What We Actually Do in a Review
When committees ask for “just a review, not a full audit”, they sometimes think a review is a quick look.
It isn’t. Both audits and reviews sit on the same ethical rules, follow similar processes, and require evidence for the numbers in the financial statements. The main difference is the level of assurance and how much detailed testing we perform.
This post explains:
Ethics and independence (the same for audits and reviews)
Professional judgement and scepticism
Engagement and representation letters
Internal controls
A technical comparison: ASRE 2410 s 17 vs ASA 330 s 20
What we actually test in a review, including payments, income and payroll
Ethics and Independence – The Rules Are Exactly the Same
Whether we perform an audit or a review, we must comply with APES 110 – Code of Ethics for Professional Accountants (including Independence Standards).
This includes five fundamental principles:
Integrity
Objectivity
Professional competence and due care
Confidentiality
Professional behaviour
Independence rules apply in full. That means:
No conflicts of interest
No management roles
No financial interests
No inappropriate gifts or influence
Strict limits on non-assurance services
So ethically, audits and reviews are not different at all — they use the same rulebook.
Professional Judgement and Professional Scepticism
Two ideas are essential in both audits and reviews:
Professional judgement – using training and experience to decide what we test, how much testing is needed, and what conclusions we draw.
Professional scepticism – asking questions and not simply accepting explanations.
ASIC’s audit reviews consistently show that a lack of scepticism—alongside ethics breaches—is one of the most common failings across audit firms. Their root-cause reports highlight that auditors sometimes accept information too easily, rely too heavily on management explanations, or fail to follow up unusual items.
Even in a review, we still ask:
Does this make sense?
Why has this number changed?
Where is the evidence?
Good audit and review work always comes back to a questioning mind.
Engagement Letter – Locking In the Scope
Both audits and reviews must have a formal written engagement letter.
For reviews, ASRE 2410 s 12 requires the terms of the review to be recorded in writing and sent to the entity.
For audits, ASA 210 requires a detailed engagement letter setting out responsibilities, scope, standards and ethics.
This protects your committee and makes the rules clear from the start.
Representation Letter – Your Written Confirmation
At the end of an audit or review, the committee signs a representation letter confirming:
All information has been provided
The financial statements are complete
Any frauds, risks or compliance issues have been disclosed
All related-party matters have been declared
This reinforces that the committee owns the financial report, and we provide independent assurance over it.
Internal Controls – Understanding How Your Systems Work
Audits and reviews both require us to understand your systems.
Audits (ASA 315 and ASA 330) require detailed understanding, risk assessment, tests of controls and substantive testing.
Reviews (ASRE 2410) require updated understanding through enquiries and analytical procedures.
A review is lighter, but still anchored in real evidence and analysis.
A Technical Example: ASRE 2410 s 17 vs ASA 330 s 20
A common misunderstanding is that a review does not require evidence for balance-sheet items.
This is incorrect.
Both ASRE 2410 and ASA 330 contain nearly identical wording requiring the auditor to reconcile the financial report back to the underlying accounting records. The only major difference is that ASA 330 also requires examination of material year-end journal entries.
ASRE 2410 – Section 17 (Review)
“The auditor shall obtain evidence that the financial report agrees or reconciles with the underlying accounting records.”
This means:
Every balance-sheet item (cash, debtors, creditors, equipment, provisions, etc.)
Must have supporting evidence — reconciliations, schedules, statements or other documents
Showing that the financial report matches the accounting records
So even in a review, we must confirm the numbers on the balance sheet are real, supported, and tied back to the source records.
ASA 330 – Section 20 (Audit)
ASA 330 s 20 states:
The auditor’s substantive procedures shall include:
(a) agreeing or reconciling information in the financial report with the underlying accounting records…
(b) examining material journal entries and other adjustments made during the course of preparing the financial report.
Breaking this down:
(a) Reconciliation requirement
– Nearly identical to ASRE 2410 s 17
– Requires evidence for all balance-sheet items
(b) Material journal entries
– This is the additional audit requirement
– Auditors must review large, unusual or manual journals
– This addresses risks of error or management override
Side-by-side summary
ASRE 2410 s 17 – Review
- Reconciliation of the financial report to the underlying accounting records.
- Supporting evidence for all balance-sheet items (cash, debtors, creditors, assets, provisions).
- Schedules, statements or reconciliations confirming the numbers.
- Limited assurance conclusion (“nothing has come to our attention…”).
- Examination of material year-end journal entries.
Even in a review, every balance-sheet item must be supported by evidence.
ASA 330 s 20 – Audit
- Reconciliation of the financial report to the underlying accounting records (same as review).
- Supporting evidence for all balance-sheet items.
- Examination of material journal entries and year-end adjustments.
- Substantive testing for every material class of transactions and balances.
- Reasonable assurance conclusion (“in our opinion…”).
- Review of material manual journals to address error and management override risk.
An audit includes everything in a review, plus deeper testing of journals and balances.
What We Actually Do in a Review (In Plain English)
Even though a review is “limited assurance”, we still:
1. Review payments (sample testing)
Check invoices
Check approval in minutes
Check coding and GST
Confirm correct amounts paid
2. Review income (sample testing)
Check grant agreements
Check bank deposits
Check fundraising reconciliations
Check timing of revenue
3. Review payroll
For organisations with staff, we review:
Employment contracts
Pay rates
Timesheets
PAYG and super calculations
Single Touch Payroll
4. Analytical procedures
We compare:
This year vs last year
Ratios (like wages/income)
Major movements in income and expenses
5. Governance evidence
We read minutes to confirm:
Approvals
Budgets
Conflicts of interest
Committee decisions
6. Balance-sheet support
We obtain:
Bank statements
Reconciliations
Asset schedules
Debtor/creditor listings
This is required under ASRE 2410 s 17.
Why Regulators Keep Emphasising Ethics
ASIC’s October 2025 media release highlighted ongoing problems with:
Auditor independence
Ethical compliance
Documentation
Most serious issues in audit and review work come from breaches of ethics, not from maths errors.
Good assurance work starts with independence, scepticism and documentation.
Bringing It All Together
Whether you need an audit or a review, you can expect:
The same ethical rules (APES 110)
A clear written engagement letter
Professional scepticism and judgement
Strong evidence requirements for all balance-sheet items
A structured process and a two-week turnaround once records are complete
If your committee is unsure which one you need, we are happy to help you work through the requirements in plain English.
