3100-Workpapers

 

Introduction

The workpaper file documents the work the auditor has done. The workpapers serve as the connecting link between the audit assignment, the auditor’s fieldwork and the final report. Workpapers contain the records of planning and preliminary surveys, the audit program, audit procedures, fieldwork and other documents relating to the audit. Most importantly, the workpapers document the auditor’s conclusions and the reasons those conclusions were reached. The disposition of each audit finding identified during the audit and its related corrective action should be documented. Workpapers should be completed throughout the audit.  The workpapers also provide a basis for evaluating the Office of Internal Audit’s quality assurance program and demonstrate the Office's compliance with the Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors.

 

Workpapers should be economical to prepare and to review. It is easy to include every scrap of information and every form into the workpapers. However, the workpapers then become a confused mixture of data that is difficult to assimilate and use. Workpapers should be complete but concise--a usable record of work performed. Auditors should include in their workpapers only what is essential; and, they should ensure that each workpaper included serves a purpose that relates to an audit procedure. Workpapers that are created and later determined to be unnecessary should be deleted.

 

Among other things, workpapers may include:

 

·        Planning documents and audit programs.

·        Internal control questionnaires, flowcharts, checklists and narratives.

·        Notes and minutes resulting from interviews.

·        Organizational data, such as charts and job descriptions.

·        Copies of important documents.

·        Information about operating and financial policies.

·        Results of control evaluations.

·        Letters of confirmation and representation.

·        Analysis and test of transactions, processes and account balances.

·        Results of analytical review procedures.

·        Audit reports and management responses.

·        Audit correspondence that documents the audit conclusions reached.

 

 

Workpapers should be clear and understandable. The auditor should keep in mind that other people will examine and refer to the files. The workpapers should not need any supplementary information and should stand-alone. Anyone reviewing the workpapers, without referring to documents outside of those included in the workpapers and without asking questions, should be able to tell what the auditor set out to do, what they did, what they found and what they concluded. Conciseness is important; but clarity should not be sacrificed just to save time and space.

 

Scanned Documents

Scanned documents should include a reference to the source and the purpose of the document when relevant to understanding or appreciating the actual audit work performed. Such information needs to be included only when it is not provided elsewhere in the workpapers.

 

Tickmarks

Tickmarks do not need to be standardized throughout the set of workpapers, but must be consistent throughout a particular workpaper. Tickmark explanations must be a part of the workpaper or included in a separate tickmark legend workpaper.

 

Cross-Referencing

Workpapers should be prepared using the appropriate cross-referencing.  A cross-reference from the Audit Procedures to the primary workpaper provides a reference to where the work was performed. It is not necessary to cross-reference all workpapers to the Audit Procedures - only the primary workpaper. The primary workpaper will then contain cross-references to other, supporting workpapers, which provide additional information regarding the audit procedures performed, results, and conclusions reached.

 

Cross-references should be used to reference information useful in more than one place or to other relevant information including the source of information, composition of summary totals, or other documents or examples of transactions. To encourage conciseness, documents/information should be in the workpapers only once.

 

Standard Workpapers

A standard set of workpapers will include at least the following documents:

 

General File:

The General File contains key information through the various phases of the audit including planning (draft audit objectives, planning comments including documentation of the opening conference, budget, etc.), reporting process, audit programs, and comments for the next audit.  The General File will include the draft and final reports.  Audit responses will also be included in the file.

 

 

Workpaper File:

This file should contain the detailed audit procedures and detailed audit workpapers. Detailed audit procedures provide detailed audit steps of the audit work to be performed during fieldwork that will achieve the specific audit objectives outlined in the audit program.

 

Future Audit Considerations

Auditors are encouraged to develop and document future audit ideas during the course of their work. These should be included in the "Comments for next audit" section of the General File.

 

Workpaper Review

The auditor should review all workpapers to determine whether they are relevant and have a useful purpose, evidence the audit work performed and sufficiently support the audit findings. In addition, the auditor should ensure the conclusions reached were reasonable and valid, and that the Office workpaper standards were followed. The auditor should review all audit review notes to be certain that all notes have been resolved within the workpapers. Documentation obtained and not relevant to the audit should be returned/destroyed upon the completion of the audit.

 

The review will consist of:

 

·        Determining compliance with workpaper guidelines.

·        Reviewing the audit program that outlines the major objectives of the audit, and ensure that the procedures accomplish the objective(s).

·        Reviewing the audit procedures and the referenced workpapers to ensure the workpapers support the procedures performed and all procedures have been completed. Determine that the workpapers adequately document the conclusions reached in the report.

·        Ensuring that all findings prepared have been discussed with the appropriate member of management, and that the disposition of the audit concern is documented.

·        Documenting review notes.

 

Filing and Protection of Workpapers

All workpapers are considered confidential, are the property of the Internal Audit Office, and are to be kept under adequate control. Workpapers often contain sensitive information or data that must be protected from unauthorized use or review.

Workpapers in process are to be controlled by the Office of Internal Audit. While conducting fieldwork away from the office, the auditors should control the workpapers to ensure that information is neither removed, nor substituted nor altered.

 

Retention Policy

All workpapers pertaining to an audit belong in the Internal Audit Office of the University. All such data is to be kept by the Office and is subject to the retention requirements as required by state law.

 

 

Return to Table of Contents

Return to Office of Internal Audit Main Page