Audit Documentation & Working Papers: Standards, Templates & Best Practices
SA 230 — Audit Documentation Standard: Core Requirements
SA 230 — Audit Documentation is the ICAI Standard on Auditing that establishes the framework for documenting audit work. It is equivalent to ISA 230 of IAASB and closely mirrors PCAOB AS 1215 for US-listed company audits. SA 230 recognizes that audit documentation serves multiple purposes: it provides evidence that the audit was conducted in accordance with SAs, supports the auditor's opinion, and facilitates quality control and peer review.
The "Experienced Auditor" Standard
SA 230 introduces the concept of the "experienced auditor" — documentation must be sufficient for an experienced auditor, having no previous connection with the engagement, to understand:
- The nature, timing, and extent of audit procedures performed
- The results of those procedures and the audit evidence obtained
- Significant matters that arose during the audit
- The conclusions reached and the professional judgments exercised
This standard is both a floor (minimum documentation) and a quality test — if a peer reviewer cannot understand what was done and why from the working papers alone, the documentation is deficient regardless of how good the actual audit work was.
What Must Be Documented Under SA 230
| Audit Area | Documentation Required |
|---|---|
| Risk Assessment (SA 315) | Entity background, industry risks, inherent risk assessment, control environment evaluation, identified risks of material misstatement (RMM) at financial statement and assertion levels |
| Materiality (SA 320) | Overall materiality, performance materiality, specific materiality for particular classes of transactions, and basis used (revenue, PBT, total assets) |
| Audit Procedures (SA 500) | For each assertion tested: procedure type (inquiry, observation, inspection, confirmation, recalculation, analytical procedure), sample selected, results, and conclusion |
| Internal Controls (SA 265) | Controls identified, controls tested (if reliance planned), results of tests of controls, deficiencies found and communicated |
| Sampling (SA 530) | Population description, sampling method (random/systematic/MUS), sample size calculation, items selected, errors found, and extrapolation to population |
| Significant Judgments | Accounting estimates reviewed, complex transactions, unusual items, going concern assessment, and the basis for conclusions on each |
| Management Representations (SA 580) | Written representation letter from management covering completeness of information, unrecorded liabilities, subsequent events, and specific matters as required |
Assembly and Retention of Audit Files
SA 230 requires the auditor to assemble the final audit file within 60 days after the date of the audit report. After assembly, the file is considered complete and no new documentation should be added. SA 230 prohibits deletion or discarding of documentation before the end of the retention period. Under ICAI's guidelines, audit files must be retained for a minimum of 7 years from the date of the audit report.
Permanent File vs Current File — Structure and Contents
All organized audit engagements divide documentation into two distinct files. Understanding this structure is foundational for any CA articled assistant starting their first audit engagement.
Permanent Audit File (PAF)
The Permanent File contains information of ongoing relevance to the client that does not materially change from year to year. It is built up over time and carried forward:
- Legal and entity documents: MOA, AOA (Companies Act 2013), Certificate of Incorporation, partnership deed, trust deed
- Shareholder and ownership structure: List of directors, significant shareholders, group structure chart
- Significant contracts: Long-term lease agreements, major customer/supplier contracts, loan agreements with banks, debenture trust deeds
- Accounting policies: Client's documented accounting policies manual (depreciation method, inventory valuation, revenue recognition)
- Internal control documentation: Organizational charts, authority matrices, system flowcharts, IT general controls documentation
- Tax registrations: PAN, GST registration certificates, import-export code, MSME registration
- Prior year findings: Key issues from previous audits relevant to current year assessment
Current Audit File (CAF)
The Current Audit File is created fresh for each financial year and contains all documentation relevant to the current year's audit:
- Engagement letter and terms of appointment
- Audit planning memorandum — entity background update, materiality calculation, audit strategy
- Risk assessment working papers — inherent risks, control risks, RMM by assertion
- Audit programs — planned procedures for each balance sheet and P&L caption
- Lead schedules — summary of each account balance with prior year comparatives and movement explanations
- Detailed working papers — vouching lists, physical verification reports, bank reconciliation review, receivables aging analysis
- Audit evidence — management accounts, bank statements, board minutes, invoices, contracts
- Management representation letter
- Summary of unadjusted differences (SUD) / Points for Partner Attention (PPA)
- Audit report draft and signed final copy
Indexing Systems, Tick Marks & Lead Schedules
Working Paper Indexing
A consistent indexing system is essential for organized, navigable working papers. The standard approach used by most CA firms and Big 4 teams in India is an alphanumeric index:
| Index Code | Area | Examples of Sub-files |
|---|---|---|
| A | Planning & Administration | A1: Engagement letter, A2: Audit plan, A3: Materiality, A4: Audit strategy memo |
| B | Risk Assessment & Internal Controls | B1: Entity understanding, B2: Risk matrix, B3: Controls testing, B4: IT audit |
| C | Financial Statements & Lead Schedules | C1: TB to FS reconciliation, C2: Adjusting entries, C3: Disclosure checklist |
| D | Fixed Assets / PPE | D1: Asset register, D2: Additions vouching, D3: Depreciation recalculation, D4: Physical verification |
| E | Inventory | E1: Physical count attendance, E2: Slow-moving review, E3: NRV testing, E4: Inventory valuation |
| F | Trade Receivables / Debtors | F1: Aging analysis, F2: Circularization, F3: Subsequent receipts, F4: Bad debt provision |
| G | Cash & Bank | G1: Bank reconciliation review, G2: Cash count, G3: Bank confirmation |
| H | Revenue / Income | H1: Revenue analytical review, H2: Cut-off testing, H3: Debtors to revenue linkage |
| Z | Completion | Z1: SUD summary, Z2: Management rep letter, Z3: Subsequent events, Z4: Audit report |
Tick Marks and Working Paper Symbols
Tick marks (symbols) are standardized notations used in working papers to indicate the nature of audit work performed on a specific figure or item. Every firm maintains a tick mark legend at the front of the working paper file. Common tick marks used in Indian CA practice include:
- ✔ (Tick / Check mark): Vouched to supporting document
- ✓ (Small tick): Arithmetically verified / cross-referenced
- CF (Cross-footed): Column totals agree
- TB (Traced to Trial Balance): Amount agrees with TB
- PY (Prior Year): Agreed with prior year audited figures
- C (Confirmed): Balance confirmed by third party
- ^ (Recalculated): Figure independently recalculated and agrees
- SR (Subsequent Receipt): Debtor balance confirmed by subsequent cash receipt
- N (No exception): Procedure performed with no exceptions noted
- WP ref A3: Cross-reference to another working paper section
Lead Schedules — The Backbone of Working Papers
A lead schedule is a summary working paper for each balance sheet or P&L caption that shows the breakdown of the account balance, prior year figures, current year movement, audit references to detailed testing, and the auditor's conclusion. Every major account should have a lead schedule.
A typical lead schedule for Trade Receivables might look like:
- Gross debtors per TB (ref C1): ₹2,45,00,000
- Provision for bad debts: (₹18,50,000)
- Net debtors: ₹2,26,50,000
- Audit references: Aging analysis (F1), Circularization (F2), Subsequent receipts (F3), Provision adequacy (F4)
- Conclusion: Net debtors appear reasonably stated. Provision is adequate based on aging analysis and historical collection data.
- Auditor initials, date, partner review date
SALY Concept, Risk-Based Documentation & Sampling Records
SALY — Same As Last Year
SALY (Same As Last Year) is a significant audit quality concern. It refers to the practice of copying prior year working papers without adequately updating them for current year circumstances. ICAI's Quality Review Board has identified SALY as one of the most common deficiencies in audit documentation during quality reviews.
What SALY looks like: An articled assistant copies the prior year depreciation working paper and changes only the figures, without re-evaluating whether the client's depreciation policy is still appropriate, whether new additions were correctly classified, or whether the useful lives are reasonable compared to industry peers. The risk is that a systemic error in the prior year gets perpetuated without detection.
The correct approach is to use prior year working papers as a starting point but actively reassess each area:
- Has the accounting policy changed?
- Are there new transactions or structures not covered in prior year work?
- Have prior year risks materialized or changed?
- Has the business grown or contracted in a way that changes the nature of risk?
Documentation for Risk Assessment Procedures
Under SA 315 (Identifying and Assessing Risks of Material Misstatement), the auditor must document:
- The risk identification process — entity understanding, industry context, analytical procedures
- Identified risks at the financial statement level and at the assertion level (for each class of transactions, balances, and disclosures)
- Whether each identified risk is a significant risk requiring special audit attention
- The auditor's evaluation of the design and implementation of controls relevant to identified risks
Sampling Documentation Under SA 530
When the auditor uses sampling, SA 530 requires documentation of:
- Description of the population — "All sales invoices above ₹1 lakh for April–December 2024"
- Sampling unit — the invoice
- Sample size and the basis for determining it (risk of material misstatement, tolerable error, expected error)
- Sampling method — random (using random number tables), systematic (every nth item), or monetary unit sampling (MUS)
- Sample items actually selected and procedures performed on each
- Errors found in the sample and their nature (monetary vs compliance)
- Projection of sample results to the population and conclusion
Electronic Working Papers, EWP Tools & Big 4 Best Practices
Electronic Working Papers (EWP) are the standard in modern audit practice. They replaced physical ring binders and paper files, enabling structured templates, automatic cross-referencing, version control, and remote access — the last of which became critical during the COVID-19 pandemic and remains essential for hybrid audit models.
Leading EWP Tools in Indian Audit Practice
| Tool | Key Features | Used By |
|---|---|---|
| TeamMate+ (Wolters Kluwer) | Workflow management, risk-based audit planning, automated sign-offs, centralized file management, PCAOB/IAASB template libraries | Deloitte, EY, KPMG, PwC (Big 4), large CA firms |
| CaseWare Working Papers | Built-in financial statement preparation, roll-forward functionality, disclosure checklists, multi-user access, ICAI-compliant templates | Mid-size CA firms in India, GT, BDO, MSKA |
| Inflo (Inflo.ai) | AI-powered 100% population testing, anomaly detection in financial data, journal entry testing, direct ERP integration (SAP, Tally, Oracle) | Growing adoption in Big 4 and tech-forward mid-size firms |
| MyWorkpapers | Cloud-based, affordable for small firms, standard templates for ICAI-compliant audits | Small CA firms, sole practitioners |
| Excel + SharePoint | Customized templates, version control through SharePoint, no licensing cost | Most small/medium Indian CA firms as primary tool |
ICAI Standards vs PCAOB Standards — Key Differences in Documentation
| Aspect | ICAI SA 230 | PCAOB AS 1215 |
|---|---|---|
| Applicable to | All ICAI-registered auditors; Indian companies | Auditors of US-listed public companies (SEC registrants) |
| Assembly period | 60 days after audit report date | 45 days after audit report date |
| Retention period | Minimum 7 years | Minimum 7 years |
| Review documentation | Required; EQCR for listed entities | Required; Engagement Quality Review mandatory |
| Focus on IT controls | SA 315 covers IT environment; less prescriptive | ICFR (Internal Controls over Financial Reporting) documentation required — Section 404 |
| Supervision documentation | Review notes and sign-offs | More stringent — reviewer identity and date must be documented; all open review points resolved |
Common Documentation Deficiencies Found in ICAI Quality Reviews
The ICAI's Quality Review Board has repeatedly cited the following deficiencies in audit documentation during firm-level quality reviews:
- No materiality calculation documented: Auditors assume materiality without documenting the basis (often 5% of PBT or 0.5–1% of revenue for different purposes)
- Absent or incomplete risk assessment: No identified risks of material misstatement; risk matrix missing or generic
- SALY working papers: Prior year documents simply rolled forward with figures changed but rationale not reassessed
- Missing conclusion statements: Working papers document procedures performed but do not include an explicit conclusion on whether the account is fairly stated
- Unsigned or undated working papers: Preparer and reviewer initials or dates missing, making quality review chain impossible to trace
- No documentation for significant judgments: Management's accounting estimates (provisions, useful lives, fair values) accepted without documenting the auditor's independent assessment
- Incomplete sampling documentation: Sample selected but no population description, no error extrapolation, and no conclusion on tolerable vs projected misstatement
Big 4 Working Paper Best Practices
Big 4 firms (Deloitte, EY, KPMG, PwC) in India follow highly structured documentation protocols developed over decades. Key best practices observed:
- Every working paper has a header: Client name, financial year, section reference (e.g., F2 — Receivables Circularization), preparer name/initials, date prepared, reviewer initials, date reviewed
- Objective-Procedures-Results-Conclusion (OPRC) format: Each working paper states its objective, the procedures performed, the results/findings, and an explicit conclusion
- No orphan working papers: Every working paper is cross-referenced from a lead schedule or the audit program — no document exists without a clear linkage
- Review notes are documented: When a reviewer raises a query, both the query and the preparer's response are documented in the working paper system (TeamMate+/EY Canvas tracks this automatically)
- EWP lock-down after assembly: After the 45/60-day assembly window, working papers are locked in the system and cannot be modified — compliance with SA 230's no-deletion requirement
- Color-coded status: Working papers are flagged as Draft (yellow), Under Review (orange), or Completed/Signed Off (green) within the EWP system, giving the engagement partner real-time visibility of audit completion status
⚡ Take Action Now
Start building your documentation skills today: Take any previous audit assignment working paper you have prepared and evaluate it against SA 230's "experienced auditor" test. Ask yourself: would a CA who has never seen this client understand what procedure I performed, what I looked at, and what I concluded? If the answer is no, rewrite the conclusion paragraph. This single habit — writing explicit, stand-alone conclusions on every working paper — will distinguish your audit documentation quality from 90% of your peers.
Explore CorpReady Programs📚 Real Student Story
Priya Kapoor, CA articleship student at a Big 4 firm in Mumbai — Priya's first year at the firm was spent on a large FMCG company audit. Her senior gave her the inventory lead schedule from the prior year and asked her to update it. She initially updated the figures and called it done (a classic SALY approach). Her senior returned the working paper within an hour: "Where is your conclusion? Where is the evidence that the physical verification was properly conducted this year? The prior year stock count was attended by our team — did we attend this year too?" Priya realized she had simply changed numbers without documenting any current year procedures. She rewrote the inventory working paper: documented her attendance at the warehouse count, reviewed the count sheets, tested the pricing for a sample of 50 high-value SKUs, and wrote a proper OPRC-format conclusion. Her senior approved it on the second pass. "The difference between a junior and a senior auditor is not the procedures they do — it's the quality of what they write down," her senior told her. This feedback shaped her entire audit career.
💼 What Firms Actually Want
Audit teams at Big 4 and top Indian CA firms evaluate articled assistants and junior managers primarily on the quality of their working papers — because the working paper is the only tangible output of audit work. Key expectations: (1) Every working paper should be self-contained — a reader should not need to ask the preparer to understand what was done; (2) Explicit, well-reasoned conclusions — not just "work done" but "based on procedures X, Y, Z, I conclude the balance is fairly stated"; (3) Cross-referencing discipline — every number on a lead schedule should trace to a detailed working paper; (4) Proficiency with EWP tools — TeamMate+ for Big 4 or CaseWare for mid-size firms is increasingly a hiring requirement; (5) SA 230 compliance awareness — especially for firms with listed clients who face ICAI quality reviews and SEBI inspections. CA Final Advanced Auditing paper increasingly tests SA 230 documentation requirements through scenario-based questions.
Frequently Asked Questions
SA 230 (Audit Documentation) is the ICAI Standard on Auditing governing the preparation and maintenance of audit working papers. Its key requirements include: documenting audit procedures sufficient for an experienced auditor with no prior connection to understand what was done and why; assembling the final audit file within 60 days of the audit report; retaining documentation for at least 7 years; documenting significant matters, professional judgments, and conclusions; and prohibiting deletion or alteration of documentation after the assembly period. SA 230 is equivalent to ISA 230 of IAASB and PCAOB AS 1215.
The permanent audit file (PAF) contains information of continuing relevance that does not materially change year to year — MOA/AOA, significant contracts, ownership structure, accounting policies, and internal control documentation. It is maintained across multiple years and updated as significant changes occur. The current audit file (CAF) contains all documentation specific to the current year's engagement — audit planning memorandum, risk assessment, materiality computation, lead schedules, detailed working papers, management representation letter, and the signed audit report. The CAF is created fresh each year and must be assembled within 60 days of the audit report date.
SALY (Same As Last Year) is the practice of copying prior year working papers into the current year file without adequately reassessing whether the prior year analysis remains valid for current year circumstances. It is considered a significant audit quality deficiency because: (1) It perpetuates any errors from the prior year; (2) It fails to reflect changed risks, new transactions, or updated accounting policies; (3) The documentation does not demonstrate genuine current year audit thinking; (4) ICAI's Quality Review Board has repeatedly cited SALY as a common documentation deficiency. The correct approach is to use prior year papers as a template but actively reassess each area for current year relevance.
Electronic Working Papers (EWP) are digital audit documentation systems that replace physical paper files. They provide structured templates, automated cross-referencing, version control, reviewer workflows, and secure archival. Common EWP tools used in India include: TeamMate+ (Wolters Kluwer) — used by most Big 4 firms globally including their Indian practices; CaseWare Working Papers — popular with Grant Thornton, BDO, MSKA, and mid-size CA firms; Inflo — AI-powered analytics platform for 100% population testing; and MyWorkpapers for smaller firms. Most small/medium CA firms continue to use Excel with SharePoint for version control. EWP systems automate SA 230 retention requirements and support remote audit delivery.
✅ Key Takeaways
- SA 230 requires documentation sufficient for an experienced auditor with no prior connection to understand the nature, timing, and extent of procedures performed, evidence obtained, and conclusions reached — this is the primary quality test for all working papers.
- Audit files are divided into Permanent File (entity background, contracts, policies — carried across years) and Current File (year-specific planning, risk assessment, lead schedules, procedures, report — assembled fresh annually).
- The final audit file must be assembled within 60 days of the audit report and retained for a minimum of 7 years; PCAOB requires assembly within 45 days for US-listed company audits.
- Tick marks, cross-references, and lead schedules create a traceable, navigable working paper file — every balance on the financial statements should trace through a lead schedule to detailed supporting documentation.
- SALY (Same As Last Year) is a pervasive documentation deficiency — prior year working papers must be actively reassessed for current year relevance, not merely updated with new figures.
- Electronic working paper tools (TeamMate+, CaseWare, Inflo) are the standard at Big 4 and progressive mid-size firms; CA students should familiarize themselves with at least one EWP tool during articleship as it is increasingly a job requirement.
Ready to Master Audit Documentation?
CorpReady Academy's programs combine practical Indian auditing and documentation skills with globally recognized US CPA, US CMA, ACCA, and CFA credentials.
Explore CorpReady Programs Talk to a Counsellor