Audit documents 004

As a professional serving clients in Bangladesh, you need an audit documentation system that satisfies both International Standards on Auditing (ISAs) and local statutory requirements under the Companies Act 1994.

Based on ICAB’s guidance and Big 4 best practices, the following list organizes audit documents chronologically. This represents the "Audit Lifecycle," ensuring you capture evidence from acceptance through to regulatory filing .

Phase 1: Pre-Engagement & Acceptance (Before Fieldwork)

Before signing, you must verify independence and capacity. This phase documents your right and ability to perform the audit.

· Engagement Letter: Signed agreement outlining scope, timeline, and fees (Companies Act 1994, Section 210 requires formal intimation of appointment) .

· Independence & Objectivity Confirmation: Written confirmation that the firm is free from conflicts of interest (IESBA Code/ICAB Bye-Laws) .

· Client Acceptance/Continuance Form: Evaluation of client integrity and assessment of engagement risks (Required by ISQC 1/ISA 220) .

· Notification to RJSC: Form documenting the auditor’s appointment (must be filed within 7 days of appointment per Section 210) .

Phase 2: Planning & Risk Assessment (At the Start of the Period)

Documents the strategy and identifies where misstatements are likely to occur.

· Audit Planning Memorandum: Overall audit strategy, timing, and direction of the engagement.

· Risk Assessment Documentation: Identification of inherent and control risks, including fraud risks (ISA 315 requires recording how risks were identified) .

· Internal Control Understanding: Flowcharts, narratives, or walkthroughs documenting the entity's internal control system.

· Materiality Calculation Worksheet: Determination of overall performance materiality and clearly trivial threshold.

· Audit Plan/Program: Detailed nature, timing, and extent of planned procedures for each material account.

Phase 3: Execution & Fieldwork (During the Year & Post Year-End)

The core evidence gathering phase. ICAB's "Dummy Audit File" heavily emphasizes this section .

· Permanent File Documents: Company incorporation documents, MOA/AOA, and significant contracts (updated annually).

· Lead Schedules & Trial Balance: Schedules tying the trial balance to the financial statements.

· Test of Controls Working Papers: Evidence of operating effectiveness of controls (sampling and results).

· Substantive Procedure Working Papers: Detailed testing of transactions, balances (AR, AP, Inventory), and disclosures.

· Analytical Review Sheets: Ratio analysis and trend fluctuations with explanations (ISA 520).

· External Confirmations: Bank letters, receivable/payable confirmations, and lawyer letters.

· ICAB DVS (Document Verification System) Log: Generation of the Document Verification Code (DVC) . Effective Dec 1, 2020, all audit reports are invalid without this code .

Phase 4: Review & Completion (After Evidence is Gathered)

Ensures quality control before the opinion is issued. Includes "Hot Reviews" (before report signing).

· Summary of Unadjusted Differences: Schedule of identified misstatements (quantitative/qualitative) left unadjusted.

· Significant Matters Log: Record of consultations, disagreements, or difficulties encountered (Required by ISA 230) .

· Subsequent Events Review: Documentation of procedures performed between year-end and report date.

· Management Representation Letter: Signed letter from management confirming responsibility for information provided.

· Written Representations on Fraud: Management’s specific acknowledgment of fraud prevention responsibility.

· Engagement Quality Control Review (EQCR) Checklist: Independent review by a second partner (Required for listed entities/PIEs) .

Phase 5: Finalization & Reporting (The Deliverable)

The culmination of the audit.

· Independent Auditor’s Report: Final opinion (Unmodified, Qualified, Adverse, or Disclaimer) including Key Audit Matters (KAM) for listed entities (Based on ISA 700/701) .

· Report to Those Charged with Governance (TCWG) : Formal letter to the Audit Committee regarding internal control deficiencies.

· Management Letter: Recommendations to management for operational or control improvements.

Phase 6: Assembly & Retention (Post-Reporting)

Legal and professional requirements for closing the file.

· Final File Assembly Checklist: Administrative completion check. ISA 230 mandates that the final audit file must be assembled within 60 days of the date of the auditor's report .

· Document Retention Log: ICAB requires retention for a minimum of 5 years from the report date (ISA 230) . The Companies Act 1994 also implies retention consistent with company record-keeping requirements.

· Annual Return to ICAB: Practicing firms must submit an annual return of clients to ICAB by February 15 of the following year. Failure blocks renewal of the Practicing Certificate .

Summary of Local Regulatory Links (BD Context)

Regulatory Body Key Requirement Relevant Document

ICAB Quality Assurance Audit Practice Manual (APM) Compliance & DVC 

RJSC Statutory Filing Audited Financial Statements (filed within 30 days of AGM) 

BSEC Public Interest Entities Key Audit Matters (KAM) & Enhanced Auditor's Report 

For a practical template, refer to the ICAB Dummy Audit Working Paper File (Manufacturing Sector) available on the ICAB website, which aligns perfectly with this sequence .

Audit documentation 003

An audit file must follow a chronological structure that maps perfectly to the life cycle of an audit engagement. In Bangladesh, this sequence is governed by the International Standards on Auditing (ISA) as adopted by the Institute of Chartered Accountants of Bangladesh (ICAB), the Companies Act 1994, the Financial Reporting Council (FRC) regulations, and institutional Big 4 risk management practices.

The definitive list of comprehensive audit documentation is organized below by chronological sequence across five distinct phases.

## Phase 1: Pre-Engagement & Client Acceptance

Before any substantive planning begins, the auditor must assess independence, professional ethics, and client risk profiles.

 * **Expression of Interest (EOI) or Proposal Document:** Formal submission to the client outlining the firm's capabilities and scope of work.

 * **Client Evaluation Checklist & Know Your Customer (KYC):** Documentation verifying client identity, ultimate beneficial ownership (UBO), and anti-money laundering (AML) risk screening.

 * **Professional Clearance / No Objection Certificate (NOC):** Formal communication sent to the predecessor auditor under the ICAB Code of Ethics to inquire if there are any professional reasons not to accept the engagement.

 * **Evaluation of Independence and Ethical Compliance:** Form signed by the engagement team confirming the absence of direct or indirect financial interests, familial ties, or non-audit service conflicts.

 * **Letter of Engagement (ISA 210):** The contract defining the objective, scope, responsibilities of management, and the applicable financial reporting framework.

 * **Audit Appointment Letter & Board/AGM Resolution:** Client-provided copy of the Annual General Meeting (AGM) or Board resolution appointing the firm, ensuring compliance with Section 210 of the Companies Act 1994.

## Phase 2: Audit Planning & Risk Assessment

This phase establishes the overall audit strategy and detailed testing approaches. All risk assessments must align with the specific regulations of Bangladesh (such as FRC rules for Public Interest Entities).

 * **Overall Audit Strategy & Planning Memorandum (ISA 300):** Document defining the scope, timing, direction of the audit, and resource allocation.

 * **Materiality Working Paper (ISA 320):** Calculation sheet establishing Overall Materiality, Performance Materiality, and the Clearly Trivial Threshold based on selected benchmarks (e.g., profit before tax, revenue, or total assets).

 * **Risk Assessment Procedures Workbook (ISA 315):** Documentation regarding the understanding of the entity and its environment, including the applicable financial reporting framework.

 * **Internal Control Evaluation Questionnaire (ICEQ):** Comprehensive walkthrough narratives, flowcharts, and design evaluation files for key transaction cycles (e.g., Revenue, Procurement, Payroll).

 * **Preliminary Analytical Review Workings (ISA 520):** Ratio analysis, trend analysis, and horizontal/vertical variations comparing current-year unaudited figures with prior-year audited numbers to spot unusual fluctuations.

 * **Notes of Planning Meeting:** Minutes of the internal team meeting chaired by the Engagement Partner to discuss fraud risks (ISA 240) and specialized testing areas.

 * **Prepared by Client (PBC) Tracker:** The master list of schedules, ledgers, and reconciliations requested from the client's management team.

## Phase 3: Audit Execution & Testing (Substantive & Controls)

The core operational phase where field auditors accumulate evidence to address the identified risks of material misstatement.

 * **Test of Controls (TOC) Sheets (ISA 330):** Sample testing files detailing the operating effectiveness of the client's internal controls.

 * **Audit Programs / Lead Schedules:** Summary schedules for each financial statement line item linking the trial balance to individual test sheets.

 * **Substantive Test of Details (TOD) Workpapers:**

   * **Inventory Physical Verification Report (ISA 501):** Stock count instructions, sheet-to-floor and floor-to-sheet testing logs, and cutoff documentation.

   * **External Confirmations Logs (ISA 505):** Standard balance confirmation letters sent directly to, and received from, bankers, legal advisors, customers, and vendors.

   * **Bank Reconciliation Statements (BRS) Review:** Audit testing sheets verifying client bank reconciliations against original bank statements and bank confirmation certificates.

   * **Fixed Assets / Property, Plant, and Equipment (PPE) Verification:** Physical inspection logs and depreciation calculation verification sheets.

   * **Taxation and VAT Workings:** Documentation reviewing the adequacy of current and deferred tax provisions against national tax regulations (Income Tax Act 2023 and Value Added Tax and Supplementary Duty Act 2012).

 * **Journal Entry (JE) Testing Logs:** Sifting and evaluating manual or unusual journal entries to address the risk of management override of controls.

## Phase 4: Review & Evaluation

Supervisors, managers, and partners review the gathered evidence to ensure it supports the audit conclusions.

 * **Summary of Uncorrected Misstatements (SUAM / ISA 450):** A schedule accumulating all unadjusted errors found during testing to evaluate their aggregate impact on the financial statements.

 * **Subsequent Events Review Checklist (ISA 560):** Minutes review, inquiry sheets, and post-balance-sheet ledger scans up to the date of signing.

 * **Going Concern Evaluation Working Paper (ISA 570):** Documentation assessing management’s assessment of the entity's ability to continue as a going concern for at least twelve months from the reporting date.

 * **Audit Cross-Referencing & Review Notes Grid:** Documentation proving that senior team members reviewed the workpapers, along with the resolution of any queries raised.

 * **Engagement Quality Control Review (EQCR) Document (ISA 220):** Independent partner review file mandatory for listed entities and high-risk Public Interest Entities (PIEs) under FRC guidelines.

## Phase 5: Completion & Reporting

The final closure documents required to conclude the legal and professional obligations of the audit firm.

 * **Management Representation Letter (MRL / ISA 580):** Written statements from client management confirming their responsibilities and the completeness of information provided to the auditors.

 * **Management Letter / Internal Control Weakness Memo (ISA 265):** Letter sent to those charged with governance outlining reportable control deficiencies and recommendations for improvement.

 * **Document Validation System (DVS) Token Generation Receipt:** Under the joint mandate of ICAB and the National Board of Revenue (NBR), auditors must register the audit report on the ICAB DVS portal and print the unique DVS tracking code on the final report.

 * **Independent Auditor’s Report (ISA 700, 701, 705, 706):** The final signed audit opinion, incorporating Key Audit Matters (KAM) for listed entities and specific sector report formats (such as Bangladesh Bank guidelines for financial institutions).

 * **Archival and Sign-Off Checksheets:** Formal lock-down verification proving the final audit file is closed and archived within 60 days from the report date.

### Key Audit File Categorization

For structural clarity, audit firms divide these chronological documents into two distinct physical or digital files:

| File Type | Purpose | Key Content Included |

|---|---|---|

| **Permanent Audit File (PAF)** | Contains documents of a continuing, long-term nature that remain relevant across multiple audit years. | Certificate of Incorporation, Memorandum and Articles of Association (M&A), Trade License, long-term bank loan agreements, system flowcharts, and historical tax registration certificates (TIN/BIN). |

| **Current Audit File (CAF)** | Contains documentation strictly relating to the specific financial year currently under audit. | Signed Engagement Letter, Materiality sheets, specific year trial balances, individual Test of Details (TOD) workpapers, bank confirmations, and the final signed Audit Report. |