The auditor shall include in the audit documentation:

  1. The discussion among the engagement team were required by paragraph 10, and the significant decisions reached;
  2. Key elements of the understanding obtained regarding each of the aspects of the entity and its environment specified in paragraph 11 and of each of the internal control components specified in paragraphs 14– 24; the sources of information from which the understanding was obtained; and the risk assessment procedures performed;
  3. The identified and assessed risks of material misstatement at the financial statement level and at the assertion level as required by paragraph 25; and
  4. The risks identified, and related controls about which the auditor has obtained an understanding, as a result of the requirements in paragraphs 27–30.