Common Errors in SAs & Reporting in NFRA inspection reports

Common Errors in Standards on Auditing and Audit Reporting: Lessons from Quality Reviews and Regulatory Inspections

The quality of an audit is judged not merely by the procedures performed but by the auditor’s ability to demonstrate, through proper documentation, that the audit was planned and executed in accordance with the Standards on Auditing.

Recent observations from Quality Review Board, Peer Review, and National Financial Reporting Authority inspection reports continue to highlight recurring deficiencies in audit engagements, particularly in audit documentation, risk assessment, materiality, external confirmations, related-party transactions, and audit reporting.

This article discusses the most common errors observed in audits and provides practical guidance for auditors to enhance compliance and audit quality.

Recent QRB, peer review, and NFRA observations make one fact abundantly clear:

Audit quality deficiencies are increasingly linked to inadequate documentation rather than absence of audit effort. Risk assessments, materiality judgments, confirmations, related party procedures, and audit reporting decisions must be appropriately documented and supported by sufficient evidence.

Auditors should remember a simple principle: “If it is not documented, regulators will assume it was not done.” By strengthening audit documentation, exercising professional skepticism, and ensuring strict adherence to Standards on Auditing, audit firms can significantly improve audit quality, withstand regulatory inspections, and enhance stakeholder confidence in the audit profession

Audit Documentation: The Foundation of Audit Quality (SA 230)

Audit documentation is often described as the backbone of an audit. Even when adequate procedures have been performed, failure to document them can lead regulators and reviewers to conclude that the procedures were never performed.

According to SA 230, documentation must enable an experienced auditor, having no previous connection with the engagement, to understand the audit procedures performed, evidence obtained, significant matters identified, and judgments exercised. Quality Review Board, Peer Review, and National Financial Reporting Authority  inspection observed Following Common Errors:

• Inadequate Documentation: Many firms perform audit procedures but fail to maintain sufficient evidence of their work. Oral explanations provided during reviews cannot replace documented evidence
• Absence of Reviewer Sign-offs: Working papers often lack details of who performed the work, who reviewed it, and when the review was completed.
• Poor File Structuring: Engagement files frequently miss critical planning documents such as engagement letters, materiality calculations, risk assessment memoranda, and management representation letters.
• Best Practice: Maintain both Permanent Audit File and Current Audit File: The Permanent Audit File should contain constitutional documents, key agreements, tax registrations, and previous audit reports, while the Current Audit File should include planning documents, risk assessments, confirmations, completion memos, and final reports.

SA 315: Identifying and Assessing Risks of Material Misstatement

One of the most frequently observed deficiencies by the National Financial Reporting Authority and quality reviewers relates to inadequate risk assessment. Auditors often adopt a “copy-paste” approach by carrying forward prior-year risk assessments without considering changes in the client’s business environment. Quality Review Board, Peer Review, and National Financial Reporting Authority inspection observed the following common errors:

• Generic Risk Matrices: Auditors commonly document risks as Revenue – High Risk and Expenses – Medium Risk. Such classifications do not meet SA 315 requirements because risks must be linked to specific assertions and circumstances.
• Lack of Internal Control Documentation: For significant processes such as procurement, inventory management, lending operations, or revenue cycles, walkthroughs and control documentation are often absent.
• Missing Engagement Partner Involvement: SA 315 requires the engagement partner’s participation in team discussions regarding risks. Audit files frequently fail to demonstrate such involvement.
• Significant Risks Without Response Procedures: Identifying a risk is only the first step. Files often lack documentation explaining why a risk is significant and how the auditor intends to respond to it.
• Recommended Approach: A robust risk assessment process should include Understanding the entity and industry, Understanding internal controls, Team discussion and fraud brainstorming, Risk identification, Risk assessment at financial statement and assertion levels. Linking risks with audit procedures and continuous updates whenever circumstances change.

SA 320: Materiality – A Frequently Neglected Area

Materiality drives planning, sampling, testing, and conclusion formation. Yet materiality-related deficiencies remain among the most common inspection findings. Quality Review Board, Peer Review, and NFRA inspection observed the following common errors:

• Materiality Calculated After Audit Completion: Materiality should be determined during planning, not at the conclusion of the audit.
• No Justification for Benchmark Selection: Simply using “5% of Profit Before Tax” is insufficient. Auditors must explain why PBT is the appropriate benchmark for users of the financial statements.
• Performance Materiality Equals Overall Materiality: Performance materiality should be lower than overall materiality to reduce the risk that aggregate uncorrected misstatements exceed overall materiality.
• Failure to Revise Materiality: Major events occurring during the audit, such as business restructuring or large impairments, may require reassessment of materiality.
• Practical Tip: Document like benchmark selected, percentage applied, rationale, performance materiality, clearly trivial threshold, and revision history, if any.

SA 505: External Confirmations – A Major Regulatory Concern

External confirmations are among the most reliable forms of audit evidence. However, deficiencies in handling confirmations continue to appear in inspection reports. Quality Review Board, Peer Review, and NFRA inspection observed the following common errors:

• Confirmations Routed Through Management: The auditor must maintain control over the entire confirmation process. If management sends or receives confirmations, independence is compromised.
• Acceptance of Management-Obtained Confirmations: Documents supplied by management cannot automatically be treated as valid external confirmations.
• No Follow-Up on Non-Responses: When confirmations are not received, auditors often accept balances without alternative procedures. This is a direct violation of SA 505.
• Unresolved Confirmation Differences: Every exception identified through confirmations must be reconciled and documented.
• Best Practices: Maintain a confirmation control register containing Date sent, Type of confirmation, Date received, Follow-up actions, Alternative procedures and Conclusion on evidence obtained

SA 550: Related Party Transactions – High Fraud Risk Area

Related party transactions continue to be one of the most sensitive audit areas because of the possibility of management override and concealment. Quality Review Board, Peer Review, and NFRA inspection observed the following common errors:

• Reliance Solely on Management’s List: Many auditors simply accept the related party list provided by management without independent verification.
• Failure to Review Board Minutes: Board and Audit Committee minutes often reveal related party relationships and transactions not appearing elsewhere.
• Unsupported Arm’s Length Assertions: Audit files frequently contain no evidence supporting management’s claim that transactions occurred at arm’s length.
• Incomplete Identification of Key Management Personnel: The related party universe often excludes individuals covered under accounting standards, leading to incomplete disclosures.
• Recommended Procedures: Auditors should independently verify related party information using Ministry of Corporate Affairs records, shareholding data, board minutes, statutory registers, and management information systems. and obtain a specific management representation on related party completeness.

Audit Reporting: Common Errors under SA 700, SA 705, and SA 706

The audit report remains the final and most visible outcome of the audit process. Quality reviews frequently identify reporting deficiencies even where audit procedures were adequate.

SA 700 – Forming an Opinion

Common Issues like missing completion memorandum, inadequate linkage between conclusions and audit opinion, and engagement partner sign-off dated after the audit report date. And incorrect wording of the opinion paragraph.

Auditors must evaluate whether financial statements adequately present accounting policies, estimates, disclosures, consistency, understandability, and compliance with the applicable financial reporting framework before expressing an opinion.

SA 705 – Modified Opinions

One of the most critical deficiencies observed by reviewers is the absence of a “pervasiveness assessment memo.” Auditors modify opinions but fail to explain whether the matter is merely material or both material and pervasive. Key Distinctions are mentioned below

• Qualified Opinion: Material but not pervasive misstatement or scope limitation.
• Adverse Opinion: Material and pervasive misstatement.
• Disclaimer of Opinion: Material and pervasive scope limitation that prevents the auditor from obtaining sufficient appropriate audit evidence.
• Frequent Errors: No documented assessment of pervasiveness, no communication with those charged with governance, weak support for the basis for modified opinion paragraphs, and confusion between disagreement and scope limitation.

SA 706 – Emphasis of Matter and Other Matter Paragraphs

A recurring inspection finding is the misuse of Emphasis of Matter paragraphs as substitutes for audit qualifications.

• Emphasis of Matter: Used only when the matter is already adequately disclosed in the financial statements, the auditor’s opinion remains unmodified, and the matter is fundamental to users’ understanding.
• Other Matter: Used for matters not disclosed in the financial statements but relevant for understanding the audit or auditor’s responsibilities.
• Quality Review Board, Peer Review, and NFRA  inspection observed the following common errors: Using EOM instead of modification, no documentation supporting the need for Emphasis of Matter or OM, and failure to communicate the matter to Those Charged with Governance. and lack of linkage between working papers and report wording.