International Standards on Auditing · Complete Field Reference

The Audit Process
A to Z

A practitioner-level guide covering every phase of a statutory audit — from client acceptance to report issuance — with real-life examples, specimen documents, and direct ISA cross-references. Prepared for Chartered Accountants and audit professionals.

Standards CoveredISA 200 – ISA 810 (IAASB 2023)

FrameworkIFRS / IAS (primary); BFRS reference

AudienceFCA, ACA, CA practitioners

ContextBangladesh / South Asia audit environment

ISA Framework & Standards Map ISA 200

The International Standards on Auditing (ISAs) are issued by the International Auditing and Assurance Standards Board (IAASB), a standard-setting body under the International Federation of Accountants (IFAC). In Bangladesh, the Institute of Chartered Accountants of Bangladesh (ICAB) has adopted the Clarified ISAs as Bangladesh Standards on Auditing (BSAs), which are substantively identical.

The ISA Architecture at a Glance

ISA Series	Topic	Key Standards
100–199	Introductory Matters	ISA 200 – Overall Objectives; ISA 210 – Engagement Terms
300–499	Risk Assessment & Planning	ISA 300, 315, 320, 330
500–599	Audit Evidence	ISA 500, 501, 505, 510, 520, 530, 540, 550, 560, 570, 580
600–699	Using Others' Work	ISA 600, 610, 620
700–799	Audit Conclusions & Reporting	ISA 700, 701, 705, 706, 710, 720
800–899	Specialised Areas	ISA 800, 805, 810

The Audit Process: High-Level Flow

01Pre-Engagement

02Planning

03Risk Assessment

04Fieldwork

05Completion

06Reporting

ISA 200 — Core Principle The overall objective of the auditor is to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes an opinion. Reasonable assurance is a high but not absolute level of assurance.

Phase 1

Pre-Engagement

1. Client Acceptance & Continuance ISA 220 ISQM 1

Before accepting any audit engagement, the firm must assess whether it is appropriate to do so. This is both a quality control obligation (ISQM 1) and an ethical requirement (IESBA Code of Ethics). For continuing engagements, this review is repeated annually.

New Client Acceptance Checklist

Assess independence — identify all partners, staff, and firm financial interests that could create threats
Assess competence — does the firm have sufficient industry knowledge and resources (e.g., banking sector expertise, IT auditors)?
Obtain predecessor auditor communication (ISA 510) — inquire about reasons for change, disagreements with management, fraud suspicions
Conduct KYC/AML checks on directors and beneficial owners
Assess management integrity — litigation history, press clippings, regulatory sanctions
Evaluate whether engagement risk (inherent, control, detection) is acceptable
Obtain engagement partner approval before formally accepting
Document the acceptance decision in the client acceptance form

Real-Life Example — Banking Sector (Bangladesh) Scenario: A mid-tier audit firm is approached to audit a newly licensed non-bank financial institution (NBFI). The chairman has previously been cited in a Bangladesh Bank investigation for loan irregularities at another entity.

Action: The firm's EQCR partner reviews the public Bangladesh Bank circulars, reviews newspaper archives, and contacts ICAB's ethics help desk. Given the identified integrity concerns and the fact that the firm lacks a dedicated financial sector audit team, the firm declines the engagement — documenting the decision in the rejection memo with specific reasons.

📋 SPECIMEN — Client Acceptance & Continuance Form Working Paper Ref: WP-ACC-01

CLIENT ACCEPTANCE / CONTINUANCE EVALUATION FORM [FIRM NAME] — QUALITY CONTROL ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Client Name : _______________________________ Engagement Type : Statutory Audit / Tax / Both Financial Year : _______________________________ New / Continuing : [ ] New [ ] Continuing (Year ___) Engagement Partner : _______________________________ Date of Assessment : _______________________________ SECTION A — INDEPENDENCE CHECK ━━━━━━━━━━━━━━━━━━━━━━━━━ 1. Does any partner/manager hold shares in the client? [ ] Y [ ] N 2. Any family relationship with key management? [ ] Y [ ] N 3. Any loans/guarantees between firm & client? [ ] Y [ ] N 4. Recurring fee dependency > 15% of firm revenue? [ ] Y [ ] N 5. Conflict with existing client portfolio? [ ] Y [ ] N Note: Any "YES" must be resolved before acceptance. Independence threat identified? [ ] Y [ ] N If Y, safeguard applied: ___________________________ SECTION B — INTEGRITY ASSESSMENT (Management & Owners) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1. Known regulatory sanctions/fraud allegations? [ ] Y [ ] N 2. Pending litigation material to the entity? [ ] Y [ ] N 3. History of disputes with predecessor auditors? [ ] Y [ ] N 4. KYC/AML screening passed (Ultimate Beneficial Owner)? [ ] Y [ ] N Sources checked: Bangladesh Bank website / BSEC / Court records / Newspaper archives / ICAB registry SECTION C — COMPETENCE & RESOURCES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1. Industry (Banking/NBFI/Manufacturing/etc.): ____________ 2. Firm has sufficient industry expertise? [ ] Y [ ] N 3. Adequate qualified staff available? [ ] Y [ ] N 4. Specialist required (IT/Actuary/Valuation)? [ ] Y [ ] N If yes, identified specialist: ________________________ SECTION D — PREDECESSOR AUDITOR (New Engagements only) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Previous auditor contacted? [ ] Y [ ] N [ ] N/A Date of communication: ___________ Key matters disclosed: - Reason for change: _______________________________ - Unresolved disagreements: _______________________ - Fraud/irregularities: ____________________________ - Outstanding fees: ________________________________ SECTION E — DECISION ━━━━━━━━━━━━━━━━━━ ACCEPT [ ] DECLINE [ ] CONDITIONAL [ ] Conditions (if any): _______________________________ Reason for decline: _________________________________ Engagement Partner Signature: ____________ Date: ______ Quality Control Partner: ____________ Date: ______ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISQM 1 Para. 26-29; ISA 220 Para. 12-13; IESBA Code Sec. 510-521

This form must be retained in the permanent audit file for a minimum of 7 years per ISQM 1 requirements.

Predecessor Auditor Communication (ISA 510)

For initial engagements, the incoming auditor must communicate with the predecessor. In Bangladesh, this is governed by ICAB's Ethical Standards. The predecessor must respond unless legally prohibited. Key areas of inquiry include opening balances, contentious accounting policies, and any concerns about management integrity.

✉️ SPECIMEN — Letter to Predecessor Auditor ISA 510 / ICAB Ethical Standard

[On Firm Letterhead] Date: _______________ [Name of Previous Audit Firm] [Address] Dear Sir/Madam, Re: [CLIENT NAME] — Proposed Appointment as Statutory Auditor Financial Year Ended: _______________ We have been approached by the management of [Client Name] (hereinafter "the Company") to consider accepting appointment as statutory auditors for the above financial year. The Company has informed us that your firm is the incumbent auditor. In accordance with ICAB's Code of Professional Conduct and Ethics, we seek your professional courtesy communication on the following matters: 1. Whether there are any professional reasons why we should not accept this appointment, and if so, details thereof. 2. Whether there have been any disagreements with management on accounting policies, financial statement presentation, or audit procedures. 3. Whether, to your knowledge, there is any fraud or suspected fraud involving management, employees, or third parties that affected or may have affected the financial statements. 4. Whether any matters of significance remain unresolved as at the date of your last audit report. 5. Any other matters that, in your professional judgment, we should be made aware of before accepting the appointment. We confirm that we have obtained client consent to contact you and that any information shared will be treated with strict professional confidentiality. Please respond within 14 days of this letter. If we do not receive a response, we will interpret your silence as indicating no professional reason for non-acceptance. Yours faithfully, _______________________ [Engagement Partner Name], FCA For and on behalf of [Firm Name], Chartered Accountants Encl: Client consent letter dated _______________

Ref: ISA 510.6 — ISA 300.13 — ICAB Code of Professional Conduct, Part B, Section 510

2. Engagement Letter ISA 210

ISA 210 requires the auditor to agree on the terms of the audit engagement with management (or those charged with governance). The engagement letter is the formal written record of this agreement and must be renewed or updated when terms change materially.

Mandatory Contents of an Engagement Letter

The objective and scope of the audit
Responsibilities of the auditor (ISA 200)
Responsibilities of management (for financial statements, internal controls, and providing complete information)
Identification of the applicable financial reporting framework (IFRS/BFRS/BFRS for SMEs)
Form and content of any reports to be issued
Fee basis and billing arrangements
Basis for resolution of disputes
Access to records, documents, and personnel
Limitation of liability (if legally permissible)

📄 SPECIMEN — Audit Engagement Letter ISA 210 / Exhibit A

[On Firm Letterhead] Date: _______________ Ref: [Firm Ref No.] The Board of Directors [Client Company Name] [Registered Address] Dear Members of the Board, AUDIT ENGAGEMENT LETTER — FINANCIAL YEAR ENDED [DATE] You have requested that we audit the financial statements of [Company Name] ("the Company"), which comprise the statement of financial position as at [date], and the statement of profit or loss and other comprehensive income, statement of changes in equity and statement of cash flows for the year then ended, and notes to the financial statements, including material accounting policy information. We are pleased to confirm our acceptance of this engagement. This letter sets out the terms of our engagement. 1. OUR OBJECTIVE AND SCOPE We will conduct our audit in accordance with Bangladesh Standards on Auditing (BSAs), which are based on International Standards on Auditing (ISAs) issued by the IAASB. Those standards require that we comply with ethical requirements, plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor's judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. Because of the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements will not be detected, even though the audit is properly planned and performed in accordance with BSAs. 2. MANAGEMENT'S RESPONSIBILITIES Our audit will be conducted on the basis that management acknowledges and understands that it has responsibility for: (a) The preparation and fair presentation of the financial statements in accordance with Bangladesh Financial Reporting Standards (BFRSs); (b) Such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error; (c) Providing us with: • Access to all information relevant to the preparation of financial statements including records, documentation and other matters; • Additional information that we may request from management for the purpose of the audit; and • Unrestricted access to persons within the entity from whom we determine it necessary to obtain audit evidence. 3. OUR RESPONSIBILITIES We will issue a written report upon completion of our audit. We will also communicate to you, as those charged with governance, any significant matters arising during the audit including significant deficiencies in internal control identified during the audit (ISA 265). 4. INHERENT LIMITATIONS Our audit is not designed to detect all instances of fraud or error. We will communicate to you any matters that come to our attention during the audit which we believe warrant your attention. 5. FEES Our fees will be based on time spent by our partners and staff at applicable charge rates. A fee estimate of BDT _________ has been discussed with you, subject to the scope of work as agreed. Invoices will be submitted as work progresses and are payable within 30 days. Please confirm your agreement to the terms of this letter by signing and returning the enclosed copy. Yours faithfully, _______________________ [Partner Name], FCA [Firm Name], Chartered Accountants ━━━━━━━━━━━━━━━━━━━━━━━━━━ ACKNOWLEDGEMENT & ACCEPTANCE We confirm on behalf of [Company Name] that we have read, understood and agree to the terms of this engagement letter. Signed: _________________________ Name: _________________________ Title: Director / CEO / CFO Date: _________________________

Ref: ISA 210.10 — Appendix 1. This letter should be revisited when: (a) there is indication that management misunderstands the objective/scope; (b) revised terms are required; (c) significant changes occur in the entity or reporting framework.

Phase 2

Audit Planning

3. Overall Audit Strategy ISA 300

The auditor shall establish an overall audit strategy that sets the scope, timing and direction of the audit, and guides the development of the detailed audit plan. ISA 300 requires this to be documented in writing.

Elements of the Overall Audit Strategy

Characteristics of the engagement — size, complexity, reporting framework, regulatory requirements, use of IT systems, group audit considerations
Reporting objectives — deadlines, nature of communications required (audit report, management letter, regulatory filings)
Significant factors — significant risks identified at planning, areas of high inherent risk, areas requiring specialist involvement
Results of preliminary engagement activities — acceptance/continuance, predecessor communication, prior year findings
Nature, timing and extent of resources — allocation of partner/manager/senior/junior time, use of experts
Coordination with internal audit — if the entity has an internal audit function

Real-Life Example — Manufacturing Company Audit Entity: A listed textile manufacturer with 5 factories and BDT 4,800 crore turnover.

Strategy highlights: The audit team is 12 strong (2 partners, 2 managers, 4 seniors, 4 juniors). Inventory (raw cotton, WIP, finished goods) is identified as the highest-risk area given year-end stock BDT 600 crore; a physical inventory observation team is assigned. Revenue recognition is flagged as a significant risk due to channel-stuffing allegations in the prior year. An IT specialist is engaged to test the ERP system (SAP) access controls. Interim audit work (controls testing) is planned for October–November; final audit is December–January.

🗂️ SPECIMEN — Overall Audit Strategy Memorandum WP Ref: PLAN-01

OVERALL AUDIT STRATEGY — MEMORANDUM ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Client : [Client Name] Year End : [Date] Partner : [Name] Manager : [Name] Date Prepared : [Date] Date Reviewed : [Date] 1. ENGAGEMENT CHARACTERISTICS Entity type : Public Listed / Private / Bank / NBFI / NGO Reporting framework : BFRS / BFRS for SMEs / Bangladesh Bank circulars Regulatory body : BSEC / Bangladesh Bank / IDRA / RJSC Group structure : Standalone / Parent with [N] subsidiaries Key systems : SAP / Tally / Oracle / Bespoke Internal audit : Exists [ ] / Does not exist [ ] 2. SIGNIFICANT RISKS IDENTIFIED AT PLANNING STAGE (to be reviewed after risk assessment in ISA 315) a. Revenue recognition — cut-off risk around year-end b. Inventory valuation — NRV assessment for slow-moving items c. Loan classification — Bangladesh Bank provisioning requirements d. Related party transactions — arm's length pricing e. Going concern — net current liability position 3. MATERIALITY Overall materiality : BDT ___________ Performance mat. : BDT ___________ Trivial threshold : BDT ___________ (See WP MAT-01 for calculation) 4. TIMING Interim fieldwork : [Date range] Year-end inventory count : [Date] Final fieldwork : [Date range] Draft accounts receipt: [Date] Report deadline : [Date] 5. RESOURCE ALLOCATION Engagement partner : [Name] — Overall direction & sign-off Engagement manager : [Name] — Day-to-day supervision EQCR partner : [Name] — Engagement quality control review Seniors : [Names] — Substantive procedures Juniors : [Names] — Schedules, vouching, confirmations IT specialist : [Name/Firm] — ERP access controls Valuation specialist : [Name/Firm] — Land & building revaluation 6. COORDINATION Component auditors : N/A / [Name for subsidiary X] Internal audit reliance: Planned [ ] / Not planned [ ] If planned, scope of reliance: _______________________ Partner Approval: _______________ Date: _______________ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 300.8-12; ISA 220.14

The audit strategy is a living document — update it whenever significant new information comes to light during the audit.

4. Materiality & Performance Materiality ISA 320

Materiality is fundamental to the audit. Misstatements, including omissions, are considered material if they could reasonably be expected to influence the economic decisions of users of the financial statements. ISA 320 requires the auditor to determine materiality for the financial statements as a whole, and if applicable, materiality levels for particular classes of transactions, balances, or disclosures.

Determining Materiality — Common Benchmarks

Entity Type	Benchmark	Typical Range	Notes
Manufacturing / Trading	Profit before tax	5%–10% of PBT	Adjust if PBT volatile or near zero
Profit-oriented entities	Revenue	0.5%–1% of revenue	Used when PBT is small or loss-making
Not-for-profit / NGO	Total expenditure	0.5%–2%	Donor focus on expenditure
Banks / NBFIs	Total assets or Net interest income	0.5%–1% of total assets	Bangladesh Bank often uses total assets
Holding companies	Net assets	1%–2% of net assets	Focus on balance sheet

Performance Materiality

Performance materiality is set at an amount less than overall materiality (typically 50%–75%) to reduce to an appropriately low level the probability that aggregate uncorrected and undetected misstatements exceed overall materiality. It drives sample sizes and the extent of testing.

Real-Life Calculation Example Entity: ABC Pharmaceuticals Ltd — PBT BDT 85 crore; Revenue BDT 620 crore; Total Assets BDT 350 crore

Benchmark chosen: PBT (entity is consistently profitable, PBT is a key metric for investors).
Overall Materiality: 7% × BDT 85 crore = BDT 5.95 crore (rounded to BDT 6 crore)
Performance Materiality: 65% × BDT 6 crore = BDT 3.9 crore
Trivial/Clearly Inconsequential: 5% × BDT 6 crore = BDT 30 lakh

Any misstatement below BDT 30 lakh need not be accumulated; anything BDT 30 lakh–BDT 3.9 crore is accumulated; anything above BDT 3.9 crore triggers further investigation.

🔢 SPECIMEN — Materiality Calculation Schedule WP Ref: MAT-01

MATERIALITY DETERMINATION ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Client: ___________________ Year End: __________ Prepared by: ______________ Date: ______________ Reviewed by: ______________ Date: ______________ STEP 1 — SELECT BENCHMARK Benchmark selected: [ ] PBT [ ] Revenue [ ] Total Assets [ ] Net Assets [ ] Total Expenditure Benchmark value (BDT): ___________________________ Reason for selection: ___________________________ STEP 2 — APPLY PERCENTAGE Percentage applied: _________% Calculation: BDT _________ × _____% = BDT _________ Overall Materiality (OM): BDT _________ STEP 3 — PERFORMANCE MATERIALITY PM percentage of OM: _________% Performance Materiality (PM): BDT _________ Rationale for PM %: (Consider: prior year misstatements, client complexity, quality of accounting, nature of population) _________________________________________________ STEP 4 — TRIVIAL THRESHOLD Trivial % of OM: 5% Trivial Amount: BDT _________ STEP 5 — SPECIFIC MATERIALITY (if applicable) Area Specific Materiality Director remuneration BDT ___________ (regulatory disclosure) Related party transactions BDT ___________ (IFRS 24) Segment information BDT ___________ STEP 6 — PRIOR YEAR COMPARISON Prior year OM: BDT _________ Change: _________ % Reason for significant change (if any): ____________ CONCLUSION OM communicated to team? [ ] Yes Date: __________ Revised at any point? [ ] Yes [ ] No If yes, reason for revision: _____________________ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 320.10-11; ISA 450.3

Materiality must be reassessed if, during the audit, the auditor becomes aware of information that would have caused a different determination. Document any revision and its rationale.

5. Risk Assessment — Understanding the Entity ISA 315

ISA 315 (Revised 2019) requires the auditor to identify and assess the risks of material misstatement through understanding the entity and its environment, including the entity's internal control. This is the cornerstone of a risk-based audit approach.

The Five Components of Understanding (ISA 315.19)

The entity and its environment — industry, regulatory environment, nature of operations, ownership structure, financing
The applicable financial reporting framework — BFRS, Bangladesh Bank Master Circulars, BSEC rules
The entity's system of internal control — control environment, risk assessment process, information systems, control activities, monitoring
The entity's accounting policies — appropriateness, consistency, judgement-heavy areas
Entity's objectives and strategies — business risks that may result in material misstatement

Inherent Risk Factors (ISA 315 Revised)

ISA 315 (Revised 2019) introduced the concept of inherent risk factors — qualitative characteristics that affect the susceptibility of an assertion to misstatement:

Complexity — complex financial instruments, group structures, multi-currency operations
Subjectivity — fair value estimates, expected credit losses (ECL), warranty provisions
Change — new accounting standards, new business lines, management changes
Uncertainty — litigation outcomes, going concern doubts, contingent liabilities
Susceptibility to misappropriation — cash handling, inventory, payroll

Risk Assessment Procedures

Inquiries of management, internal audit, legal counsel, and other relevant personnel
Analytical procedures (trend analysis, ratio analysis, peer comparison)
Observation and inspection (factory visits, document review, board minutes)
Review of prior year audit file and management letter
Review of interim financial information, budgets, and management accounts
Review of regulatory reports (Bangladesh Bank inspection reports, BSEC filing, etc.)
IT general controls walkthrough (if entity relies on IT systems)

Real-Life Example — Bank Audit (Bangladesh) Entity: A scheduled commercial bank with BDT 15,000 crore in loans and advances.

Inherent Risk Factors identified:
• Loan classification and provisioning (highly subjective — Bangladesh Bank BRPD Circular No. 14 applies)
• Expected Credit Loss (ECL) model under BFRS 9 newly adopted — high uncertainty
• Off-balance-sheet exposures (letters of credit, guarantees) — completeness risk
• Treasury instruments (HTM vs. FVOCI classification) — intentional misclassification risk
• Related party loans to director-connected entities — integrity risk

Risk Assessment Procedures performed: Reviewed BB Inspection Report (BRPD), reviewed board minutes, obtained and reviewed loan classification policy, performed ratio analysis (NPL ratio vs. peer banks), interviewed Credit Risk Manager, reviewed 20 large loan files.

The Risk of Material Misstatement (RMM)

RMM = Inherent Risk (IR) × Control Risk (CR). The auditor uses this to determine Detection Risk and, consequently, the nature, timing, and extent of substantive procedures.

IR / CR Matrix

CR Low

CR High

IR High

Medium RMM

HIGH RMM

IR Low

LOW RMM

Medium RMM

Documents to Collect During Risk Assessment

Memorandum and Articles of Association / Certificate of Incorporation
Latest audited financial statements (prior 3 years)
Board meeting minutes (all meetings during the year)
Audit Committee meeting minutes
Management accounts / Monthly MIS reports
Organisation chart and staff list
Approved budgets vs. actual reports
Regulatory inspection reports (Bangladesh Bank, BSEC, IDRA, etc.)
List of related parties signed by management
Legal correspondence file / Pending litigation list
Chart of accounts / Accounting policies manual
IT system documentation / User access control policy
Internal audit reports and management responses
Significant contracts (loan agreements, lease agreements, major supply contracts)
Insurance policies schedule

⚠️ SPECIMEN — Risk Assessment Register WP Ref: RA-01

RISK ASSESSMENT REGISTER (SUMMARY) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Client: ________________ Year End: __________ Ref: RA-01 Financial Statement Area | IR | CR | RMM | Significant? | Response WP ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Revenue recognition | High | Med | High | YES | SUB-REV-01 Accounts receivable | Med | Med | Med | No | SUB-AR-01 Inventory (valuation) | High | Low | High | YES | SUB-INV-01 PPE / Depreciation | Low | Low | Low | No | SUB-PPE-01 Borrowings (existence) | Low | High | Med | No | SUB-BOR-01 Provisions & contingent | High | High | High | YES | SUB-PRV-01 Related party trans. | High | Med | High | YES | SUB-RPT-01 Tax liabilities | Med | Med | Med | No | SUB-TAX-01 Going concern | High | N/A | High | YES | GC-01 Payroll expenses | Low | Low | Low | No | SUB-PAY-01 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ IR: Inherent Risk | CR: Control Risk | RMM: Risk of Material Misstatement Scale: High / Medium / Low Significant Risks (ISA 315.27): Revenue recognition, Inventory valuation, Provisions, Related party transactions, Going concern. Prepared by: ______________ Date: __________ Reviewed by: ______________ Date: __________ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 315.26-27; ISA 330.15

Significant risks always require substantive procedures regardless of controls assessment. Controls reliance alone is insufficient for significant risks.

6. Fraud Risk Assessment ISA 240

ISA 240 requires the auditor to maintain an attitude of professional skepticism and identify and assess the risks of material misstatement due to fraud. Two types of fraud are relevant: fraudulent financial reporting and misappropriation of assets.

Fraud Risk Factors (The Fraud Triangle)

Incentive/Pressure — management under pressure to meet earnings targets, excessive bonuses tied to results, financial distress
Opportunity — weak internal controls, dominant management, ineffective oversight by those charged with governance
Rationalisation/Attitude — management disregard for controls, history of violations, poor ethical culture

Mandatory Procedures Under ISA 240

Team discussion — the engagement team must hold a mandatory fraud brainstorming discussion, where and how could fraud occur in this entity?
Management inquiries — inquire of management about known or suspected fraud, and about its fraud risk assessment process
Presume revenue recognition is a fraud risk — this is a rebuttable presumption; must document basis if rebutted
Management override of controls — always a significant risk; test journal entries, accounting estimates, and unusual transactions
Journal entry testing — select unusual/late journal entries; trace to supporting documentation

Red Flags — Fraudulent Financial Reporting • Consistently meeting or beating analyst expectations by small margins
• Management reluctance to allow access to certain records or personnel
• Significant year-end revenue reversals in the subsequent period
• Complex transactions with no clear business purpose (especially with related parties)
• Unusual journal entries — large, round-number, posted on the last day of the period
• Frequent changes in accounting estimates or auditors
• Discrepancies between physical inventory and book records

Real-Life Example — Revenue Fraud (Export Company) Scenario: During audit of a garments exporter, the team finds that BDT 18 crore of revenue was recognised in March, but the goods were in transit as of 31 March (shipping date was 5 April). Management argues a bill of lading dated 30 March exists.

Auditor response: Obtained the original bill of lading; the date appeared altered. Performed back-of-bank confirmation with the bank — the LC payment was received in April. Escalated to the engagement partner; extended journal entry testing to the full year. Ultimately resulted in a qualification of the audit report for a BDT 18 crore overstatement of revenue.

🔍 SPECIMEN — Fraud Risk Assessment Memo & Team Discussion Record WP Ref: FRAUD-01

FRAUD RISK ASSESSMENT — ENGAGEMENT TEAM DISCUSSION RECORD ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Client: ___________________ Year End: __________ Meeting Date: ______________ Location: __________ Attendees: Partner: _______________________________ Manager: _______________________________ Seniors: _______________________________ AGENDA / QUESTIONS DISCUSSED ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1. HOW COULD MANAGEMENT MANIPULATE FINANCIAL RESULTS? - Revenue side: early recognition, fictitious customers, bill-and-hold? - Expense side: capitalisation of revenue expenditure, understated provisions? - Asset inflation: inflated inventory, fictitious receivables? - Liability concealment: off-balance-sheet arrangements? Discussion notes: _______________________________________________ 2. WHERE ARE THE OPPORTUNITIES FOR ASSET MISAPPROPRIATION? - Cash handling weaknesses? - Payroll ghost employees? - Procurement fraud / kickbacks? - Fixed asset theft? Discussion notes: _______________________________________________ 3. FRAUD RISK FACTORS IDENTIFIED (Fraud Triangle) Pressure/Incentives: _______________________________________________ Opportunity: _______________________________________________ Rationalisation: _______________________________________________ 4. REVENUE RECOGNITION — PRESUMPTION [ ] Presumption maintained — revenue recognition is a fraud risk [ ] Presumption rebutted — basis: _______________ 5. MANAGEMENT OVERRIDE RISK Always a significant risk? [✓] YES Journal entry testing planned? [✓] YES — See WP JE-01 6. MANAGEMENT INQUIRIES (ISA 240.18) Name / Title interviewed: _______________________ Date: _________________________________________ Response to fraud inquiry: _______________________________________________ CONCLUSION — FRAUD RISKS IDENTIFIED ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ # | Description | Type | WP Ref | Response 1 | Revenue cut-off | Fin.Fraud | REV-02 | Extend substantive testing 2 | Management override | Fin.Fraud | JE-01 | Journal entry testing 3 | Payroll — ghost staff | Misapprop. | PAY-03 | Surprise payroll check Prepared by: ______________ Date: __________ Reviewed by: ______________ Date: __________ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 240.15-24; ISA 330.21

This discussion must occur prior to or at the start of risk assessment. All team members — not just the partner — must attend. The discussion should be candid and questioning.

7. Detailed Audit Plan ISA 300 ISA 330

The detailed audit plan translates the overall audit strategy into specific procedures for each assertion and each financial statement area. It documents the nature, timing, and extent of planned audit procedures, including both tests of controls and substantive procedures.

The Five Financial Statement Assertions

Assertion Group	Assertions	Commonly Tested For
Transactions & Events	Occurrence, Completeness, Accuracy, Cut-off, Classification	Revenue, purchases, payroll, expenses
Account Balances	Existence, Rights & Obligations, Completeness, Valuation & Allocation	Receivables, inventory, PPE, payables, loans
Presentation & Disclosure	Occurrence, Completeness, Classification, Accuracy & Valuation, Understandability	Notes to accounts, segment disclosure, contingencies

ISA 330 — Key Requirement Regardless of the assessed risk of material misstatement, the auditor shall design and perform substantive procedures for each material class of transactions, account balance, and disclosure. The auditor may not rely on controls alone for significant risks — substantive procedures are always required.

Phase 3

Fieldwork — Audit Execution

8. Internal Controls Testing ISA 315 ISA 330

When the auditor intends to rely on controls (i.e., reduce the extent of substantive testing based on the expectation that controls are effective), tests of controls must be performed. This is particularly important in banking and large-entity audits where IT-dependent controls are pervasive.

The COSO Framework — Five Components of Internal Control

Control Environment — tone at the top, ethics, governance, competence, accountability
Risk Assessment — entity's own process to identify and respond to business risks
Control Activities — authorisation, reconciliations, segregation of duties, IT controls, physical safeguards
Information & Communication — quality of financial reporting systems, management information
Monitoring — internal audit, management review of KPIs, exception reporting

Types of Tests of Controls

Inquiry — ask the control owner how the control works; least reliable on its own
Observation — watch the control being performed (e.g., observe cash counting procedures)
Inspection — examine documents that provide evidence the control operated (e.g., approved payment vouchers, system access logs)
Re-performance — independently perform the control procedure (e.g., re-perform bank reconciliation)

Real-Life Example — Bank (Treasury Department Controls) Control tested: Maker-Checker segregation on treasury deal input system.

Procedure: Obtained the system access log for the treasury dealing system for all 12 months. Tested that for 40 randomly selected transactions, the inputter (Dealer) and the authoriser (Treasury Operations) were different users, and that no single user had both input and authorisation rights. Cross-checked against the bank's approved user access matrix.

Result: Two instances found where a covering dealer had authorised his own transactions during a colleague's leave. Identified as a control deficiency; reported in the management letter. No misstatement identified, but the auditor increased the sample for treasury substantive testing.

IT General Controls (ITGCs)

Access controls — user authentication, privilege management, segregation of duties in IT
Change management — procedures for authorising, testing, and implementing system changes
Computer operations — job scheduling, data backup, disaster recovery
Program development — SDLC controls for new system development

🛡️ SPECIMEN — Internal Control Questionnaire (Purchases & Payables Cycle) WP Ref: ICQ-PUR-01

INTERNAL CONTROL QUESTIONNAIRE — PURCHASES & PAYABLES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Client: ___________________ Year End: __________ Completed by (Auditor): ____ Date: ______________ Information source: [ ] Inquiry [ ] Observation [ ] Inspection QUESTION Y / N / NA Comments / WP Ref ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ PURCHASE ORDERING 1. Are purchase orders (POs) raised for all [ ][ ][ ] purchases above BDT _________ threshold? 2. Are POs authorised before issue? [ ][ ][ ] 3. Is a list of approved vendors maintained? [ ][ ][ ] 4. Are purchases > BDT _______ subject to [ ][ ][ ] competitive bidding? GOODS RECEIPT 5. Are goods received notes (GRNs) raised [ ][ ][ ] for all goods received? 6. Is there three-way matching (PO/GRN/ [ ][ ][ ] invoice) before payment? 7. Are goods inspected for quality on receipt? [ ][ ][ ] INVOICE PROCESSING 8. Are all supplier invoices stamped 'received'[ ][ ][ ] with date of receipt? 9. Is there segregation between the staff who [ ][ ][ ] approve invoices and those who process payments? 10. Are credit notes checked against original [ ][ ][ ] invoices? PAYMENT 11. Is there dual authorisation for payments [ ][ ][ ] above BDT _________ ? 12. Are blank cheques / transfer authorities [ ][ ][ ] pre-signed? (Answer should be NO) 13. Are supplier statements reconciled monthly?[ ][ ][ ] 14. Is the accounts payable ledger reconciled [ ][ ][ ] to the control account monthly? PERIOD-END 15. Are cut-off procedures in place for [ ][ ][ ] year-end payables? 16. Are accruals reviewed by management? [ ][ ][ ] CONTROL WEAKNESSES IDENTIFIED: 1. _________________________________________________ 2. _________________________________________________ ACTION: [ ] Reliance planned — test of controls (WP TOC-PUR-01) [ ] No reliance — direct substantive approach ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 315.26; ISA 330.8-10; COSO 2013

ICQs are prepared separately for each transaction cycle: Revenue/Receivables, Purchases/Payables, Payroll, Treasury/Cash, Inventory, Fixed Assets, Financing.

Reporting Control Deficiencies (ISA 265)

The auditor must communicate significant deficiencies in internal control in writing to those charged with governance (the audit committee / board). A significant deficiency is one that is of sufficient importance to merit attention. This is typically done through the Management Letter.

9. Substantive Procedures ISA 330 ISA 500

Substantive procedures are audit procedures designed to detect material misstatements at the assertion level. They comprise tests of details (examining individual transactions, balances, or disclosures) and substantive analytical procedures.

Key Substantive Procedures by Area

Revenue & Receivables

Trace revenue transactions to supporting documents (invoice, dispatch note, delivery confirmation)
Test cut-off — review transactions 10 days before and after year-end; ensure goods delivered = revenue recognised
Perform debtors' circularisation (external confirmation per ISA 505)
Review credit notes issued after year-end (may indicate overstatement)
Analytical procedures — gross margin by product/segment vs. prior year and budget
Test journal entries posting revenue (especially manual adjustments at year-end)

Inventory

Attend physical inventory count (ISA 501) — test count accuracy, identify slow-moving items, review condition
Test valuation — confirm cost (lower of cost / NRV); obtain NRV evidence (selling price lists, post-year sales)
Trace count sheets to inventory listing; reconcile to ledger
Review aged inventory report — assess obsolescence provision adequacy
Test cut-off at physical count date

Bank & Cash

Obtain bank confirmation letters from all banks (ISA 505) — balances, loans, securities pledged
Review and test bank reconciliations at year-end
Vouch outstanding cheques and deposits in transit to subsequent clearance
Review intercompany/interbank transfers around year-end (kiting risk)
For large cash balances: surprise cash count

Loans & Advances (Banking Entities)

Obtain loan schedule; agree to general ledger
Select sample of large loans; review credit files, security documentation, repayment history
Confirm classification against Bangladesh Bank BRPD Circular No. 14 criteria
Test adequacy of provisioning — specific and general provisions
Review LFAT (Large Loan Funded) returns to Bangladesh Bank for consistency
Obtain legal confirmations for loans under litigation

Real-Life Example — Debtors Circularisation Entity: Pharmaceutical distribution company, debtors BDT 120 crore (1,200+ customers).

Approach: Stratified the debtor population: Top 50 debtors (BDT 80 crore) — positive confirmation; Next 100 (BDT 25 crore) — negative confirmation; Remaining BDT 15 crore — analytical procedures only.

Result: 3 major debtors disputed balances; one confirmed their books showed BDT 1.2 crore less than the client's ledger (client had recognised revenue not yet delivered). Identified BDT 1.2 crore overstatement — exceeded performance materiality, proposed adjustment was accepted by management.

📬 SPECIMEN — External Confirmation Request (Debtors) WP Ref: AR-CONF-01 | ISA 505

[On Client's Letterhead — sent by auditor] Date: _______________ [Debtor Company Name] [Address] Dear Sir/Madam, Re: Confirmation of Account Balance Our auditors, [Audit Firm Name], Chartered Accountants, are conducting the statutory audit of our financial statements for the year ended [Date]. In accordance with standard audit procedures, please confirm directly to our auditors whether the following balance agrees with your records. Please respond directly to the auditors at the address below — NOT to us. BALANCE AS PER OUR RECORDS AT [DATE]: Your Account Reference : [Client's internal code] Amount Outstanding (BDT) : ___________________________ Comprising: Invoices : BDT _______________ Credit Notes Pending : BDT (______________) Net Payable by you : BDT _______________ Please tick ONE box and sign below: [ ] I/We confirm the above balance agrees with our records as at [date]. [ ] I/We do NOT agree. The balance per our records is BDT ______________. Details of difference: ________________________________________________________________ ________________________________________________________________ Name: _______________________________ Designation: _______________________________ Signature: _______________________________ Date: _______________________________ Company Seal: PLEASE RETURN TO: [Audit Firm Name], Chartered Accountants [Address] [Email] [Phone] ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ This confirmation request is made solely for audit purposes. Ref: ISA 505.7-8

Non-responses to positive confirmations require alternative procedures (e.g., vouching subsequent cash receipts, review of invoices and delivery notes). Document all non-responses and follow-up procedures.

Property, Plant & Equipment (PPE)

Agree opening balances to prior year audited accounts
Vouch additions (purchase invoices, contractor bills, capitalisation policy compliance)
Test disposals (approval, proceeds received, gain/loss calculation)
Physically verify a sample of assets (existence and condition)
Test depreciation calculation for a sample (rate, method, consistency)
Review impairment indicators (IAS 36)
For revaluations: assess qualifications and independence of valuer; review valuation report

Provisions & Contingent Liabilities

Obtain schedule of all provisions; agree to ledger
For each major provision, assess whether IAS 37 recognition criteria are met
Obtain legal confirmation letter from entity's legal counsel (ISA 501)
Review correspondence files for unrecorded claims
Review post-year board minutes for subsequent events affecting provisions
Review adequacy — compare to historical experience

⚖️ SPECIMEN — Legal Confirmation Letter WP Ref: LEGAL-01 | ISA 501

[On Client's Letterhead] Date: _______________ [Law Firm / Advocate's Name] [Address] Dear Sir/Madam, Re: Confirmation of Legal Matters — Audit of [Company Name] Year Ended: [Date] In connection with the audit of our financial statements by [Audit Firm Name], Chartered Accountants ("our auditors"), we request that you communicate directly with our auditors regarding the matters listed below. Please provide the following information as at [Year-End Date] and any developments up to the date of your response: 1. PENDING LITIGATION AND CLAIMS Please describe all matters of litigation, claims, and assessments for which you have been engaged and which remain pending as at the date of your response, including: (a) A description of the nature of each matter (b) The stage of proceedings (c) Your assessment of the probable outcome (likely favourable / likely unfavourable / cannot be determined) (d) An estimate of the potential financial effect if unfavourable 2. MATTERS NOT LISTED ABOVE Are there any other matters pending (including regulatory actions, tax disputes handled by your office, or matters threatening to become litigation) of which we should be aware? [ ] No other matters [ ] Yes — details below: _________________________________________________________________ 3. COMPLETENESS CONFIRMATION We confirm that the following legal matters on our records have been submitted to you for this confirmation. Please advise if this list is not complete from your records: Case / Ref No. | Nature | Amount Claimed (BDT) | Status ───────────────────────────────────────────────────────────────── [List of known cases from client's records] We authorise you to disclose all information relevant to the above to our auditors. Yours faithfully, [Company CEO / CFO Signature] ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ AUDITORS' NOTE: Please send your response directly to: [Audit Firm Name], Chartered Accountants [Address / Email] ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 501.9; IAS 37.86

Where legal counsel declines to respond or limits their response, this is itself a significant matter to consider — it may require modifying the audit opinion if the impact could be material.

10. Audit Sampling ISA 530

Audit sampling involves applying audit procedures to less than 100% of a population such that all sampling units have a chance of selection, allowing the auditor to project results to the entire population. ISA 530 does not mandate specific sample sizes but requires the sample to be sufficient to provide a reasonable basis for conclusions.

Sampling Approaches

Method	Description	Best Used For
Random sampling	Every item in the population has an equal chance of selection	Large, homogeneous populations
Systematic sampling	Select every nth item after a random start	Ordered populations (invoice sequences)
Stratified sampling	Divide population into strata; sample from each	Populations with high-value items
Monetary Unit Sampling (MUS)	Each monetary unit has equal probability; larger items more likely selected	Overstatement testing (receivables, assets)
Haphazard sampling	Non-statistical; auditor selects without bias	Small populations; supplementary to other methods

Factors Affecting Sample Size

Higher desired confidence → larger sample
Higher tolerable misstatement / tolerable deviation rate → smaller sample
Higher expected error rate → larger sample
Larger population → marginally larger sample (for statistical sampling)
Results of prior year testing (if significant errors found, increase sample)

Real-Life Example — MUS for Receivables Testing Population: Trade receivables BDT 180 crore across 3,400 invoices
Performance Materiality: BDT 4.5 crore
Tolerable Misstatement: BDT 4.5 crore
Expected Misstatement: BDT 0.5 crore (based on prior year)
Confidence Level: 95%

Sample size (MUS): ≈ 58 invoices (calculated using reliability factor)
Sampling interval: BDT 180 crore ÷ 58 = BDT 3.1 crore
All invoices above BDT 3.1 crore are automatically included (top-stratum). Remaining sample selected systematically from the remaining population.

11. Analytical Procedures ISA 520

Analytical procedures involve evaluating financial information through analysis of plausible relationships among financial and non-financial data. They are used at three stages: planning (as risk assessment procedures), fieldwork (as substantive procedures for lower-risk areas), and completion (overall review).

Types of Analytical Procedures

Trend analysis — compare current year to prior years (5-year trend)
Ratio analysis — gross margin %, current ratio, debt-equity, days receivable, days payable
Cross-sectional analysis — compare to industry peers / sector benchmarks
Reasonableness tests — develop an independent expectation (e.g., payroll: headcount × average salary)
Regression analysis — statistical relationship between variables (advanced)

Real-Life Example — Payroll Reasonableness Test Entity: Manufacturing company, 850 employees.

Auditor's expectation:
Average monthly salary per HR records: BDT 42,000
Annual payroll expectation: 850 × BDT 42,000 × 12 = BDT 42.84 crore
Actual payroll per accounts: BDT 48.2 crore
Unexplained difference: BDT 5.36 crore (exceeds PM of BDT 4 crore)

Follow-up: Management explained BDT 3.5 crore in annual bonuses (verified to board approval minutes) and BDT 1.86 crore in overtime. Overtime verified to individual records for a sample. Difference adequately explained; no misstatement.

12. Going Concern ISA 570

Management is responsible for assessing the entity's ability to continue as a going concern. The auditor is responsible for assessing whether management's use of the going concern assumption is appropriate, and whether there are material uncertainties that need to be disclosed.

Going Concern Indicators

Financial Indicators

Net current liability position (working capital deficit)
Net liability position (negative equity)
Recurring operating losses
Significant deterioration in key financial ratios
Loan covenants in breach or near breach
Substantial operating cash outflows
Arrears in dividends, debt service, or tax payments

Operational & Other Indicators

Loss of key customers or suppliers without replacement
Regulatory actions (licence suspension, heavy fines)
Uninsured catastrophic events (fire, flood)
Loss of key management with no succession plan
Fundamental change in technology making product obsolete

Audit Procedures for Going Concern

Review management's going concern assessment and supporting cash flow forecasts
Evaluate reasonableness of assumptions in forecasts
Check whether forecasts extend at least 12 months from the reporting date
Review loan agreements for covenant compliance
Obtain letters of support from parent/controlling shareholder (if applicable)
Review post-year events for evidence about going concern
Inquire of legal counsel about litigation and regulatory matters

Reporting Implications — ISA 570 No material uncertainty but going concern appropriate: No modification; may include Emphasis of Matter paragraph if significant judgement was involved.

Material uncertainty exists AND adequately disclosed: Unmodified opinion + Material Uncertainty Related to Going Concern paragraph in the report.

Material uncertainty exists but NOT disclosed: Qualified or Adverse opinion (material misstatement by omission).

Going concern assumption inappropriate: Adverse opinion.

13. Related Party Transactions ISA 550

Related party transactions carry inherent risk because they may not be at arm's length, may conceal conflicts of interest, and may be used for fraudulent financial reporting (e.g., fictitious revenue from a related entity). ISA 550 requires the auditor to be particularly alert to fraud risk in this area.

Audit Procedures for Related Parties

Obtain a complete list of related parties from management (signed) at the start of the audit
Review board minutes, shareholder registers, corporate governance disclosures for related party relationships
Search the general ledger for transactions with entities on the related party list
For significant transactions, obtain evidence of arm's length pricing (transfer pricing documentation, market comparisons)
Obtain external confirmation of related party loan balances
Review whether disclosures in the financial statements comply with IAS 24
Be alert to undisclosed related parties — compare supplier/customer addresses to director residential addresses, review interbank transfers

🔗 SPECIMEN — Related Party Identification & Management Representation WP Ref: RPT-01

RELATED PARTY DECLARATION — TO BE SIGNED BY MANAGEMENT Client: ___________________ Year End: __________ In connection with the audit of the financial statements of [Company Name] for the year ended [Date], we confirm that the following represents a complete and accurate list of all related parties as defined by IAS 24 (Related Party Disclosures): A. SUBSIDIARIES / ASSOCIATES / JOINT VENTURES Name | Relationship | Country | % Held ───────────────────────────────────────────────────────────── [Name] | Subsidiary | BD | 100% [Name] | Associate | BD | 35% B. KEY MANAGEMENT PERSONNEL (KMP) & CLOSE FAMILY Name | Designation ───────────────────────────────────── [Name] | Managing Director [Name] | CEO [Name] | CFO (KMP include directors, senior executives with authority & responsibility for planning/directing/controlling entity activities) C. ENTITIES CONTROLLED BY KMP OR CLOSE FAMILY Name | Relationship to KMP ────────────────────────────────────────────────── [Name] | Company owned by MD's brother [Name] | Company where CEO is director D. SIGNIFICANT TRANSACTIONS WITH RELATED PARTIES DURING THE YEAR Party | Nature | Amount (BDT) | Terms ───────────────────────────────────────────────────────────── [Name] | Sales | ___________ | Market rate [Name] | Loans given | ___________ | 9% p.a. [Name] | Rent paid | ___________ | Market rate E. OUTSTANDING BALANCES AT YEAR END Party | Receivable/Payable | Amount (BDT) ────────────────────────────────────────────────────────── [Name] | Receivable | ___________ [Name] | Payable | ___________ We confirm this list is complete and accurate to the best of our knowledge and belief. We are not aware of any related party relationships or transactions not listed above. Signed: _______________________ _______________________ Name: Managing Director/CEO Chief Financial Officer Date: ___________________ Date: ________________ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 550.13; IAS 24; ISA 580.10

This declaration should be updated at completion. Any additions discovered during the audit should be queried with management and independently verified.

14. Subsequent Events ISA 560

Subsequent events are events that occur between the financial statement date and the date of the auditor's report. ISA 560 distinguishes between adjusting events (which must be reflected in the financial statements) and non-adjusting events (which require disclosure if material).

Audit Procedures for Subsequent Events

Read post-year board minutes and audit committee minutes
Review management accounts / interim financial statements after year-end
Inquire of management about subsequent events (using a standard inquiry list)
Review correspondence files and major contracts entered into after year-end
Review post-year legal correspondence for new claims or regulatory actions
Review post-year debt facility changes (new borrowings, covenant waivers)
Verify that major customers or suppliers have not failed after year-end

Real-Life Example — Adjusting vs. Non-Adjusting Event Year End: 31 December 2024

Adjusting Event: A receivable of BDT 8 crore from a customer was outstanding at year-end. In February 2025, the customer was declared insolvent and went into liquidation. Since the condition (insolvency) existed at year-end (the customer was already in financial difficulty), this is an adjusting event — BDT 8 crore bad debt should be recognised as at 31 December 2024.

Non-Adjusting Event: A fire destroyed a major factory in March 2025 (after year-end). The fire did not exist at 31 December 2024. This is a non-adjusting event — disclose in notes. No adjustment to 31 December 2024 accounts.

15. Written Representations ISA 580

Written representations are a form of audit evidence. ISA 580 requires the auditor to obtain written representations from management — and where appropriate, those charged with governance — about their responsibilities and specific matters relevant to the audit.

Mandatory Representations

Management has fulfilled its responsibility for preparing the financial statements
All information provided to the auditor has been complete and accurate
All known or suspected fraud has been disclosed to the auditor
All known instances of non-compliance with laws and regulations have been disclosed
Completeness of related party disclosures
Subsequent events inquiry confirmation
Going concern assessment
Accounting estimates — basis and appropriateness of key judgements

Important — Limitations of Written Representations Written representations are not a substitute for other audit evidence. A representation cannot replace testing or corroborating evidence. If management refuses to provide a required written representation, or if a representation is contradicted by other evidence, the auditor considers the implications for the reliability of all other representations and for the audit opinion.

✍️ SPECIMEN — Management Representation Letter (Abridged) WP Ref: REP-01 | ISA 580

[On Client's Letterhead] Date: [Date of Auditor's Report or just before] [Audit Firm Name], Chartered Accountants [Address] Dear Sir/Madam, MANAGEMENT REPRESENTATION LETTER Re: Audit of [Company Name] for the Year Ended [Date] This letter of representations is provided in connection with your audit of the financial statements of [Company Name] (the "Company") for the year ended [Date], for the purpose of expressing an opinion on whether the financial statements present fairly, in all material respects, the financial position of the Company. We confirm, to the best of our knowledge and belief, having made such inquiries as we considered necessary for the purpose of appropriately informing ourselves: FINANCIAL STATEMENTS 1. We have fulfilled our responsibilities for the preparation and fair presentation of the financial statements in accordance with Bangladesh Financial Reporting Standards (BFRSs). 2. The financial statements are free from material misstatement, including omissions. 3. Significant assumptions used by us in making accounting estimates are reasonable. COMPLETENESS OF INFORMATION 4. We have provided you with all information relevant to the preparation and presentation of the financial statements, including all books of account, supporting documentation, minutes of meetings, and significant contracts. 5. All transactions have been recorded in the accounting records and are reflected in the financial statements. FRAUD AND NON-COMPLIANCE 6. We have disclosed to you the results of our assessment of the risk that the financial statements may be materially misstated as a result of fraud. 7. We have no knowledge of any fraud or suspected fraud involving management, employees with significant roles in internal control, or others that could have a material effect on the financial statements. 8. We have disclosed to you all known or suspected instances of non-compliance with laws and regulations whose effects should be considered when preparing the financial statements. RELATED PARTIES 9. We have disclosed to you the identity of all related parties and all related party transactions and balances as at and for the year ended [Date]. The disclosures in the financial statements are complete and accurate. SUBSEQUENT EVENTS 10. All events occurring subsequent to [Year-End Date] and for which BFRSs require adjustment or disclosure have been disclosed to you and appropriately treated in the financial statements. GOING CONCERN 11. We believe the Company has adequate resources to continue operations for the foreseeable future. The financial statements have been prepared on the going concern basis, which we believe to be appropriate. LITIGATION 12. We have disclosed all pending legal proceedings of which we are aware. The provisions made in the financial statements are, in our assessment, adequate to cover the probable outcome of these proceedings. Yours faithfully, _______________________________ _______________________________ [Managing Director / CEO] [Chief Financial Officer] [Company Name] [Company Name] Date: ___________________ Date: ___________________

The representation letter should be dated as close as practicable to, but not after, the date of the auditor's report. It is addressed to the auditor and signed by those with appropriate authority and knowledge.

16. Using Experts & Service Organisations ISA 620 ISA 402

The auditor may use the work of an expert (ISA 620) when a specialist area requires expertise beyond the auditor's own competence — such as property valuation, actuarial calculations, environmental assessments, or forensic investigations. ISA 402 deals with entities that use service organisations (e.g., payroll processors, IT service providers).

When to Use an Expert

Property, plant and equipment revaluation (requires registered valuer)
Defined benefit pension obligation — actuarial valuation (IAS 19)
Expected Credit Loss models — statistical/financial modelling (BFRS 9)
Environmental provisions — environmental engineer
Legal matters — legal specialist opinion
IT systems and cybersecurity — IT auditor or IS specialist
Complex financial instruments — derivative valuation specialist

Evaluating the Expert's Work

Assess competence and independence of the expert
Agree the scope of work, methodology, and assumptions to be used
Evaluate whether the expert's work addresses the specific audit objective
Review the reasonableness of assumptions and methods used
Assess the relevance and reasonableness of findings in relation to other audit evidence

Phase 4

Completion & Reporting

17. Evaluating Misstatements ISA 450

Throughout the audit, the auditor accumulates identified misstatements (both factual misstatements and judgmental misstatements). ISA 450 requires the auditor to evaluate whether uncorrected misstatements are material, individually or in aggregate.

Classification of Misstatements

Factual misstatements — about which there is no doubt (e.g., arithmetic error, wrong amount posted)
Judgemental misstatements — differences arising from judgements about accounting estimates or selections of accounting policies that the auditor considers unreasonable
Projected misstatements — the auditor's best estimate of misstatements in the population, projected from a sample (e.g., error rate × population value)

The Misstatement Schedule

All identified misstatements above the trivial threshold are accumulated in a summary schedule (often called the "Summary of Audit Differences" or "Schedule of Unadjusted Differences"). This is reviewed at completion to determine whether, in aggregate, they are material.

📊 SPECIMEN — Summary of Audit Differences (SAD) WP Ref: SAD-01 | ISA 450

SUMMARY OF AUDIT DIFFERENCES ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Client: ___________________ Year End: __________ Prepared by: ______________ Date: ______________ Overall Materiality: BDT _____________ Performance Materiality: BDT _____________ Trivial Threshold: BDT _____________ # | WP Ref | Nature of Misstatement | Dr/(Cr) PBT | Corrected? ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1 | REV-02 | Revenue cut-off (Q4 sales) | (18,000,000)| YES — adjusted 2 | INV-03 | Inventory obsolescence prov.| (5,500,000) | YES — adjusted 3 | AR-05 | Doubtful debt provision insuf| (3,200,000) | NO — mgmt disagrees 4 | TAX-02 | Deferred tax understatement | (1,800,000) | YES — adjusted 5 | PPE-04 | Depreciation calc. error | 1,200,000 | YES — adjusted 6 | PAY-03 | Accrued bonus understatement| (2,400,000) | NO — mgmt disagrees ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ AGGREGATE UNCORRECTED MISSTATEMENTS: Item 3: (3,200,000) Item 6: (2,400,000) ───────────────────────────── Total: (5,600,000) ← Exceeds PM of BDT [X] — further consideration required EVALUATION: Management has been requested to correct items 3 and 6. Reasons for non- correction: [Management's explanation documented here] Aggregate uncorrected misstatements vs. Overall Materiality: BDT 5.6M vs BDT [X]M Assessment: Material / Not Material Implication for opinion: _______________________________________ Engagement Partner Review: ______________ Date: __________ EQCR Partner Review: ______________ Date: __________ ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Ref: ISA 450.5-7; ISA 320.12

If management refuses to correct a misstatement the auditor considers material, this must be reflected in the audit opinion. The auditor should also consider whether the refusal indicates a broader problem with management's integrity.

18. Engagement Quality Control Review (EQCR) ISA 220 ISQM 1

For listed entity audits and other audits where deemed necessary by firm policy or professional requirements, an Engagement Quality Control Review (EQCR) is required before the auditor's report is issued. The EQCR is performed by a senior, independent partner who was not involved in the audit.

What the EQCR Partner Reviews

Significant judgements made by the engagement team and the conclusions reached
The appropriateness of planned responses to significant risks
Whether the financial statements are in accordance with the applicable financial reporting framework
Whether the draft auditor's report is appropriate
Whether significant matters communicated to management and TCWG are appropriate
Whether independence requirements have been satisfied
The engagement team's assessment of fraud risks and responses

The auditor's report must not be dated until the EQCR partner has completed the review and is satisfied with the engagement team's judgements.

19. Forming the Audit Opinion ISA 700 ISA 705

Based on all audit evidence obtained, the auditor forms an opinion on whether the financial statements present fairly, in all material respects, in accordance with the applicable financial reporting framework. ISA 705 deals with modifications to this opinion.

The Decision Tree for Audit Opinion

Situation	Opinion Type	Report Modification
No material misstatements; sufficient appropriate evidence obtained	Unmodified	Standard report (ISA 700)
Material but not pervasive misstatement	Qualified	"Except for" the matter described…
Material AND pervasive misstatement	Adverse	"The financial statements do not present fairly…"
Unable to obtain sufficient evidence — material but not pervasive	Qualified	"Except for possible effects of the matter…"
Unable to obtain sufficient evidence — material AND pervasive	Disclaimer	Do not express an opinion

Key Management Assertions at Completion

Has sufficient appropriate audit evidence been obtained for all material areas?
Have all identified misstatements been appropriately evaluated?
Have significant risks received appropriate audit responses?
Are accounting policies appropriate and consistently applied?
Are disclosures adequate, complete, and understandable?
Is the going concern assumption appropriate?
Are there any matters requiring an Emphasis of Matter or Other Matter paragraph?
Have KAMs (Key Audit Matters — listed entities) been identified and documented?

20. The Auditor's Report ISA 700 ISA 701

ISA 700 (Revised) prescribes the form and content of the auditor's report. The Revised ISA 700, effective for audits of periods ending on or after 15 December 2016, introduced significant enhancements to transparency, including the requirement for Key Audit Matters for listed entities.

Required Elements of the Auditor's Report (ISA 700)

Title — "Independent Auditor's Report"
Addressee — shareholders, board, or as required by law
Audit Opinion — appears first; includes identification of entity, FY, financial statements audited, and financial reporting framework
Basis for Opinion — conducted per ISAs; independence confirmed; sufficient appropriate evidence obtained
Key Audit Matters (listed entities) — ISA 701; matters of most significance to the audit
Going Concern — Material Uncertainty paragraph (ISA 570) if applicable
Other Information — responsibilities for annual report / directors' report (ISA 720)
Responsibilities of Management — for the financial statements and internal control
Auditor's Responsibilities — for expressing an opinion; description of audit
Other Reporting Responsibilities — Companies Act, regulatory requirements
Engagement partner name — required for listed entity audits
Auditor's signature and address
Date of auditor's report

📜 SPECIMEN — Independent Auditor's Report (Unmodified Opinion, Non-Listed Entity) ISA 700 (Revised) | BSA 700

INDEPENDENT AUDITOR'S REPORT To the Shareholders of [Company Name] REPORT ON THE AUDIT OF THE FINANCIAL STATEMENTS OPINION We have audited the financial statements of [Company Name] (the "Company"), which comprise the statement of financial position as at 31 December 20XX, the statement of profit or loss and other comprehensive income, statement of changes in equity and statement of cash flows for the year then ended, and notes to the financial statements, including material accounting policy information. In our opinion, the accompanying financial statements present fairly, in all material respects, the financial position of the Company as at 31 December 20XX, and its financial performance and its cash flows for the year then ended in accordance with Bangladesh Financial Reporting Standards (BFRSs). BASIS FOR OPINION We conducted our audit in accordance with Bangladesh Standards on Auditing (BSAs). Our responsibilities under those standards are further described in the Auditor's Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Company in accordance with the ethical requirements that are relevant to our audit of the financial statements in Bangladesh, and we have fulfilled our other ethical responsibilities in accordance with these requirements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. [FOR LISTED ENTITIES ONLY — KEY AUDIT MATTERS (ISA 701)] Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. KEY AUDIT MATTER 1: Revenue Recognition — Cut-off How the matter arose: The Company recognised revenue of BDT [X] crore during the year. Given the volume of year-end transactions and the pressure to meet sales targets, we identified revenue cut-off as an area of significant risk. How we addressed it: We tested a sample of [N] revenue transactions around the year-end, agreeing them to delivery documentation and customer acceptance records. We reviewed credit notes issued after year-end for evidence of inappropriate pre-year-end recognition. We performed analytical procedures comparing monthly revenue trends. KEY AUDIT MATTER 2: Inventory Valuation — Obsolescence [Similar format] RESPONSIBILITIES OF MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE FOR THE FINANCIAL STATEMENTS Management is responsible for the preparation and fair presentation of the financial statements in accordance with BFRSs, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, management is responsible for assessing the Company's ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless management either intends to liquidate the Company or to cease operations, or has no realistic alternative but to do so. Those charged with governance are responsible for overseeing the Company's financial reporting process. AUDITOR'S RESPONSIBILITIES FOR THE AUDIT OF THE FINANCIAL STATEMENTS Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor's report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with BSAs will always detect a material misstatement when it exists. [Remainder of responsibilities boilerplate per ISA 700.40] REPORT ON OTHER LEGAL AND REGULATORY REQUIREMENTS As required by the Companies Act 1994 and Bangladesh Securities and Exchange Commission Rules [if applicable], we also report the following: (a) We have obtained all information and explanations which to the best of our knowledge and belief were necessary for the purposes of our audit and made no restrictions to our access; (b) In our opinion, proper books of account as required by law have been kept by the Company so far as it appeared from our examination of those books; (c) The Company's statement of financial position and statement of profit or loss and other comprehensive income are in agreement with the books of accounts; (d) The expenditure incurred was for the purpose of the Company's business. [Firm Name], Chartered Accountants [Firm Registration No.] [Partner Name], FCA [Membership No.] [City], Bangladesh [Date]

For listed entities in Bangladesh, the report must also include the engagement partner's name, ICAB membership number, and the firm's registration number per BSEC requirements. The report date must be on or after the date of the management representation letter and the date on which the auditor has obtained sufficient appropriate evidence.

Modified Opinions — Key Phrases

Opinion Type	Heading	Opening Phrase
Qualified (misstatement)	Basis for Qualified Opinion / Qualified Opinion	"In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion section…"
Adverse	Basis for Adverse Opinion / Adverse Opinion	"In our opinion, because of the significance of the matter discussed…, the financial statements do not present fairly…"
Disclaimer	Basis for Disclaimer / Disclaimer of Opinion	"We do not express an opinion on the financial statements of [Entity]. Because of the significance of the matter described…"

Documentation

Working Papers & File Management

21. Working Papers & Documentation ISA 230

ISA 230 requires the auditor to prepare documentation that enables an experienced auditor with no prior connection to the engagement to understand the nature, timing, and extent of procedures performed, the results and evidence obtained, and the significant professional judgements made.

Audit File Structure

File Section	Contents
Permanent File	Memorandum and Articles, engagement letter history, prior year accounts, key contracts, regulatory licences, related party list, accounting policies manual
Planning File	Client acceptance form, overall audit strategy, materiality calculation, risk assessment register, fraud risk memo, detailed audit plan
Current Year File	Lead schedules for each financial statement area, working papers for every substantive procedure, TOC results, confirmation letters, specialist reports
Completion File	Summary of audit differences, EQCR sign-off, management representation letter, going concern memo, final accounts copy, draft/signed audit report, management letter

Documentation Requirements

Every working paper must show: client name, year end, WP reference, preparer, date prepared, reviewer, date reviewed
Conclusions must be clearly stated — "Based on the procedures performed, we are satisfied that…"
Each WP must cross-reference to the audit plan and to corroborating evidence
Lead schedules must reconcile to the trial balance / financial statements
The audit file must be assembled within 60 days of the auditor's report date (ISQM 1)
Retention period: minimum 7 years from the date of the auditor's report (ISQM 1; Bangladesh requirement per ICAB)

The "Experienced Auditor" Test Ask yourself: if an experienced auditor (who has no prior knowledge of this client) read this working paper, would they understand what was done, why it was done, and what was concluded? If not, the documentation is insufficient. This test is applied by quality inspectors (ICAB Practice Monitoring, AFRAR) during file reviews.

22. Specimen Documents — Master Index

The following documents should be collected, prepared, or obtained during the course of a standard statutory audit. This serves as a practical checklist for audit managers and engagement partners.

Documents to Collect from the Client

#	Document	Purpose / ISA Ref	Timing
1	Memorandum & Articles of Association	Legal structure, share capital (ISA 315)	Pre-engagement / permanent
2	Certificate of Incorporation	Existence; legal entity (ISA 315)	Pre-engagement / permanent
3	Prior 3 years' audited financial statements	Opening balances, trends (ISA 510)	Pre-engagement
4	Board minutes (all meetings during year)	Authorisations, related parties, risks (ISA 315)	Planning & fieldwork
5	Audit Committee minutes	Governance, internal control (ISA 315)	Planning & fieldwork
6	Trial balance / General ledger	Basis of audit (ISA 500)	Fieldwork (draft)
7	Draft financial statements	Agree to trial balance; assess presentation (ISA 700)	Completion
8	Bank statements (all accounts, full year)	Cash, bank (ISA 500, ISA 520)	Fieldwork
9	Debtors / Receivables ageing schedule	Existence, valuation (ISA 500, ISA 505)	Fieldwork
10	Creditors / Payables schedule at year-end	Completeness, valuation (ISA 500)	Fieldwork
11	Inventory count sheets / stock listing	Existence, valuation (ISA 501)	Year-end + fieldwork
12	Fixed asset register	Existence, rights, valuation (ISA 500)	Fieldwork
13	Loan agreements (all facilities)	Completeness, covenants (ISA 500)	Fieldwork / permanent
14	Payroll register (monthly summary)	Payroll expenses (ISA 500, ISA 520)	Fieldwork
15	Tax return (income tax, VAT) — latest filed	Tax liabilities, deferred tax (IAS 12)	Fieldwork
16	VAT/tax assessment orders (if any)	Tax contingencies (IAS 37)	Fieldwork
17	Insurance schedule (all policies)	Adequacy; asset insurance (ISA 500)	Fieldwork
18	Related party declaration (signed by mgmt)	Related parties (ISA 550)	Planning
19	List of pending litigation	Provisions, contingencies (ISA 501, IAS 37)	Fieldwork
20	Going concern cash flow forecast	Going concern (ISA 570)	Completion
21	Post-year board minutes	Subsequent events (ISA 560)	Completion
22	Management representation letter (signed)	Representations (ISA 580)	Completion
23	Internal audit reports & responses	Using internal audit work (ISA 610)	Planning & fieldwork
24	Bangladesh Bank inspection report (banks)	Regulatory compliance; risk (ISA 315)	Planning
25	BSEC filings / Annual report (listed cos.)	Other information (ISA 720)	Completion

Documents Prepared by the Auditor

WP Ref	Document	ISA Ref
WP-ACC-01	Client Acceptance Form	ISA 220; ISQM 1
PLAN-01	Overall Audit Strategy Memo	ISA 300
MAT-01	Materiality Calculation Schedule	ISA 320
RA-01	Risk Assessment Register	ISA 315
FRAUD-01	Fraud Risk Assessment Memo + Team Discussion Record	ISA 240
ICQ-[cycle]-01	Internal Control Questionnaires (per cycle)	ISA 315
TOC-[cycle]-01	Tests of Controls working papers	ISA 330
SUB-[area]-01	Substantive procedure working papers (per area)	ISA 330, 500
AR-CONF-01	Debtor confirmation schedules + responses	ISA 505
BANK-CONF-01	Bank confirmation letters + responses	ISA 505
JE-01	Journal entry testing schedule	ISA 240
SAD-01	Summary of Audit Differences	ISA 450
GC-01	Going Concern Memo	ISA 570
RPT-01	Related Party Working Paper	ISA 550
REP-01	Management Representation Letter	ISA 580
COMP-01	Completion Checklist	ISA 700
EQCR-01	EQCR Sign-off Memo	ISA 220; ISQM 1
MGMT-LTR-01	Management Letter (control deficiencies)	ISA 265

Reference

Standards, Citations & Further Reading

References & Standards

IAASB — International Standards on Auditing (Primary Source)

ISA 200 — Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with ISAs
ISA 210 — Agreeing the Terms of Audit Engagements
ISA 220 (Revised) — Quality Management for an Audit of Financial Statements (effective 15 Dec 2022)
ISA 230 — Audit Documentation
ISA 240 — The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements
ISA 260 (Revised) — Communication with Those Charged with Governance
ISA 265 — Communicating Deficiencies in Internal Control to Those Charged with Governance and Management
ISA 300 — Planning an Audit of Financial Statements
ISA 315 (Revised 2019) — Identifying and Assessing the Risks of Material Misstatement
ISA 320 — Materiality in Planning and Performing an Audit
ISA 330 — The Auditor's Responses to Assessed Risks
ISA 402 — Audit Considerations Relating to an Entity Using a Service Organisation
ISA 450 — Evaluation of Misstatements Identified during the Audit
ISA 500 — Audit Evidence
ISA 501 — Audit Evidence — Specific Considerations for Selected Items
ISA 505 — External Confirmations
ISA 510 — Initial Audit Engagements — Opening Balances
ISA 520 — Analytical Procedures
ISA 530 — Audit Sampling
ISA 540 (Revised) — Auditing Accounting Estimates and Related Disclosures
ISA 550 — Related Parties
ISA 560 — Subsequent Events
ISA 570 (Revised) — Going Concern
ISA 580 — Written Representations
ISA 600 (Revised) — Special Considerations — Audits of Group Financial Statements
ISA 610 (Revised) — Using the Work of Internal Auditors
ISA 620 — Using the Work of an Auditor's Expert
ISA 700 (Revised) — Forming an Opinion and Reporting on Financial Statements
ISA 701 — Communicating Key Audit Matters in the Independent Auditor's Report
ISA 705 (Revised) — Modifications to the Opinion in the Independent Auditor's Report
ISA 706 (Revised) — Emphasis of Matter Paragraphs and Other Matter Paragraphs
ISA 720 (Revised) — The Auditor's Responsibilities Relating to Other Information

Quality Management Standards

ISQM 1 — Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements (effective 15 Dec 2022)
ISQM 2 — Engagement Quality Reviews

Ethics

IESBA Code of Ethics for Professional Accountants (2023 edition) — particularly Sections 300–399 (Independence for Audit & Review) and Section 510 (Financial Interests)
ICAB Code of Professional Conduct and Ethics — substantively based on IESBA Code

Bangladesh-Specific References

Bangladesh Standards on Auditing (BSAs) — issued by ICAB; based on IAASB ISAs
Bangladesh Financial Reporting Standards (BFRSs) — adopted by ICAB; based on IFRSs
Companies Act, 1994 (Bangladesh) — Section 213 et seq. (Audit Requirements)
Bangladesh Bank BRPD Circular No. 14/2012 — Loan Classification and Provisioning
BSEC Rules, 2018 — Audit committee, auditor independence for listed companies
Financial Reporting Act, 2015 — Establishment of AFRAR (now FRC Bangladesh); oversight of audit profession

The Audit ProcessA to Z

ISA Framework & Standards Map ISA 200

The ISA Architecture at a Glance

The Audit Process: High-Level Flow

Pre-Engagement

1. Client Acceptance & Continuance ISA 220 ISQM 1

New Client Acceptance Checklist

Predecessor Auditor Communication (ISA 510)

2. Engagement Letter ISA 210

Mandatory Contents of an Engagement Letter

Audit Planning

3. Overall Audit Strategy ISA 300

Elements of the Overall Audit Strategy

4. Materiality & Performance Materiality ISA 320

Determining Materiality — Common Benchmarks

Performance Materiality

5. Risk Assessment — Understanding the Entity ISA 315

The Five Components of Understanding (ISA 315.19)

Inherent Risk Factors (ISA 315 Revised)

Risk Assessment Procedures

The Risk of Material Misstatement (RMM)

Documents to Collect During Risk Assessment

6. Fraud Risk Assessment ISA 240

Fraud Risk Factors (The Fraud Triangle)

Mandatory Procedures Under ISA 240

7. Detailed Audit Plan ISA 300 ISA 330

The Five Financial Statement Assertions

Fieldwork — Audit Execution

8. Internal Controls Testing ISA 315 ISA 330

The COSO Framework — Five Components of Internal Control

Types of Tests of Controls

IT General Controls (ITGCs)

Reporting Control Deficiencies (ISA 265)

9. Substantive Procedures ISA 330 ISA 500

Key Substantive Procedures by Area

Revenue & Receivables

Inventory

Bank & Cash

Loans & Advances (Banking Entities)

Property, Plant & Equipment (PPE)

Provisions & Contingent Liabilities

10. Audit Sampling ISA 530

Sampling Approaches

Factors Affecting Sample Size

11. Analytical Procedures ISA 520

Types of Analytical Procedures

12. Going Concern ISA 570

Going Concern Indicators

Financial Indicators

Operational & Other Indicators

Audit Procedures for Going Concern

13. Related Party Transactions ISA 550

Audit Procedures for Related Parties

14. Subsequent Events ISA 560

Audit Procedures for Subsequent Events

15. Written Representations ISA 580

Mandatory Representations

16. Using Experts & Service Organisations ISA 620 ISA 402

When to Use an Expert

Evaluating the Expert's Work

Completion & Reporting

17. Evaluating Misstatements ISA 450

Classification of Misstatements

The Misstatement Schedule

18. Engagement Quality Control Review (EQCR) ISA 220 ISQM 1

What the EQCR Partner Reviews

19. Forming the Audit Opinion ISA 700 ISA 705

The Decision Tree for Audit Opinion

Key Management Assertions at Completion

20. The Auditor's Report ISA 700 ISA 701

Required Elements of the Auditor's Report (ISA 700)

Modified Opinions — Key Phrases

Working Papers & File Management

21. Working Papers & Documentation ISA 230

Audit File Structure

Documentation Requirements

22. Specimen Documents — Master Index

Documents to Collect from the Client

Documents Prepared by the Auditor

Standards, Citations & Further Reading

The Audit Process
A to Z