auditor’s report but which existed at that date and which, if known at
that date, might have caused the financial statements to be amended or the auditor to
modify the opinion in the auditor’s report.9 The resulting changes to the audit
documentation are reviewed in accordance with the review responsibilities set out in
[proposed] ISA 220 (Redrafted),10 with the engagement partner taking final responsibility
for the changes.

Assembly of the Final Audit File (Ref: Para. 14-16)

A21. [Proposed] ISQC 1 (Redrafted) requires firms to establish policies and procedures for the
timely completion of the assembly of audit files.11 An appropriate time limit within which
to complete the assembly of the final audit file is ordinarily not more than 60 days after the
date of the auditor’s report.12
A22. The completion of the assembly of the final audit file after the date of the auditor’s report
is an administrative process that does not involve the performance of new audit procedures
or the drawing of new conclusions. Changes may, however, be made to the audit
6
[Proposed] ISA 200 (Revised and Redrafted), “Overall Objective of the Independent Auditor, and the Conduct of an
Audit in Accordance with International Standards on Auditing,” paragraphs [23-24].
7
[Proposed] ISA 200 (Revised and Redrafted), paragraph [27].
8
[Proposed] ISA 510 (Redrafted), “Initial Audit Engagements—Opening Balances.”
9
ISA 560 (Redrafted), “Subsequent Events,” paragraph 13.
10
[Proposed] ISA 220 (Redrafted), paragraph [15].
11
[Proposed] ISQC 1 (Redrafted), paragraph [52].
12
[Proposed] ISQC 1 (Redrafted), paragraph [A50].

12
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

documentation during the final assembly process if they are administrative in nature.
Examples of such changes include:
• Deleting or discarding superseded documentation.
• Sorting, collating and cross-referencing working papers.
• Signing off on completion checklists relating to the file assembly process.
• Documenting audit evidence that the auditor has obtained, discussed and agreed with
the relevant members of the engagement team before the date of the auditor’s report.
A23. [Proposed] ISQC 1 (Redrafted) requires firms to establish policies and procedures for the
retention of engagement documentation.13 The retention period for audit engagements
ordinarily is no shorter than five years from the date of the auditor’s report, or, if later, the
date of the group auditor’s report.14
A24. An example of a circumstance in which the auditor may find it necessary to modify
existing audit documentation or add new audit documentation after file assembly has been
completed is the need to clarify existing audit documentation arising from comments
received during monitoring inspections performed by internal or external parties.

13
[Proposed] ISQC 1 (Redrafted), paragraph [54].
14
[Proposed] ISQC 1 (Redrafted), paragraph [A57].

13
 INTERNATIONAL STANDARD ON AUDITING 230 (REDRAFTED)

Appendix
(Ref: Para. 1)

Specific Audit Documentation Requirements in Other ISAs

This appendix identifies paragraphs in other ISAs as at December 31, 2007 that contain specific
documentation requirements. The list is not a substitute for considering the requirements and related
application and other explanatory material in ISAs.
• [Proposed] ISA 210 (Redrafted), “Agreeing the Terms of Audit Engagements” – paragraphs [9-
11]
• [Proposed] ISA 220 (Redrafted), “Quality Control for an Audit of Financial Statements” –
paragraphs [26-27]
• ISA 240 (Redrafted), “The Auditor’s Responsibilities Relating to Fraud in an Audit of
Financial Statements” – paragraphs 44-47
• [Proposed] ISA 250 (Redrafted), “The Auditor’s Responsibilities Relating to Laws and
Regulations in an Audit of Financial Statements” – paragraph [28]
• ISA 260 (Revised and Redrafted), “Communication with Those Charged with Governance” –
paragraph 19
• ISA 300 (Redrafted), “Planning an Audit of Financial Statements” – paragraph 11
• ISA 315 (Redrafted), “Identifying and Assessing the Risks of Material Misstatement Through
Understanding the Entity and Its Environment” – paragraph 33
• [Proposed] ISA 320 (Revised and Redrafted), “Materiality in Planning and Performing an
Audit” – paragraph [14]
• ISA 330 (Redrafted), “The Auditor’s Responses to Assessed Risks” – paragraphs 29-31
• [Proposed] ISA 450 (Revised and Redrafted), “Evaluation of Misstatements Identified During
the Audit” – paragraph [20]
• ISA 540 (Revised and Redrafted), “Auditing Accounting Estimates, Including Fair Value
Accounting Estimates, and Related Disclosures” – paragraph 23
• [Proposed] ISA 550 (Revised and Redrafted), “Related Parties” – paragraph [29]
• ISA 600 (Revised and Redrafted), “Special Considerations—Audits of Group Financial
Statements (Including the Work of Component Auditors)” – paragraph 50

14
International Federation of Accountants
545 Fifth Avenue, 14th Floor, New York, NY 10017 USA
Tel +1 (212) 286-9344 Fax +1(212) 286-9570 www.ifac.org