International Audit Workbook (Interntional Audit Workbook)

Interntional Audit Workbook

International Audit WorkbookChapter 1 - Introduction and Contents Purpose of Audit Workbook Description of Contents Chapter 2 - Engagement Management 2.1 Team Member Roles 2.2. Client and Engagement Acceptance and Continuance 2.3 Setting the Terms of the Audit 2.4 Audit Documentation 2.5. Review 2.6. Communications with Management and Those Charged with Governance Chapter 3 - Planning 3.1. Preliminary Engagement Activities 3.2. Kickoff Discussion 3.3. Engagement Scope 3.4. Audit Strategy Decisions 3.5. Risk Assessment Procedures 3.6. Understanding the Entity 3.7. Risk Assessment and Planning Discussion 3.8. Summary of Identified Risks 3.9. Planned Audit Approach 3.10. Changes to Our Audit Strategy or Planned Audit Approach Chapter 4 - Control Evaluation 4.1. Entity Level Controls 4.2. Accounting Activities at the Assertion Level 4.3. Controls at the Assertion Level 4.4. Test the Operating Effectiveness of Selected Controls2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis 4.5. Control Deficiencies thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

4.6. Substantive Approach

Page 1 / 133

4.2. Accounting Activities at the Assertion Level 4.3. Controls at the Assertion Level International Audit Workbook (Interntional Audit Workbook) 4.4. Test the Operating Effectiveness of Selected Controls 4.5. Control Deficiencies 4.6. Substantive Approach 4.7. Financial Reporting 4.8. Risk of Significant Misstatement (RoSM) Chapter 5 - Substantive Testing 5.1. Risk of Significant Misstatement 5.2. Substantive Procedures 5.3. Nature, Timing, and Extent of Substantive Procedures 5.4. Substantive Analytical Procedures 5.5. Tests of Details 5.6. Computer Assisted Audit Techniques 5.7. Substantive Sampling Techniques 5.8. External Confirmations Chapter 6 - Completion 6.1. Performing Completion Procedures 6.2. Audit Objectives Associated with Significant Risks 6.3. Significant Findings and Issues 6.4. Results of Audit Procedures 6.5. Independence and Ethical Issues Chapter 7 - Specific Topics Chapter 8 - Engagements to Review Interim Financial Information of an Audit Client 8.1 Obtain an Understanding of the Entity and Its Environment, Including Its Internal Control 8.2 Inquiries, Analytical Procedures, and Other Review Procedures 8.3 Evaluate the Results of Our Review 8.4 Other Considerations 8.5 Obtain Management Representation Letters 8.6 Other Information That Accompanies the Interim Financial Information2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis 8.8 Reporting thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

8.7 Communication with Management and Those Charged with Governance

Chapter 9 - Group Audits

Page 2 / 133

8.5 Obtain Management Representation Letters 8.6 Other Information That AccompaniesAudit WorkbookFinancial Information International the Interim (Interntional Audit Workbook) 8.7 Communication with Management and Those Charged with Governance 8.8 Reporting Chapter 9 - Group Audits Appendix A - Audit Workbook Supplement 2009 Introduction and ContentsInterntional Audit Workbook

Chapter 1 - Introduction and ContentsThis Workbook is intended to serve only as a partial summary of various tools and workflows associated with the performance of a KPMG audit. The KPMG Audit Manual (KAM) International continues to be the primary source of KPMG policy and guidance related to the performance of a KPMG audit. KAM International is available on Accounting Research Online (ARO) and may also be available on your desktop. Guidance on using KAM International can be accessed by selecting the "KAM Help File" from the KAM International Welcome Screen. This Workbook is intended to provide further discussion relating to the interpretation of KAM International. The way in which KAM International is applied to the circumstances of the particular audit is a matter of judgment for the engagement partner and the engagement team. Guidance regarding integrated audits performed in accordance with the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5, "An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements," is not included in KAM International or in the Audit Workbook. For guidance regarding engagements performed pursuant to this standard, refer to the KPMG Integrated Audit Manual and the Integrated Audit working papers available on ARO. This Workbook is for internal use only and is not to be distributed outside of KPMG.

Purpose of Audit WorkbookThe Audit Workbook is designed to provide you with assistance in the use of various tools developed to perform a KPMG audit. The Workbook is not intended to be a comprehensive summary of the KPMG Audit Methodology. Accordingly, engagement teams are expected to continue to refer to KAM International with respect to the substance of KPMG policies, bold type paragraphs, and guidance related to the performance of a KPMG audit. The KPMG Audit Methodology is designed to comply with International Standards on Auditing (ISAs). ISAs are available via ARO and can be accessed by selecting "Professional Standards" from the KAM International Welcome Screen. Audit professionals refer to additional internal and external sources of guidance and/or consultation (including consultation with other members of the engagement team), as appropriate. In addition to the Audit Workbook, engagement teams are encouraged to use the Audit Toolkit. The Audit Toolkit is a list of information organized by audit workflow (FSA, IA, SE, and VSE), which engagement teams will find useful when performing an audit. For the Less Complex Entity (LCE) workflow, the following additional materials are available in the LCE home page (accessible from the Global Audit home page or from the Vector home page): LCE Overview - brief presentation of LCE and of the new features available LCE Tips - a short list of tips to bring a new user quickly up to speed Virtual LCE - a comprehensive presentation of LCE, but using a screenshot-based and intuitive format

LCE User Guide - the detailed guide to all the functionality available in the tool 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis Audit of Trex - a practical example of an audit engagement in LCE, using the new features thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. available in the toolPage 3 / 133

LCE Tips - a short list of tips to bring a new user quickly up to speed Virtual LCE - a comprehensive presentation ofWorkbook (Interntionalscreenshot-based and intuitive International Audit LCE, but using a Audit Workbook) format LCE User Guide - the detailed guide to all the functionality available in the tool Audit of Trex - a practical example of an audit engagement in LCE, using the new features available in the tool

Description of ContentsThe contents of this Workbook are based on the April 2008 version of KAM International, the related Global Workpapers (GWPs), and KAM Alert 2008/04 (i.e., revisions related to materiality). The Audit Workbook addresses the audit workflows, specific topics (fraud, laws and regulations, subsequent events, etc.), engagement management topics, and GWPs. To the extent possible, the Audit Workbook also includes flow charts, decision trees, and graphics related to the audit methodology. The content of the Workbook is presented in a variety of styles, as follows: Content that is displayed in this style of box and that is not part of a table signifies a definition. A term that is highlighted in blue signifies that this term is defined within the Audit Workbook. A listing of these terms and the page number where the definition can be found is included in the Index. All examples are presented in italics. Content which is displayed with an exclamation sign signifies that engagement teams generally should be alert to this topic area (e.g., revenue recognition).

!

Content which is displayed with a checkmark indicates that additional assistance is available in the form of Practice Aids or Attachments to the GWPs.

Content which is displayed with a light bulb indicates tips (i.e., additional information that the engagement team may consider).

Content which is displayed in this style of box with light yellow shading signifies that the content is applicable to SE or VSE engagements. This content is not included in KAM International and generally represents tips or additional information that engagement teams working on such engagements may consider.Interntional Audit Workbook

Chapter 2 - Engagement ManagementThis section addresses: the roles of team members and other people or functions that may be involved in an audit engagement client and engagement acceptance and continuance setting the terms of the audit working papers and how we manage them, and

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis reporting on our findings, including required communications. thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

2.1 Team Member Roles

Page 4 / 133

engagement client and engagement acceptance and continuance setting the terms of the audit International Audit Workbook (Interntional Audit Workbook) working papers and how we manage them, and reporting on our findings, including required communications.

2.1 Team Member RolesEngagement teams may include the following members: engagement partner engagement manager other professional staff KPMG specialists (including IRM, tax, forensic specialists, etc.) external experts (contracted by the KPMG member firm)

Others that may be involved in an audit engagement include: engagement quality control reviewer U.S. GAAP/GAAS and IFRS assignments reviewing partners external experts (employed or contracted by the entity) other KPMG locations, and other independent auditors.

For guidance regarding other KPMG locations and other independent auditors, refer to the KAM Alert expected to be released in 2008. Additionally, the engagement team considers the effects of the work performed by internal audit or the use of a service organization by the entity when planning and performing the audit.

2.1.1 Engagement PartnerThe engagement partner is responsible for the conduct of the engagement in accordance with the engagement letter or instructions and applicable laws, regulations, and professional standards. [2068.0.1] The engagement partner is responsible for the overall performance and the technical quality of the audit, including: [2068.1] directing the audit in accordance with KPMG policies and bold type paragraphs determining materiality for planning purposes at the financial statement level and subsequent revisions, if applicable reviewing and approving significant deliverables prior to releasing them outside of KPMG the quality of deliverables, ensuring that deliverables are consistent with the deliverables specified in the engagement letter or any variation to it conducting a review to determine that the work performed during the audit supports the engagement deliverables, and forming the audit opinion.

The engagement partner should: take responsibility for the overall quality on each audit engagement to which that partner is assigned [2068.3.3]

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG be satisfied that appropriate procedures regarding the acceptance and continuance of client International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis relationships and specific audit engagements have been followed, and that conclusions reached thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

in this regard are appropriate and have been documented [2068.3.4]Page 5 / 133

be satisfied that the engagement team collectively has the appropriate capabilities, competence,

forming the audit opinion.International Audit Workbook (Interntional Audit Workbook)

The engagement partner should: take responsibility for the overall quality on each audit engagement to which that partner is assigned [2068.3.3] be satisfied that appropriate procedures regarding the acceptance and continuance of client relationships and specific audit engagements have been followed, and that conclusions reached in this regard are appropriate and have been documented [2068.3.4] be satisfied that the engagement team collectively has the appropriate capabilities, competence, and time to perform the audit engagement in accordance with professional standards and regulatory and legal requirements, and to enable an auditor's report that is appropriate in the circumstances to be issued [2068.3.5] consider whether members of the engagement team have complied with ethical requirements [2068.3.6] take responsibility for the direction, supervision, and performance of the audit engagement in compliance with professional standards and regulatory and legal requirements, and for the auditor's report that is issued to be appropriate in the circumstances [2068.3.7] be responsible for the engagement team undertaking appropriate consultation on difficult or contentious matters [2068.3.8] be satisfied that members of the engagement team have undertaken appropriate consultation during the course of the engagement, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm [2068.3.8] be satisfied that the nature and scope of, and conclusions resulting from, such consultations are documented and agreed with the party consulted [2068.3.8], and determine that conclusions resulting from consultations have been implemented. [2068.3.8]

For audits of financial statements of listed entities and for other audit engagements where an engagement quality control review is performed in accordance with the firm's policies, the engagement partner should: [2068.3.9] determine that an engagement quality control reviewer has been appointed discuss significant matters arising during the audit engagement, including those identified during the engagement quality control review, with the engagement quality control reviewer, and not issue the audit report until the engagement quality control review is completed. Where more than one KPMG firm is providing services to a client, the lead partner from the originating KPMG firm is responsible for the overall client relationship. RMM-G 24.1.2

!

2.1.2 Engagement ManagerThe following activities are examples of engagement manager responsibilities: [2071.1] assist the engagement partner in the development of the expected scope and conduct of the audit review and approve the planned activities prior to the start of significant fieldwork schedule professional staff and maintain liaison with the entity on the timing of the engagement monitor the progress of the engagement against expectations (progress and completion dates and budget) and keep the engagement partner informed of significant variances resolve issues with the engagement team members as they arise and discuss them with the engagement partner, as appropriate

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG supervise and direct the professional staff on the engagement International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

prepare and/or supervise the preparation of reports to management review engagement working papers.

Page 6 / 133

monitor the progress of the engagement against expectations (progress and completion dates and budget) and keep the engagement partner informed of significant variancesInternational Audit Workbook (Interntional Audit Workbook)

resolve issues with the engagement team members as they arise and discuss them with the engagement partner, as appropriate supervise and direct the professional staff on the engagement prepare and/or supervise the preparation of reports to management review engagement working papers.

2.1.3 Other Professional StaffThe following activities are examples of other professional staff responsibilities: [2072.1] understand and perform the tasks assigned to them prepare certain working papers and make them available for review by the appropriate member of the engagement team, and inform the engagement partner and/or manager about issues or problems as they arise.

2.1.4 KPMG SpecialistsIf expertise in a field other than accounting or auditing is necessary to obtain sufficient appropriate audit evidence, we determine whether to use the work of a KPMG specialist. A KPMG specialist is a person possessing special knowledge, skills, and experience in a particular field, other than auditing and accounting. [2073.2] The engagement partner and manager: [2073.7] determine the need for participation of KPMG specialists in the audit define the roles and responsibilities of the KPMG specialists confirm satisfaction of procedures performed by the KPMG specialists confirm that documentation of such procedures has been prepared in accordance with applicable KPMG policies and other requirements, and discuss any issues arising from the specialist's work with the KPMG specialist and appropriately consider the results of the specialist's work in the audit.

When determining if the use of a KPMG specialist is appropriate, we consider: [2074.2] applicable policies for involvement of KPMG specialists, including IRM specialists and tax specialists our assessment of the risk of material misstatement due to fraud for the engagement the risk of significant misstatement related to the audit objective being examined whether the matter relates to an audit objective associated with a significant risk the nature and complexity of the information, data, or calculations to be audited whether the client has developed the information, data, or calculations internally as opposed to engaging the services of an independent third party; and whether the engagement team possesses sufficient experience to review the information, data, or calculations provided by the client, and any other audit evidence available.

KPMG specialists may include the following: KPMG specialist Criteria for involvement

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis IRM specialist The audit engagement partner, in consultation with the IRM specialist's, makes an thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

assessment of the nature, timing, and extent of the IRM specialist's involvement in each phase of the audit for audit engagements of clients that meet at least one of the following criteria: [2075.4.1]

Page 7 / 133

any other audit evidence available.International Audit Workbook (Interntional Audit Workbook)

KPMG specialists may include the following: KPMG specialist IRM specialist Criteria for involvement The audit engagement partner, in consultation with the IRM specialist's, makes an assessment of the nature, timing, and extent of the IRM specialist's involvement in each phase of the audit for audit engagements of clients that meet at least one of the following criteria: [2075.4.1] the entity is listed the entity is a financial institution the audit engagement is greater than 1,000 hours (calculated at the entity level for single entities or at the consolidation level including multilocation involvement, if any), or Information Technology is critical to the operation of its business.

When it is decided not to involve IRM specialists on clients that meet any of the above criteria, this decision is approved and signed by the IRM specialist, and the rationale is documented in the Planning Document. [2075.4.2] Tax specialist The engagement partner discusses with a tax specialist the likely tax risks and whether his or her involvement is necessary to support the audit. In some countries, the engagement partner or manager may also be designated as a tax specialist, in which case the involvement of another tax specialist would be unnecessary. [2075.4.7] The factors to consider in deciding whether to include a KPMG valuation specialist as part of the engagement team include: [2075.4.11] the materiality of the estimate the nature and complexity of the estimate and the risk of significant misstatement for the related audit objective whether the client has developed the estimate internally as opposed to engaging the services of an independent third party, and whether the audit engagement team possesses sufficient skills to review fair value measurements provided by the client.

Valuation specialist

Additional guidance regarding certain accounts subject to valuation is available in the Other Topics chapter. Forensics specialist The engagement partner, risk management partner, and engagement quality control reviewer may consult with a forensic specialist when addressing difficult matters and risk management considerations including: [2075.6] client/engagement acceptance and continuance procedures evaluation of possible fraud risks evaluation of the entity's controls to prevent, deter, or detect fraud design of our audit response to identified fraud risks, and evaluation of the results of our audit response to identified fraud risks.

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG engagement partner's judgment, the circumstances of the engagement, and the risks International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. to be addressed in the audit. [2075.7]

The nature and extent of forensic specialist involvement will vary based on the

Other KPMG specialists

There may be a number of other KPMG specialists available. Engagement teams are

Page 8 / 133

design of our audit response to identified fraud risks, and evaluation of the results of our audit response to identified fraud International Audit Workbook (Interntional Audit Workbook) risks.

The nature and extent of forensic specialist involvement will vary based on the engagement partner's judgment, the circumstances of the engagement, and the risks to be addressed in the audit. [2075.7] Other KPMG specialists There may be a number of other KPMG specialists available. Engagement teams are encouraged to review the practice pages available via KWorld to identify the specialists available in their area.

The engagement team may use the Practice Aid - IT Criticality Checklist available on ARO to help determine whether IT is critical to the business. [2075.4.1.3] A forensic specialist may also assist the engagement team in performing fraud related controls evaluation and testing and substantive procedures.

U.S. GAAP/GAAS and IFRS AssignmentsEngagement teams reporting on financial statements or financial information in accordance with U.S. Generally Accepted Accounting Principles /U.S. Generally Accepted Auditing Standards (U.S. GAAP/GAAS assignments) or IFRS assignments refer to the policies and guidance in KAM International as follows: KAM International reference [2075.8] [2075.30] Guidance

U.S. GAAS assignments IFRS assignments

Reviewing PartnersReviewing partners may include the following individuals: Partner Criteria for involvement

Engagement quality control An engagement quality control review is required for: [2076.1.7] reviewer audits of general purpose financial statements of a listed entity audit of general purpose financial statements of a nonlisted entity of significant public interest higher-risk engagements (as designated by the local risk management partner).

IFRS reviewing partner

An IFRS reviewing partner reviews the required documents when the financial statements with which we are associated are prepared in accordance with IFRSs and the entity is a listed entity, an entity of significant public interest, or the engagement is a higher-risk engagement. [2076.3]

A filing review partner performs a filing review with respect to U.S.-SEC registration statements on Forms S-1, S-3, S-4, S-8, F-1, F-2, F-3, F-4, or 20-F; annual reports on Forms 20-F, 40-F, or 10-K; and any other U.S.-SEC filings that include or incorporate by reference an auditor's report issued by a non-U.S. KPMG member firm 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG on the financial statements of a U.S.-SEC registrant. Filing reviews of Rule 144A International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. exempt offering documents, for securities that include registration rights, are also performed, because of the expectation of a subsequent U.S.-SEC filing. [2078.1]Page 9 / 133

Filing review partner

A filing review partner also performs a filing review with respect to other U.S.-SEC

is a higher-risk engagement. [2076.3] Filing review partner A filing review partner performs a(Interntional Auditwith respect to U.S.-SEC registration International Audit Workbook filing review Workbook) statements on Forms S-1, S-3, S-4, S-8, F-1, F-2, F-3, F-4, or 20-F; annual reports on Forms 20-F, 40-F, or 10-K; and any other U.S.-SEC filings that include or incorporate by reference an auditor's report issued by a non-U.S. KPMG member firm on the financial statements of a U.S.-SEC registrant. Filing reviews of Rule 144A exempt offering documents, for securities that include registration rights, are also performed, because of the expectation of a subsequent U.S.-SEC filing. [2078.1] A filing review partner also performs a filing review with respect to other U.S.-SEC filings that contain, or incorporate by reference, an auditor's report issued by a nonU.S. KPMG member firm on financial statements other than those of the SEC registrant (e.g., financial statements presented pursuant to Rule 3-05 and Rule 3-09 of Regulation S-X). [2078.2] Designated review partner (for reports filed with certain foreign regulatory authorities) A designated partner ("designated review partner") reviews the required documents when the financial statements with which we are associated, or our report, are included in a document that is to be filed with certain foreign regulatory authorities, or in a document offering securities in the United States that are exempt from registration requirements of the U.S. Securities Act of 1933 based on Rule 144A. [2077.1]

2.1.5 Use of a Service Organization by the EntityWhen an entity uses a service organization, transactions that affect the entity's financial statements are subjected to policies and procedures that are, at least in some part, physically and operationally separate from the entity. [2113.3] We consider how the entity's use of a service organization affects the entity's internal control so as to identify and assess the risk of material misstatement and to design and perform further audit procedures. [2113.1] A client may use a service organization such as one that executes transactions and maintains related accountability or records transactions and processes related data (e.g., a computer information systems service organization). [9237] Our approach to considering the effect of the entity's use of a service entity and our documentation of such consists of the following: Applicability Where the entity uses a service organization Procedure When obtaining our understanding, we determine the significance of service organization activities to the entity and the relevance to the audit. [2115] We consider the following: the nature of the services provided by the service organization and significance of those services to the user entity, including the user entity's internal control the nature and materiality of the transactions processed or accounts affected by the service organization and the degree of interaction between the activities of the service organization and those of the user entity, and the nature of the relationship between the user entity and the service organization, including the contractual terms for the relevant activities undertaken by the service organization.

The understanding obtained may lead us to decide that the assessment of the risk of significant misstatement (RoSM = inherent risk of error + control risk) will not be affected by controls at the service organization. If this is the case, further 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG consideration is unnecessary. [2123.2]International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

When we determine that If we conclude that the activities of the service organization are significant to the the activities of the service entity and relevant to the audit, we obtain a sufficient understanding of the service organization are significant organization, including its internal control, to identify and assess the risks of material

Page 10 / 133

service organization, including the contractual terms for the relevant activities undertaken by the service organization. The understanding obtained may lead us to Audit Workbook) assessment of the risk of International Audit Workbook (Interntional decide that the significant misstatement (RoSM = inherent risk of error + control risk) will not be affected by controls at the service organization. If this is the case, further consideration is unnecessary. [2123.2] When we determine that the activities of the service organization are significant to the entity and relevant to the audit If we conclude that the activities of the service organization are significant to the entity and relevant to the audit, we obtain a sufficient understanding of the service organization, including its internal control, to identify and assess the risks of material misstatement and design further audit procedures in response to the assessed risks. [2116] To obtain this understanding we may: read the third-party report of the service organization auditor perform the appropriate procedures ourselves, or request the service organization to have its auditor perform the appropriate risk assessment procedures.

We may use either a Type A or Type B report to obtain an understanding of the internal control. [2137.1] When we take a controls approach We obtain audit evidence about the operating effectiveness of controls when our risk assessment includes an expectation of the operating effectiveness of the service organization's controls or when substantive procedures alone do not provide sufficient appropriate audit evidence at the assertion level. We may also conclude that it would be efficient to obtain audit evidence from tests of controls. [2132.1] Audit evidence about the operating effectiveness of controls may be obtained by: [2133] obtaining a Type B service organization auditor's report performing tests of the entity's controls over the activities of the service organization, and For example, we may test the entity's independent reperformance of selected items processed by the service organization or test the entity's reconciliation of output reports to source documents. visiting the service organization and performing tests of the service organization's controls ourselves.

If we plan to use Type B reports, we consider whether: [2139.2] the controls tested are relevant to the entity's classes of transactions, account balances derived from estimates, other account balances and disclosures, and related assertions and our audit objectives the tests of control performed by the service organization auditor are adequate, and the results of the tests of control performed by the service organization auditor are adequate for our audit purposes.

!

Service organization auditor's reports will usually be in one of the following formats: [2137.1] Type A: report on the design and implementation of internal control, or Type B: report on the design, implementation, and operating effectiveness of internal control.

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG We use Type A reports to obtain an understanding of the internal control. [2139.1] International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

We use Type B reports to obtain audit evidence about the operating effectiveness of controls. [2139.1.1]

Page 11 / 133

!

Service organization auditor's reports will usually be in one of the following formats: [2137.1] Type A: report on the design and implementation of internal control, orInternational Audit Workbook (Interntional Audit Workbook)

Type B: report on the design, implementation, and operating effectiveness of internal control.

We use Type A reports to obtain an understanding of the internal control. [2139.1] We use Type B reports to obtain audit evidence about the operating effectiveness of controls. [2139.1.1]

2.1.6 External ExpertsAn external expert is a person or firm, not employed by KPMG, possessing special skills, knowledge, and experience in a particular field other than auditing and accounting. An external expert may be contracted by KPMG directly, contracted by management of the entity under audit, or employed by that entity. [2142], [2142.1] External experts may include property appraisers, environmental engineers, lawyers, etc. The engagement partner and manager are responsible for determining whether an external expert is involved in the audit. To determine the need to use the work of an external expert, we consider: [2155] our knowledge and previous experience of the matter being considered the risk of material misstatement based on the nature, complexity, and materiality of the matter being considered the significance of the audit objective, transactions, and related account balance being examined in relation to the financial statements as a whole whether the matter relates to an audit objective associated with a significant risk the quantity and quality of other audit evidence obtained related to the audit objective, transactions, and related account balance being examined, and the complexity or subjectivity of the audit objective. It is important to document and agree upon the work to be performed by external experts and their reporting requirements.

!Applicability

If we have determined that there is a need and plan to use the work of an external expert in an audit engagement, we: Procedure/Considerations Consider whether the external expert: has professional certification or licensing by, or membership in, an appropriate professional body, and has experience and reputation in the field for which we are seeking audit evidence.

Evaluate the professional competence of the expert

Evaluate the objectivity of the expert

The risk that an external expert's objectivity will be impaired increases when the external expert is: employed by the entity, or related in some manner to the entity.

Obtain sufficient Review the instructions from the entity to the external expert or discussion with the appropriate audit evidence external expert, regarding matters such as: that the scope of the 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG the objectives and scope of the external expert's work International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis expert's work is adequate thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. for purposes of the audit, the specific matters that we expect the external expert's report and to coverPage 12 / 133

Obtain sufficient appropriate audit evidence that the scope of the expert's work is adequate for purposes of the audit, and

employed by the entity, or related in some manner to the entity.International Audit Workbook (Interntional Audit Workbook)

Review the instructions from the entity to the external expert or discussion with the external expert, regarding matters such as: the objectives and scope of the external expert's work the specific matters that we expect the external expert's report to cover the intended use of the external expert's work the extent of the external expert's access to the appropriate records and files clarification of the external expert's relationship with the entity confidentiality of the entity's information, and information regarding the assumption and methods intended to be used by the external expert and their consistency with those used in prior periods.

Evaluate the Consider: appropriateness of the the source data used by the external expert expert's work as audit evidence regarding the the assumptions and methods used and their consistency with assertion being considered the prior period, and the results of the external expert's work, in light of our overall knowledge of the business obtained in performing the audit.

The external expert is responsible for the reasonableness and appropriateness of the assumptions and methods used, together with their application. [2171] KPMG specialists may assist the engagement team to evaluate the work of an external expert. If the results of the expert's work do not provide sufficient appropriate audit evidence or if the results are not consistent with other audit evidence, we should resolve the matter by: [2174]/[2175] discussing the external expert's results with management and the external expert performing additional audit procedures, and/or considering engaging or asking management to engage another external expert.

We document our evaluation of the professional competence and objectivity of the expert and the adequacy of the expert's work for the purpose of the audit in the Evaluation of External Experts working paper. [2175.3]

2.1.7 Internal AuditWith respect to the internal audit function, the level of work that we perform depends on the particular circumstances of the audit, as follows: Applicability Where the entity has an internal audit function Procedure/Consideration To the extent that the internal audit function operates as part of management's control system, we obtain a sufficient understanding of internal audit activities to identify and assess the risks of material misstatement of the financial statements and to design and perform further audit procedures. audit function and the scope of their responsibilities.

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis As part of our understanding, we consider the organizational status of the internal thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

We document our understanding of internal audit activities in the Entity Level Controls

Page 13 / 133

Where the entity has an internal audit function

To the extent that the internal audit function operates as part of management's control system, we obtainWorkbook (Interntional Audit Workbook) International Audit a sufficient understanding of internal audit activities to identify and assess the risks of material misstatement of the financial statements and to design and perform further audit procedures. As part of our understanding, we consider the organizational status of the internal audit function and the scope of their responsibilities. We document our understanding of internal audit activities in the Entity Level Controls Program.

When we intend to use the Make an assessment of the internal audit function by obtaining information about work of the internal audit matters such as: function, including direct the nature and extent of their assignments assistance provided by the internal audit function whether management acts on their reports and recommendations and how this is evidenced the technical competence of the internal audit function the due professional care, especially whether their work is adequately planned, supervised, and reviewed, and the objectivity of internal auditing.

When we conclude that internal audit activities are not relevant to our work or that it would not be effective to consider their work further, we need not give further consideration to internal auditing. When we use the specific work of the internal audit function Evaluate whether: the work is performed by those with adequate technical training and proficiency the work of internal auditing is properly supervised, reviewed, and documented sufficient appropriate audit evidence is obtained to be able to draw a reasonable conclusion conclusions are appropriate in the circumstances and reports are consistent with the results of the work performed, and any exceptions or unusual matters disclosed by internal auditing are properly resolved by management.

In evaluating the work of the internal audit function, we may observe the procedures performed by internal audit, inquire of the internal audit function about the nature of its work, reperform some of the work performed by the internal audit function, perform different audit procedures, or examine internal audit working papers. When we request direct assistance from the internal audit function Inform internal audit of their responsibilities, the objectives of the procedures they are to perform, and matters that may affect the nature, timing, and extent of audit procedures. We also supervise their work and review the working papers that the internal audit function prepares on our behalf. We consider whether the work was adequately performed and evaluate whether the results are consistent with the conclusions in our audit report.

2.2. Client and Engagement Acceptance and ContinuanceClient and engagement acceptance and continuance policies, other requirements, and guidance are set out in the Risk Management Manual - Global in chapters 20 and 21, briefly discussed in KAM International, and are defined more specifically by each KPMG member firm in compliance with the Risk Management Manual - Global.

2.3 Setting the Terms of the Audit

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.Page 14 / 133

KPMG and the client should agree on the terms of the engagement, which are set out in an engagement letter.

2.2. Client and Engagement Acceptance and ContinuanceClient and engagement acceptance and continuance policies, other requirements, and guidance are set out in the Risk International Audit Workbook (Interntional Audit Workbook) Management Manual - Global in chapters 20 and 21, briefly discussed in KAM International, and are defined more specifically by each KPMG member firm in compliance with the Risk Management Manual - Global.

2.3 Setting the Terms of the AuditKPMG and the client should agree on the terms of the engagement, which are set out in an engagement letter. Policies and guidance on engagement letters are set out in KAM International and in chapter 21 of the Risk Management Manual - Global.

2.4 Audit DocumentationThis section addresses: definition of audit documentation criteria for selecting the appropriate audit workflow documenting the nature, timing, and extent of the audit procedures performed documenting significant findings or issues arising during the audit and the conclusions reached thereon audit file assembly working paper retention

2.4.1 Definition of Audit DocumentationAudit documentation is the record of audit procedures performed (including Planning), relevant audit evidence obtained, and conclusions reached. In the KPMG audit, terms such as "Global Work Papers," "working papers," or "work papers" are used when referring to audit documentation.

Audit documentation may include e-mail where correspondence is related to "significant matters."

Working papers or audit documentation may be recorded on paper or on electronic or other media. [2553] Examples of working papers include, among other things, standard KPMG working paper templates, copies of client prepared documents or schedules, transcripts, analyses, letters of confirmation and representation, notes and other memoranda (including computer files), internal KPMG memos and external correspondence with the client and relevant third parties (including e-mail) concerning significant matters, and final deliverables prepared and accumulated in connection with an audit. Our working papers may also include abstracts or copies of the entity's records if considered appropriate. [2553] For example, we include significant and specific contracts and agreements as part of the working papers if considered appropriate. Audit documentation ordinarily excludes the following: superseded drafts of working papers and financial statements notes that reflect incomplete or preliminary thinking previous copies of documents corrected for typographical or other errors duplicates.

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis Draft working papers or other documents are discarded when the working paper or other document is finalized (except thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

when the local firm's document retention policy provides otherwise), or when a decision is made not to proceed. [2564.0.1]

Page We do not retain documentation that is incorrect or superseded (except pursuant to the local firm's document retention 15 / 133

superseded drafts of working papers and financial statements notes that reflect incomplete or preliminary thinkingInternational Audit Workbook (Interntional Audit Workbook) previous copies of documents corrected for typographical or other errors

duplicates.

Draft working papers or other documents are discarded when the working paper or other document is finalized (except when the local firm's document retention policy provides otherwise), or when a decision is made not to proceed. [2564.0.1] We do not retain documentation that is incorrect or superseded (except pursuant to the local firm's document retention policy). [2565.8] Work papers stand on their own. Although oral explanations may be used to explain or clarify information contained in the working papers, they do not represent adequate support for the work we performed or conclusions reached. [2565.1]

!

We should prepare the audit documentation so as to enable an experienced auditor, having no previous connection with the audit, to understand: [2561] the nature, timing, and extent of the audit procedures performed to comply with ISAs and applicable legal and regulatory requirements the results of the audit procedures and the audit evidence obtained, and significant matters arising during the audit and the conclusions reached thereon.

Audit documentation is prepared on a timely basis and provides a sufficient and appropriate record of the basis for our report.

2.4.2 Criteria for Selecting the Appropriate Audit WorkflowWe complete different sets of working papers depending upon which audit workflow is used for the engagement, as follows: Workflow FSA Applicability The FSA Global Work Papers (GWPs) may be used for audits that do not issue an auditor report that refers to the Public Company Accounting Oversight Board (PCAOB) standards and in the judgment of the engagement partner application of the Small Entity (SE), Very Small Entity (VSE), or Less Complex Entity (LCE) audit workflow is not suitable. The determination of whether to use the SE or VSE, GWPs or the LCE workflow is based on the judgment of the engagement partner that, in addition to meeting the qualitative and quantitative criteria set forth in KAM International, the GWPs/workflow are appropriate (1) to address engagement risk and "audit risk" (i.e., the interaction of inherent risk, control risk, and detection risk) and (2) to comply with the KPMG Audit Methodology and with local auditing standards and requirements. It may not be appropriate for the following entities to utilize the SE GWPs: entities with a high degree of outside ownership in the entity from a nonmanagement/owner perspective public/listed entities and their subsidiaries entities where other significant stakeholders rely on the financial statements as their primary basis for obtaining reliable financial information on the entity entities subject to industry-wide regulations (e.g., financial

SE, VSE, LCE

SE

institutions) 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. entities that have an essential public service responsibility due to the nature of their operations, andPage 16 / 133

higher-risk engagements.

entities where other significant stakeholders rely on the financial statements as their primary basis for obtaining reliable financial International on Workbook informationAuditthe entity(Interntional Audit Workbook) entities subject to industry-wide regulations (e.g., financial institutions) entities that have an essential public service responsibility due to the nature of their operations, and higher-risk engagements.

Additionally, engagement hours are not expected to exceed 1,000 hours. VSE In order to utilize the VSE GWPs, the engagement meets all of the qualitative and quantitative criteria set forth below: the planned hours directly related to completing the audit engagement and issuance of the auditor's report do not exceed 500[[1]] hours if the global Client/Engagement Acceptance/Continuance (CEAC) process is used, the client/engagement is considered a "low" risk client/engagement or, "medium" risk1 with the approval of the risk management partner if another CEAC process is used, the client/engagement is classified in the lowest risk category the entity is not a listed entity whose debt or equity securities are traded in a public market, and the financial statements of the entity will not be included in the regulatory filings of such a listed entity the entity has limited sources of revenue the entity has a limited number of owners, management, and users of the financial statements the entity's principal operations, which may include functions, branches, or subsidiaries, are in a single country or jurisdiction, and a substantive approach will be taken for substantially all significant accounts and disclosures.

Additionally, VSE GWPs may be used for audits of wholly owned subsidiaries (regardless of the number of planned audit hours) where all of the following criteria are met: all of the criteria for use of the VSE GWPs included above are met KPMG is the auditor of the consolidated group accounts the entity is a wholly owned subsidiary of the group, and the audit is being performed for local statutory purposes onlythere is no requirement for any group reporting in order to issue the auditor's report on the consolidated entity.

Additional guidance regarding the use of VSE Global Work Papers is included in the VSE Audit Guidance Document accompanying the VSE Global Work Papers. The VSE Global Work Papers and the related VSE Audit Guidance Document can be accessed from ARO. Other workflows that may Engagement teams that are required to complete the Supplemental U.S. Procedures

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG be applicable Checklist may be required to complete either the Integrated Audit working papers or International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis the FSA Public working papers as noted in that Checklist. [2571.1.2] thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

Integrated Audit working papers

The Integrated Audit working papers are used when we perform an audit in accordance PCAOB Auditing Standard No. 5, "An Audit of Internal Control Over

Page 17 / 133

VSE Audit Guidance Document accompanying the VSE Global Work Papers. The VSE Global Work Papers and the related VSE Audit Guidance Document can be accessed from ARO. International Audit Workbook (Interntional Audit Workbook) Other workflows that may be applicable Engagement teams that are required to complete the Supplemental U.S. Procedures Checklist may be required to complete either the Integrated Audit working papers or the FSA Public working papers as noted in that Checklist. [2571.1.2] The Integrated Audit working papers are used when we perform an audit in accordance PCAOB Auditing Standard No. 5, "An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements." The Integrated Audit working papers that incorporate the provisions of AS 5 are available on ARO and can be dragged and dropped into specific areas of the Vector audit file. Additional guidance on using Vector with the Integrated Audit workflow can be found on the Vector Web site. FSA Public working papers The FSA Public working papers are used for financial statement audits of a public company when an integrated audit is not performed and we issue an auditor's report on the financial statements that refer to PCAOB standards. Engagement teams performing audits of financial statements of foreign private issuers, when an integrated audit is not performed, are not required to, but may use the FSA Public set of working papers. The FSA Public working papers are available on ARO. Additional guidance on using Vector with the FSA Public workflow can be found on the Vector Web site * GWPs or workflow can be used by a participating location in a multilocation audit (including subsidiaries of public/listed entities), if the location meets the criteria for utilizing the GWPs/workflow, unless the originating location specifies in the inter-office instructions that an alternative audit workflow is to be used, for example FSA. An integrated audit is an audit of internal control over financial reporting (ICOFR) performed in conjunction with an audit of the financial statements in accordance with PCAOB Auditing Standard No. 5, "An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of Financial Statements." Guidance regarding integrated audits performed in accordance with the PCAOB Auditing Standard No. 5 is not included in KAM International or in the Audit Workbook. For guidance regarding engagements performed pursuant to this standard, refer to the Integrated Audit Manual and the Integrated Audit working papers available on ARO under the United States country page

Integrated Audit working papers

Criteria for use of LCE working papersThe LCE workflow may be used for audit engagements which meet all of the following criteria: [2574.0.3] not a U.S. SEC registrant or a "substantial role" assignment of a U.S. SEC registrant, and when the entity is part of a group audit, the group auditor has not specified the use of an alternative work flow.

In addition, the engagement partner considers the following qualitative criteria: Qualitative criteria Less complex application of risk assessment procedures KAM requires the performance of risk assessment procedures in order to identify those audit risks at a financial statement and assertion level. In a less complex entity, the extent of risk assessment procedures required is reduced as risks at a financial statement and assertion level are easier to identify than in a more complex entity. The implication of less extensive risk identification procedure is reduced documentation. business from a few process owners rather than a number of process owners and operational staff.

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis We often obtain much of our understanding of the thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.Page 18 / 133

procedures required is reduced as risks at a financial statement and assertion level are easier to identify than in a Workbook (Interntional Audit Workbook) International Audit more complex entity. The implication of less extensive risk identification procedure is reduced documentation. We often obtain much of our understanding of the business from a few process owners rather than a number of process owners and operational staff. The performance of senior and other managerial functions is concentrated in a small number of individuals. The operations of the entity are relatively less complex and there are only a few core business processes within which the entity is involved. The operations of the entity are restricted to a limited number of locations and each of these locations is not of a specialized nature. The entity provides a limited number of products or services The entity usually has less formal objectives and strategies. This is complemented with a less formal budgeting and financial reporting process. Less sophisticated accounting systems, which are not supported by a complex IT environment. Less complex entities generally have fewer employees involved in the accountancy systems and as a result have limited segregation of duties. The owner and/or senior management is actively involved in daily operations of the organization.

Concentration of management functions

Limited sources of income

Less sophisticated record keeping

Unsophisticated entity level controls

There is no maximum audit hour criterion. [2574.0.3.0.1]

!

Audit teams using LCE to perform an audit on a non-complex listed entity complete the Additional procedures when auditing a listed entity using LCEdocument. [2574.0.3.1] Refer to the Less Complex Entities User Guide on the LCE Homepage for additional guidance and information when performing an audit using the LCE workflow. The LCE Homepage is available by selecting Audit Technology from the Global Audit Portal.

Refer to KAM for policies and guidance regarding the receipt of a Preservation Notice where the engagement has been performed using LCE. The following table indicates the working papers to be prepared for each audit workflow: [2566.1] Global Work Papers Audit Workflow FSA SE VSE

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis Audit Checklist Co Sp thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

Audit Program

Sp

Sp

Sp

Page 19 / 133

The following table indicates the working papers to be prepared for each audit workflow: [2566.1] Global WorkInternational Audit Workbook (Interntional Audit Workbook) Audit Workflow Papers FSA Audit Checklist Audit Program Audit Program for Specific Topics Completion Document Entity Level Controls Program Evaluation of Design and Implementation and Test of Operating Effectiveness Template (if applicable) Evaluation of External Experts (if applicable) Evaluation of Internal Audit Function (if applicable) Evaluation of Service Organization Function (if applicable) Financial Reporting Audit Program IDEACAATs Document (if applicable) Instructions for Inventory Count Attendance (if applicable) IT General Controls Program (if applicable) KPMG Monetary Unit Sampling Document (if applicable) KPMG Sampling Plan (if applicable) Planning Document Substantive Analytical Procedures Template (if applicable) Summary of Audit Differences and related Summary of Audit Differences Template Test of Details Document (if applicable) Planning and Completion Document Interim Review Checklist (if applicable) Interim Review Program (if applicable) Summary of Review Differences and related Summary of Review Differences Template (if applicable) Co Common version of Global Work Paper is used for these workflows. Sp Global Work Paper specific to the audit workflow is used. N/R Global Work Paper is not required for this workflow.2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis Completion of the applicable KPMG audit documentation, which includes Global Work Papers and electronic work flows, is thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. required for all audit engagements. [2569]Page 20 / 133

SE VSE Sp Sp Sp

Co Sp Sp Sp SP Co

Sp N/R Sp N/R N/R N/R

Co Co Co Co Co Co Sp Co Co Sp Co Co SP N/R N/R N/R N/R

Co N/A Co Co Co N/A Sp N/R N/R N/R

Co Common version of Global Work Paper is used for these workflows.International Audit Workbook (Interntional Audit Workbook) Sp Global Work Paper specific to the audit workflow is used.

N/R Global Work Paper is not required for this workflow. Completion of the applicable KPMG audit documentation, which includes Global Work Papers and electronic work flows, is required for all audit engagements. [2569] The documentation for an SE and VSE engagement must comply with all policies and guidance contained in KAM International that are applicable to the engagement. However, the extent of documentation is scaled to the size and complexity of the particular engagement.

2.4.3 Documenting the Nature, Timing, and Extent of the Audit Procedures PerformedIn documenting the nature, timing, and extent of audit procedures performed, we should record: [2565.9.3] Preparer and reviewer The preparer(s) and reviewer(s) of each working paper signs or initials and dates each working paper. [2565.9.4] A preparer's and/or reviewer's printed name and date on a working paper also may constitute evidence of signature. [2565.9.6] Multipage working papers The preparer may indicate evidence of preparation of the working paper on the first page only, where it has been prepared by one person. [2565.9.6.1] A reviewer may indicate evidence of review on the first page of a multiple page working paper and, if the reviewer has not reviewed the entire document, the sections reviewed. [2565.9.7.1] Final version For Global Work Papers that are prepared throughout the audit, we document evidence of review on the final version. [2565.9.8] The date audit work was completed, and the date and extent of review We record the date the working paper was completed on each working paper. [2565.9.5] Working paper dating by preparers and reviewers follows a convention that includes the day, month, and year. [2565.9.4] Where documents are faxed or e-mailed to a reviewer and the review is evidenced on a returned faxed document or in a reply e-mail, the reviewer initials and includes the date of review on the original working papers by the audit file assembly date. [2565.9.10] Identifying characteristics of the specific items or matters being tested Identifying characteristics of the specific items or matters being tested will vary with the nature of the audit procedure and the item or matter being tested. [2565.4] For example, for: a test of purchase orders; we may record the dates and unique purchase order numbers of the documents selected for testing selection or review of all items over a specific amount from a given population; we may record the scope of the procedure and identify the population (for example, all journal entries over a specified amount from the journal register)

systematic sampling from a population of documents; we may record the source, the starting point, and the sampling interval 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG of the documents selected (for example, a systematic sample of International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. period shipping reports selected from the shipping log for the from 1 April to 30 September, starting with report number Page 21 / 133 12345 and selecting every 125th report)

selection or review of all items over a specific amount from a given population; we may record the scope of the procedure and identify the population (for example, all journal entries over aInternational Audit Workbook (Interntional Audit Workbook) specified amount from the journal register) systematic sampling from a population of documents; we may record the source, the starting point, and the sampling interval of the documents selected (for example, a systematic sample of shipping reports selected from the shipping log for the period from 1 April to 30 September, starting with report number 12345 and selecting every 125th report) inquiries; we may record the dates of the inquiries and the names and job designations of the entity personnel observations; we may record the process or subject matter being observed, the relevant individuals, their respective responsibilities, and where and when the observation was carried out.

!

When using the Monetary Unit Sampling (MUS) routine in IDEA, the MUS planning, extraction, and evaluation report contains sufficient detail to be able to reproduce the sample from the sample file.

2.4.4 Documenting Significant Findings or Issues Arising During the Audit and the Conclusions Reached ThereonDiscussions of significant findings or issues When we discuss significant findings or issues with management and others (i.e., those charged with governance, other personnel within the entity, and external parties, such as persons providing professional advice to the entity), we document on a timely basis the discussions in our working papers. We provide appropriate references to the working papers where the discussions are documented, in the Completion Document. [2565.6] The documentation includes: [6313.7] the significant findings or issues discussed when and with whom the discussions took place.

We may include other appropriate records such as agreed minutes of discussions prepared by the entity's personnel. [6313.8] Significant findings and issues are those documented in the Completion Document. Contradicting or inconsistent information We document the information that contradicts or is inconsistent with our final conclusions regarding a significant finding or issue together with our response in the Completion Document. [2565.7.1] For example, our working papers may include procedures performed in response to the information, documentation of consultations on, or resolution of, differences in professional judgment among members of the engagement team or between the engagement team and others consulted. Departures from bold type paragraphs In exceptional circumstances, we may judge it necessary to depart from a bold type paragraph that is relevant in the circumstances of the audit, in order to achieve more effectively the objective of the engagement. [1005]/[1007.1]

We document how the alternative audit procedures performed were sufficient and appropriate to replace that bold type paragraph and achieve the objective of the audit, and, unless otherwise clear, the reasons for the departure, in the Completion 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG Document. In these exceptional circumstances, provided the departure is International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis appropriately documented, we are not precluded from representing compliance with thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. ISAs. [1007.1]Page 22 / 133

Documentation is not required where the bold type paragraph is not relevant in the

Departures from bold type paragraphs

In exceptional circumstances, we may judge it necessary to depart from a bold type paragraph that is relevant in the circumstances of the audit, in order to achieve more effectively the objective of the engagement. [1005]/[1007.1]International Audit Workbook (Interntional Audit Workbook)

We document how the alternative audit procedures performed were sufficient and appropriate to replace that bold type paragraph and achieve the objective of the audit, and, unless otherwise clear, the reasons for the departure, in the Completion Document. In these exceptional circumstances, provided the departure is appropriately documented, we are not precluded from representing compliance with ISAs. [1007.1] Documentation is not required where the bold type paragraph is not relevant in the circumstances of the audit or an ISA includes conditional requirements and the specified conditions do not exist. [1007.2]

!

We consult with the risk management partner when we judge it necessary to depart from a bold type paragraph that is relevant in the circumstances of the audit. [1007.1]

2.4.5 Audit File AssemblyWhen undertaking an audit under ISAs, the audit file assembly date is the date by which an engagement team assembles a complete and final set of working papers for retention. The date is ordinarily not more than 60 calendar days from the date of the auditor's report. [9031.1] The date of the auditor's report is the date selected by us to date our report on the financial statements. Our report is not dated earlier than the date on which we have obtained sufficient appropriate audit evidence on which to base the opinion on the financial statements. [9067.2] Where we issue two or more different reports in respect of the same subject matter information of an entity (e.g., we issue an auditor's report on a component's financial information for group consolidation purposes and, at a subsequent date, an auditor's report on the same financial information for statutory purposes), the time limits for the assembly of final engagement files address each report as if it were for a separate engagement. In such an instance, we assemble the audit file necessary to support the report on a component's financial information for group consolidation purposes based on the date of the group auditor's report on the consolidated financial statements. We complete the assembly of the audit file necessary to support our statutory audit report based on the date of our statutory audit report. [2621.7] [2621.7.1] Where both reports are supported by the same working papers, one of the two audit files may contain cross references to the audit working papers in the other audit file, provided each audit working paper is dated so that it is clear from the working paper when the audit evidence was documented and reviewed. [2621.7.2] The auditor's report date and the audit file assembly date are documented in the Audit Checklist. The process of assembling the final audit file and modifying working papers are illustrated below. [2620.1]

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.Page 23 / 133

International Audit Workbook (Interntional Audit Workbook)

Changes that are administrative in nature (refer to the green box above) may be made to the audit documentation during the final assembly process. [2621.9] For example, changes that are administrative in nature include: deleting or discarding superseded documentation sorting, collating, and cross-referencing working papers signing off on checklists relating to the file assembly process documenting audit evidence that we have obtained, discussed, and agreed with the relevant members of the audit team before the date of the report.

Modifications to audit working papers for exceptional circumstances that arose after the date of the auditor's report (refer to the grey box above) and that required us to perform new or additional procedures or that led us to reach new conclusions and those made after the audit file assembly date (refer to the blue box above), are documented in the Audit Checklist, Appendix I, Audit Working Paper Modification Template. Subject to relevant laws, regulations, professional standards, and KPMG policies, modifications to audit working papers after the audit file assembly date may include: [2620] comments added to clarify existing working papers preparation of additional working papers to more fully document work performed during the engagement deletion of extraneous comments or review notes included in the working papers deletion of a working paper that has been superseded or no longer serves a useful purpose, and/or modifications of comments included in the working papers. The engagement partner notifies the engagement quality control reviewer, when the engagement requires an engagement quality control review, of changes related to audit objectives associated with a significant risk when exceptional circumstances arise after the date of our report that require us to perform new or additional audit procedures or that lead us to reach new conclusions, and substantive modifications are made to working papers. [2623]

!

2.4.5S Consideration of omitted documentation and other procedures identified after 2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG the date of auditor's report

The engagement team does not have a responsibility to carry out a retrospective review of its work after the date of the auditor's report. However the auditor's report and working papers relating to a particular engagement may be subjected to / 133 Page 24 review after the date of the auditor's report in connection with the firm's quality performance program or inspection carried

International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

!

objectives associated with a significant risk when exceptional circumstances arise after the date of our report that require us to perform new or additional audit procedures or that lead us to reach new conclusions, and substantive modifications are made to working papers. [2623]International Audit Workbook (Interntional Audit Workbook)

2.4.5S Consideration of omitted documentation and other procedures identified after the date of auditor's reportThe engagement team does not have a responsibility to carry out a retrospective review of its work after the date of the auditor's report. However the auditor's report and working papers relating to a particular engagement may be subjected to review after the date of the auditor's report in connection with the firm's quality performance program or inspection carried out by a regulatory authority. [2625.12] Accordingly, after the date of the auditor's report, even though there may be no indication that the financial statements are materially misstated, it may be determined that one or more procedures considered necessary at the time of the audit of the financial statements in the circumstances then existing were omitted from the audit. [2625.13] The appropriate course of action may depend on the requirements of local laws or regulations. [2625.16]

!

The engagement partner consults with the local risk management partner to determine an appropriate course of action when an auditing procedure considered necessary at the time of the audit of the financial statements in the circumstances has been omitted, which may include consultation with legal counsel. [2625.17] If we determine and demonstrate that sufficient procedures were performed, sufficient evidence was obtained, and appropriate conclusions were reached, but that the documentation thereof is not adequate, we consider what additional documentation is needed. For further guidance on adding such documentation, see sections titled "After the date of the auditor's report" and "After the audit file assembly date" in the Engagement Management chapter of KAM. [2625.14] If we cannot determine or demonstrate that sufficient procedures were performed, sufficient evidence was obtained, or appropriate conclusions were reached, we apply the following guidance to assess the significance of the omitted procedure, at the time it is identified, to the present ability to support the previously expressed opinion on the financial statements: [2625.15] Circumstance The previously issued audit opinion on the financial statements cannot be supported without performing the omitted procedure and that there are persons currently relying, or likely to rely, on the previously issued auditors report. [2625.20] As a result of the subsequent performance of the omitted procedure or alternative procedures, we become aware that facts regarding the financial statements existed at the date of our report that would affect the report had we been aware of them. [2625.21] Course of Action The engagement team promptly undertakes to perform the omitted procedure or alternative procedures that would provide a satisfactory basis for the opinion. [2625.20]

We: consult with the risk management partner consult with legal counsel follow the guidance in the section titled, "Subsequent events" in the Control Evaluation chapter of KAM. [2625.21]

If we determine that the omitted procedure needs to be performed but we are unable to perform the procedure or alternative procedures. [2625.22]

We consult with OGC to determine an appropriate course of action concerning our responsibilities to the client, regulatory authorities, if any, having jurisdiction over the client, and persons relying, or likely to rely, on our report. [2625.22]

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis 2.4.6 Working Paper Retention thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved.

After the assembly of the final audit file has been completed, we should not delete or discard audit documentation before 25 / 133 Page the end of its retention period. [2625.7]

be performed but we are unable to perform the procedure or alternative procedures. [2625.22]

course of action concerning our responsibilities to the client, regulatory authorities, if any, having jurisdiction over the client, and persons relying, or likely to rely, International Audit Workbook (Interntional Audit Workbook) on our report. [2625.22]

2.4.6 Working Paper RetentionAfter the assembly of the final audit file has been completed, we should not delete or discard audit documentation before the end of its retention period. [2625.7] KPMG member firms' and functions' retention policies are a matter of judgment in light of local laws and regulations, as well as business needs. Consistent with International Standards on Quality Control (ISQC) 1, the retention period for audit engagement documentation is ordinarily no shorter than five years from the date of the auditor's report, or, if later, the date of the group auditor's report. [2695] Additional policies and guidance regarding retention and destruction of working papers are included in sections 25.6 and 25.8 of the Risk Management Manual - Global. [2707] For local requirements, please refer to the local Risk Management Manual. In cases where several KPMG locations are involved, the originating location may request that participating locations follow the retention requirements of the originating location, when those exceed the requirements of the participating location.

!2.5. Review

All working papers are reviewed by another engagement team member more experienced than the preparer. [2575] Working papers prepared by the engagement partner are reviewed by another partner assigned to the engagement, and/or the engagement manager, and/or the engagement quality control reviewer, as appropriate in the engagement circumstances. [2575.1] The purpose of reviewing audit working papers is to reach an affirmative conclusion that the working papers support KPMG's opinion on the financial statements and show that the audit complies with KPMG policies, professional standards, and regulatory and legal requirements. [2582] The engagement partner and an engagement manager review audit documentation relating to the following: audit objectives associated with significant risks (significant inherent risk of error or fraud) audit objectives with RoSM assessed as high, and significant findings and issues.

Such audit documentation includes those related to critical areas of judgment, especially those related to difficult or contentious matters identified during the course of the engagement and other areas the engagement partner considers important. The extent of review of such audit documentation by the engagement partner and manager is a matter of professional judgment determined by the engagement partner. [2576] The engagement partner and manager are responsible for satisfying themselves that the audit documentation meets KPMG standards and the requirements of applicable laws, regulations, and professional standards. [2576.1] In addition, the engagement partner and manager review and sign the Planning Document, the Entity Level Controls Program, the Completion Document, the Summary of Audit Differences, and the Audit Checklist. [2580] The reviewer considers whether: [2583] the audit work has been performed in accordance with KPMG policies, professional standards, and regulatory and legal requirements significant matters have been raised for further consideration appropriate consultations have taken place and the resulting conclusions have been documented

2010KPMGInternationalCooperative("KPMGInternational"),aSwissentity.MemberfirmsoftheKPMGnetworkofindependentfirmsareaffiliatedwithKPMG and implemented, and International.KPMGInternationalprovidesnoclientservices.NomemberfirmhasanyauthoritytoobligateorbindKPMGInternationaloranyothermemberfirmvisvis thirdparties,nordoesKPMGInternationalhaveanysuchauthoritytoobligateorbindanymemberfirm.Allrightsreserved. there is no need to revise the nature, timing, and extent of work performed.

The reviewer also considers a variety of other matters, including whether: [2584]

Page 26 / 133

the audit work has been performed in accordance with KPMG policies, professional standards, and regulatory and legal requirementsInternational Audit Workbook (Interntional significant matters have been raised for further consideration Audit Workbook)

appropriate consultations have taken place and the resulting conclusions have been documented and implemented, and there is no need to revise the nature, timing, and extent of work performed.

The reviewer also considers a variety of other matters, including whether: [2584] the engagement team has obtained an appropriate understanding of the business the objectives of the audit procedures are achieved and conclusions expressed are consistent with the results of the audit work performed and support the audit opinion on the financial statements the working papers are relevant to the audit, adequately document the audit evidence obtained, and are internally consistent issues were properly identified during the audit, brought to the attention of the engagement partner, and resolved or reported to management, as appropriate

Points raised during the review of working papers are cleared and, where appropriate, the working papers are revised. Except pursuant to the applicable local firm's retention policies, review notes are not retained after the date of our report. [2589]

2.5.1 Restricting Access to Working PapersAll working papers, reports, and other documents are confidential and the property of KPMG. They are to be protected from loss, unauthorized destruction, or unauthorized access. [2640] The engagement partner and risk management partner are responsible for granting requests from third parties for access to our working papers, including client management. Specific legal advice is requested before the release of any document where a claim or circumstance is known to have arisen. [2648.1] Chapter 25 of the Risk Management Manual - Global provides policies and guidance on working paper storage, security, access, and confidentiality. Chapter 40 of the Risk Management Manual - Global contains IT policy and guidance as they relate to electronic working paper storage, security, access, and confidentiality. [2639.1]

2.6. Communications with Management and Those Charged with GovernanceWe should communicate audit matters of governance interest arising from the audit of financial statements to those charged with governance of an entity. [2841]