200 Series

Table of Contents
TABLE OF CONTENTS
TITLE OF STANDARD / T OPIC PAGE
INTERNATIONAL STANDARDS ON AUDITING (ISAS)
ISA-200 Overall Objectives of the Independent Auditor 1
ISA-210 Agreeing the Terms of Audit Engagements 5
ISA-220 Quality Control for an Audit of Financial Statements 11
ISA-230 Audit Documentation 15
ISA-240 Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements 18
ISA-250 Consideration of Laws and Regulations in an Audit of Financial Statements 28
ISA-260 Communication with Those Charged with Governance 32
ISA-265 Communicating Deficiencies in Internal Control to TCWG and Management 39
ISA-300 Planning an Audit of Financial Statements 42
ISA-315 Identifying and Assessing the Risks of Material Misstatement 45
ISA-320 Materiality in Planning and Performing an Audit 57
ISA-330 The Auditor’s Responses to Assessed Risks 59
ISA-402 Audit Considerations Relating to an Entity Using a Service Organization 65
ISA-450 Evaluation of Misstatements Identified during the Audit 71
ISA-500 Audit Evidence 74
ISA-501 Audit Evidence—Specific Considerations for Selected Items 78
ISA-505 External Confirmations 82
ISA-510 Initial Audit Engagements—Opening Balances 86
ISA-520 Analytical Procedures 89
ISA-530 Audit Sampling 91
ISA-540 Auditing Accounting Estimates 95
ISA-550 Related Parties 100
ISA-560 Subsequent Events 108
ISA-570 Going Concern 112
ISA-580 Written Representations 116
ISA-600 Special Considerations—Audits of Group Financial Statements 121
ISA-610 Using the Work of Internal Auditors 135
ISA-620 Using the Work of an Auditor’s Expert 140
ISA-700 Forming an Opinion and Reporting on Financial Statements 144
ISA-701 Communicating Key Audit Matters in the Independent Auditor’s Report 158
ISA-705 Modifications to the Opinion in the Independent Auditor’s Report 161
ISA-706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in Auditor’s Report 165
ISA-710 Comparative Information—Corresponding Figures and Comparative F/S 171
ISA-720 The Auditor’s Responsibilities Relating to Other Information 174
Table of Contents
ISA-800 Audits of F/S Prepared in Accordance with Special Purpose Frameworks 181
ISA-805 Audits of Single Financial Statements and Specific Elements, Accounts or Items 183
ISA-810 Engagements to Report on Summary Financial Statements 186
INTERNATIONAL STANDARDS ON REVIEW ENGAGEMENTS (ISRE)

ISRE-2400 Engagements to Review Historical Financial Statements 198
ISRE-2410 Review of Interim Financial Information 209
INTERNATIONAL STANDARDS ON RELATED SERVICES (ISRS)

ISRS-4400 Engagements to P,erform Agreed-Upon Procedures 215
ISRS-4410 Compilation Engagements 219
INTERNATIONAL STANDARDS ON QUALITY C ONTROL (ISQC)

ISQC-1 Quality Control for Firms that Perform Audits and Reviews of Financial Statements 232
and Other Assurance and Related Services Engagements
CODE OF ETHICS
PART 1 - COMPLYING WITH THE CODE 240
PART 3 - CHARTERED ACCOUNTANTS (CAS) IN PRACTICE 245
PART 4A - INDEPENDENCE – AUDIT & REVIEW ENGAGEMENTS 268
APPOINTMENT OF AUDITOR – LEGAL CONSIDERATIONS

COMPANIES ACT 2017 292
LISTING REGULATIONS (SELECTED PORTION FOR AUDIT) 296
BANKING COMPANIES ORDINANCE 1962 (ACCOUNTS & AUDIT) 298
INSURANCE ORDINANCE 2000 (ACCOUNTS & AUDIT) 300
CODE OF CORPORATE GOVERNANCE 2019 (FOR REFERENCE PURPOSES) 306
OTHER AREAS FOR UNDERSTANDING (MISC)

MONEY LAUNDERING 323
IAASB QUALITY FRAMEWORK 328
DUE DILIGENCE 331
IAS/IFRS CHECKLIST FOR AUDITORS 333
JOINT AUDITS 341
ANNEXURES
HOW TO ATTEMPT PAPER (BEFORE AND DURING THE PAPER ) 355
IMPORTANT PARAS OF ISA S, ISRE S, ISQC & ISRS 356
INTERNATIONAL
STANDARDS ON
AUDITING
(ISA)
ISA 200 Page 1
ISA 200 (SELECTED)
An Audit of F/S (Ref: 3-9, A1-A13)
Expression of an opinion by the auditor on whether the F/S are prepared, in all material
respects, in accordance with an AFRF.
Preparation of the Financial Statement
Preparation of F/S requires the:

 Identification of AFRF
 Preparation of F/S in accordance with that framework.
 Adequate description of that framework in F/S.
Premise
Management and TCWG acknowledged and understand responsibilities

 Preparation of F/S in accordance with the AFRF.
 Internal control to enable the preparation of F/S
 To provide the auditor with:
 Access to all information;
 Additional information that the auditor may request
 Unrestricted access to persons within the entity
Overall Objectives of the Auditor
 To obtain reasonable assurance

 To report on the F/S
Reasonable assurance is a high, but not absolute, level of assurance not an absolute level
because there are inherent limitations of an audit which result in most of the audit evidence on
which auditor draws conclusions and bases opinion being persuasive rather than conclusive.
Sufficient Appropriate Audit Evidence and Audit Risk (Ref:17, A30-54)

Reasonable assurance is obtained when the auditor has obtained sufficient appropriate
audit evidence to reduce audit risk to an acceptably low level. (ISA 500 for details)
Ethical Requirements Relating to an Audit of F/S (Ref: 14, A16-A19)

Comply with relevant ethical requirements, including independence.
ISA 200 Page 2
Professional Skepticism (Ref: 15, A20-A24)

An attitude that includes a questioning mind, being alert to conditions which may indicate
possible misstatement due to error or fraud, and a critical assessment of audit evidence.
Professional skepticism includes being alert to:
 Audit evidence that contradicts other audit evidence obtained.
 Information that brings into question the reliability of documents
 Conditions that may indicate possible fraud.
 Circumstances that suggest the need for audit procedures.
Maintaining professional skepticism is necessary to reduce risks of:

 Overlooking unusual circumstances.
 Over generalizing conclusions
Professional Judgment (Ref: 16, A25-A29)
Application of relevant training, knowledge and experience, within the context provided by
auditing, accounting and ethical standards, in making informed decisions about the courses of
action that are appropriate in the circumstances of the audit engagement.
Professional judgment is necessary regarding decisions about:

 Materiality and audit risk.
 Nature, timing and extent of audit procedures
 Evaluating whether sufficient appropriate audit evidence has been obtained
 The evaluation of management's judgments
 The drawing of conclusions based on the audit evidence obtained
Inherent Limitations of an Audit (Ref: A47)
Auditor is not expected to, and cannot, reduce audit risk to zero and cannot therefore obtain
absolute assurance. The inherent limitations of an audit arise from:
 Nature of financial reporting

 Nature of audit procedures
 Need for audit to be conducted within a reasonable period of time and at reasonable cost
 Other Matters
- Fraud
- Related party relationships and transactions
- Non-compliance with laws and regulations
- Going concern issues
ISA 200 Page 3
Audit Risk (Ref: A34-A46)
Audit Risk = Risk of Material Misstatement x Detection Risk

(Inherent Risk x Control Risk)
Audit Risk: Risk that auditor expresses an inappropriate audit opinion when F/S are
materially misstated
Inherent Risk: Susceptibility of an assertion to a misstatement that could be material before

consideration of any related controls
Control Risk: Risk that misstatement that could occur in an assertion and that could be
material will not be prevented, or detected and corrected, on a timely basis by entity's internal
control
Detection Risk: Risk that procedures performed by auditor to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material
ISA 200 Page 4
Conduct of an Audit in Accordance with ISAs (Ref: 18-24, A55-A78)
Complying with ISAs Relevant to the Audit
 Comply with all ISAs relevant to the audit

 Have understanding of the entire text of an ISA
 Not represent compliance unless the auditor has complied with the requirements of this
ISA and all other ISAs
Objectives Stated in Individual ISAs
 Determine whether any additional audit procedures required

 Whether sufficient appropriate audit evidence obtained.
Complying with Relevant Requirements
Auditor shall comply unless

 Entire ISA is not relevant; or
 It is conditional and the condition does not exist.
Failure to Achieve an Objective
Requires auditor to modify the opinion or withdraw from the engagement (where possible
under applicable law or regulation)
Important Paragraphs 14-24, A2, A18, A23, A43, A45, A49, A51
For Notes and Study Material for all subjects of CA-ICAP
Please visit www.canotes.net
If you want to share any useful notes (in soft form)
Please mail us at [email protected] or [email protected]
Talib e Doa: Atif Abidi

ISA 210 Page 5
ISA 210
Preconditions for an Audit (Ref: 6-8, A2-A21)
a) Determine whether FRF to be applied in the preparation of the F/S is acceptable;

and
Factors relevant to auditor's determination of acceptability of FRF:

 Nature of entity (e.g. business enterprise or not-for-profit)
 Purpose of F/S (e.g. General purpose F/S or Special Purpose F/S)
 Nature of F/S (e.g. complete set of F/S or a single F/S); and
 Whether law or regulation prescribes AFRF.
Deficiencies in AFRF may be encountered after acceptance of audit engagement.

Management may decide to adopt another framework that is acceptable
Jurisdictions not having standards setting organizations or prescribed FRF
 When these accounting conventions are widely used in that particular jurisdiction,
accounting profession in that jurisdiction may consider acceptability of FRF on
behalf of the auditors.
 Auditor may also make determination by considering whether accounting
conventions exhibit following attributes
 Relevance,
 Completeness
 Reliability,
 Neutrality
 Understandability
 Auditor may also compare accounting conventions with an existing acceptable FRF
(e.g. IFRS)
 Collection of accounting conventions devised to suit individual preferences is not an
acceptable FRF for general purpose F/S.
 Compliance framework will not be an acceptable FRF, unless it is generally accepted
in particular jurisdictions by preparers and users.
b) Agreement of responsibilities of management (premise)
If premise is not present, auditor will be unable to obtain sufficient appropriate audit
evidence. Auditor may need to explain the importance of these matters, and implications for
auditor's report.
ISA 210 Page 6
1) Preparation of F/S in accordance with the AFRF.

Preparation includes presentation
2) Internal control to enable the preparation of F/S

As accounting books and records are an integral part of internal control as defined in ISA
315, no specific reference is made to them. To avoid misunderstanding, it may be
appropriate for auditor to explain to management scope of this responsibility.
3) To provide the auditor with:

 Access to all information;
 Additional information that the auditor may request
 Unrestricted access to persons within the entity
If preconditions are not present, auditor shall discuss the matter with management.
Auditor shall not accept audit engagement
(unless required by law or regulation to do so)
If management/TCWG impose a scope limitation of pervasive nature (requiring to
disclaim opinion), auditor shall not accept engagement, unless required by law or
regulation to do so.
Agreement on Audit Engagement Terms (Ref: 9-12, A22-A29)

Principal contents:
 Objective and scope of audit;
 Responsibilities of the auditor;
 Responsibilities of management;
 Identification of the AFRF for the preparation of F/S; and
 Reference to expected form and content of any reports to be issued by auditor and a
statement that deviations may be expected from its expected form and content.
Optional Contents – Judgment required
 Elaboration of scope of audit + reference to applicable legislation, regulations, ISAs etc.
 Form of any other communication of results.
 Requirements for the auditor to communicate Key Audit Matters (KAM) as per ISA-701
 Fact that because of inherent limitations of audit & internal control, there is risk that some
misstatements may not be detected, even though audit is properly planned & performed
 Arrangements regarding planning and performance of audit, team including composition
 Expectation that management will provide written representation
 Agreement of management to make available to auditor draft F/S and any accompanying
other information on timely basis.
 Agreement of management to inform auditor of facts that may affect F/S during date of
auditor's report to date of issuance of F/S
 Basis on which fees are computed and any billing arrangements.
 Request for management to acknowledge receipt of audit engagement letter and agree.
ISA 210 Page 7
Additional Contents (If relevant)

 Arrangements about involvement of other auditors and experts.
 Arrangements concerning the involvement of internal auditors and other staff of the entity.
 Arrangements to be made with predecessor auditor (initial audit)
 Any restriction of auditor's liability when such possibility exists.
 A reference to any further agreements between auditor and entity
 Any obligations to provide audit working papers to other parties.
AUDITS OF COMPONENTS
When auditor of a parent entity is also auditor of a component, the factors that may influence
the decision whether to send a separate audit engagement letter to component include the
following:
 Who appoints the component auditor;
 Whether a separate auditor's report is to be issued on component;
 Legal requirements in relation to audit appointments;
 Degree of ownership by parent; and
 Degree of independence of component management from parent.
Recurring Audits (Ref: 13, A30)

Auditor may decide not to send a new audit engagement letter or other written agreement
each period. However, following factors may make it appropriate to revise terms or to remind
the entity:
 Any indication that entity misunderstands the scope of audit.
 Any revised or special terms of the engagement.
 A recent change of senior management.
 A significant change in ownership.
 A significant change in nature or size of entity's business.
 A change in legal or regulatory requirements.
 A change in the FRF adopted in preparation of F/S.
 A change in other reporting requirements.
Acceptance of a Change in the Terms of the Audit Engagement (Ref: 14-17, A31-A35)
Request to Change the Terms of the Audit Engagement

 Such request may result from a
1) Change in circumstances affecting the need for the service
2) A misunderstanding as to nature of an audit as originally requested or
3) A restriction on scope of the audit.
 Auditor shall not agree to such change where there is no reasonable justification for such.
 Reason 1 & 2 may be considered a reasonable basis.
 Not be considered reasonable if change relates to incorrect or unsatisfactory information.
ISA 210 Page 8
Request to Change to a Review or a Related Service
 Auditor shall determine whether there is reasonable justification.

 Auditor may need to assess any legal or contractual implications.
 Audit work performed till date of change may be relevant to new engagement. But changed
report would not include reference to:
- Original audit engagement; or
- Any procedures till date, except where audit is changed to agreed-upon procedures.
 Auditor and management shall agree on and record new terms of engagement.
 If auditor is unable to agree and is not permitted to continue the audit, auditor shall:
- Withdraw from audit engagement
(where possible under applicable law or regulation)
- Determine whether there is any obligation to report the circumstances to other parties
e.g. TCWG/owners/regulators
Additional Considerations in Engagement Acceptance (Ref: 18-21, A36-A39)
Financial Reporting Standards Supplemented by Law/Regulation
 Auditor shall determine whether there are any conflicts between standards and the
requirements of Law.
 If conflict exist, auditor shall agree with management whether:
- Additional requirements can be met through additional disclosures in F/S; or
- Description of AFRF in F/S can be amended accordingly.
 If neither of the above actions is possible, auditor shall determine implications of ISA 705.
FRF Prescribed by Law or Regulation
 If auditor determine that such framework would be unacceptable, but as it is prescribed by

law, auditor shall accept audit engagement only if the following conditions are present:
 Management agrees to provide additional disclosures to avoid F/S being
misleading; and
 It is recognized in terms of the audit engagement that:
- Report will have an “Emphasis of Matter paragraph” referring additional
disclosures.
- Opinion will not include phrases like "present fairly, in all material respects," or
"give a true and fair view" in accordance with AFRF
 If above 2 conditions are not present auditor shall:
- Evaluate the effect of the misleading nature of F/S on the auditor's report; and
- Include appropriate reference to this matter in the terms of the audit engagement.
ISA 210 Page 9
Auditor's Report Prescribed by Law or Regulation
 If wording of report is significantly different from requirements of ISAs, auditor shall

evaluate:
- Whether users might misunderstand the assurance obtained from audit and, if so,
- Whether additional explanation in report can mitigate possible misunderstanding.
 If auditor concludes that additional explanation cannot mitigate possible
misunderstanding, auditor shall not accept the engagement, unless required by law or
regulation.
 Such an audit does not comply with ISAs. Accordingly auditor shall not include any
reference to audit having been conducted in accordance with ISAs.
Appendix 1 - Example of an Audit Engagement Letter
To the appropriate representative of management or those charged with governance of ABC Company:
[The objective and scope of the audit]

You have requested that we audit the financial statements of ABC Company, which comprise the balance
sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow
statement for the year then ended, and a summary of significant accounting policies and other
explanatory information. We are pleased to confirm our acceptance and our understanding of this audit
engagement by means of this letter. Our audit will be conducted with the objective of our expressing an
opinion on the financial statements.
[The responsibilities of the auditor]

We will conduct our audit in accordance with International Standards on Auditing (ISAs). Those
standards require that we comply with ethical requirements and plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free from material misstatement. An
audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the
financial statements. The procedures selected depend on the auditor’s judgment, including the
assessment of the risks of material misstatement of the financial statements, whether due to fraud or
error. An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates made by management, as well as evaluating the overall
presentation of the financial statements.
Because of the inherent limitations of an audit, together with the inherent limitations of internal control,
there is an unavoidable risk that some material misstatements may not be detected, even though the
audit is properly planned and performed in accordance with ISAs.
In making our risk assessments, we consider internal control relevant to the entity’s preparation of the
financial statements in order to design audit procedures that are appropriate in the circumstances, but
not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control.
However, we will communicate to you in writing concerning any significant deficiencies in internal
control relevant to the audit of the financial statements that we have identified during the audit.
ISA 210 Page 10
[The responsibilities of management and identification of the applicable financial reporting framework (for
purposes of this example it is assumed that the auditor has not determined that the law or regulation
prescribes those responsibilities in appropriate terms; the descriptions in paragraph 6(b) of this ISA are
therefore used).]
Our audit will be conducted on the basis that [management and, where appropriate, those charged with
governance] acknowledge and understand that they have responsibility:
a) For the preparation and fair presentation of the financial statements in accordance with
International Financial Reporting Standards;
b) For such internal control as [management] determines is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or error; and
c) To provide us with:
I. Access to all information of which [management] is aware that is relevant to the preparation of
the financial statements such as records, documentation and other matters;
II. Additional information that we may request from [management] for the purpose of the audit;
and
III. Unrestricted access to persons within the entity from whom we determine it necessary to
obtain audit evidence.
As part of our audit process, we will request from [management and, where appropriate, those charged
with governance], written confirmation concerning representations made to us in connection with the
audit.
We look forward to full cooperation from your staff during our audit.
[Other relevant information]

[Insert other information, such as fee arrangements, billings and other specific terms, as appropriate.]
[Reporting]
[Insert appropriate reference to the expected form and content of the auditor’s report.]
The form and content of our report may need to be amended in the light of our audit findings.
Please sign and return the attached copy of this letter to indicate your acknowledgement of, and
agreement with, the arrangements for our audit of the financial statements including our respective
responsibilities.
XYZ & Co.

Acknowledged and agreed on behalf of ABC Company by
(signed)
Name and Title
Date
Important Paragraphs 6, 10,17,18-21,A4, A8, A23, A24, A25, A28, A33

ISA 220 Page 11
ISA 220
1. Leadership Responsibilities for Quality on Audits (Ref: 8, A3)

Engagement partner shall take responsibility for overall quality on each of his audit
engagement, emphasizing the fact that quality is essential for audit and the importance to
audit quality of:
 Performing work that complies with professional standards and legal & regulatory
requirement
 Complying with firm's quality control policies and procedures as applicable
 Issuing auditor's reports that are appropriate in circumstances
 Engagement team's ability to raise concerns without fear of reprisals
2. Relevant Ethical Requirements (Ref: 9-11, A4-A7)

Throughout audit, engagement partner shall remain alert, through observation and making
inquiries for evidence of non-compliance with relevant ethical requirements by team
members. Fundamental principles of professional ethics include Integrity, Objectivity,
Professional competence & due care, Confidentiality and Professional behavior.
INDEPENDENCE
Engagement partner shall:
 Obtain relevant information from the firm (& network firms) to identify & evaluate
situations that create threat to independence
 Evaluate information on identified breaches of the firm's independence policies and
procedures
 Apply safeguards to eliminate or reduce such threats or to withdraw from engagement.
 Promptly report to the firm any inability to resolve matter.
3. Acceptance and Continuance of Client Relationships and Audit Engagements

(Ref: 12-13, A8-A10)
Engagement partner shall be satisfied that appropriate procedures regarding acceptance and
continuance have been followed.
Following information assists engagement partner in determining so:

 Integrity of principal owners, key management and TCWG;
 Whether engagement team is competent to perform the audit and has necessary
capabilities, including time and resources;
 Whether firm and engagement team can comply with relevant ethical requirements; and
 Significant matters arisen during current/previous audit & their implications on
continuance.
If engagement partner obtains information causing firm to decline the audit (if had received
earlier), engagement partner shall communicate promptly to firm for necessary actions.
ISA 220 Page 12
4. Assignment of Engagement Teams (Ref: 14, A11-A13)
Be satisfied that engagement team and experts, collectively have appropriate competence &
capabilities to:
 Perform audit in accordance with professional standards and legal & regulatory
requirements
 Enable an auditor's report that is appropriate in the circumstances to be issued.
Engagement partner may consider matters such as the team's:

 Understanding of, and practical experience with, audit of similar nature and complexity
through proper training and participation
 Understanding of professional standards and applicable legal and regulatory
requirements.
 Technical expertise, including expertise with relevant technology and specialized areas of
accounting or auditing.
 Knowledge of relevant industries in which the client operates.
 Ability to apply professional judgment.
 Understanding of firm's quality control policies and procedures.
5. Engagement Performance (Ref: 15-18, A14-A23)
DIRECTION
Informing the members of the engagement team of matters such as:
 Responsibilities, ethical requirements & professional skepticism
 Responsibilities of respective partners
(if more than one partner is involved)
 The objectives of the work to be performed.
 The nature of the entity's business.
 Risk-related issues.
 Problems that may arise.
 The detailed approach to the performance of the engagement.
SUPERVISION
 Tracking the progress of the audit engagement.
 Considering competence and capabilities of team members, including availability of time
 Whether they understand instructions
 Whether work is being carried out in accordance with the planned approach.
 Addressing significant matters arising during audit
 Identifying matters for consultation or consideration by more experienced team
members.
ISA 220 Page 13
REVIEWS
 Work performed in accordance with professional standards, legal & regulatory
requirements
 Significant matters have been raised for further consideration
 Appropriate consultations taken place and conclusions have been documented &
implemented
 Need to revise nature, timing and extent of work performed;
 Work performed supports conclusions reached and is appropriately documented;
 Evidence obtained is sufficient & appropriate to support report
 Objectives of the engagement procedures have been achieved.
Where a member of engagement team with expertise in a specialized area of accounting or

auditing is used, direction, supervision and review of that member's work may include
matters such as:
 Agreeing nature, scope and objectives of that member's work including communication
 Evaluating adequacy of that member's work.
CONSULTATIONS
The engagement partner shall:
 Take responsibility for team undertaking appropriate consultation on difficult matters;
 Be satisfied that team members have undertaken appropriate consultation during audit,
both within engagement team and between engagement team & others within or outside
the firm;
 Be satisfied that conclusions resulting from consultations are agreed with party consulted
 Determine that conclusions have been implemented.
5.1. Engagement Quality Control Review (Ref: 19-22, A24-A33)
For audits of listed entities and other **selected audit engagements, engagement partner shall:
 Determine that an engagement quality control reviewer has been appointed
 Discuss significant matters arising during audit, including those identified during
engagement quality control review, with the engagement quality control reviewer
 Not date auditor's report until the completion of the engagement quality control review.
** Selected engagements means the engagements that meet the criteria established by the firm
(e.g. all clients over Rs 1 billion turnover etc).
Nature, Timing and Extent of Engagement Quality Control Review

 Discussion of significant matters with the engagement partner;
 Review of the F/S and the proposed auditor's report;
 Review of selected audit documentation relating to significant judgments of the eng. team
 Evaluation of conclusions reached in formulating auditor's report and consideration of
whether the proposed auditor's report is appropriate.
ISA 220 Page 14
Engagement Quality Control Review of Listed Entities – Additional Requirements

For audits of listed entities, engagement quality control reviewer shall also consider following:
 Engagement team's evaluation of the firm's independence;
 Whether appropriate consultation has taken place on matters involving differences of
opinion or other difficult or debatable matters, and conclusions reached; and
 Whether audit documentation selected for review reflects the work performed.
DIFFERENCES OF OPINION
If differences of opinion arise within engagement team, with those consulted or, where
applicable, between engagement partner and engagement quality control reviewer,
engagement team shall follow the firm's policies and procedures for dealing with and
resolving differences of opinion.
6. Monitoring (Ref: 23, A34-A36)
Monitoring process is designed to provide firm with reasonable assurance that its policies and
procedures relating to system of quality control are relevant, adequate, & operating effectively
Engagement partner shall consider results of monitoring process as evidenced in latest
information circulated by the firm (and network firms) and whether deficiencies noted may
affect audit.
 Engagement partner may consider sufficient measures taken by firm to rectify the
situation.
 Such deficiency does not necessarily indicate that a particular audit engagement was not
performed in accordance with requirements, or that audit report was not appropriate
Documentation (Ref: 24-25, A34-A36)

 Issues identified regarding compliance with relevant ethical requirements and how
resolved.
 Conclusions on compliance with independence requirements that apply to audit, and any
relevant discussions with firm that support these conclusions.
 Conclusions reached regarding acceptance and continuance of client relationships.
 Nature and scope of, and conclusions resulting from, consultations undertaken
Engagement quality control reviewer shall document that:

 Procedures required by firm on engagement quality control review have been performed;
 Engagement quality control review has been completed on or before date of auditor's
report;
 Reviewer is not aware of any unresolved matters causing reviewer to believe that
significant judgments and the conclusions were not appropriate.
Important Paragraphs 11,15-20, 24, A2, A11, A13, A15, A17, A28
ISA 230 Page 15
ISA 230
Audit documentation
Record of audit procedures performed, relevant audit evidence obtained, and conclusions the
auditor reached (terms such as "working papers" or "workpapers" are also sometimes used).
Nature and Purposes of Audit Documentation (Ref: 2-3, A2-A20)

Audit documentation serves a number purposes, including:
 Assisting the engagement team to plan and perform the audit.
 Assisting supervisors of engagement team to discharge their review responsibilities (ISA
220)
 Enabling the engagement team to be accountable for its work.
 Retaining a record of matters of continuing significance to future audits.
 Enabling conduct of QCR and inspections in accordance with ISQC 1 or national
requirements
 Conduct of external inspections.
Timely Preparation of Audit Documentation (Ref: 7, A1)
 Auditor shall prepare sufficient and appropriate audit documentation on a timely basis.
 Oral explanations by auditor may be used to explain information contained in
documentation but it do not represent adequate support for work performed or
conclusions reached
Form, Content and Extent of Audit Documentation (Ref: 8-11, A2-A19)
Form, content and extent of audit documentation depend on:

 Size and complexity of the entity.
 Nature of the audit procedures to be performed.
 Risks of material misstatement.
 Significance of the audit evidence obtained.
 Nature and extent of exceptions identified.
 The audit methodology and tools used.
 Need to document a conclusion or the basis for a conclusion not readily determinable
from the documentation of the work performed or audit evidence obtained.
Auditor need not include superseded drafts of working papers and F/S, previous copies of
documents corrected, and duplicates.
ISA 230 Page 16
QUALITY OF DOCUMENTATION
Prepare audit documentation that is sufficient to enable experienced auditor, having no
previous connection with the audit, to understand:
 Nature, timing and extent of audit procedures performed
 Results of the audit procedures, and audit evidence obtained
 Significant matters arised, conclusions reached, and significant professional judgments
made.
Significant Matters:
 Matters that give rise to significant risks
 Results of audit procedures indicating
- That F/S could be materially misstated, or
- Need to revise auditor's previous risk assessment and responses to those.
 Circumstances causing difficulty in applying procedure
 Findings that could result in modification of report.
Auditor may consider it helpful to prepare and retain a summary (completion

memorandum)
 Significant matters identified during the audit and
 How they were addressed, or
 Cross-references to other relevant supporting documentation
Documentation of Audit Procedures Performed & Audit Evidence Obtained
Nature, timing and extent of audit procedures performed

 The identifying characteristics of the specific items or matters tested
(e.g invoice numbers, date, amount of transaction etc)
 Who performed audit work and the date such work was completed; and
 Who reviewed audit work performed and date and extent of such review
Discussions of significant matters with management, TCWG, and others

 Records prepared by auditor
 Minutes of meetings prepared by management and agreed by auditor etc.
How inconsistencies have been addressed
Departure from a relevant requirement
Document how alternative audit procedures performed achieve the aim of that
requirement, and the reasons for such departure.
Documentation requirement applies only where relevant. A requirement is not relevant
only in cases where:
 Entire ISA is not relevant
 Requirement is conditional and condition does not exist.
ISA 230 Page 17
Matters arising after the date of the auditor's report

 The circumstances encountered;
 New or additional audit procedures, audit evidence obtained, and conclusions
reached, and their effect on auditor's report
 When and by whom the resulting changes to audit documentation were made and
reviewed.
Assembly of the Final Audit File (Ref: 14-16, A21-A24)
Audit file
One or more folders or other storage media, in physical or electronic form, containing the
records that comprise the audit documentation for a specific engagement.
 Assemble audit documentation in an audit file and complete the administrative

process of assembling the final audit file on a timely basis after the date of the auditor's
report.
(Normally its not more than 60 days after auditor’s report)
 Completion of final audit file does not involve performance of new audit procedures
 Changes may be made to audit documentation during final assembly process if they are
administrative in nature. E.g.:
 Deleting or discarding superseded documentation.
 Sorting, collating and cross-referencing working papers.
 Signing off on completion checklists relating to file assembly process.
 Documenting audit evidence that auditor has obtained, discussed and agreed with
the relevant members of the engagement team before the date of the auditor's
report.
Auditor shall not delete or discard documentation of any nature before end of its retention
period. (larger of 5 years or local requirement; In Pakistan its 10 years)
if auditor finds it necessary to modify existing documentation or add new documentation

after assembly of final audit file, auditor shall document
 Specific reasons for making them; and
 When and by whom these were made and reviewed.
Important Paragraphs 8, 9, 13, 16, A2, A3, A7, A8, A12, A22
ISA 240 Page 18
ISA 240
Fraud: An intentional act by one or more individuals among management, TCWG, employees,
or third parties, involving the use of deception to obtain an unjust or illegal advantage.
Characteristics of Fraud(Ref: 2-3, A1-A5)

Misstatements in F/S can arise from either fraud or error. Distinguishing factor between fraud
and error is whether the action that results in the misstatement is intentional or unintentional.
Fraud Risk Factors
Incentive or pressure
May exist when management is under pressure, from sources outside or inside entity, to
achieve an expected (and perhaps unrealistic) earnings target or financial outcome.
Perceived opportunity
May exist when an individual believes internal control can be overridden due to his position
or has knowledge of deficiencies in internal control.
Attitudes / Rationalization
Some individuals possess an attitude, character or set of ethical values that allow them
knowingly and intentionally to commit a dishonest act.
Auditor may suspect or identify occurrence of fraud, but he does not make legal
determinations of whether fraud has actually occurred.
Fraud is a broad legal concept but auditor is concerned with fraud that causes a material
misstatement in F/S. There are 2 types of Frauds relevant to F/S:
1) Fraudulent financial reporting
 Manipulation, falsification (including forgery), or alteration of accounting records or

supporting documentation.
 Misrepresentation or intentional omission from F/S of events, transactions or other
significant information.
 Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation, or disclosure.
ISA 240 Page 19
Also involves management override of controls using techniques as:

 Recording fictitious entries, particularly close to period end, to manipulate operating
results or achieve other objectives.
 Inappropriately adjusting assumptions and changing judgments.
 Omitting, advancing or delaying recognition of events and transactions in F/S.
 Concealing, or not disclosing, facts that could affect F/S.
 Engaging in complex transactions structured to misrepresent the financial position or
financial performance of entity.
 Altering records & terms of significant and unusual transactions.
2) Misappropriation of assets
Involves theft of entity's assets and is often perpetrated by employees & management. It can
be accomplished in a variety of ways including:
 Embezzling receipts.
 Stealing physical assets or intellectual property.
 Causing an entity to pay for goods and services not received.
 Using an entity's assets for personal use.
Misappropriation is often accompanied by false or misleading records or documents in order to

conceal fraud.
Responsibility for the Prevention and Detection of Fraud (Ref: 4-9, A6-A7)
Primary responsibility for prevention and detection of fraud rests with both TCWG and
management.
Responsibilities of the Auditor
 An auditor is responsible for obtaining reasonable assurance that F/S as a whole are free
from material misstatement, whether caused by fraud or error.
 Due to inherent limitations, there is an unavoidable risk that some material misstatements
may not be detected; even the audit is properly planned & performed in accordance with
ISAs
 Risk of not detecting a material misstatement resulting from fraud is higher than risk of
not detecting one resulting from error
 Risk of not detecting a material misstatement resulting from management fraud is greater
than for employee fraud
ISA 240 Page 20
Discussion among the Engagement Team (Ref: 16, A11-A12)
 Exchange of ideas among team members about how and where the entity's F/S may be
susceptible to material misstatement due to fraud, how management could commit and
conceal fraud
 Circumstances that might be indicative of earnings management and practices to manage
earnings leading to fraud.
 Consideration of known external and internal fraud risk factors
 Management's involvement in overseeing employees with access to cash or other assets
susceptible to misappropriation.
 Consideration of any unusual or unexplained changes in behavior or lifestyle of
management or employees.
 An emphasis on maintaining a proper state of mind throughout audit regarding potential
for material misstatement due to fraud.
 How an element of unpredictability will be incorporated into nature, timing and extent of
audit procedures.
 Consideration of audit procedures that might be selected to respond to the susceptibility
of fraud.
 Consideration of any allegations of fraud that have come to the auditor's attention.
 A consideration of the risk of management override of controls.
Identification and Assessment of Risks of Material Misstatement Due to Fraud

(Ref: 26-28, A29-A33)
Risks of Fraud in Revenue Recognition
 Auditor shall evaluate which types of revenue, transactions or assertions give rise to such
risks. (Assuming such risk exists)
 Material misstatement for revenue recognition often results from
- Overstatement of revenues.
- Understatement of revenues
Understanding Entity's Related Controls
Auditor shall treat those assessed risks of material misstatement due to fraud as significant
risks and accordingly shall obtain an understanding of entity's related controls, including
control activities, relevant to such risks.
ISA 240 Page 21
Risk Assessment Procedures and Related Activities (Ref: 17-25, A13-A28)
Inquiries:
To determine whether they have knowledge of any actual, suspected or alleged fraud affecting
the entity, Auditor shall make inquiries of
 Management
 TCWG
 Internal Audit Function
 Others
- Operating personnel not directly involved in F/S process.
- Employees with different levels of authority.
- Employees involved in initiating, processing or recording complex or unusual
transactions and their supervisors.
- In-house legal counsel.
- Chief ethics officer or equivalent person.
- Person or persons charged with dealing allegations of fraud.
Specific Inquiries of management:

 Management's assessment of risk that F/S may be materially misstated due to fraud;
 Management's process for identifying and responding to risks of fraud including fraud
identified by management or brought to its attention or areas for which such risk is likely
to exist;
 Management's communication to TCWG regarding its processes
 Management's communication to employees regarding its views on business practices and
ethical behavior.
Specific Inquiries of TCWG

Unless all of TCWG are involved in managing entity, auditor shall obtain an understanding of
 How TCWG exercise oversight of management's processes for identifying and responding
to the risks of fraud
 Internal control management has established to mitigate risks.
Unusual or Unexpected Relationships Identified

Auditor shall evaluate whether such relationships identified in performing analytical
procedures, including those related to revenue accounts, may indicate risks of material
misstatement due to fraud.
Other Information
Auditor shall consider whether other information obtained by auditor indicates risks of
material misstatement due to fraud.
ISA 240 Page 22
Evaluation of Fraud Risk Factors

 Auditor shall evaluate whether information obtained from other risk assessment
procedures and related activities indicates that one or more fraud risk factors are present.
 The fact that fraud is usually concealed can make it very difficult to detect. However
auditor may identify events or conditions that indicate an incentive or pressure to commit
fraud or provide an opportunity to commit fraud.
Responses to Assessed Risks of Material Misstatement (Ref: 29-31, A34-A41)
At Financial Statement Level

 Assign and supervise personnel taking account of knowledge, skill and ability of individuals
and auditor's assessment of the risks
 Evaluate whether selection and application of accounting policies by entity may be
indicative of fraudulent financial reporting
 Incorporate an element of unpredictability in selection of the nature, timing and extent of
audit procedures.
 Performing substantive procedures on selected account balances and assertions
(neither material nor risky).
 Adjusting timing of audit procedures from expected.
 Using different sampling methods.
 Performing audit procedures at unexpected locations.
At the Assertion Level

Procedures may include changing the nature, timing and extent of audit procedures in the
following ways:
 Nature: To obtain more relevant & reliable audit evidence or to obtain additional
corroborative information
 Timing: Auditor may conclude that performing testing at or near period end better
addresses risk of material misstatement.
 Extent of procedures applied reflects the assessment of risks of material misstatement due
to fraud
Audit Procedures for Risks Related to Override of Controls (Ref: 32-34, A42-A49)
Auditor shall design and perform audit procedures to:
a) Test appropriateness of journal entries recorded in general ledger and other

adjustments made in preparation of F/S:
 Make inquiries of individuals involved in financial reporting process about inappropriate
or unusual activity relating to the processing of journal entries and other adjustments;
 Select journal entries and other adjustments made at period end
 Consider need to test journal entries and other adjustments.
ISA 240 Page 23
For above factors, the following matters are of relevance:

- Assessment of the risks of material misstatement due to fraud
- Controls implemented over journal entries and other adjustments
- Financial reporting process and nature of evidence that can be obtained
- Characteristics of fraudulent journal entries or other adjustments
 Made to unrelated, unusual, or seldom-used accounts
 Made by individuals who typically do not make journal entries,
 Recorded at period end or as post-closing entries that have little or no explanation or
description,
 That do not have account numbers, or
 Containing round numbers or consistent ending numbers.
- Nature and complexity of the accounts
 Contain transactions that are complex or unusual in nature,
 Contain significant estimates and period¬end adjustments,
 Have been prone to misstatements in the past,
 Not been reconciled timely or contain unreconciled differences
 Contain inter-company transactions
 Are associated with an identified risk of material misstatement.
- Journal entries or other adjustments processed outside the normal course of business
b) Review accounting estimates for biases:
 Evaluate whether judgments and decisions made by management in making accounting

estimates indicate a possible bias.
 Perform retrospective review of management judgments and assumptions related to
significant accounting estimates reflected in F/S of prior year.
c) For significant transactions outside normal course of business or that are unusual
 Auditor shall evaluate whether the business rationale of transactions suggests possibility of
fraud.
 Following are indicators of such fraud
 Form of such transactions appears overly complex.
 Management has not discussed nature of and accounting for such transactions with
TCWG
 There is inadequate documentation.
 Management is placing more emphasis on a particular accounting treatment.
 Transactions involving related parties, including special purpose entities, not been
properly approved by TCWG.
 Transactions involve previously unidentified related parties
ISA 240 Page 24
Auditor Unable to Continue the Engagement due to fraud (Ref: 39, A55-A58)
In such exceptional circumstances, auditor shall:
 Determine professional and legal responsibilities applicable
 Consider whether it is appropriate to withdraw from engagement
 If the auditor withdraws, discuss with appropriate level of management and TCWG
Examples of such exceptional circumstances:

 Entity does not take appropriate action regarding fraud that auditor considers necessary,
even where the fraud is not material;
 Auditor's consideration of risks of material misstatement and results of audit tests indicate
a significant risk of pervasive fraud
 Significant concern about competence or integrity of management or TCWG.
Written Representations (Ref: 40, A59-A60)
It is important for auditor to obtain a written representation from management and TCWG
confirming that they have disclosed:
 Results of management's assessment of the risk that F/S may be materially misstated as a
result of fraud
 Knowledge of actual, suspected or alleged fraud affecting entity
Communications to Management and with TCWG (Ref: 41-43, A61-A66)
 Identification of fraud information indicating fraud shall be communicated to appropriate

level of management.
 If auditor has identified or suspects fraud involving management, employees having
significant roles in internal control or others
 Auditor shall communicate to TCWG on a timely basis.
 Discuss with TCWG the nature, timing and extent of audit procedures necessary to
complete audit.
Other Matters Related to Fraud to be discussed with TCWG
 Concerns about nature, extent and frequency of management's assessments of controls in

place to prevent and detect fraud.
 Management failure to address identified significant deficiencies in internal control or to
appropriately respond to identified fraud.
 Auditor's evaluation of control environment, including questions regarding the competence
and integrity of management.
 Management Actions indicative of fraudulent financial reporting
 Concerns about adequacy and completeness of authorization of transactions appear to be
outside normal course of business.
ISA 240 Page 25
Communications to Regulatory and Enforcement Authorities (Ref: 44, A67-A69)

If auditor has identified or suspects a fraud, auditor shall determine whether there is a
responsibility to report the occurrence or suspicion to a party outside the entity.
 Law may require reporting the occurrence of fraud to supervisory authorities
 Auditor may consider it appropriate to obtain legal advice
Documentation (Ref: 45)

 Significant decisions reached during discussion among engagement team regarding
 Identified and assessed risks of material misstatement due to fraud at the F/S level and at
the assertion level.
Appendix 1 - Examples of Fraud Risk Factors (Selected)
Fraudulent Financial Reporting
Incentives/Pressures:
 Financial stability or profitability is threatened
 Pressure for management to meet the exception of third parties
 Personal financial situation of management threatened by entities financial performance
 Excessive pressure on management or operating personnel to meet financial targets
Opportunities:
 Significant related party transaction
 Assets/liabilities , Revenue, Expenditures based on significant estimates
 Domination of management by single person or group
 Complex or unstable organizational structure
 Internal control components are deficient
Attitudes:
 Ineffective communication or enforcement of entities values or ethical standards by
management
 Known history of violation of security laws or other laws
 A practice by management of committing to aggressive or unrealistic forces
 Low morale among senior management
Misappropriation of Assets:
Incentives/Pressures:
 Personal financial obligations
 Adverse relationship b/w the entity and employees with access to cash or other assets
susceptible to theft
ISA 240 Page 26
Opportunities:
 Large amount of cash on hand or processed
 Inventory items that are small in size, of high in value or in high demand
 Easily convertible assets e.g. diamonds, bearer bonds and gold
 Inadequate internal controls over assets
Attitudes/Rationalizations:
 Overriding existing controls
 Failing to correct known internal control deficiencies
 Behavior indicating displeasure or dissatisfaction with the entity
 Changes in behavior or lifestyle
Appendix 3 - Examples of Circumstances that Indicate the Possibility of Fraud
The following are examples of circumstances that may indicate the possibility that the
financial statements may contain a material misstatement resulting from fraud.
Discrepancies in the accounting records, including:
 Transactions that are not recorded in a complete or timely manner or are improperly
recorded as to amount, accounting period, classification, or entity policy.
 Unsupported or unauthorized balances or transactions.
 Last- minute adjustments that significantly affect financial results.
 Evidence of employees’ access to systems and records inconsistent with that necessary to
perform their authorized duties.
 Tips or complaints to the auditor about alleged fraud.
Conflicting or missing evidence, including:
 Missing documents.
 Documents that appear to have been altered.
 Unavailability of other than photocopied or electronically transmitted documents when
documents in original form are expected to exist.
 Significant unexplained items on reconciliations.
 Unusual balance sheet changes, or changes in trends or important financial statement
ratios or relationships - for example, receivables growing faster than revenues.
 Inconsistent, vague, or implausible responses from management or employees arising from
inquiries or analytical procedures.
 Unusual discrepancies between the entity's records and confirmation replies.
 Large numbers of credit entries and adjustments made to accounts receivable records.
 Unexplained or inadequately explained differences between the accounts receivable
subledger and the control account, or between the customer statements and the accounts
receivable subledger.
ISA 240 Page 27
 Missing or non- existent cancelled checks in circumstances where cancelled checks are
ordinarily returned to the entity with the bank statement.
 Missing inventory or physical assets of significant magnitude.
 Unavailable or missing electronic evidence, inconsistent with the entity’s record retention
practices or policies.
 Fewer responses to confirmations than anticipated or a greater number of responses than
anticipated.
 Inability to produce evidence of key systems development and program change testing and
implementation activities for current year system changes and deployments.
Problematic or unusual relationships between the auditor and management, including:
 Denial of access to records, facilities, certain employees, customers, vendors, or others

from whom audit evidence might be sought.
 Undue time pressures imposed by management to resolve complex or contentious issues.
 Complaints by management about the conduct of the audit or management intimidation of
engagement team members, particularly in connection with the auditor’s critical
assessment of audit evidence or in the resolution of potential disagreements with
management.
 Unusual delays by the entity in providing requested information.
 Unwillingness to facilitate auditor access to key electronic files for testing through the use
of computer assisted audit techniques
 Denial of access to key IT operations staff and facilities, including security, operations, and
systems development personnel.
 An unwillingness to add or revise disclosures in the financial statements to make them
more complete and understandable.
 An unwillingness to address identified deficiencies in internal control on a timely basis.
Other
 Unwillingness by management to permit the auditor to meet privately with those charged
with governance.
 Accounting policies that appear to be at variance with industry norms.
 Frequent changes in accounting estimates that do not appear to result from changed
circumstances.
 Tolerance of violations of the entity’s code of conduct.
Important Paragraphs 15, 17, 20, 24, 29, 32, 38, 39 ,41, A3, A4, A5, A10, A11, A36,
A37, A43, A48, A54, A64
ISA 250 (Revised) Page 28
ISA 250 – CONSIDERATION OF LAWS & REGULATIONS IN AN AUDIT OF F/S
This ISA distinguishes auditor’s responsibilities in relation to compliance with 2 different

categories of laws and regulations as follows:
 Provisions of laws and regulations normally having a direct effect on determination of
material amounts and disclosures in F/S (e.g. tax and pension laws etc); and
 Other laws and regulations that do not have such a direct effect, but compliance with
which may be fundamental to operating aspects of business, ability to continue its
business, or to avoid material penalties (e.g. compliance with terms of operating license or
compliance with environmental regulations);
Nature and circumstances of entity may impact whether relevant laws and regulations are
within the first or second category
Responsibility for Compliance with Laws and Regulations (Ref: 3-9, A1-A8)
 It is responsibility of management, with oversight of TCWG, to ensure that operations are

conducted in accordance with provisions of laws and regulations, including compliance
with the provisions of laws and regulations determining amounts and disclosures in F/S.
 Auditor is not responsible for preventing or detecting all non-compliances
 This ISA assist auditor in identifying material misstatement of F/S due to non-compliance
 Detection of non-compliance, regardless of materiality, may also affect other aspects of the
audit including, for example, consideration of the integrity of management or employees.
Non-compliance
Acts of omission or commission intentional or unintentional committed by the entity, or by
those charged with governance, by management or by other individuals working for or under
the direction of the entity, which are contrary to the prevailing laws or regulations. Non-
compliance does not include personal misconduct (unrelated to business activities of the entity)
Consideration of Compliance with Laws and Regulations (Ref: 13-18, A11-A16)
As part of obtaining understanding of entity, auditor shall obtain general understanding of:
 Legal & regulatory framework applicable to entity and industry in which it operates; and
 How the entity is complying with that framework
Auditor shall obtain sufficient appropriate audit evidence regarding compliance with the
provisions of those laws and regulations generally recognized to have a direct effect
on F/S. They could include those that relate to, for example:
 The form and content of F/S;
 Industry-specific financial reporting issues;
 Accounting for transactions under government contracts; or
 The accrual or recognition of expenses for income tax or pension costs.
Some provisions in those laws and regulations may be directly relevant to specific assertions
(e.g. completeness of income tax provisions), while others may be directly relevant to
F/S as a whole (e.g. required statements constituting a complete set of F/S)
Non-compliance with other provisions of such laws etc may result in fines, litigation or
other consequences for the entity, the costs of which may need to be provided for in the F/S.
Procedures to Identify Instances of Non-Compliance (Ref: 15-16, A13-A15)

Auditor shall perform the following audit procedures to help identify such instances:
 Inquiring of management and, where appropriate, TCWG, as to whether the entity is in
compliance with such laws and regulations; and
 Inspecting correspondence, if any, with the relevant licensing or regulatory authorities.
During audit, auditor shall remain alert to the possibility that other audit procedures applied
may bring instances of non-compliance or suspected non-compliance to auditor’s attention.
(e.g. reading minutes, inquiring legal counsel or performing substantive test of details etc)
Written Representations (Ref: 17-18, A16)

Request management, & where appropriate, TCWG, to provide written representations that all
known instances of non-compliance or suspected non-compliance with laws and regulations,
whose effects should be considered when preparing F/S, have been disclosed to auditor.
Audit Procedures When Non-Compliance Is Identified or Suspected

(Ref: 19-22, A17-A25)
If the auditor becomes aware of information concerning an instance of non- compliance or
suspected non-compliance with laws and regulations, the auditor shall obtain
 An understanding of nature of the act and the circumstances in which it has occurred; and
 Further information to evaluate the possible effect on the F/S including:
- The potential financial consequences of non-compliance on F/S
(e.g. imposition of fines, penalties and enforced discontinuation of operations etc)
- Whether it require disclosure.
- Whether these are so serious as to call into question the fair presentation of the F/S
Indications of Non-Compliance with Laws and Regulations (Examples)

 Investigations by regulatory organizations and Govt. departments or payment of fines or penalties.
 Payments for unspecified services or loans to consultants, related parties, or government employees.
 Sales commissions or agent’s fees that appear excessive in relation to those ordinarily paid by the entity
 Purchasing at prices significantly above or below market price.
 Unusual payments in cash, purchases in form of bearer cheques or transfers to numbered bank accounts.
 Unusual transactions with companies registered in tax havens.
 Payments for goods or services made other than to the country from which goods or services originated.
 Payments without proper exchange control documentation.
 Unauthorized transactions or improperly recorded transactions.
 Adverse media comment.
If the auditor suspects there may be non-compliance

 Auditor shall discuss matter with management (unless prohibited by law or regulation)
 Where appropriate auditor may discuss the findings with TCWG where they may be able to
provide additional audit evidence
 If management/TCWG do not provide sufficient information that supports the compliance
and, in he auditor’s judgment, the effect of the suspected non-compliance may be material
to the F/S, the auditor shall consider the need to obtain legal advice.
Auditor shall evaluate implications of non-compliance for other aspects of audit, including
risk assessment and reliability of written representations, and shall take appropriate action.
In certain cases, auditor may consider withdrawal from engagement when management or
TCWG do not take the remedial action or where identified or suspected noncompliance raises
questions about their integrity, even when non-compliance is not material to the F/S.
Auditor may consider appropriate to take legal advice to determine whether withdrawal is
appropriate. Even after withdrawing, he is not relieved of complying with other responsibilities
under law, regulation or relevant ethical requirements to respond to noncompliance.
Communication and Reporting Identified or Suspected Non-Compliance with TCWG

(Ref: 23-25)
 Unless all TCWG are involved in management of entity, auditor shall communicate with
TCWG (unless prohibited by law or regulation) significant matters involving non-
compliance that come to auditor’s attention during the course of the audit.
 If, in the auditor’s judgment, the non-compliance is believed to be intentional and
material, auditor shall communicate the matter with TCWG as soon as practicable.
 If auditor suspects that management or TCWG are involved in non-compliance, the auditor
shall communicate the matter to the next higher level of authority at the entity, if it exists.
(e.g. audit committee)
 Auditor shall consider the need to obtain legal advice:
- Where no higher authority exists;
- If the auditor believes that the communication may not be acted upon; or
- If the auditor is unsure as to the person to whom to report,
Implications on Auditor’s Report (Ref: 26-28, A26-A27)

 If auditor concludes that the non-compliance has a material effect on the F/S, and has not
been adequately reflected in F/S, auditor shall express a qualified or an adverse opinion.
 If auditor is precluded by management or TCWG from obtaining sufficient appropriate
audit evidence to evaluate whether non-compliance that may be material to the F/S has,
or is likely to have, occurred, auditor shall express a qualified opinion or disclaim opinion
 If auditor is unable to determine whether non-compliance has occurred because of
limitations imposed by the circumstances rather than by management or TCWG, auditor
shall evaluate the effect on the auditor’s opinion in accordance with ISA 705.
Law or regulation may preclude public disclosure by either management, TCWG or auditor about
a specific matter (e.g. a communication, or other action, that might prejudice an investigation by
an appropriate authority, as it may alert the entity). Auditor may consider obtaining legal advice
to determine the appropriate course of action
Reporting Non-Compliance to appropriate authority outside entity (Ref: 29, A28-A34)
If the auditor has identified or suspects non-compliance with laws and regulations, auditor
shall determine whether law, regulation or relevant ethical requirements:
 Require the auditor to report to an appropriate authority outside the entity.
(e.g. statutory requirements of a financial institution may require to report occurrence, or
suspected occurrence, of non-compliance to supervisory authority)
 Establish responsibilities under which reporting to an appropriate authority outside the
entity may be appropriate in the circumstances, such as:
- Auditor has determined that it is in accordance with relevant ethical requirements; or
(e.g. IESBA Code requires auditor to take steps to respond to such non-compliance and
determine whether further action is needed including reporting to outside authority)
- Law, regulation or relevant ethical requirements provide auditor with right to do so
(E.g. when auditing F/S of financial institutions, auditor may have legal right to discuss
matters such as identified or suspected non-compliance with a supervisory authority)
Documentation (Ref: 30, A35-A36)
Auditor shall include

 Identified or suspected non-compliance with laws and regulations;
 Procedures performed, significant professional judgments made and conclusions reached;
 Discussions of significant matters related to non-compliance with management, TCWG
and others, including how they responded to the matter
Law, regulation or relevant ethical requirements may also set out additional documentation
requirements regarding identified or suspected non-compliance with laws and regulations
Important Paragraphs 13, 15, 19, 23, 29, A2, A6, A11, A15, A18, A19, A24, A26, A28
ISA 260 Page 32
ISA 260 (REVISED)
Those Charged with Governance (TCWG)

The person(s) or organization(s) (e.g., a corporate trustee) with responsibility for overseeing the
strategic direction of the entity and obligations related to the accountability of entity. This includes
overseeing the financial reporting process. For some entities in some jurisdictions, TCWG may
include management personnel, for example, executive members of a governance board of a private or
public sector entity, or an owner-manager.
Management
The person(s) with executive responsibility for the conduct of the entity’s operations. For some
entities in some jurisdictions, management includes some or all of TCWG, for example, executive
members of a governance board, or an owner-manager.
Those Charged with Governance – TCWG (Ref: 11-13, A1-A8)
The auditor shall determine the appropriate person(s) within entity’s governance structure
with whom to communicate.
Governance structures may vary by jurisdiction and by entity, and the size and ownership
characteristics. Some examples of such governance structures are:
 A supervisory board exists that is separate from an executive board. (two-tier)
 Both supervisory and executive functions are the legal responsibility of a single board
 TCWG hold positions that are integral part of entity’s legal structure (e.g. directors)
 In some government entities, a body that is not part of entity is charged with governance.
 Some or all of TCWG are involved in managing the entity.
 TCWG and management comprise different persons.
 TCWG are responsible for approving the entity’s F/S (in other cases management do so)
 Governance is collective responsibility of governing body; Subgroup e.g. audit committee
or even an individual may be charged with specific task to assist governing body
Such diversity means that it is not possible for this ISA to specify the person(s) with whom
the auditor is to communicate particular matters. In such cases, auditor may need to discuss
and agree with engaging party the relevant person(s) with whom to communicate. In
deciding so, understanding of entity’s governance structure is relevant. The appropriate
person(s) with whom to communicate may vary depending on matter to be communicated.
Communication with a Subgroup of TCWG
If auditor communicates with a subgroup of TCWG (e.g. audit committee), the auditor shall
determine whether the auditor also needs to communicate with the governing body
ISA 260 Page 33
When considering communicating with subgroup of TCWG, auditor may take into account
such matters as:
 The respective responsibilities of the subgroup and the governing body.
 The nature of the matter to be communicated.
 Relevant legal or regulatory requirements.
 Whether the subgroup has authority to take action in relation to the information
communicated, and can provide further required information and explanations.
Good governance principles suggest that:

 The auditor will be invited to regularly attend meetings of the audit committee.
 The chair of audit committee and, when relevant, other members of the audit committee,
will liaise with the auditor periodically.
 The audit committee will meet the auditor without management present at least annually.
When All of TCWG Are Involved in Managing the Entity
If matters are communicated with persons with management responsibilities, and those
persons also have governance responsibilities, matters need not be communicated again.
Auditor shall however be satisfied that communication with persons with management
responsibilities adequately informs all of those with whom auditor would otherwise
communicate in their governance capacity.
(E.g. in a company where all directors are involved in managing entity, one responsible for
marketing may be unaware of discussion with one responsible for preparation of F/S)
Matters to Be Communicated (Ref: 14-17, A9-A32)
Auditor’s Responsibilities in Relation to Financial Statement Audit (Ref: 14, A9-A10)
Auditor shall communicate responsibilities of auditor for F/S audit, including that:
 Auditor is responsible for forming and expressing an opinion on the F/S that have been
prepared by management with the oversight of TCWG; and
 Audit of the F/S does not relieve management or TCWG of their responsibilities.
Auditor’s responsibilities are often included in the engagement letter etc. Law, regulation
or governance structure of entity may require TCWG to agree those terms with auditor.
When this is not the case, providing TCWG with a copy of that engagement letter etc may be
an appropriate way to communicate with them regarding such matters as:
 Auditor’s responsibility for performing audit in accordance with ISAs
 The fact that ISAs do not require auditor to design procedures for purpose of identifying
supplementary matters to communicate with TCWG.
 Auditor’s responsibilities to determine and communicate key audit matters in report.
 Auditor’s responsibility for communicating particular matters required by law or
regulation, by agreement with entity or by additional requirements applicable.
ISA 260 Page 34
Planned Scope and Timing of the Audit (Ref: 15, A11-A16)
Auditor shall communicate overview of planned scope and timing of audit, which includes
communicating about significant risks identified by the auditor. Such communication may:
 Assist TCWG to understand better the consequences of auditor’s work, to discuss issues of
risk and the concept of materiality with auditor, and to identify any areas in which they
may request the auditor to undertake additional procedures; and
 Assist the auditor to understand better the entity and its environment.
Matters communicated may include:
 How auditor plans to address the significant risks of material misstatement.
 How auditor plans to address areas of higher assessed risks of material misstatement.
 The auditor’s approach to internal control relevant to the audit.
 The application of concept of materiality in the context of an audit.
 The nature and extent of specialized skill or knowledge needed to perform planned audit
procedures or evaluate audit results, including use of an auditor’s expert.
 For ISA 701, auditor’s preliminary views about matters that may be key audit matters.
 Planned approach to addressing implications on individual statements and the disclosures
of any significant changes within AFRF or in entity’s environment or financial condition.
Other planning matters that it may be appropriate to discuss with TCWG include:
 How external auditor and internal auditors can work together in a constructive and
complementary manner (where applicable)
 The views of TCWG about:
- Appropriate person(s) in entity’s governance structure with whom to communicate.
- The allocation of responsibilities between TCWG and management.
- Entity’s objectives and strategies, and related business risks that may result in material
misstatements.
- Matters TCWG consider warrant particular attention during audit
- Significant communications between the entity and regulators.
- Other matters TCWG consider may influence the audit of the F/S.
 The attitudes, awareness, and actions of TCWG concerning
- Entity’s internal control and its importance in the entity, including how TCWG oversee
the effectiveness of internal control, and
- Detection or possibility of fraud.
 The actions of TCWG in response to developments in accounting standards, corporate
governance practices, exchange listing rules, and related matters, and effect of such
developments on the overall presentation, structure and content of the F/S, including:
- Relevance, reliability, comparability and understandability of information in F/S; and
- Considering whether F/S are undermined by inclusion of information that is not
relevant or that obscures a proper understanding of the matters disclosed.
 The responses of TCWG to previous communications with the auditor.
 The documents comprising other information (ISA 720) and the planned manner and
timing of the issuance of such documents.
ISA 260 Page 35
Significant Findings from the Audit (Ref: 16, A17-A28)
Auditor shall communicate with TCWG including requesting further information from them:
a) Auditor’s views about significant qualitative aspects of entity’s accounting practices,
including accounting policies, accounting estimates and financial statement disclosures.
 Auditor’s views on subjective aspects of F/S may be particularly relevant to TCWG in
discharging their responsibilities for oversight of the financial reporting process.
 Open and constructive communication about significant qualitative aspects of
entity’s accounting practices also may include comment on acceptability of significant
accounting practices and quality of disclosures.
b) Significant difficulties, if any, encountered during the audit;
 Significant delays by management, unavailability of personnel, or unwillingness
by management to provide necessary information.
 An unreasonably brief time to complete the audit.
 Extensive unexpected effort required to obtain audit evidence
 Unavailability of expected information.
 Restrictions imposed on the auditor by management.
[
 Management’s unwillingness to make or extend its assessment of going concern.
c) Unless all of TCWG are involved in managing the entity:
i). Significant matters arising during audit that were discussed, or subject to the
correspondence, with management;
 Significant events or transactions that occurred during the year.
 Business conditions affecting entity, business plans and strategies affecting risk
 Correspondence in connection with initial or recurring appointment of auditor
regarding accounting practices, application of auditing standards, or fees etc
 Significant matters on which there are disagreement with management
ii). Written representations the auditor is requesting;
d) Circumstances that affect the form and content of the auditor’s report, if any;
 To inform TCWG about circumstances in which auditor’s report may differ from
its expected form and content or may include additional information about audit.
 Circumstances where auditor is required to or may include additional information:
 Auditor expects to modify opinion (ISA 705)
 Material uncertainty related to going concern is reported (ISA 570)
 Key audit matters are communicated (ISA 701)
 Auditor considers it necessary to include an Emphasis of Matter paragraph or
Other Matters paragraph (ISA 706)
 There is an uncorrected material misstatement of other information; Auditor may
consider it useful to provide TCWG with a draft of auditor’s report to facilitate a
discussion of how such matters will be addressed in auditor’s report. (ISA 720)
 Auditor intends, in rare circumstances, not to include the name of engagement
partner in report due to severity of personal security threat (ISA 700)
 Auditor elects not to include description of auditor’s responsibilities in body of
the auditor’s report (ISA 700)
ISA 260 Page 36
e) Any other significant matters arising during audit that, in auditor’s professional judgment,
are relevant to the oversight of the financial reporting process.
 Unexpected events, changes in conditions, or audit evidence obtained, requiring the
auditor to modify the overall audit strategy and audit plan
 Material misstatements of the other information that have been corrected.
 Other matters discussed considered by, engagement quality control reviewer, if any.
Auditor Independence (Ref: 17, A29-A32)
In the case of listed entities, auditor shall communicate with TCWG:

 A statement that engagement team and others in firm, the firm and, when applicable,
network firms have complied with relevant ethical requirements regarding independence;
 All relationships and other matters between firm, network firms, and entity that, in the
auditor’s professional judgment, may reasonably be thought to bear on independence;
 Related safeguards that have been applied to eliminate identified threats to independence
or reduce them to an acceptable level.
Relevant ethical requirements or law/regulation may also specify communications to TCWG

in circumstances where breaches of independence requirements have been identified.
The Communication Process (Ref: 18-22, A37-A53)
Establishing the Communication Process
Auditor shall communicate form, timing and expected general content of communications.
Clear communication helps establish the basis for effective two-way communication.
Matters that may also contribute to effective communication include discussion of the:
 Purpose of communications.
 Form in which communications will be made.
 Persons in engagement team and in TCWG who will communicate regarding matters.
 Auditor’s expectation that TCWG will also communicate with auditor matters relevant to
audit (e.g. suspicion of fraud or concerns with integrity or competence of management)
 The process for taking action and reporting back on matters communicated by the auditor.
 The process for taking action and reporting back on matters communicated by TCWG.
Before communicating matters with TCWG, auditor may discuss them with management,
unless that is inappropriate (e.g. questions of management’s competence or integrity)
When entity has an internal audit function, the auditor may discuss matters with the internal
auditor before communicating with TCWG.
ISA 260 Page 37
Communication with Third Parties

 TCWG may be required by law or regulation, or may wish, to provide third parties (e.g.
banks, regulators etc), with copies of a written communication from auditor.
 In some cases, disclosure to third parties may be illegal or otherwise inappropriate.
 When such written communication prepared for TCWG is provided to third parties, it may
be important to inform them that the communication was not exactly prepared for them
 Auditor may need prior consent of TCWG before providing a third party with a copy of the
written communications with TCWG, unless that was required by law or regulation.
Forms of Communication
 Auditor shall communicate in writing with TCWG.
 Oral communication would not be adequate.
 Written communications need not include all matters that arose during course of audit.
 Effective communication may involve structured presentations and written reports as
well as less structured communications, including discussions.
 Auditor may communicate matters other than identified above either orally or in writing
In addition to significance of particular matter, form of communication (orally/writing,

extent of detail, structured/unstructured manner etc) may be affected by such factors as:
 Whether a discussion of the matter will be included in auditor’s report.
 Whether the matter has been satisfactorily resolved.
 Whether management has previously communicated the matter.
 The size, operating structure, control environment, and legal structure of the entity.
 In audit of special purpose F/S, whether auditor also audits entity’s general purpose F/S.
 Legal requirements.
 Expectations of TCWG.
 The amount of ongoing contact and dialogue the auditor has with TCWG.
 Whether there have been significant changes in the membership of a governing body.
Timing of Communications
Auditor shall communicate with TCWG on a timely basis
 Communications regarding planning matters may often be made at early time in audit and,
for an initial engagement, may be made as part of agreeing the terms of the engagement.
 Significant difficulty arising during audit shall be communicated as soon as practicable
 Auditor may communicate orally to TCWG as soon as practicable significant deficiencies in
internal control that the auditor has identified, prior to communicating these in writing
 Auditor may communicate preliminary views about key audit matters when discussing the
planned scope and timing of the audit
 Communications regarding independence may be appropriate whenever significant
judgments are made about threats to independence and related safeguards.
 Communications regarding findings from audit, including views about qualitative aspects
of the entity’s accounting practices, may also be made as part of the concluding discussion.
ISA 260 Page 38
Other factors that may be relevant to the timing of communications include:

 Size, operating structure, control environment, and legal structure of the entity
 Any legal obligation to communicate certain matters within a specified timeframe.
 Expectations of TCWG, including arrangements made for periodic meetings etc.
 The time at which auditor identifies certain matters
Adequacy of the Communication Process
Auditor shall evaluate whether two-way communication between auditor and TCWG has
been adequate for audit purposes. Such evaluation may be based on observations such as:
 Appropriateness and timeliness of actions taken by TCWG in response to matters raised
- In case of no action, auditor may inquire the reasons
- Consider raising the point again to highlight its importance.
 Apparent openness of TCWG in their communications with the auditor.
 Willingness and capacity of TCWG to meet with auditor without management present.
 Apparent ability of TCWG to fully comprehend matters raised by auditor
 Difficulty in establishing with TCWG a mutual understanding of form, timing and expected
general content of communications.
 Whether two-way communication between the auditor and TCWG meets applicable legal
and regulatory requirements.
If two-way communication between auditor and TCWG is not adequate and situation cannot
be resolved, the auditor may take such actions as:
 Modifying the auditor’s opinion on the basis of a scope limitation.
 Obtaining legal advice about the consequences of different courses of action.
 Communicating with third parties (e.g., a regulator), or a higher authority in governance
structure that is outside the entity, such as the owners of a business (e.g., shareholders)
 Withdrawing from engagement, where it is possible under applicable law or regulation.
Documentation (Ref: 23, A54)

Where matters have been communicated in writing, auditor shall retain a copy of the
communication as part of the audit documentation.
Where matters required are communicated orally, auditor shall include them in audit
documentation, and when and to whom they were communicated.
(May also include a copy of minutes prepared by entity retained as part of audit
documentation where those minutes are an appropriate record of the communication)
Important Paragraphs 14, 16, 17, A1, A5, A7, A9, A13, A14, A21, A22, A24, A38, A43,
A47, A53
ISA 265 Page 39
ISA 265
Deficiency in internal control

* A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and
correct, misstatements in the F/S on a timely basis; or
* A control necessary to prevent, or detect and correct, misstatements in F/S on a timely basis is missing.
Significant deficiency in internal control

A deficiency or combination of deficiencies in internal control that, in auditor’s professional judgment,
is of sufficient importance to merit the attention of TCWG.
Auditor shall determine whether, on the basis of the audit work performed, the auditor has
identified one or more deficiencies in internal control.
 Auditor may discuss the relevant facts and circumstances of auditor’s findings with the
appropriate level of management.
 Auditor may obtain other relevant information for further consideration, such as:
- Management understanding of the actual or suspected causes of the deficiencies.
- Exceptions arising from deficiencies that management may have noted
(e.g. misstatements that were not prevented by relevant IT controls)
- A preliminary indication from management of its response to the findings.
Significant Deficiencies in Internal Control (Ref: 8, A5-A11)

If auditor has identified one or more deficiencies in internal control, auditor shall determine,
on the basis of the audit work performed, whether, individually or in combination, they
constitute significant deficiencies
Examples of matters that the auditor may consider in determining the significance:
 Likelihood of the deficiencies leading to material misstatements in the F/S in the future.
 The susceptibility to loss or fraud of the related asset or liability.
 Subjectivity and complexity of determining estimated amounts, e.g. fair value estimates.
 The financial statement amounts exposed to the deficiencies.
 The volume of activity that has occurred or could occur in the account balance or class of
transactions exposed to the deficiency or deficiencies.
 The importance of the controls to the financial reporting process; for example:
- General monitoring controls (such as oversight of management).
- Controls over the prevention and detection of fraud.
- Controls over selection and application of significant accounting policies.
- Controls over significant transactions with related parties.
- Controls over significant transactions outside the entity’s normal course of business.
- Controls over the period-end financial reporting process
 Cause and frequency of the exceptions detected as a result of deficiencies in the controls.
 The interaction of the deficiency with other deficiencies in internal control.
ISA 265 Page 40
Indicators of significant deficiencies in internal control:
 Evidence of ineffective aspects of control environment, such as:

- Indications that significant transactions in which management is financially interested
are not being appropriately scrutinized by TCWG.
- Identification of management fraud, that was not prevented by internal control.
- Management’s failure to implement appropriate remedial action on significant
deficiencies previously communicated.
 Absence of a risk assessment process within entity (where it is expected to be present)
 Evidence of an ineffective risk assessment process (fails to identify risks)
 Evidence of an ineffective response to identified significant risks
 Misstatements detected by auditor that were not prevented, or detected and corrected, by
entity’s internal control.
 Restatement of previously issued F/S to reflect correction of a material misstatement.
 Evidence of management’s inability to oversee the preparation of the F/S.
Communication of Deficiencies in Internal Control (Ref: 9, A12-A18)
Auditor shall communicate in writing significant deficiencies in internal control identified

during the audit to TCWG on a timely basis.
 In determining when to issue written communication, auditor may consider whether
receipt of such communication would be an important factor in enabling TCWG to
discharge their oversight responsibilities.
 Auditor may also communicate these orally in the first instance to management and TCWG
 The level of detail at which to communicate significant deficiencies is a matter of auditor’s
professional judgment. Factors that auditor may consider in determining so include:
- The nature of the entity.
(e.g. communication required for public interest entity may be different from others)
- The size and complexity of the entity.
- The nature of significant deficiencies that the auditor has identified.
- The entity’s governance composition.
(e.g. more detail may be needed if TCWG include inexperienced members)
- Legal or regulatory requirements regarding such communication
 The fact that auditor communicated a significant deficiency to TCWG and management in a
previous audit does not eliminate the need for the auditor to repeat the communication if
remedial action has not yet been taken.
- If a previously communicated significant deficiency remains, this year communication
may repeat the description from previous communication, or simply refer it
- Auditor may ask management or TCWG, why the deficiency has not yet been remedied.
- A failure to take remedial action may in itself represent a significant deficiency.
ISA 265 Page 41
Communication of Deficiencies to Management (Ref: Para. 10, A19-A27)

Auditor shall also communicate to appropriate level of management on a timely basis:
 In writing, significant deficiencies in internal control that auditor has communicated or
intends to communicate to TCWG, unless it is inappropriate to communicate to them.
(E.g. where deficiency call into question the integrity or competence of management)
 Other deficiencies in internal control identified during audit that have not been
communicated to management by other parties and that, in auditor’s professional
judgment, are of sufficient importance to merit management’s attention.
Other considerations relating to Communication of Other Deficiencies
 Communication of other deficiencies need not be in writing but may be oral.
 If auditor has communicated other deficiencies in internal control to management in prior
period and management has chosen not to remedy them for cost or other reasons, auditor
need not repeat the communication in the current period.
 Auditor may re- communicate these other deficiencies if there has been a change of
management, or if new information has come to auditor’s attention
 If deemed appropriate, auditor may also inform TCWG of such communication
Content of Written Communication of Significant Deficiencies (Ref: 11, A28-A30)

Auditor shall include in written communication of significant deficiencies in internal control:
 A description of the deficiencies and an explanation of their potential effects; and
 Sufficient information to enable TCWG and management to understand the context of the
communication. In particular, the auditor shall explain that:
- The purpose of the audit was for the auditor to express an opinion on the F/S;
- The audit included consideration of internal control relevant to preparation of F/S in
order to design audit procedures that are appropriate in the circumstances, but not for
the purpose of expressing an opinion on effectiveness of internal control; and
- The matters being reported are limited to those deficiencies that auditor has identified
during audit and that auditor has concluded are of sufficient importance to be reported
Other Considerations
 In explaining potential effects, auditor need not quantify those effects.
 Significant deficiencies may be grouped together for reporting purposes, if appropriate.
 Auditor may also include suggestions for remedial action on deficiencies, management’s
actual or proposed responses, and a statement as to whether auditor has undertaken any
steps to verify whether management’s responses have been implemented.
 Auditor may consider it appropriate to include the indications that:
- By performed more extensive procedures, more deficiencies could also be identified.
- Such communication has been provided for TCWG, and that is not suitable for others.
 Law or regulation may require auditor or management to furnish copy of communication
to appropriate regulatory authorities.
(In this case, auditor’s written communication may identify such regulatory authorities)
Important Paragraphs 10, 11, A2, A6, A7, A15, A29

200 Series

Uploaded by

200 Series

Uploaded by

Table of Contents

INTERNATIONAL STANDARDS ON REVIEW ENGAGEMENTS (ISRE)

INTERNATIONAL STANDARDS ON RELATED SERVICES (ISRS)

INTERNATIONAL STANDARDS ON QUALITY C ONTROL (ISQC)

APPOINTMENT OF AUDITOR – LEGAL CONSIDERATIONS

OTHER AREAS FOR UNDERSTANDING (MISC)

ISA 200 (SELECTED)

An Audit of F/S (Ref: 3-9, A1-A13)

Preparation of the Financial Statement

Preparation of F/S requires the:

Management and TCWG acknowledged and understand responsibilities

Overall Objectives of the Auditor

 To obtain reasonable assurance

Sufficient Appropriate Audit Evidence and Audit Risk (Ref:17, A30-54)

Ethical Requirements Relating to an Audit of F/S (Ref: 14, A16-A19)

Professional Skepticism (Ref: 15, A20-A24)

Maintaining professional skepticism is necessary to reduce risks of:

Professional Judgment (Ref: 16, A25-A29)

Professional judgment is necessary regarding decisions about:

Inherent Limitations of an Audit (Ref: A47)

 Nature of financial reporting

Audit Risk (Ref: A34-A46)

Audit Risk = Risk of Material Misstatement x Detection Risk

Inherent Risk: Susceptibility of an assertion to a misstatement that could be material before

Conduct of an Audit in Accordance with ISAs (Ref: 18-24, A55-A78)

Complying with ISAs Relevant to the Audit

 Comply with all ISAs relevant to the audit

Objectives Stated in Individual ISAs

 Determine whether any additional audit procedures required

Complying with Relevant Requirements

Auditor shall comply unless

Failure to Achieve an Objective

For Notes and Study Material for all subjects of CA-ICAP

Please visit www.canotes.net

If you want to share any useful notes (in soft form)

Please mail us at [email protected] or [email protected]

Talib e Doa: Atif Abidi

Preconditions for an Audit (Ref: 6-8, A2-A21)

a) Determine whether FRF to be applied in the preparation of the F/S is acceptable;

Factors relevant to auditor's determination of acceptability of FRF:

Deficiencies in AFRF may be encountered after acceptance of audit engagement.

Jurisdictions not having standards setting organizations or prescribed FRF

b) Agreement of responsibilities of management (premise)

1) Preparation of F/S in accordance with the AFRF.

2) Internal control to enable the preparation of F/S

3) To provide the auditor with:

Agreement on Audit Engagement Terms (Ref: 9-12, A22-A29)

Additional Contents (If relevant)

Recurring Audits (Ref: 13, A30)

Request to Change the Terms of the Audit Engagement

Request to Change to a Review or a Related Service

 Auditor shall determine whether there is reasonable justification.

Additional Considerations in Engagement Acceptance (Ref: 18-21, A36-A39)

Financial Reporting Standards Supplemented by Law/Regulation

FRF Prescribed by Law or Regulation

 If auditor determine that such framework would be unacceptable, but as it is prescribed by

Auditor's Report Prescribed by Law or Regulation

 If wording of report is significantly different from requirements of ISAs, auditor shall

Appendix 1 - Example of an Audit Engagement Letter

[The objective and scope of the audit]

[The responsibilities of the auditor]

[Other relevant information]

XYZ & Co.

Important Paragraphs 6, 10,17,18-21,A4, A8, A23, A24, A25, A28, A33

1. Leadership Responsibilities for Quality on Audits (Ref: 8, A3)

2. Relevant Ethical Requirements (Ref: 9-11, A4-A7)

3. Acceptance and Continuance of Client Relationships and Audit Engagements

Following information assists engagement partner in determining so:

4. Assignment of Engagement Teams (Ref: 14, A11-A13)

Engagement partner may consider matters such as the team's:

5. Engagement Performance (Ref: 15-18, A14-A23)

Where a member of engagement team with expertise in a specialized area of accounting or

5.1. Engagement Quality Control Review (Ref: 19-22, A24-A33)

Nature, Timing and Extent of Engagement Quality Control Review

Engagement Quality Control Review of Listed Entities – Additional Requirements

6. Monitoring (Ref: 23, A34-A36)