AU-C Section 230: Audit Documentation Requirements

AU-C Section 230 is a professional standard from the American Institute of Certified Public Accountants (AICPA) that establishes an auditor’s responsibility to prepare documentation for an audit of financial statements. As a component of Generally Accepted Auditing Standards (GAAS), its requirements apply to all such audits and provide a framework for creating a comprehensive record. This documentation, often called workpapers, serves as the primary evidence of the audit process. Other AU-C sections also contain specific documentation requirements that supplement the rules within AU-C 230.

Core Objectives of Audit Documentation

The primary objective of audit documentation is to provide a sufficient and appropriate record that forms the basis for the auditor’s report. This means the collected evidence and the conclusions reached must be adequate to support the opinion expressed on the financial statements. The documentation must clearly link the evidence gathered to the final audit opinion.

A second objective is to supply evidence that the audit was planned and performed in compliance with GAAS and any applicable legal or regulatory requirements. This demonstrates adherence to professional standards, showing how the auditor addressed risks, performed procedures, and maintained professional skepticism. It serves as a detailed record for external parties, such as peer reviewers or regulators, to evaluate the quality and completeness of the audit work performed.

Required Content of Audit Documentation

The guiding principle for the content of audit documentation is whether it would enable an “experienced auditor” to understand the work performed. An experienced auditor is an individual with practical audit experience and a reasonable understanding of audit processes, who has no prior connection to the specific engagement. This reviewer must be able to understand the nature, timing, and extent of the procedures performed, the results, and the significant findings or issues that arose.

The documentation must contain a clear record of the overall audit strategy and the detailed audit plan, which outlines the planned response to the assessed risks of material misstatement. It should include analyses, issues memoranda, and summaries of significant findings. For any significant contracts or agreements inspected, the file should contain abstracts or copies of those documents to allow a reviewer to understand the basis for related conclusions.

A specific area of focus is the documentation of significant findings, issues, and professional judgments. This includes recording discussions with management, those charged with governance, and others regarding these matters. The documentation should note the nature of the issues discussed, the date of the conversation, and the individuals involved. If the auditor identifies information that is inconsistent with the final conclusion on a significant matter, the workpapers must document how that inconsistency was addressed and resolved.

The documentation must record the identifying characteristics of the specific items or matters tested. For example, when testing a sample of expenses, the auditor would document the check numbers of the items selected, or for a physical asset, its unique serial number. The file must also clearly show who performed the audit work and the date it was completed, as well as who reviewed the work and the date of their review.

Finalizing and Retaining the Audit File

Auditors must complete the assembly of the final audit file on a timely basis, which for non-issuers is no later than 60 days following the report release date. The report release date is the date the client is granted permission to use the auditor’s report. This 60-day period is known as the documentation completion window.

During this assembly period, the auditor is permitted to make certain administrative changes to the file. These changes include deleting superseded documentation, sorting and cross-referencing workpapers, and signing off on file assembly checklists. An auditor can also document evidence that was already obtained and agreed upon with the team before the audit report date. However, it is prohibited to perform new audit procedures, draw new conclusions, or delete documentation that supports the conclusions reached.

Once the documentation completion date has passed, the auditor must not delete or discard any audit documentation before the end of its specified retention period. For audits of non-issuers, AU-C 230 requires a retention period of no less than five years from the report release date.

If an auditor finds it necessary to modify existing documentation or add new documentation after the 60-day window has closed, specific protocols must be followed. The auditor is required to document the specific reasons for the changes, when and by whom the changes were made and reviewed, and the effect, if any, on the auditor’s conclusions.