Annexture 04

National Audit Office of Sri Lanka (NAOSL)

Please write file No this

document to be in place
File Ref:……...……….………..

Engagement Team Planning Meeting Minutes No ….

(Refer SLAuS 300 – Paragraph 5)

Objectives of the discussion
among audit team members
and documentation.
- To comply with the paragraph 05 of the National Audit Act No 19 of 2018.
- Discuss engagement risk consideration, audit approach to be taken and
design the audit plan so that it will be performed in an effective manner in
accordance with the paragraph 05 of the SLAuS 300.

- To share experience and insight of audit and enhancing the effectiveness

and efficiency of the audit process.

- This Discussion helps members of the audit team to gain a better

understanding of the potential risk areas for material misstatements of the
financial statements resulting from fraud or error, and to understand of the
audit procedures to address those risks including the nature, timing, and
extent of audit procedures.

Name of the Year End:

Auditee:
Date and Time of Venue:
Meeting:

Team Members Present

S/No Name Designation

Team Members Apologies

S/No Name Designation

Engagement Team Details of how the matters were communicated to the Absent Date
Members not in Team Member (Refer SLAuS 315 Paragraph 10, A21 – A24)
Attendance
Insert names here (Insert the name of the team member who communicated these Insert the date
matters and how)

1
S/No. Matters to Discuss Record of Discussion Working
File Ref:
All the members of the audit team have been complied with the
01. Ensure that all the team
relevant ethical requirements laid down in the applicable rules &
members are complied
regulations, standards and guidance. / Following team members
with relevant ethical
have not complied with the below mentioned relevant ethical
requirements. (Refer
principles. Therefore, the following measures have been taken to
Section 05 & 09 of the
mitigate those ethical issues.(as the case may be)
National Audit Act,
ISSAI 130, Paragraph
Principles Mitigating Measures
20 of the Sri Lanka
Issues Involved Affected
Standard on Quality
Control 1 – SLSQC,
Paragraph 9 & 10 of
SLAuS 220 and Internal
Circular
AGS/Circ./2019/13
dated 28 October 2019)

All the team members comply with the relevant quality control
02. Compliance with the
procedures applicable for the audit of …………….(Name of the
NAOSL’s Quality Control
Entity)/ The following improvements required to the Institutional/
Procedures established
assignment level(as the case may be) system of quality control to
to enhance Audit Quality.
ensure audit quality.
(Refer ISSAI 140, Sri
Proposed Developments
Lanka Framework for
Audit Quality,SLSQC 1 Issues Identified
& SLAuS 220)

The following matters included in Appendix B have been

03. Matters required to be
discussed with the team members and records of discussion are
communicated to the
as follows.
engagement team are in
Appendix B (Refer
Records
SLAuS 300 paragraph
8(b) and A 18). Matters Discussed

Understanding of the entity and its environment need to be …………

04. Understanding of the
completed/ had been completed (as the case may be) and
entity and its environment
following important areas need to be/ had been (as the case may
including the entity’s
be) identified.
internal control
Area
completed. (SLAuS 315
(i). The Entity and Its Environment (Refer SLAuS 315
paragraph 11 – 24, A17
P.11 & A25-A49)
– A104 and SLAuS 250)
(a). Industry Factors (Such
as competition, Product &
services, price, demand &
supply, raw materials supply
& price, Product technology,
Energy supply and cost etc.)
(b). Regulatory Factors
(Such as Industry

2
S/No. Matters to Discuss Record of Discussion Working
File Ref:
Regulations significantly
affect the operations,
Taxation, Government
Policies, Environment
Requirements)
(c ). Other External Factors
(Such as general economic
conditions, interest rates,
financing, inflation and
currency revaluation)
(d). The nature of the entity.
(Which includes entity’s
operations, ownership &
governance structures)

(e ). The entity’s objectives, strategies and related business

risks that may result in risk of material misstatement.

Objective/ Business Risk Possible material

Strategy misstatement in Financial
Statements

…………
.
(f). The performance of the entity have been measured
against the budgeted/past years/industry/ similar sized
entity (as the case may be) and following inconsistencies
have been identified.
KPI’s/ Ratios Inconsistencies Identified

(ii). Internal Control (Refer SLAuS 315 P.12-P.24 & A50-

A73)
The audit team has identified the internal controls relevant
to the entity and has identified following inconsistencies
and risk of material misstatement to the F/S’s.
Internal Control Issues identified Effect/ Risk of
Material
Misstatement
to F/S’s

Basis for materiality calculation is ……..% from ……………..(Profit

05 Materiality (Refer SLAuS
Before Tax(PBT), Revenue, Expenditure, Average profit for last 3-
320 – Overall,
5 years, Total Assets, Total Net Assets or Specify: other basis),
Performance and SUM
since……………..(give reason). Overall Materiality(OM) is
posting level)
increased/ decreased to Rs……………….due to growth/ reduction

3
S/No. Matters to Discuss Record of Discussion Working
File Ref:
of ………………… Performance Materiality of Rs………… had
been calculated by applying ……..% hair cut to the OM. SUM
Posting (trivial) Level of Rs…………….is arrived ………% from
OM. Audit team discussed to review materiality levels during the
audit, update when required and plan further audit procedures.
06
Applicable Financial (a). Applicable FRF of ………………(Name of the Entity) is *SLAS/ N/A
Reporting SLPSAS/ SLAS for SME’s/ SLAS for Smaller Entities/ SoRP
Framework(FRF), List of for Not For Profit Organizations (as the case may be)
Accounting Standards
applicable to the entity, (b). List of Applicable Accounting Standards for the auditee
Major changes and …………
(Format No:……………) had been identified and documented
updates to the FRF and in the working file No…………..
risk of material
misstatements in relation
to financial statements (c ). Following are the list of key recognition, measurement and N/A
disclosures. (Refer disclosure requirements identified due to new or revised
Paragraph 10 & A22 of Standards/ Changes in the entity’s environment, financial
SLAuS 315) condition or activities. (as the case may be)
(i)…………………………………………………………………
(ii).………………………………………………………………

(d). Following are the list of key areas for which difficult in N/A
obtaining sufficient appropriate audit evidence in the past.

Key Area Proposed Strategy to collect evidence

N/A
(e ). Following are the list of key complex matters which involve
significant management judgements to recognition,
measurement and disclosures in the financial statements.
(Refer SLAuS 540)

Key Matters Proposed Audit Strategy

(f) Following are the list of critical areas for selection and
application of accounting policies.
Reason Transaction, events or
key disclosures
(i). Accounting for
significant and unusual
transactions.
(ii). Controversial or
emerging areas for which
lack of authoritative
guidance or practices.
(iii). Changes in
accounting policies
(iv). New financial
reporting standards, laws
and regulations.

4
S/No. Matters to Discuss Record of Discussion Working
File Ref:

Based on our experience during prior audit/ review on previous …………

07 Significant matters that
year audit working files (as the case may be) the following
arose during the prior
significant matters have been identified as relevant to the audit of
year audit including the
the year……..
effectiveness and
(a). Past misstatements and errors not corrected on timely basis
efficiency of the prior
listed out as follows.
year audit. (Refer SLAuS
(i). ………………………………………………………………
315 paragraph 9)
(ii). ………………………………………………………………
(iii). ……………………………………………………………..
(b). Past misstatements and errors corrected on timely basis listed
out as follows.
(i). ………………………………………………………………
(ii). ………………………………………………………………
(iii). ……………………………………………………………..
(c ). Effectiveness and efficiency of the audit in relation to the
following areas need to be further improve.
Areas Identified Strategy to improve effectiveness
and efficiency

The following changes have occurred since the previous audit and
08 Significant changes from
its relevance to the current year audit are as follows.
the prior year and
evaluate their effects on
Changes Effect on the Effect on the financial
the entity’s operations
operations (Business statements (Risk of
and financial statement
Risk) Material Misstatements)
risks. (SLAuS 315
paragraph 9, A12 &
A13).

Discussed and emphasis on how and where the entity’s financial

09 Susceptibility of the
statements may be susceptible to material misstatement due to
entity's financial report to
frauds including how frauds might occur. The details are as
material misstatement,
follows.
including misstatements
as a result of fraud or
How it might occur Risk of Material
error. (Refer SLAuS 240
Areas Susceptible Misstatement to
paragraph 15, A10-A11,
to Fraud F/S’s
A-20, A-44 and
APPENDIX I). List of
issues regarding fraud
that must be discussed
is in Appendix A.

Discussed susceptibility of the financial statements to material

10 Discussion on relevant
misstatement due to fraud or error that could result from the
information about related
related party relationships and transactions. The identified related
parties. (Refer Section
party relationships, transactions and risk of material
12(d) of the National Audit
misstatements are as follows.
Act, SLAuS 550 P.12 &
A9-A10, LKAS 24) Related Party Transactions with Risk of Material
Relationship RP’s Misstatement

5
S/No. Matters to Discuss Record of Discussion Working
File Ref:
The following significant issues were discussed during the
11 Progress of review of
COPA/COPE (as the case may be) committee was held
significant matters
on………..(Date). The current progress of which are as follows.
discussed during COPA
and COPE committees.
Present Status
(Refer Section 6(2) of the
National Audit Act) Matters
Discussed

Number of Public representations received up to ……(Date) in …………

12 Progress on inspection of
relation to the current year are ............. The progress of .
public representations
examination of those petitions is as follows.
(Public Petitions) in
relation to the matters
Status Quantity
relating to the entity.
Examined
(Refer Section 4 of the
National Audit Act) In progress
To be examine

The material issues had been noted to be reported to the

parliament.

13 Determine whether the

audit should engage IT
Audit specialists and
identification of audit
procedures required to
be performed by IT Audit.
( Refer Section 7(a)(c)
of National Audit Act
and Paragraph 18(b)
A40, A61-A67, A107-
A109, Appendix 1(4-8)
and Appendix 2 of
SLAuS 315) Refer to
below Appendix C for
further guidance. The
discussion should cover:
 The audit team’s
knowledge as to the
significance of IT to
the organisation by
considering whether
there has been a
change to the
inherent risk of IT.
 Identify any changes
required to the role of
IT Audit and/ or the
audit procedures
undertaken in prior
years.
 Consider whether for
the current period’s
We have identified automated information processing
systems in relation to the following major operations.
System/ Year of Type of the
Functions Software Automation System
Used (Integrated/
Standalone)
An IT Audit had been conducted at the branch level its
nature and extent are as follows.
Area Yes/ No
 Reviewed IT organizational structure
 Reviewed IT policies and procedures
 Reviewed IT standards
 Reviewed IT documentation
 Reviewed the organization’s BIA
(Business Impact Analysis)
 Interviewed the appropriate personnel
 Observed the processes and officers
performance
 Testing of IT controls and document
results of the tests.
 Other: (Please specify)
During our study we have identified following risks/ issues
that should be given particular attention and proposed
responses for those identified risks/ issues are as follows.

6
S/No. Matters to Discuss Record of Discussion Working
File Ref:
audit, the audit team Proposed Response
has sufficient Risks/ Issues Identified
knowledge of IT
general controls, and
if the nature of the
entity’s control
environment requires
The following IT functions/ systems cannot be audited at the
an assessment of IT
general controls. branch level. Therefore; it is decided to obtain the
assistance from the IT Audit Division.
 IT’s involvement in
the completion of key Timing of the Audit
documents including
the risk and response IT Functions/ Systems
document.
 Consider whether the
audit team requires
IT Audit to be present
for walkthroughs and
consider the timing.
 Cover requirements
for the timing for IT
Audit’s completion of
such procedures.

The following are both known and potential significant risks to the
14 Identification of both
entity.
known and potential
significant risks (Refer
Type of risks Impact to the Proposed
SLAuS 315 paragraph
Risks (known or F/S’s audit
25 – 29) and strategies
identified potential) procedures to
to address the risks
address
identified. (Refer SLAuS
those risks.
330)

Discussed the risk assessment analytics and identified following …………

15 Results of risk
significant risks. .
assessment analytics
(Refer SLAuS 315
Reason Impact to the F/S’s
paragraph 6(b) and A14
– A17 SLAuS 520 Risks identified
paragraph 7)

Following client produced reports had been used/ will be used (as
16 Discuss the auditee entity
the case may be) for the audit of year…….. and following issues
produced reports for the
had been identified./ No issues had been identified in relation to
audit and how the audit
the client produced reports (as the case may be).
team will evaluate
Name of the Issue with the Proposed Audit
whether the information
is sufficiently reliable, Name of responsible report (eg: Strategy
the officer submit reliability/
including completeness
report the report. accuracy/
and accuracy or any
completeness
limitations imposed/ will

7
S/No. Matters to Discuss Record of Discussion Working
File Ref:
or specify
be imposed and auditor’s
other reasons)
response there on.
(Refer SLAuS 500
paragraph 9)

The structure of the group is as follows. The group materiality of

17 Considerations in relation
Rs……………had been arrived based on …… percent of
to Audit of Group
…………..……………..(Profit Before Tax(PBT), Revenue,
Financial Statements
Expenditure, Average profit for last 3-5 years, Total Assets, Total
(Refer SLAuS 600)
Net Assets or Specify: other basis).

Nature of Type of the % of Name Significanc

Name operation entity ownership of the e/
of the (Subsidiary/ Auditor Materiality
entity Joint to the
Venture/ Group
Associate/
Other)

The following works had been performed/ to be performed in

relation to the group audit.

Description of the works Completed To be

completed
Overall Group Audit Strategy, Group Audit
Plan have been established and review as
necessary.
Identify Risk of Material Misstatement in the
group financial statements through
understanding the group, its components,
their environment, and group-wide controls.
The mechanisms of the preparation of
consolidated financial statements have
been identified.
Identify materiality levels established for the
group in aggregate, and for the individually
significant components.
The risk of material misstatement
presented by each of the financial
statements of the group had been
identified.
Review the reports of work done by the
component auditors or issue group audit
instructions, to be completed by the
component auditor to understand the
component auditors.

Based on the above evaluation, the following key issues had been
identified in relation to the audit of group financial statements.
Therefore, following further actions need to be taken, or further
audit works need to be carried out.

Auditee Issues Identified Further Audit Procedures

An Internal Auditor (IA) had/ had not (as the case may be) been
18 Audit Committee and use
appointed in accordance with the Section 40 of the National Audit

8
S/No. Matters to Discuss
of Internal Auditor's work.
(Refer Sections 40 & 41
of the National Audit
Act and SLAuS 610)
Record of Discussion Working
File Ref:
Act.
Independence of the Internal Auditor had been secured/ not
secured, (as the case may be) since the Internal Auditor reported/
not reported (as the case may be) to the Chief Accounting Officer/
the Head/ the Governing Body (as the case may be).
The following areas covered by Internal Auditor can be used to
reduce nature, timing and extent of audit / cannot be used (as the
case may be) for the purpose of an audit by evaluating objectivity,
competence and the audit approach of the internal auditor.
Reason Audit Strategy
Areas can be used
Reason Audit Strategy
Areas cannot be used
The IA issued …… No. of internal audit reports for the financial
year……..as at …….(date) for the following areas.
No of reports
Area/ Operations
Internal Auditor had not carried out audits in relation to the
following areas.
…………………………………………………………………….
…………………………………………………………………….
…………………………………………………………………….
We read No.... of IA reports to understand the nature, the extent of
IA function and related findings. Further, we performed/ will
perform (as the case may be) following audit procedures to
evaluate the adequacy of the IA function.
Audit Procedures
Criteria
-Whether IA function had been
properly planned, performed,
supervised, reviewed and
documented.
-Whether sufficient
appropriate audit evidence
had been obtained to draw
reasonable conclusions.
-Whether conclusions reached
are appropriate, reports
prepared are consistent with
the results of the work
performed.
-Evaluation of judgements
involved, risk assessment
procedure, objectivity of
internal auditor, level of
competence.
9
S/No. Matters to Discuss Record of Discussion Working
File Ref:

Based on the above evaluation, it is decided to use/ not to use (as

the case may be) the internal auditor's works completely/ in the
following areas.
Reason
Area

To obtain sufficient appropriate audit evidence we required to

19 Need for experts (Refer
obtain expertise for the following fields.
Article 154(4) of the
Constitution, Section
Type of Service Type of audit
8(a) of the National
Field evidence
Audit Act and SLAuS
620)

Discussed the roles and responsibilities of each and every

20 Documentation and
member of the audit team and recorded in brief are as follows.
Agreement of each
engagement team
Designation Roles and Responsibilities
member’s roles and
responsibilities. (Refer Name
SLAuS 220 paragraph
8, A9, A13, A16 – A19)

Following are the timing of communication with Those Charged

21 Timing of Communication
with Governance.
with Those Charged with
Governance and internal
Stage of the Audit Proposed date of Level of Mgt.
meetings (Refer SLAuS
the meeting involved
260 paragraph 21)
Planning Stage
Execution Stage
Completion Stage

The time schedule for general steps to be followed when

22 Audit timetable (Refer
conducting the audit is as follows.
SLAuS 300)
Steps Activitie Target
S/No. s Date
01 Understand the auditee and
its environment
02. Audit team discussions
03 Open meeting with client
04 Preparation of audit plan
(Overall audit strategy, audit
plan and audit programmes)
05 Assess Risk of Material
Misstatement in financial
statement and design further
audit procedures
06 Perform test of controls
07 Receipt of Financial
Statements

10
 S/No. Matters to Discuss Record of Discussion Working
File Ref:
08 Perform substantive audit
procedures
09 Audit completion/ finalization
10 Scheduling a closing
meeting

Scheduled dates for submission of audit reports are as follows.

23 Submission of Audit
Reports (Refer Part III of
Target Date
the National Audit Act
No.19 of 2018) Type of the report
Draft Report
Opinion Report
Management Report
Final Report
154(6) Report
Performance Reports
Special Reports
Sector Report
Triennial Reports

Progress of identification and reporting matters in relation to

24 Imposition of Surcharges
surcharges are as follows.
(Refer Part IV of the
National Audit Act
Description No’s Amount
No.19 of 2018)
(Rs.)
No of issues identified for surcharges
No of surcharges reported to ASC
B/F from previous year
C/F to next year

25 Other: [please specify]

Prepared By: Reviewed By:

Signature: ……...…………………… Signature: ……...…………...………

Date…………… Date……………………...

Name: ……...………………………. Name: ……...……………………….

Designation: Superintendent of Audit Designation: Deputy/ Assistant Auditor General

11
Appendix A: Matters to be Discussed by the audit team in Relation to Fraud (Refer SLAuS 240
paragraph 15, A10-A.11)
The discussion must consider and document the following matters:
 An exchange of ideas among engagement team members about how and where the entity’s
financial report may be susceptible to material misstatement due to fraud, how management could
perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be
misappropriated.
 Consideration of circumstances that might be indicative of earnings management and the practices that
might be followed by management to manage earnings that could lead to fraudulent financial reporting.
 Consideration of the known external and internal factors affecting the entity that may create an incentive or
pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated,
and indicate a culture or environment that enables management or others to rationalise committing fraud.
 Consideration of management’s involvement in overseeing employees with access to cash or other assets
susceptible to misappropriation.
 Consideration of any unusual or unexplained changes in behaviour or lifestyle of management or
employees who have come to the attention of the engagement team.
 An emphasis on the importance of maintaining a proper state of mind throughout the audit regarding the
potential for material misstatement due to fraud.
 A consideration of how an element of unpredictability will be incorporated into the nature, timing and
extent of the audit procedures to be performed.
 A consideration of audit procedures that might be selected to respond to the susceptibility of the entity’s
financial report to material misstatements due to fraud and whether certain types of audit procedures are
more effective than others. (Refer SLAuS 240.A11)
 A consideration of any allegations of fraud that have come to the auditor’s attention.
 A consideration of the risk of management override of controls.
 Material misstatements due to fraud or error that could result from the entity's related party relationships
and transactions (Refer SLAuS 550.12) and the sharing of relevant information about related parties with
other team members (Refer SLAuS 550 paragraph 17)
 Whether the entity uses a service organisation. If the entity uses a service organisation, need to inquire of
management of the entity whether the service organization has reported to the entity, or whether the entity
is otherwise aware of, any fraud, non-compliance with laws and regulations or uncorrected misstatements
affecting the financial statements of the entity (Refer SLAuS 402 paragraph 19).
The Engagement Leader must determine which matters are to be communicated to those members not
involved in the discussion (Refer SLAuS 240 paragraph 15).

12
Appendix B: Matters to be Communicated to the Engagement Team (Refer SLAuS 300 paragraph 8(b)
and A 18)
During the meeting the following must be emphasised to the engagement team:
 The importance of maintaining an attitude of professional scepticism throughout the audit and recognising
the possibility that a material misstatement due to fraud could exist (Refer SLAuS 200 paragraph 15, A20
– A 24).
 The importance of maintaining a proper state of mind through-out the audit regarding the potential for
material misstatement due to fraud (Refer SLAuS 240 paragraph A11).
 Unless the auditor has reason to believe the contrary, the auditor may accept records and documents as
genuine. If conditions identified during the audit because the auditor to believe that a document may not
be authentic or that terms in a document have been modified but not disclosed to the auditor, the auditor
shall investigate further (Refer SLAuS 240 paragraph 13).
 Where responses to enquiries of management or those charged with governance are inconsistent, the
auditor shall investigate the inconsistencies (Refer SLAuS 240 paragraph 14).
 Consideration of how an element of unpredictability will be incorporated into the nature, timing and extent
of the audit procedures to performed. (Refer SLAuS 240 paragraph 29(C ) and A 36).
 Consideration of the audit procedures that might be selected to respond to the susceptibility of the entity’s
financial report to material misstatements due to fraud and whether certain types of audit procedures are
more effective than others (Refer SLAuS 240 paragraph A 11).
 Auditors must be aware of the restrictions and level of protection required for the security classified
information that comprises audit evidence for your client, especially if the information is classified
overprotected. (Refer Section 9 of the National Audit Act No 19 of 2018) For example, some security
classified information may not be able to be stored in Audit Files and some documents may not be
removed from the client's premises.

13
Appendix C Matters to discuss/consider if engaging IT audit
 The nature, timing and extent of IT Audit personnel participation in the audit.
 The nature and extent of IT Audit review of the work performed.
 Issues that should be given particular attention.
 How key risks identified as a result of IT Audit work are appropriately included in the risk and response
document with an appropriate response.
 How control weaknesses identified should be documented and reported.
 The nature, extent and manner in which the Divisional Head (IT Audit) and SA (IT Audit) will review the
results of the work performed.
 How IT Audit work will be documented in the risk and response document.
Considerations for determining participation by IT audit in the financial statement audit
Participation by IT Audit personnel normally would include completing and/or advising the assurance team on
many of the following:
 Developing the audit approach, including input to the risk and response document focusing on identifying
risks and linking risks auditing responses.
 Gathering and documenting information about the auditee institution objectives, related risks, systems and
controls (both application and Information Technology General Controls), including meetings with the
officers of auditee institution where appropriate e.g. with the Chief Information Officer.
 Assessing and advising the team on the impact of significant system changes on the risks identified.
 Testing controls (including application and Information Technology General Controls).
 Validating controls (including application and Information Technology General Controls.
 Evaluating Controls weaknesses.
 Reviewing the risk and response document to ensure that comfort obtained from controls work is
appropriately reflected.
 Supporting execution of other relevant aspects of the audit approach.
To further illustrate these points:
Complex Systems (ie Less Complex Systems
High/Medium Complexity
Rating
Possible IT Audit Participation
Auditors IT Audit Auditors IT Audit
Identify and document significant Combined team X *
processes and systems
Document and evaluate controls other Combined team X *
than Information Technology General
controls, for example application
controls
Validate controls Combined team X *
Document, evaluate and validate X Combined team
Information Technology General
Controls

* Consider using IT Audit personnel if there is uncertainty on the level of complexity and the approach to adopt
or if assistance is required in documenting, evaluating and testing of controls.

14
15