Professional Documents
Culture Documents
Adequate
Quality
Step Question Controls Reference / Comments
Y, N, NA
PLANNING AND SUPERVISION
Does the audit group have policies and procedures to establish an understanding with
the auditee as to the services to be performed, including engagement objectives,
1
management's responsibilities, the auditor's responsibilities, and limitations of the
engagement? (GAS 4.03, 5.04)
Does the audit group have policies and procedures requiring supervisors to inform
2 assistants of their responsibilities and the objectives of the procedures they perform (AU
300)
Does the audit group have policies and procedures requiring supervisory review to
3 determine that work was adequately performed and that working papers support audit
findings, conclusions and opinions? (GAS 4.15(a), 5.16(b), AU 300)
4 Does the audit group have policies and procedures requiring auditors to:
a Follow-up on known material findings from prior audits? (GAS 4.05, 5.06)
Track and report on uncorrected material findings from prior audit reports? (GAS 4.05,
b
5.06)
If material component units are examined by another auditor, does the audit group have
5 policies and procedures to contact the other auditor to determine the appropriate
qualifications, independence, and verification of work? (GAS 3.79-3.81, AU 620)
Does the audit group have policies and procedures requiring auditors to communicate the
6 nature, timing, and extent of planned testing, reporting or assertion on the subject matter
to the responsible officials? (GAS 4.03, 5.04, AU 300)
Are there policies and procedures in place to consider whether specialized skills are
7 needed to consider the effect of computer processing on the audit, to understand the
internal control structure, or to design and perform audit procedures? (AU 300)
Does the audit group have policies and procedures to consider relevant planning factors
such as accounting policies and procedures, anticipated reliance on internal controls,
8
audit risk and materiality, and the nature of reports to be rendered in planning the audit
and designing audit procedures? (AUs 300, 315, 320)
Does the audit group have policies and procedures to determine the relationship of the
9 sample to the audit objective, estimated materiality levels, allowable risk, characteristics
of the population, and evaluate sample results? (AUs 320, 330)
Does the audit group have policies and procedures that analytical procedures be used in
10
planning and in the overall review stages? (Aus 315, 330)
Does the audit group have policies and procedures requiring the auditor to be aware of
11
the possibility of material related party transactions? (AU 550)
Based on your review, are the audit group's policies and procedures adequate to
12
reasonably meet this standard?
REVIEW GUIDE SPREADSHEET: POLICY STANDARDS FOR FINANCIAL AUDITS & ATTESTATION ENGAGEMENTS
Adequate
Quality
Step Question Controls Reference / Comments
Y, N, NA
Extend audit steps and procedures if they have reason to believe that illegal acts may
c
exist and have an material indirect effect on the financial statements? (AU 250)
Does the audit group have policies and procedures that require the auditor to assess the
risk that errors, fraud, and illegal acts may cause the financial statements to contain a
2
material misstatement, and that this assessment be used in designing the audit
procedures and evaluating the results? (GAS 4.06-4.08, 5.07-5.09 AUs 240, 250, 315)
Does the audit group have policies and procedures that require auditors to plan and
3 perform a financial statement audit with an attitude of professional skepticism? (GAS
3.61, AUs 200, 240)
Based on your review, are the audit group's policies and procedures adequate to
4
reasonably meet this standard?
Does the audit group have policies and procedures to require the following characteristics
2
in the working papers: (GAS 4.05, 4.15a, 5.06, 5.16a-c, AU 220, 230)
Does the audit group have policies and procedures to evaluate the evidential matter and
8 consider whether specific audit objectives have been achieved and whether any
substantial doubt exists about any assertion of material significance? (AU 230, 500)
When significant accounting applications are processed electronically, does the audit
group have policies and procedures regarding the use of computer assisted audit
9 techniques to obtain competent, sufficient evidence; and performing tests of controls to
gather evidence to use in assessing control risk where information is only in electronic
form? (AU 500)
Does the audit group's policies and procedures require auditors to document in the
10 working papers all communications to the auditee about fraud, illegal acts, and other
noncompliance? (GAS 5.25)
Does the audit group have policies and procedures to obtain written representations from
management concerning representations made during the financial statement audit and
11
management's responsibility for compliance with applicable laws and regulations? (AU
580)
Based on your review, are the audit group's policies and procedures adequate to
12
reasonably meet this standard?
INTERNAL CONTROL
Does the audit group have policies and procedures for obtaining an understanding of the
components of internal control, including the control environment, risk assessment,
1
control activities, information, communication, monitoring, and documenting the
understanding? (AU 315)
REVIEW GUIDE SPREADSHEET: POLICY STANDARDS FOR FINANCIAL AUDITS & ATTESTATION ENGAGEMENTS
Adequate
Quality
Step Question Controls Reference / Comments
Y, N, NA
Does the audit group have policies and procedures in effect for documenting the basis for
2 conclusions regarding the assessed level of control risk? (GAS
4.06, 5.07, AU 315)
Does the audit group have policies and procedures for changing the nature, timing, and
3 extent of substantive tests based on the assessed level of control risk and detection risk?
(AU 330)
Based on your review, are the audit group's policies and procedures adequate to
4
reasonably meet this standard?
REPORTING
Does the audit group have policies and procedures to ensure communication of
1
information relating to:
The auditors' responsibilities in a financial statement audit, including their responsibilities
a for testing and reporting on internal controls and compliance with laws and regulations
(GAS 4.19-4.22)
The nature of any additional testing of internal controls and compliance required by laws
b
and regulations? (GAS 4.19-4.22)
Does the audit group have policies and procedures to ensure audit reports include a
2 statement that the audit was made in accordance with generally accepted government
auditing standards? (GAS 4.18, 5.19)
Does the audit group have policies and procedures to ensure inclusion in the report of:
3
(GAS 4.15b, 5.16c)
a A qualifying statement if an applicable standard was not followed?
b Disclosure of the standard not followed?
c Reason(s) for not following the standard?
d How not following the standard affected the results of the audit?
Does the audit group have policies and procedures requiring a written report on tests of
4
compliance with applicable laws and regulations and internal controls to include:
The scope of the testing of compliance with laws and regulations and internal controls?
a
(GAS 4.19-4.22)
A statement indicating whether or not the tests performed were sufficient to support an
b
opinion on compliance or internal control? (GAS 4.20)
All instances of noncompliance that are material to the financial statements?
c
(GAS 4.23-4.24, 5.20, 5.22)
Placing the findings in perspective by describing the nature and extent of the issues to
d facilitate the readers understanding of the financial statements and the report?
(GAS 4.29, 5.28)
Does the audit group have policies and procedures regarding reporting fraud, illegal acts,
5 and other noncompliance, or deficiencies in internal control not disclosed in the
compliance report? (GAS 4.25-4.27, 5.24-5.26)
REVIEW GUIDE SPREADSHEET: POLICY STANDARDS FOR FINANCIAL AUDITS & ATTESTATION ENGAGEMENTS
Adequate
Quality
Step Question Controls Reference / Comments
Y, N, NA
Are there policies and procedures addressing the circumstances in which auditors should
6 report irregularities and illegal acts directly to parties external to the audited entity? (GAS
4.30-4.32, 5.29-5.31)
Does the audit group have policies and procedures for identifying and reporting
7 deficiencies in internal controls that they consider reportable conditions or material, either
individually or in combination? (GAS 4.23-4.24, 5.20-5.23)
Does the audit group have policies and procedures to ensure that privileged information
8 is provided on a need-to-know basis only to persons authorized by law or regulation to
receive it? (GAS 4.41-4.42, 5.40-5.41)
Does the audit group have policies and procedures to require: (GAS 4.40-4.44, 5.39-
9
5.43)
a Inclusion in the report of the nature of the information omitted?
b Inclusion in the report of the requirement which makes the omission necessary?
c Consultation with legal counsel, when appropriate?
Does the audit group have policies and procedures for distributing audit reports?
10
(GAS 4.45a, 5.44a)
Based on your review, are the audit group's policies and procedures adequate to
11
reasonably meet this standard?