Use this skill with your AI agent
Paste this skill into your AI agent's context, or save the file to your project. Works with any AI agent that reads markdown.
statutory-audit-workflow-base.md355 lines16.2 KB
v1GLOBAL
Not yet verified by an accountantContact accountant
| 1 | --- |
| 2 | name: statutory-audit-workflow-base |
| 3 | description: > |
| 4 | Tier 1 workflow base for statutory audit skills. Covers the audit lifecycle — engagement acceptance, risk assessment, audit planning, evidence gathering, fieldwork, opinion formulation, reporting — applied to the International Standards on Auditing (ISA) as issued by the IAASB plus country overlays (US GAAS for public co's, UK FRC ISA(UK), Germany IDW PS, France NEP, Italy ISA-Italia). Workflow architecture only — no engagement-specific procedures, materiality benchmarks, or audit programs. MUST be loaded alongside a content skill that provides the country-specific audit threshold rules, regulator inspection regime, statutory deadlines, and any non-ISA local standards. Assumes a qualified statutory auditor (RA, CPA, CA, Wirtschaftsprüfer, commissaire aux comptes, revisore legale, etc.) signs the audit report. Does NOT cover: internal audit, regulatory audit (banking, insurance prudential), tax audit by tax authority, IT general controls testing methodology, or forensic audit. |
| 5 | version: 0.1 |
| 6 | jurisdiction: GLOBAL |
| 7 | category: foundation |
| 8 | verified_by: pending |
| 9 | --- |
| 10 | |
| 11 | # Statutory Audit Workflow Base v0.1 |
| 12 | |
| 13 | ## What this file is |
| 14 | |
| 15 | This is the **Tier 1 workflow base** for statutory audit content skills. It does not contain country-specific audit rules. It contains: |
| 16 | |
| 17 | - The audit lifecycle runbook aligned to ISA (IAASB) |
| 18 | - The country audit threshold matrix (when an audit is required) |
| 19 | - The engagement acceptance and continuance protocol |
| 20 | - The ISA risk assessment and significance-determination framework |
| 21 | - The reviewer-oriented audit file structure |
| 22 | - The opinion formulation decision tree |
| 23 | - The 21 self-checks |
| 24 | - The global refusal catalogue |
| 25 | - The slot contract for country statutory audit skills |
| 26 | |
| 27 | **Every statutory audit skill MUST be loaded alongside this base.** |
| 28 | |
| 29 | --- |
| 30 | |
| 31 | ## Section 1 — Audit lifecycle (ISA-aligned) |
| 32 | |
| 33 | ### Phase 1 — Engagement acceptance / continuance (ISA 220, 220R, 210) |
| 34 | |
| 35 | **[T1]** Before accepting or continuing: |
| 36 | |
| 37 | | Test | Reference | |
| 38 | |---|---| |
| 39 | | Independence (firm-level + engagement team) | IESBA Code Part 4A; PCAOB Rule 3520; FRC ES 1; IDW PS 220 | |
| 40 | | Competence to perform the audit | ISA 220 ¶15 | |
| 41 | | Acceptance approval by appropriate partner | Firm policy; ISA 220 ¶16 | |
| 42 | | Engagement letter signed | ISA 210 ¶10 | |
| 43 | | Predecessor auditor communication | ISA 510 (initial engagements); communication with predecessor required | |
| 44 | | Audit fee not impaired (no contingent fees on the audit opinion) | IESBA Code 410 | |
| 45 | |
| 46 | ### Phase 2 — Risk assessment (ISA 315 (Revised 2019)) |
| 47 | |
| 48 | **[T1] Required activities:** |
| 49 | - Understand the entity, its environment, and its system of internal control |
| 50 | - Identify and assess Risks of Material Misstatement (RMM) at financial statement and assertion levels |
| 51 | - Determine significant risks |
| 52 | - Identify controls relevant to the audit |
| 53 | |
| 54 | **[T1] Significant risks** receive enhanced procedures and cannot be addressed with substantive analytical procedures alone. |
| 55 | |
| 56 | ### Phase 3 — Audit plan and materiality (ISA 320, 330) |
| 57 | |
| 58 | **[T1] Materiality:** |
| 59 | - **Overall materiality** — judgment based on benchmark and percentage (commonly 5% of PBT, 0.5-1% of revenue, 1-2% of equity, 1-2% of total assets, depending on user emphasis) |
| 60 | - **Performance materiality** — typically 50-75% of overall materiality |
| 61 | - **Specific materiality** — for particular classes of transactions / accounts / disclosures requiring lower threshold (e.g., related parties, executive compensation) |
| 62 | - **Clearly trivial threshold** — typically 5% of performance materiality |
| 63 | |
| 64 | ### Phase 4 — Fieldwork / procedures (ISA 330, 500, 501-540) |
| 65 | |
| 66 | **[T1] Audit evidence** must be sufficient (quantity) and appropriate (relevance + reliability). Per assertion (existence, completeness, valuation, rights/obligations, classification, presentation/disclosure, accuracy, cut-off), select procedures from: |
| 67 | |
| 68 | | Procedure | Type | |
| 69 | |---|---| |
| 70 | | Inspection of records or documents | Substantive / control | |
| 71 | | Inspection of tangible assets | Substantive (existence) | |
| 72 | | Observation | Control | |
| 73 | | Inquiry of management / others | Substantive / control / inquiry | |
| 74 | | External confirmation | Substantive (existence/valuation) | |
| 75 | | Recalculation | Substantive | |
| 76 | | Reperformance | Control | |
| 77 | | Analytical procedures | Substantive (when designed appropriately) | |
| 78 | |
| 79 | **[T1]** Specific ISA-required procedures: |
| 80 | - ISA 240 — fraud: testing journal entries, related party transactions, management override |
| 81 | - ISA 250 — laws and regulations: inquiries, document inspection, legal letters |
| 82 | - ISA 501 — inventory observation, litigation legal letters, segment information |
| 83 | - ISA 540 (Revised) — accounting estimates (including ECL, pensions, goodwill, fair value) |
| 84 | - ISA 550 — related party transactions |
| 85 | - ISA 560 — subsequent events review through report date |
| 86 | - ISA 570 — going concern (12 months from balance sheet date in most jurisdictions; 12 from report sign-off in some) |
| 87 | - ISA 600 — group audits and component auditor reliance |
| 88 | |
| 89 | ### Phase 5 — Completion (ISA 700-720) |
| 90 | |
| 91 | **[T1] Completion checklist:** |
| 92 | - Going concern assessment (ISA 570) |
| 93 | - Subsequent events review (ISA 560) |
| 94 | - Written representations from management (ISA 580) |
| 95 | - Quality control review (ISA 220, 220R) |
| 96 | - Engagement Quality Review (EQR) for PIE / listed audits (ISA 220R, ISQM 1) |
| 97 | - Key Audit Matters (KAM) selection (ISA 701 — listed entities) / equivalent for unlisted in some jurisdictions |
| 98 | - Audit opinion formulation (ISA 700, 705, 706) |
| 99 | - Annual report or other information reading (ISA 720) |
| 100 | |
| 101 | ### Phase 6 — Reporting (ISA 700/705/706/701/710) |
| 102 | |
| 103 | **[T1]** Opinion options: |
| 104 | - **Unmodified** — financial statements give a true and fair view |
| 105 | - **Qualified** — material but not pervasive misstatement OR scope limitation |
| 106 | - **Adverse** — material and pervasive misstatement |
| 107 | - **Disclaimer** — material and pervasive scope limitation |
| 108 | - **Emphasis of matter** — adds emphasis without modifying opinion (e.g., subsequent event after issuance) |
| 109 | - **Other matter** — additional matters not addressed in financial statements |
| 110 | - **Key Audit Matters** — significant matters in current period audit (listed and certain unlisted) |
| 111 | - **Going concern paragraph** — material uncertainty paragraph or going concern KAM |
| 112 | |
| 113 | ### Phase 7 — Post-issuance (ISA 220R, ISQM 1) |
| 114 | |
| 115 | **[T1]** |
| 116 | - Engagement quality reviews |
| 117 | - Firm monitoring and remediation |
| 118 | - Inspections by regulators (PCAOB, FRC, AOB, etc.) |
| 119 | - Subsequent discovery of facts (ISA 560 ¶14-17) |
| 120 | |
| 121 | --- |
| 122 | |
| 123 | ## Section 2 — When is a statutory audit required? |
| 124 | |
| 125 | Each country sets size thresholds (typically two-of-three test on balance sheet total, revenue, employees) above which an audit is mandatory. |
| 126 | |
| 127 | **[T1] Illustrative thresholds (2025):** |
| 128 | |
| 129 | | Country | Total assets | Net revenue | Employees | Notes | |
| 130 | |---|---|---|---|---| |
| 131 | | **UK** | GBP 5.1m | GBP 10.2m | 50 | Two-of-three; PIEs/PLCs always audited | |
| 132 | | **Germany (BilanzRichtlinie umgesetzt §267 HGB)** | EUR 6m | EUR 12m | 50 | "Mittelgroße" company audited; "Kleine" exempt | |
| 133 | | **France** | EUR 5m | EUR 10m | 50 | Loi PACTE 2019 raised thresholds | |
| 134 | | **Italy** | EUR 5m | EUR 10m | 50 | art. 2477 CC | |
| 135 | | **Spain** | EUR 4m | EUR 8m | 50 | Plus de minimis tests | |
| 136 | | **Netherlands** | EUR 7.5m | EUR 15m | 50 | "Middelgroot" | |
| 137 | | **EU general (Accounting Directive 2013/34/EU as amended 2023)** | EUR 7.5m | EUR 15m | 50 | Raised by 25% in 2023 indexation; MS may modify | |
| 138 | | **Ireland** | EUR 7.5m | EUR 15m | 50 | Aligned EU | |
| 139 | | **Australia** | AUD 12.5m or grand-fund > 50 | AUD 25m | 50 | Various tests; large proprietary or grandfathered | |
| 140 | | **Canada** | Provincial CPCA / OBCA — most private companies opt out via unanimous shareholder waiver | n/a | n/a | Subject to public-company status | |
| 141 | | **United States** | No federal statutory audit for private companies | n/a | n/a | SEC: all listed companies. State LLC / corporation audit by election. | |
| 142 | | **India** | INR 100 crore (sales) or INR 50 crore (net profit) → 2017 audit thresholds; private cos with paid-up capital | n/a | n/a | Companies Act 2013 | |
| 143 | | **Japan** | JPY 500m capital OR JPY 20bn liabilities | n/a | n/a | Financial Instruments and Exchange Act for listed; Companies Act for large | |
| 144 | | **Brazil** | BRL 78m total assets | BRL 300m gross revenue | n/a | Listed always | |
| 145 | | **Singapore** | SGD 10m total assets | SGD 10m revenue | 50 | Two-of-three; Small Company Concept since 2014 | |
| 146 | |
| 147 | **[T1]** PIEs (Public Interest Entities — listed, banks, insurers): always audited, with additional partner rotation, audit firm rotation, and enhanced reporting (KAMs). |
| 148 | |
| 149 | --- |
| 150 | |
| 151 | ## Section 3 — Engagement structure |
| 152 | |
| 153 | ### 3.1 Roles |
| 154 | |
| 155 | **[T1]** |
| 156 | |
| 157 | | Role | Responsibility | |
| 158 | |---|---| |
| 159 | | Audit engagement partner | Overall accountability; signs the report (ISA 220) | |
| 160 | | Engagement Quality Reviewer (EQR) | Independent objective evaluation (ISA 220R, ISQM 1) — required for PIEs, recommended for higher-risk | |
| 161 | | Manager | Day-to-day engagement leadership | |
| 162 | | Senior / In-charge | Field execution | |
| 163 | | Staff | Detailed testing | |
| 164 | | Specialists | Tax, IT, valuation, actuarial — internal or external (ISA 620) | |
| 165 | | Group auditor (parent) | Overall group opinion; relies on component auditors per ISA 600 | |
| 166 | | Component auditor | Component audit work for inclusion in group audit | |
| 167 | |
| 168 | ### 3.2 Independence (IESBA Code Part 4A) |
| 169 | |
| 170 | **[T1] Self-interest, self-review, advocacy, familiarity, intimidation threats** must be evaluated. Specific prohibitions for PIEs: |
| 171 | - Bookkeeping / accounting services |
| 172 | - Internal audit outsourcing |
| 173 | - Valuations relevant to the financial statements |
| 174 | - Tax services involving advocacy |
| 175 | - Certain corporate finance / advisory engagements |
| 176 | - Rotation of engagement partner (typically 5 years on / 5 off; PIE rotation rules vary) |
| 177 | - Audit firm rotation (EU mandatory rotation cap typically 10-24 years for PIEs) |
| 178 | |
| 179 | --- |
| 180 | |
| 181 | ## Section 4 — Reviewer brief (audit working paper file) |
| 182 | |
| 183 | Every audit produces a file containing: |
| 184 | |
| 185 | ``` |
| 186 | 1. Engagement acceptance / continuance file |
| 187 | - Independence declarations |
| 188 | - Risk acceptance |
| 189 | - Engagement letter |
| 190 | - Predecessor communications |
| 191 | |
| 192 | 2. Risk assessment file |
| 193 | - Entity understanding documentation |
| 194 | - Industry / regulatory environment |
| 195 | - Internal control walkthroughs and testing |
| 196 | - Risk identification and significance matrix |
| 197 | - Significant risks and response plan |
| 198 | |
| 199 | 3. Planning file |
| 200 | - Materiality determination (overall, performance, specific, trivial) |
| 201 | - Audit plan with timing and resources |
| 202 | - Component auditor instructions (group audits) |
| 203 | - Internal control reliance plan |
| 204 | |
| 205 | 4. Fieldwork file |
| 206 | - By assertion: procedures performed and conclusions |
| 207 | - Confirmations sent and received |
| 208 | - Inventory observation working papers |
| 209 | - Going concern assessment |
| 210 | - Estimates testing (ECL, pensions, goodwill, fair value) |
| 211 | - Related party identification and testing |
| 212 | - Litigation legal letters and management responses |
| 213 | - Subsequent events review |
| 214 | |
| 215 | 5. Completion file |
| 216 | - Final analytical procedures |
| 217 | - Management representation letter |
| 218 | - Going concern conclusion |
| 219 | - Subsequent events through report sign-off |
| 220 | - Engagement quality review (EQR) for PIE / listed |
| 221 | |
| 222 | 6. Reporting file |
| 223 | - Final financial statements signed by management |
| 224 | - Audit opinion (with KAMs for listed) |
| 225 | - Letter to those charged with governance / management letter |
| 226 | - Audit committee communications (ISA 260, 265) |
| 227 | ``` |
| 228 | |
| 229 | --- |
| 230 | |
| 231 | ## Section 5 — Opinion formulation decision tree |
| 232 | |
| 233 | **[T1]** |
| 234 | |
| 235 | ``` |
| 236 | Misstatement detected? |
| 237 | No → Material uncertainty / scope limitation? |
| 238 | No → Unmodified opinion |
| 239 | Yes → Pervasive? |
| 240 | No → Qualified opinion (scope limitation) |
| 241 | Yes → Disclaimer of opinion |
| 242 | Yes → Corrected by management? |
| 243 | Yes → Unmodified opinion |
| 244 | No → Material? |
| 245 | No → Unmodified (track for clearly trivial threshold) |
| 246 | Yes → Pervasive? |
| 247 | No → Qualified opinion (disagreement) |
| 248 | Yes → Adverse opinion |
| 249 | |
| 250 | Going concern material uncertainty? |
| 251 | Yes + Adequate disclosure → Unmodified + going concern paragraph |
| 252 | Yes + Inadequate disclosure → Qualified or adverse depending on materiality/pervasiveness |
| 253 | ``` |
| 254 | |
| 255 | --- |
| 256 | |
| 257 | ## Section 6 — 21 self-checks |
| 258 | |
| 259 | Before signing the opinion, verify: |
| 260 | |
| 261 | 1. [ ] Engagement acceptance / continuance documented and approved |
| 262 | 2. [ ] Engagement letter signed before fieldwork |
| 263 | 3. [ ] Independence — firm and engagement team — declared and threats assessed |
| 264 | 4. [ ] Risk assessment per ISA 315 (Revised) — entity understanding, RMM, significant risks |
| 265 | 5. [ ] Materiality — overall, performance, specific, trivial — determined and documented |
| 266 | 6. [ ] Audit plan responsive to identified risks |
| 267 | 7. [ ] Significant risks addressed with substantive procedures (analytical not alone sufficient) |
| 268 | 8. [ ] Going concern assessment for at least 12 months from report date |
| 269 | 9. [ ] Subsequent events review through report sign-off |
| 270 | 10. [ ] Written representation letter from management received before report sign-off |
| 271 | 11. [ ] Fraud risk assessment per ISA 240 with required journal entry testing |
| 272 | 12. [ ] Estimates tested per ISA 540 (Revised) |
| 273 | 13. [ ] Related parties identified and tested per ISA 550 |
| 274 | 14. [ ] Litigation legal letters obtained per ISA 501 |
| 275 | 15. [ ] Group audit — component auditor reliance documented per ISA 600 |
| 276 | 16. [ ] EQR review completed and reviewer concur for PIEs / required engagements |
| 277 | 17. [ ] Annual report read and other information consistent with audited financial statements (ISA 720) |
| 278 | 18. [ ] Communications to TCWG / management letter prepared |
| 279 | 19. [ ] Opinion type confirmed via decision tree (Section 5) |
| 280 | 20. [ ] KAMs identified and documented for listed entities (ISA 701) |
| 281 | 21. [ ] Audit file assembled and archived per ISQM 1 and country regulations (typically 5+ years) |
| 282 | |
| 283 | --- |
| 284 | |
| 285 | ## Section 7 — Global refusal catalogue |
| 286 | |
| 287 | Refuse to act / escalate to firm leadership if: |
| 288 | |
| 289 | | Refusal | Trigger | |
| 290 | |---|---| |
| 291 | | **R-AUDIT-1** | Independence cannot be established or threats cannot be reduced to acceptable level | |
| 292 | | **R-AUDIT-2** | Predecessor auditor will not communicate or hostile transition | |
| 293 | | **R-AUDIT-3** | Management refuses to provide written representations | |
| 294 | | **R-AUDIT-4** | Material misstatement detected and management refuses to correct | |
| 295 | | **R-AUDIT-5** | Limitation on scope imposed by management | |
| 296 | | **R-AUDIT-6** | Suspected fraud — escalate per firm fraud protocols and ISA 240 ¶42 | |
| 297 | | **R-AUDIT-7** | Suspected non-compliance with laws and regulations affecting financial statements — ISA 250 ¶27 escalation | |
| 298 | | **R-AUDIT-8** | Going concern material uncertainty with inadequate disclosure that management refuses to enhance | |
| 299 | | **R-AUDIT-9** | Component auditor refuses cooperation in group audit | |
| 300 | | **R-AUDIT-10** | Regulatory inspection finding against firm requires re-issuance of opinion | |
| 301 | |
| 302 | --- |
| 303 | |
| 304 | ## Section 8 — Slot contract for country audit content skills |
| 305 | |
| 306 | Every country statutory audit content skill must populate: |
| 307 | |
| 308 | ``` |
| 309 | [REGULATOR] |
| 310 | - National audit regulator (FRC, PCAOB, AOB, H3C, etc.) |
| 311 | - Auditor qualification body (ICAEW, AICPA, etc.) |
| 312 | - Auditor licensing process |
| 313 | |
| 314 | [STANDARDS] |
| 315 | - Auditing standards in force (ISA-IAASB, ISA(UK), GAAS-PCAOB, NEP, IDW PS, etc.) |
| 316 | - Reporting standards in force (IFRS-IASB, IFRS-EU, FRS 102, US GAAP, local) |
| 317 | - Required audit reporting language and structure |
| 318 | |
| 319 | [THRESHOLDS] |
| 320 | - Statutory audit trigger thresholds (assets, revenue, employees) |
| 321 | - PIE definition and additional requirements |
| 322 | - Audit committee requirements |
| 323 | - Audit firm rotation requirements (PIEs) |
| 324 | - Engagement partner rotation requirements |
| 325 | |
| 326 | [FILING] |
| 327 | - Filing deadline (annual return, financial statements, audit report) |
| 328 | - Public access to financial statements (Companies House, BR, RCS, BOE, etc.) |
| 329 | - Late filing penalties |
| 330 | - Format requirements (XBRL, Inline XBRL, ESEF for listed) |
| 331 | |
| 332 | [OPINION] |
| 333 | - Required language and structure |
| 334 | - Local KAM / equivalents |
| 335 | - Director's responsibilities statement requirements |
| 336 | - Subsequent event treatment specifics |
| 337 | |
| 338 | [ANCILLARY] |
| 339 | - Country-specific procedures (US §404 ICFR opinion; UK FRC ISA(UK) 240/700/701 specific paragraphs; France lettre d'affirmation specifics; etc.) |
| 340 | - Tax / payroll / VAT / pension auditor responsibilities (where audit-related) |
| 341 | - Related-party disclosure local rules |
| 342 | |
| 343 | [CROSS-REFERENCES] |
| 344 | - IFRS / local GAAP reconciliation (this skill if dual reporting) |
| 345 | - Pillar Two — auditor responsibility for tax provision and disclosure |
| 346 | ``` |
| 347 | |
| 348 | --- |
| 349 | |
| 350 | ## Section 9 — Disclaimer |
| 351 | |
| 352 | This workflow base produces working papers for audit engagement, not direct accounting or financial advice. Every audit opinion must be signed by a qualified statutory auditor in compliance with the local regulator's requirements. |
| 353 | |
| 354 | The most up-to-date, verified version of this workflow base is maintained at [openaccountants.com](https://openaccountants.com). |
| 355 |
Run this skill, then get an accountant to check it
After running the full skill pack in your AI agent, sign up and upload your worksheet. We'll connect you with a trusted accountant in our network who can review your numbers before you file.
Verification status
Accountant-verified
Reviewed and signed off by a licensed practitioner against representative data.
Section review progress
0/18
About
Tier 1 workflow base for statutory audit skills. Covers the audit lifecycle — engagement acceptance, risk assessment, audit planning, evidence gathering, fieldwork, opinion formulation, reporting — applied to the International Standards on Auditing (ISA) as issued by the IAASB plus country overlays (US GAAS for public co's, UK FRC ISA(UK), Germany IDW PS, France NEP, Italy ISA-Italia). Workflow architecture only — no engagement-specific procedures, materiality benchmarks, or audit programs. MUST be loaded alongside a content skill that provides the country-specific audit threshold rules, regulator inspection regime, statutory deadlines, and any non-ISA local standards. Assumes a qualified statutory auditor (RA, CPA, CA, Wirtschaftsprüfer, commissaire aux comptes, revisore legale, etc.) signs the audit report. Does NOT cover: internal audit, regulatory audit (banking, insurance prudential), tax audit by tax authority, IT general controls testing methodology, or forensic audit.
GLOBALty-2025
Use this skill
This skill is open source and free to use in any AI agent. Copy it, download it, or clone the repo. If you find an error, report an issue — a licensed accountant will review.