1. Quality Review ProgramReview of Engagements QuestionnaireAudit Engagements To be completed for audits of financial reporting periods commencing on or after 1 July 2006 Review Code: reviewId Date questionnaire completed: What type of entity was audited? (For publicly listed entities and superannuation fund audits, please use separate questionnaire.)Engagement reference code:Company Non-corporate disclosing entityRevenue and/or assets of engagement: public not listed (including companyOther unincorporated body limited by guarantee)Engagement year end: large proprietary Solicitors trust account small proprietary Real estate agent trust accountInitial that client consent has been sighted: Other (please specify)Was this an honorary audit?YesNo Auditquestionnaire January 2008 Page 1 of 15

2. About this questionnaire This questionnaire has been designed to help you, the reviewer, assess whether the audit under review was conducted in accordance with Australian Auditing Standards, and other relevant professional standards and legislation.Throughout the questionnaire the questions in bold relate to mandatory elements of the Auditing Standards and other professional standards or to matters required by legislation. You must answer yes or no to these questions, or explain why they do not relate to this audit engagement. References have been included to assist you. The questions in normal print relate to the audit procedures which a practice would commonly carry out to comply with Auditing Standards.We suggest you start with an overall review of the whole audit, which will enable you to answer most of the questions. From this review identify one significant audit risk, and examine this area in detail. Question 5.7 asks for your assessment of this area. You should then have enough information to make your overall assessment of the audit in Section 7.1.Audit independence and quality control Reviewer's Comments 1.1 Is there evidence the engagement partner formed and documented a conclusion on compliance with independence requirements that applied to this engagement? ASA 220.151.2 Were any threats to independence identified for this engagement which were clearly not insignificant? APES 110 (290.23)If no, go to 1.5.Situations which may give rise to threats to independence include: financial interest in clients; loans or guarantees to or from the client; close business relationships with the client or its directors/employees; close family or personal relationships with the clientsdirectors/employees; employment of ex-partners or staff with the client, or clientstaff with the firm; serving as an officer or director of the client; long association of senior personnel with the client; provision of non-assurance services to the client; and dependence of the firm on the client for a significantportion of the firms fees. 3. 1.3 If yes, have the threat/s and related safeguards been documented? APES 110 (290.27) (Note that not all threats can be eliminated or reduced to an acceptable level.)1.4 Have the threats and related safeguards been notified to the assurance practice? APES 320.19 and .20 (Not appropriate for small practices.)1.5 Did the firm provide any bookkeeping services to the client? If so, how was the self-review threat reduced to an acceptable level?APES 110 (290.158) The firm may provide a non-listed audit client with accounting and bookkeeping services provided any self- review threat is reduced to an acceptable level. See also independence questions in Section 5 of the Quality Control for Firms Questionnaire.1.6 (a) Was this audit carried out under the Corporations Act 2001?(b) If yes: (i) were the general and specific independence requirements of the Act complied with? An overview of these requirements is given in theQuality Control for Firms Questionnaire and theQuestionnaire for the Review of a Practice with anInternal Review Program.(ii) was an independence declaration issued to thedirectors in accordance with s.307C?2.Planning2.1 Is there written evidence that the practice considered the client relationship before commencing this audit? APES 320.28, ASA 220.172.2 Is there evidence that the auditor and the client agreed on the terms of the engagement? ASA 210 requires the auditor to agree on the engagement terms, record them in writing and forward them to the entity. ASA 210.05 4. Where the terms of the engagement have changed, has the auditor agreed on the new terms with the client and confirmed them in writing? ASA 210.252.3 Does it appear all members of the audit team (including the engagement partner) had the necessary capabilities, competence and time to perform this engagement? APES 320.44; ASA 220.232.4 Did the auditor perform analytical procedures as risk assessment procedures at the planning stage of the audit? ASA 520.12Did the auditor consider whether unusual or unexpected relationships might indicate a risk of material misstatement due to fraud? ASA 240.572.5 Has the auditor established and documented an overall strategy for the audit? ASA 300.12This ordinarily involves: determining the scope of the engagement ascertaining the reporting objectives of the engagement considering factors such as risk areas and internal control.Has the auditor made a preliminary assessment of materiality? ASA 320.122.6 Has the auditor developed and documented an audit plan for the audit? ASA 300.18The audit plan is more detailed than the audit strategy and ordinarily includes: a description of the nature, timing and extent of plannedrisk assessment procedures a description of the nature, timing and extent of plannedfurther procedures at the assertion level other procedures such as plans for obtaining solicitorsconfirmation letters.For small audits, the audit strategy and the audit plan may be integrated. 5. 2.7 Where the audit is being performed pursuant to a statute other than the Corporations Act 2001 (eg solicitors trust account, Local Government Act) have the audit strategy and plan been constructed to assess compliance with those statutes?2.8 Is there evidence the engagement team discussed the susceptibility of the financial report to material misstatements, including from fraud? ASA 315.20; ASA 240.30 & .323.Risk Assessment and Internal Controls3.1 To the extent appropriate for this client, has the practice documented its understanding of: (a) relevant industry, regulatory and other externalfactors including the applicable financial reportingframework and relevant laws and regulations?ASA 315.28; ASA 250.20, .23(b)the nature of the entity?ASA 315.32(c)the entitys selection and application of accountingpolicies?ASA 315.36(d)the entitys objectives and strategies and the relatedbusiness risks that may result in a materialmisstatement in the financial report?ASA 315.39(e)the measurement and review of the entitys financialperformance?ASA 315.453.2 ASA 315 requires auditors to obtain an understanding of internal control relevant to the audit. It divides internal control into five components, with specific mandatory requirements applicable to each. The five components are: the control environment the entitys risk assessment process the information system control activities monitoring of controls 6. Internal controls that are relevant to the audit are generally those that relate to the entitys objective of preparing a financial report for external purposes. ASA 315.60To the extent appropriate for this client, has the practice documented: (a)its understanding of the entitys controlenvironment?ASA 315.79(b)the entitys process for identifying business risksrelevant to financial reporting objectives anddeciding about actions to address those risks?ASA 315.89(c)the information system relevant to financialreporting, including the following (ASA 315.95, .103):(i) the classes of transactions in the entitysoperations that are significant to thefinancial report?(ii)the proceduresby which thosetransactions areinitiated,recorded,processed and reported in the financialreport?(iii) the related accounting records, supportinginformation and specific accounts in thefinancial report?(iv)how the information system capturesevents and conditions that are significantto the financial report (eg impairment ofassets)?(v) the financial reporting process used toprepare the entitys financial report,including significant accounting estimatesand disclosures?(vi)how the entity communicates financialreporting roles and responsibilities relatedto financial reporting?(d)control activities sufficient to enable it to(ASA 315.105):(i) assess the risks of material misstatement at the assertion level?(ii) design further audit procedures responsive to assessed risks?(Control activities includeauthorisation,information processing, physical controls andsegregation of duties.) 7. (e)the major types of activities that the entity uses tomonitor internal control over financial reportingand how the entity initiates corrective action to itscontrols?ASA 315.1133.3 Has the practice documented the inquiries made of management and those charged with governance with regard to fraud? ASA 240.38, .42, .503.4 Has the practice identified, assessed and documented the risks of material misstatement (including fraud) at the financial report level and at the assertion level for classes of transactions, account balances and disclosures? ASA 315.117; ASA 240.613.5 As part of risk assessment: (a) has the practice identified and documented any risks where it is not possible to obtain sufficient evidence only from substantive procedures? ASA 315.135 (b) for any such risks, has the practice evaluated the design of the related controls and determined whether they have been implemented (i.e. performed tests of controls)? Have these tests been documented? ASA 315.1353.6 As part of the risk assessment, have significant audit risks been identified and documented? (Significant audit risks are expected to arise on most audits. Where there is a risk of material misstatement due to fraud (especially in relation to revenue recognition), this must be classified as a significant audit risk.) ASA 315.126; ASA 240.613.7 For any significant audit risks, has the practice: (a) evaluated the design of the related controls anddetermined whether they have been implemented? ASA 315.132; ASA 240.61(b) planned substantive procedures that are specifically responsive to that risk? ASA 330.71; ASA 240.654.Audit evidence 8. 4.1 Are there audit working papers on file? ASA 230.05If compilation workpapers are being used to support the audit opinion, they must contain evidence of the audit procedures carried out.4.2 Was the final engagement file(s) compiled within 60 days of the audit report being finalised? APES 320.73a; ASA 230.284.3 Are the audit working papers sufficiently complete and detailed to provide an understanding of the audit? ASA 230.11Was the audit conducted in accordance with the audit plan and the audit program?Are the steps in the audit program signed off?Does it appear changes were made to the audit plan and/or audit program during the audit, where appropriate?Are working papers adequate? Consider the following: indexing; cross-referencing; initials; dating; sources of information indicated; the meaning of tick marks included; purpose of client prepared schedules indicated; and apparently insignificant areas were not over-audited.Can you trace the amounts from the audited lead schedules, or equivalent, to the final financial report?4.4 Is there evidence that audit procedures were performed to ensure all material events occurring after balance date and up to the date of the audit report were identified? ASA 560.084.5 Where the practice has used information produced by the entity (eg. ageing analysis of receivables) to perform procedures, has evidence been obtained about the accuracy and completeness of the information? ASA 500.14 9. Specific areas If the auditor did not carry out the specific procedures in questions 4.6 to 4.17 as the area did not exist or was not material, note this next to the question. 4.6Have external confirmations been used to verify relevantbalances (eg receivables)?ASA 505.05 If not, has sufficient appropriate alternative evidence beenobtained?4.7Where inventory was material, did the auditor attend thephysical inventory count?ASA 501.11 If not, did the auditor take or observe some physicalcounts on an alternative date and, when necessary,perform audit procedures on intervening transactions?ASA 501.134.8Did the auditor obtain evidence about compliance withthose laws and regulations likely to have an effect on thedetermination of material amounts and disclosures in thefinancial report?ASA 250.244.9Where material legal matters existed, did the auditorendeavour to obtain written representations from alllawyers with whom management consulted?ASA 508.114.10 Has the auditor performed procedures designed to obtainevidence regarding the identification and disclosure ofrelated parties and related party transactions?ASA 550.054.11 Did the auditor endeavour to obtain written managementrepresentations: where other sufficient appropriate evidence did not exist?ASA 580.09 in relation to fraud?ASA 240.96 in relation to compliance with laws and regulations?ASA 250.29 10. 4.12 Is there a bank audit certificate dated before the audit report?AGS 1002.03 If not, did the auditor obtain sufficient, appropriate auditevidence in relation to bank balances and treasury operations(if any)?4.13 Were audit procedures performed which were specificallyresponsive to risks assessed at the planning stage?ASA 330.124.14 Where the auditor planned to rely on controls, were testsof controls performed?ASA 330.30, .33, .384.15 Have assertions been used to design and perform auditprocedures?ASA 500.204.16 In determining sample sizes, did the auditor considerwhether sampling risk was reduced to an acceptably lowlevel?ASA 530.45 Sampling risk arises from the possibility that the auditorsconclusions, based on a sample, may be different from theconclusion reached if the entire population was tested.Sample sizes may be determined statistically or judgementally.4.17 Did the auditor record the identifying characteristics(eg invoice numbers, dates and amounts) of the specificitemsor mattersbeing tested?ASA 230.144.18 Does it appear appropriate security and confidentialitywas maintained over the engagement workpapers?APES 320.73d; ASA 230.37 11. 5.Assessment of audit evidence5.1 Do the audit working papers record: the results of the audit procedures and the evidenceobtained; and significant matters arising during the audit and theconclusions reached thereon? ASA 230.115.2 Is there evidence that: the financial report was agreed to the underlyingaccounting records? material journal entries/adjustments were examined? ASA 240.80; ASA 330.69 accounting estimates were reviewed for bias? ASA 240.805.3 Were uncorrected misstatements assessed to determine whether they were material either individually or in aggregate? ASA 320.27Did the auditor consider whether misstatements identified could be indicative of fraud? ASA 240.91Did the auditor inform those charged with governance of any uncorrected misstatements that were determined by management to be immaterial? ASA 260.175.4 Was managements assessment of the going concern assumption evaluated and documented at the final stage of the audit? ASA 570.225.5 Were analytical review procedures appliedand documented at the final stage of the audit? ASA 520.25Did the practice consider whether analytical procedures indicated a previously unrecognised risk of material misstatement due to fraud? ASA 240.89 12. 5.6 Does it appear the engagement partner took responsibility for the direction, supervision and performance of the engagement in accordance with Auditing Standards? ASA 220.25Ordinarily this involves, for example: informing members of the audit team of their responsibilities tracking the progress of the engagement addressing significant issues arising during the engagement determining review responsibilities on the basis that more experienced team members review work performed by less experienced team members.5.7 Select one significant audit risk (or if none, select a material account) and review this area in detail.Audit area: Were audit assertions at risk identified, and were substantive procedures performed that were responsive to that risk? Was there an appropriate review of the information system and related internal controls? Were tests performed to ensure controls related to the significant audit risk had been implemented? Was the extent of reliance on controls to reduce substantive testing appropriate under the circumstances? Were the substantive audit procedures selected efficient? Was appropriate use made of computer audit specialists in the evaluation of controls? Were the results from computer audit testing incorporated into the audit files? Do the work papers adequately document the work performed and the conclusions reached? Do the work papers adequately document the resolution of all significant issues? Were any errors or weaknesses found dealt with appropriately, given their impact on: audit strategy/plan and risk assessment? audit scope? extent of testing? assessment of misstatements? 13. 5.8 If the auditor also prepared the financial report, did the auditor ensure that client management accepted responsibility for the preparation and presentation of the financial report? ASA 200.42, .45; ASA 580.07How did theauditorensure managementaccepted responsibility?6.Reporting6.1 Is there evidence the engagement partner reviewed the audit documentation and was satisfied sufficient, appropriate audit evidence had been obtained prior to the audit report being issued? ASA 220.306.2 Does the audit report contain the following elements: title including the word independent? addressed as required by the circumstances of the engagement? an introductory paragraph clearly identifying the entity whose financial report has been audited, the title/page numbers of the financial statements that comprise the financial report (including, where relevant, the Directors Declaration) and specifying the date and period covered by the financial report? a statement that those charged with governance are responsible for the preparation and presentation of the financial report? a description of the auditors responsibilities, including a description of an audit? if relevant, a section headed basis for qualification clearly setting out the qualification? a section headed auditors opinion or qualified auditors opinion? if relevant, a section describing any emphasis of matter relevant to the auditors report? date signed in the name of the appointed auditor?ASA 700; ASA 701If there is a modification (qualification or emphasis of matter), does it appear the type of modification is in accordance with ASA 701? 14. For a reporting entity: Is the financial report presented in accordance with: applicable Accounting Standards; and other requirements for the type of entity beingaudited? SMO (IFAC statement of member obligations) 1.19.For a non-reporting entity: Do the financial report and the audit report clearly state: that the financial report is a special purpose report; the purpose for which it has been prepared; and the extent to which Accounting Standards have, or have not, been adopted?6.3 Is the audit report based on the audit evidence in the audit working papers? ASA 700.15Is the audit report dated after the date of the audit working papers?6.4 Were significant matters (including fraud, suspected fraud, material weaknesses in control or non-compliance with laws and regulations) reported to management and/or those charged with governance? ASA 260.05; ASA 240.99, .101, .106, .108; ASA 250.34, .40, .42, .43.Were the matters reported in written form?If reported orally, was this documented (eg via meeting minutes)?Was there evidence of follow up of matters identified in previous audits?If previously reported matters were not corrected, was their impact considered in the audit strategy and audit plan?6.5 Have any suspected (significant) contraventions of the Corporations Act been reported to ASIC? s.311 of the Corporations Act and ASIC Practice Note 34Contraventions include: attempts by the audit client to manipulate or mislead amember of the audit team; attempts by the audit client to interfere with the properconduct of the audit; insolvent trading; failure to comply with accounting standards; 15. fraud by officers or employees of the client. 7.Overall assessmentAnswer no unless there is evidence that the engagement was unsatisfactory.Based on your review of the audit engagement, is there any indication that:7.1 the audit was not conductedin accordance with Australian Auditing Standards? 7.2 the audit opinion was not based on sufficient appropriate audit evidence?