The audit of going concern is often a challenge. Here we look at what a good audit file looks like in the context of going concern.
This guidance has been issued by ICAEW’s Technical Advisory Service in conjunction with ICAEW’s Quality Assurance Department as part of the What Good Looks Like Project, driven by the needs of our members and championed by the ICAEW Practice Committee.
The objective of this guidance is to help members better understand how to conduct and document their audits in a way that stands up to scrutiny. This includes considering how to interpret the requirements of ISAs (UK), to make well balanced judgements and apply professional scepticism.
The guidance is published below and can be downloaded and printed via the download button. It can also be used as training material within your firm – access additional video and training content including questions for discussion to supplement the case studies.
The ‘what good looks like’ guidance does not intend to gold plate the requirements of the ISAs (UK) and add new requirements where there are none.
The standard of audit quality that auditors should be aiming to achieve is full compliance with ISAs (UK) and other relevant requirements, such as the Ethical Standard and Companies Act. All ISA references below are to ISA (UK) 570 (Revised September 2019) Going Concern.
The guidance, together with the case studies, demonstrates what could have been done and documented on an audit that achieves a Grade 1, which is referred to as ‘Satisfactory’, on a Quality Assurance Department (“QAD”) monitoring visit.
This guidance does not address issues that might arise in Public Interest Entity (PIE) audits or entities that comply with the FRC Code of Governance or similar.
Each of the three case studies have been prepared based upon a real scenario. The case studies are illustrative examples of how good auditors might respond to the particular set of circumstances laid out. They are not designed to be a model or template that can be followed regardless of the specifics of the audit. The case studies do not consider every action that needs to be taken by the auditor in relation to going concern. Instead, each case study focuses on specific aspects of the work in order to illustrate what good looks like in that respect.
The ISAs (UK) are principles based and professional judgement is needed so there are often several valid ways to approach a particular audit issue. The cases studies only focus on going concern, they do not consider the impact on other areas of auditing.
The case studies were prepared at a time when COVID19 lockdowns and related issues were having a big impact, so there is particular focus on business solvency. Going concern issues can also arise in other circumstances, such as when a solvent business is being wound up or where a business is being sold.
The case studies contain examples of audit documentation, disclosure from financial statements and audit reports. This guidance references these examples as appropriate below.
The case studies are:
How to use the case studies
The case studies are illustrative examples intended to support this guidance. They can also be used as a training tool to show how auditors respond to a particular set of circumstances and as a basis for group discussions about the best audit approach.
The financial statements included within the case studies are included to provide a general context only. The intention is not that these should be used to identify additional potential issues outside of those covered by the case studies. In particular, the examples of audit documentation show how professional scepticism can be demonstrated in good audit documentation.
What is going concern?
Going concern is not defined in the ISAs. It is an accounting concept that forms the basis of the preparation of financial statements intended to show a true and fair view. It applies in a similar way in IFRS and FRS 102.
IFRS IAS 1 (para 25) requires that an ‘entity shall prepare financial statements on a going concern basis unless management either intends to liquidate the entity or to cease trading, or has no realistic alternative but to do so’
Similarly, FRS 102 (para 3.8) says that ‘an entity is a going concern unless management either intends to liquidate the entity or to cease trading, or has no realistic alternative but to do so’
If the going concern basis is not appropriate, the financial statements should be prepared on a basis other than that of going concern.
Where there are material uncertainties related to going concern, these should be disclosed in the financial statements. ISA (UK) 570 (Revised 2019) defines material uncertainties (para 9.2 (b)):
Material uncertainty related to going concern – An uncertainty related to events or conditions that, individually or collectively, may cast significant doubt on the entity's ability to continue as a going concern, where the magnitude of its potential impact and likelihood of occurrence is such that appropriate disclosure of the nature and implications of the uncertainty is necessary for:
(i) In the case of a fair presentation financial reporting framework, the fair presentation of the financial statements; or
(ii) In the case of a compliance framework, the financial statements not to be misleading.
Objectives of the auditor
In relation to going concern, auditors should consider both whether a material uncertainty related to going concern exists and the appropriateness of management’s use of the going concern basis of accounting in the preparation of the financial statements (para 6-1).
Case study reference:
The auditors’ risk assessment might lead the auditor to focus more on one of these objectives than the other. However, good auditors will always remember to meet both audit objectives and continue to consider the validity of the going concern basis and whether there are material uncertainties, at all relevant stages of the audit.
Challenge and scepticism
Professional scepticism should be applied at all times – para 7 ISA 200 (UK) Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing (UK).
Professional scepticism is defined as ‘an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence’ (Glossary of Terms (Auditing and Ethics) and para 13(l) ISA 200 (UK)).
Scepticism can be difficult to demonstrate in audit documentation because it is a mindset, but good auditors find a way to bring the application of scepticism into their documentation. This may be through documenting the questions asked and challenges made, but it could also be shown in the way audit tests were designed to carry out this challenge. Where scepticism is driving test design, this should be highlighted in the audit documentation to provide evidence of the application of professional scepticism.
Case study references: Examples of scepticism can be seen throughout the cases studies, for example:
Scepticism cannot be demonstrated by merely documenting that ‘management were challenged’. Auditors need to describe the nature of the challenge. Management needs to be challenged by asking questions like ‘How can you prove that?’ or ‘I have seen some evidence to the contrary, why is that still true?’ Good auditors do not just record the audit evidence obtained, but also how it was elicited and evaluated, through challenging management. It is just as important to record the questions asked by the auditor as it is the answers provided by management. Auditors should document the ‘journey’ to obtaining the audit evidence.
Understanding the entity
Understanding the entity is the foundation of both a good risk assessment and designing appropriate audit procedures. In relation to going concern, the auditor has to understand the business model and how this affects cash flow. Discussions with management, analytical review and walkthroughs will be the main ways auditors will understand the entity.
It is important that the auditor’s understanding of the entity is documented. Good documentation of how the entity operates is important to support the audit approach and the adequacy of the audit evidence. It also helps communicate the information throughout the audit team, including those new to the audit and any second partner reviewer.
Case study references:
When a file is subject to cold file review or external scrutiny such as audit monitoring, good documentation of the auditors’ understanding of the entity will be particularly important. The reviewer will not be familiar with the entity and may not be familiar with the industry. Without thorough documentation of how the entity and industry operates, the reviewer might not be able to make sense of why the auditor thought that they had obtained sufficient appropriate audit evidence on going concern.
Analytical procedures for risk assessment
Analytical procedures are an important element of the risk assessment process and are vital in assessing the risks in relation to going concern. These procedures can also improve the auditors’ understanding of how the entity operates and the consequential impact upon its cash flows. This understanding of the entity will be needed to support the going concern audit procedures later in the audit.
Case study reference:
Based upon the auditors’ understanding of the entity and further discussions with management, the risk assessment needs to consider the risk that the accounts are inappropriately prepared on a going concern basis and that management might fail to identify material uncertainties related to going concern.
If management has not yet performed its going concern assessment, the audit team should request it as part of their risk assessment procedures. (ISA (UK) 570 (Revised 2019) para 10.3).
The auditor needs to take into account the possibility of management bias. Management might be reluctant to recognise that the entity is not a going concern or the existence of material uncertainties related to going concern, leading to management potentially being overly optimistic in their going concern assessment. Auditors need to assess whether this might extend to the possibility that management could fraudulently conceal information from them or mislead them, creating a significant fraud risk.
Case study references:
The auditor’s risk assessment and the planned response is necessarily iterative. If circumstances change during the audit, or if new information is found that changes the auditors’ risk assessment, then this should be reflected in the risk assessment documentation.
The entity's system of internal control
The auditor always needs to understand relevant internal controls related to going concern (ISA (UK) 570 (Revised 2019) para 10.2 (e)-(h)), in order to assess risk and design audit procedures.
It is possible that in many entities with informal internal controls, that this will be relatively straight-forward and will focus on how management have undertaken their going concern assessment.
Case study reference:
Where there are informal internal controls relating to going concern, auditors still need to document and evaluate what controls do exist. This could possibly be no more than a director preparing a simple cash flow forecast to support the going concern assessment and representing to the auditors that there are no material uncertainties. In these situations, the audit would evaluate the ability of that director to make an adequate going concern assessment.
Audit team discussion
From a going concern perspective, the audit team discussion is a good opportunity to remind the audit team of the need to stay focused on the audit objectives and to appropriately challenge management.
There should be a discussion of the factors that might affect going concern so that the audit team can share their knowledge on the business sector and on that audit in particular.
Case study reference:
Sometimes there is a material uncertainty that is easily identified at an early stage of the audit. The audit team discussion is a good opportunity to remind the audit team, that whilst a material uncertainty has already been identified, that does not mean that audit work on going concern can be reduced. Audit evidence still has to be obtained to support the use of the going concern basis and there is the possibility that there are other material uncertainties that have not yet been identified.
Threats to independence can arise when auditing going concern. Auditors need to identify them, assess their impact and respond accordingly, which might include the application of safeguards.
When non-audit services are provided, the requirements of the FRC Revised Ethical Standard 2019 apply.
When auditing entities that are not PIEs or listed entities, it is not prohibited to provide non-audit services, such as accounting services. However, any involvement by the audit firm should be of a routine and mechanical nature and safeguards must be put in place to combat both real and perceived threats to independence and objectivity. In some situations, it may not be possible to mitigate threats to an acceptable level.
When auditors are asked to assist with the preparation of the financial statements, management might ask the auditors to assist with various points relating to going concern, including:
- the drafting of going concern disclosures,
- the preparation of cashflow forecasts and other aspects of management’s going concern assessment and/or
- making management decisions in relation to going concern, such as whether the going concern basis of accounting is appropriate.
Auditors cannot assist with anything that might involve playing any part in management decision taking. This is prohibited in the FRC Revised Ethical Standard 2019 (para 1.24).
It would not be advisable for the audit team to provide non-audit services, including those above. However, it might be possible to offer some advice to management on how to approach the drafting of going concern disclosures or how to perform a going concern assessment. Auditors might be able to provide templates or examples, if necessary, but little more. Also, auditors might suggest improvements to what management has produced.
Going concern disclosures and material uncertainty paragraphs in the audit report can be commercially sensitive and management may push back against their inclusion, sometimes extremely hard. Auditors should identify when intimidation threats arise and apply appropriate safeguards as necessary, such as second partner review.
Case study references:
In practice, intimidation threats are often not identified which risks pressure being applied on the auditor and could lead to bad judgements being made. The existence of intimidation threats need to be identified and documented, and it should be possible to mitigate against them with a safeguard, typically a second partner review.
Management's going concern assessment
Under either IFRS (IAS 1 para 25 and 26) or UK GAAP (FRS 102 para 3.8 and 3.9), management is required to make an assessment of the entity's ability to continue as a going concern and when doing so, identify any material uncertainties that might exist related to going concern.
Inevitably, the quality of this assessment might vary according to the ability of the management of any given audited entity. It is not the auditors’ responsibility to do this assessment on management’s behalf. Where management’s assessment of going concern is incomplete, undocumented, or lacking in some way, auditors must encourage and, where necessary, challenge management and elicit further information, even if it results in no more than verbal representations from management. Remember that auditors have a right to information under Companies Act 2006, s499.
If management fail to provide sufficient appropriate audit evidence that the entity is a going concern or about the existence or otherwise of material uncertainty, then this would usually require the auditor to issue a disclaimer of audit opinion. The accounts not being prepared on the right accounting basis, ie, the going concern basis, would clearly be a pervasive matter.
Often, as part of the going concern assessment, management set out plans for the future, such as expansion into new markets or restructuring to reduce costs. Auditors need to evaluate these plans and must also request written representations from management as to their feasibility (ISA (UK) 570 (Revised 2019) para 12-2(f)).
Management’s going concern review must cover a period of at least twelve months from the date of approval of the financial statements, (ISA (UK) 570 (Revised 2019) para 14-1), regardless of what is required in the accounting framework.
There is no specific requirement for management or the auditor to extend the review beyond twelve months. However, that does not mean that easily identifiable future events can be ignored. In particular, where there is a known need to refinance several months after the twelve month review period, management need to consider this as part of their going concern assessment.
Management must not be allowed to ignore these future events. Also, auditors need to take into account the higher inherent risks when they are dealing with forecasts of events that are even further in the future than is usual for going concern assessments.
Case study references:
Sometimes management might be of the opinion that they do not have the ability or resources to do the going concern assessment. In these situations, management might ask the auditors to do the assessment for them, as the provision of a non-audit service. Auditors cannot play any part in management decision taking. Services must be limited to those that are routine or mechanical in nature so they must not involve professional judgement (FRC Revised Ethical Standard 2019 para 5.120). Therefore, the auditors should not do the going concern assessment as a non-audit service. However, auditors could inform management how to do the assessment and might provide tools that they could use, such as a spreadsheet cash flow template. This is covered in more detail in this guidance, in the section on auditor independence.
Sometimes an audit file contains a going concern assessment and the documentation is not clear as to whether it was produced by management or the auditor. Documentation should clearly distinguish between management’s going concern assessment and the auditors’ evaluation of that assessment.
If management’s going concern assessment is deficient in some way, the auditor should ask management to address the deficiency. It is useful to document this process to demonstrate on the audit file the scepticism applied by the auditor and how management was challenged.
Evaluating audit evidence
Management’s going concern assessment should be a particular focus for the auditor.
There is a requirement to evaluate management’s method used for their going concern assessment, (ISA (UK) 570 (Revised 2019) para 12-2(a)). Management’s method will usually require cash flow forecasts to be prepared, which could involve scenario planning, stress testing, reverse stress testing etc.
Auditors should evaluate whether management’s method of assessing going concern, is appropriate and where necessary, challenge management about the selected method and ask why alternative methods were not used. Auditors should not just consider the going concern assessment that management has presented to them but also apply scepticism and question whether the going concern assessment could have been approached in a more appropriate way. Without this challenging approach, auditors may overly focus on obtaining corroborating evidence to support management's assertions using the method that management have selected. An unbiased approach will help ensure that there is a better possibility of finding contradictory evidence, if there is any.
Auditors also need to understand how management identified the appropriate assumptions and data, applied under whatever method they selected (ISA (UK) 570 (Revised 2019) para 10-2(h)).
It is not uncommon for the auditor to be presented with large volumes of information to support the going concern assessment. This usually includes forecasts, written evidence supporting future actions, events or commitments as well as the possibility of there being numerous verbal representations from management. When confronted with a large amount of information, auditors must apply their professional judgement to carefully evaluate the relevance and reliability of the evidence. All audit evidence is not of equal value to the auditor and more audit evidence may not compensate for poor quality evidence (ISA (UK) 500 para A4).
Management is unlikely to provide audit evidence that contradicts their assertions, so it is important for auditors to obtain audit evidence from third party sources for an unbiased approach. The auditor might seek to talk to employees of the entity outside of management and the finance team. Any information obtained in this way is less likely to be biased.
When preparing cash flow forecasts management make assumptions about the future. Of course, auditors should ask management to support these assertions. Auditors can themselves obtain third party data for the economy as a whole or for specific industries and use it to compare against management’s assumptions and data.
A particularly good source of data is the Office of National Statistics. For example, here is the analysis of retail sales in December 2020:
Another good source of specialist industry knowledge and data are the ICAEW Industry guides:
Care does need to be taken when using this data. Going concern assessments are forward looking and much of the data available is historic. Also, comparability is a problem when auditing start-ups or smaller entities where they might not follow the long-term trends of bigger businesses.
Case study references:
When looking at management’s going concern assessment, ensure that audit documentation covers method, assumptions and data. Where these are challenged, ensure that the documentation includes details of the nature of the challenge and management’s response.
Use third party data to assist with unbiased testing of assumptions, such as ONS data. Where there is contradictory evidence, ensure that this is properly addressed. For instance, if management are predicting 10% year on year growth for a retail business yet the sector is only growing at 3%. Management might be correct in their forecast, but the auditors would need additional persuasive corroborating evidence to support management’s assertion.
Do not just document audit evidence, evaluate it. Document the auditors’ thoughts on its reliability and relevance. If audit evidence is thought to be less relevant, document this. Otherwise, a file reviewer might think that the auditor is relying on something that they are not.
Where an entity is reliant on third party support, in relation to its going concern status, ensure that there is sufficient audit evidence in relation to whether the third party is willing and capable of providing the support offered.
Going concern disclosures
In situations where material uncertainties exist, management are required to disclose those uncertainties. This is a requirement of all commonly used accounting frameworks (FRS 102 and IFRS) and it is a requirement in ISA (UK) 570 (Revised 2019) (para 19) too.
The work done by the auditor to evaluate the appropriateness of the disclosures in the financial statements needs to be adequately documented. Ideally, this work is done early in the audit to allow the auditor time to properly challenge management, as necessary.
However, sometimes where management delay addressing the issue and/or drafting the going concern disclosures, this work is done immediately prior to the financial statements being finalised and the deadline for the audit report being signed. Auditors need to be careful not to allow these time pressures to compromise the quality of their work and they should consider delaying their sign off if necessary. Also, despite the time pressure, auditors need to ensure that part of their finalisation procedures include ensuring that this work is properly documented.
When there is a material uncertainty, it is a particularly important aspect of the auditors’ work to consider whether the disclosure in the financial statements is completely clear in stating that this is the case.
It is also common for there to be going concern related issues covered in other information presented within the financial statements, such as the Directors’ Report, Strategic Report, Trustees Annual Report etc. Auditors should document that they have reviewed the other information to confirm that it does not contain any inconsistencies with the financial statements and does not contain any misstatements.
Case study references:
To demonstrate their professional scepticism, auditors should retain on file, copies of earlier drafts of the going concern disclosures produced by management. Auditors should also record communications showing how management were challenged and how this challenge affected the final wording of the disclosures.
In the past, auditors sometimes drafted the going concern disclosure for the directors. However, changes to the FRC Ethical Standard in 2019 and changing attitudes to the need for professional scepticism mean that auditors should not. This does not prohibit auditors from advising management and making suggestions on how disclosures might be improved. Auditors need to use their judgement on how to make these suggestions without writing the disclosures for management.
When the audit is finalised, it is important that all of the elements of the going concern work are drawn together into an overall assessment of the appropriates of the going concern basis and the existence or otherwise of material uncertainties.
An important part of the subsequent events review, up until immediately before the audit report is signed, will be ensuring that the auditor is aware of all important developments that might affect going concern, such as up to date management accounts, revised forecasts or new information coming to light.
Where going concern is a significant audit risk, auditors should consider including a relevant section in the report to those charged with governance.
Case study references:
It is important that sufficient time is allocated to the work on going concern. In particular, there should be sufficient evidence of audit engagement partner involvement.
Audit reports are the auditors’ direct communication with the users of the financial statements and the going concern section of the report should clearly express the audit conclusions in relation to going concern.
Audits of PIEs, other listed entities, entities that applied the UK Corporate Governance Code, and other entities subject to the governance requirements of The Companies (Miscellaneous Reporting) Regulations 2018, have additional requirements in relation to including the auditors’ explanation of their approach in relation to going concern (ISA (UK) 570 (Revised 2019) para 21-1(d)).
Where there is a material uncertainty relating to going concern, which should also be appropriately disclosed in the financial statements, this should be clearly reported in the audit report, in a similar way to the example in the case study (see reference below).
Auditors should use the FRC Bulletin of illustrative examples as well as ICAEW Helpsheets to ensure that all audit reports are clear and compliant. Also, there should be robust review procedures, in every firm, to ensure the quality of audit reports with modified opinions, going concern material uncertainty paragraphs or emphasis of matter paragraphs.
Case study references:
Whether there is or is not a material uncertainty, it is vital that the position is consistently reflected in the going concern disclosures, the audit report and the audit documentation. In practice, sometimes auditors report a material uncertainty in the audit report but the audit file records that there is none or the disclosures in the financial statements do not clearly report that there is a material uncertainty.
Many firms use bespoke software for preparing financial statements. It is important to recognise that the example audit reports produced by such software are not always completely appropriate for every audit and auditors must avoid over-reliance on such templates.
Independent review and consultation
All audit firms are required to establish policies and procedures to identify audits for which there is a requirement for Engagement Quality Control Reviews (EQCR) (note the ISQM 2 will apply for periods beginning on or after 15 December 2022) and other forms of second partner reviews. This can result in policies requiring EQCRs, other forms of second partner reviews, consultation or some form of involvement by the firm’s technical department, being required in certain specified situations. Auditors need to follow their firm’s policies and procedures in this respect, despite time being short sometimes, when finalising an audit.
In this regard, it is difficult to specify what good policies and procedures are, because each audit firm may design the policies and procedures that are appropriate for them and their audits, subject to certain specific requirements for an EQCR for public interest entities (ISQC (UK) 1 (Revised November 2019) para 36-1). Nevertheless, a good audit firm would often have a policy for an independent review or consultation when an audit opinion is modified or when a material uncertainty related to going concern paragraph is used.
Some firms also have a policy requiring independent review or consultation when the circumstances are regarded as a ‘close call’, for example, where ultimately it is judged that there were no material uncertainties, although there was some limited contradictory evidence that they might exist. These firms might argue that the review takes on a particular importance in those situations.
Auditors also need to ensure that independent reviewers retain their independence. This means that they do not attend client meetings and remain at a distance from the audit.
Case study references:
If there is a long gap between the balance sheet date and the revised going concern assessment, auditors will need to think carefully about the opening position in the cash flow forecasts. A lot might have happened since the year end so auditors will need to ensure that they have sufficient, reliable and relevant audit evidence to support not just the cash position but all relevant working capital and liability balances.
When there is a delay to sign off, circumstances can change fast and auditors need to ensure that audit documentation reflects the position at the date of sign-off and that earlier out of date documentation is either removed from the file or clearly marked as superseded. The considerations on whether to remove superseded audit documentation from the file are considered in the section of this guidance on audit documentation.
Significant delay in the approval of financial statements
Sometimes, when faced with the likelihood of commercially sensitive going concern disclosures and material uncertainty paragraphs in the audit report, management choose to delay the finalisation of the financial statements. Usually this is done in the hope of future good news that will change the entity’s going concern outlook and allow the inclusion of more positive disclosures and a clean audit report.
These delays can create challenges for auditors. It should prompt the auditor to address the issues as to why there is a delay (ISA (UK) 570 (Revised 2019) para 26) and how that affects audit risk and their work on going concern. When there is a delay, auditors also need to ensure that management's going concern assessment is properly updated as is their own audit work.
Case study reference:
In relation to going concern, auditors must document (per ISA (UK) 570 (Revised 2019)para 26-1):
- the auditor's understanding of the entity and its environment,
- indicators of possible management bias related to going concern, and
- significant judgments relating to the auditor's determination of whether or not a material uncertainty related to going concern exists, the appropriateness of management's use of the going concern basis of accounting and the appropriateness of management's disclosures in the financial statements.
It is not always easy to determine which specific documents that have been inspected during the audit need to be retained, such as copies of loan agreements and cash flow forecasts. There is nothing specific in the ISAs (UK) that directly address what documents should be held on file, but ISA (UK) 230 Audit documentation para 8-1 requires that the auditor shall retain any other data and documents that are important in supporting the auditor’s report as part of the audit documentation.
Auditors, therefore, need to use their professional judgement to determine what documentation is necessary to support their conclusion regarding the existence or otherwise of material uncertainties and the appropriateness of the use of the going concern basis.
Unless the going concern assessment is very straightforward, auditors should keep copies or relevant extracts of forecasts and documents inspected to corroborate key going concern audit assertions.
Audit files are always subject to review. These could be reviews by the manager, partner, second partner or technical reviews or potentially monitoring visits. Documents like cash flow forecasts, board papers assessing going concern or the latest management accounts are often very useful for file reviewers to understand the nature of the audit evidence that the auditor is relying on.
Audited entities can experience the same conditions of financial distress over a number of years. Auditors must ensure that the current year audit file stands on its own and does not rely on audit evidence obtained and documented on prior period audit files. This might include issues like the assessment of a parent company’s ability and willingness to support the entity or inspecting documents like loan agreements or the terms of key contracts.
Auditors need to ensure that the audit file does not include spurious or superfluous documentation that might make it more difficult for file reviewers to identify key audit evidence. Such documentation could lead a file reviewer to conclude that the auditor is relying upon irrelevant information for the purposes of forming their conclusions when they are not.
Most auditors use a standardised methodology and structure audit documentation using standard checklists, forms and indexing. Documentation relating to going concern can appear in permanent information, planning, risk assessment, the audit team discussion, planning letters, completion and in its own dedicated going concern section. Auditors need to ensure that there is a consistent approach in the firm as to where particular documentation can be found. Without consistency audit files can be difficult to review and file reviewers can think that going concern work is inadequate just because they were not looking in the right place for the relevant documentation.
Case study reference:
When considering whether or not to keep a copy of a particular document, a good approach would be if you are in two minds as to whether you should then file it.
Audit files should stand up to scrutiny on their own. Reliance should not be placed on documentation on correspondence files, separate file servers or prior year files.
Good auditors ensure that their documentation is sufficiently well ordered so that a reviewer can establish the adequacy of their work reasonably easily. If the approach and documentation are good but it is poorly ordered and hard to review, is the work still good overall?
Sometimes it can be useful to keep copies of superseded documents like going concern assessments that were revised, to show the journey of the audit. This is particularly useful if it can demonstrate how the auditor challenged and influenced management’s going concern assessment. However, where time moves on and circumstances change it is important that this is clear so that it does not appear that the auditor is relying upon out-of-date audit evidence.
If in doubt seek advice
ICAEW members, affiliates, ICAEW students and staff in eligible firms with member firm access can discuss their specific situation with the Technical Advisory Service on +44 (0)1908 248 250, or via webchat.
© ICAEW 2023 All rights reserved.
ICAEW cannot accept responsibility for any person acting or refraining to act as a result of any material contained in this helpsheet. This helpsheet is designed to alert members to an important issue of general application. It is not intended to be a definitive statement covering all aspects but is a brief comment on a specific point.
ICAEW members have permission to use and reproduce this helpsheet on the following conditions:
- This permission is strictly limited to ICAEW members only who are using the helpsheet for guidance only.
- The helpsheet is to be reproduced for personal, non-commercial use only and is not for re-distribution.
For further details members are invited to telephone the Technical Advisory Service T +44 (0)1908 248250. The Technical Advisory Service comprises the technical enquiries, ethics advice, anti-money laundering and fraud helplines. For further details visit icaew.com/tas.