To help our users prepare for their next review - to get the proverbial ducks in a row - I requested the CAANZ NZ auditor oversight team to provide a list of the main issues encountered in their review work with audit firms.
They were kind enough to send me notes from a recent presentation which included these very topics (for all audit firms - not just our users). So here are the main points, along with my commentary and suggestions about how to best use Audit Assistant to address these common problem areas:
1. Audit / review report not compliant with standards
Our standard audit reports are designed for all types of jobs, and different permutations and outcomes, however they are not foolproof. Common mistakes include:
- Using an out of date audit template which includes an out-of-date audit report: With help from Bill Heritage we updated all our reports in 2016 when the reporting standards changed. If users are using an old template our system now prompts for an update with a red flag-box at the top of the page. Updating is easy and users are then assured of the correct audit report.
- Incomplete or incorrect reports: Using the correct report still may not produce a complete report if the wrong boxes have been ticked, or not ticked at all earlier in the job. Read the produced report carefully to make sure it makes sense and all essential parts are included. Use the Customise/Edit button to open up the detail on the page to see if something is missing or wrong and follow the hyper-links back to correct.
- When the standard reports don’t fit: Occasionally there will be some odd situation that we haven’t covered. In these cases use the Customise/Edit button to open and create the custom changes needed. Or use Copy to Clipboard and carry out a final edit in Word.
- Using your own out-of-date reports: To check if your reports are up to date we suggest checking your reports against ours, and use our checklists to find out where your reports are lacking.
And please if you do find an error or omission in our reports - or have a suggestion for improvements - let us know.
2. Not identifying that the financial statements do not comply with the reporting framework
At the beginning of each audit template we ask which reporting framework is being adopted and whether this is appropriate. There is also a testing tool included to make sure the framework actually fits the job. We also provide financial reporting checklists that allow the auditor check the disclosure and presentation in detail for compliance with the chosen framework. If an issue of non-compliance is found we suggest users:
- Note the problem and flag the issue - either as a risk, an adjustment, a management letter point, for follow up, or a key issue for partner attention or combination of the above depending on the kind of non-compliance.
- This will ensure that the point is not overlooked, and an adequate response is made, either by the client rectifying the issue or the appropriate note included and modification added to the audit report.
3. Independence threats (self-review / long association)
Practice review seems to be requesting firms to have peer reviews carried out for jobs where there is a long association. The risk is that familiarity can bring a certain blindness that another auditor may easily spot. This is a particular issue for smaller firms where internal review or rotation of staff and partners is not possible. We suggest:
- Find another local firm of similar size and style and create reciprocal review agreement.
- We have acted as "matchmaker" in one case so far. We are happy to offer this as a free service to our users.
- Use our review service – this also serves as a training exercise in the use of Audit Assistant. While we are not “qualified auditors”, we find that so far our review has fulfilled quality control requirements.
4. Lack of clarity about opinion modifications (e.g. which revenue streams are affected)
When a modification is made to an audit report, there is a prompt to make a paragraph describing the basis of the modification.
- We do not provide any standard wording for this as every situation is likely to be unique so it is up to the auditor to provide a sufficiently precise statement.
- In these cases it may be a good idea to involve a peer reviewer (as above) to ensure that this essential wording is clear.
5. Going concern requirements not met (audit report and financial statements)
Again this is an issue of using the correct audit report, and considering the requirements of the standards.
- Auditors are required to ask whether a preliminary assessment of the entity’s ability to continue as a going concern has been carried out by the client, evaluate that assessment, and if not to discuss with client and record the discussion and evaluate (ISA(NZ)570,10).
- The financial reporting checklists will assist in checking the disclosure requirements of the relevant reporting standards.
6. Staff members completing Audit Assistant with little apparent understanding / No evidence that the engagement partner has taken responsibility for the direction, supervision and performance of the audit
These were two separate items in the notes, but they seem to relate closely. Within Audit Assistant:
- The partner is required to sign off the A1 control page which concludes the whole job. This implies that they have taken responsibility for approval and supervision of the work.
- There are a number of other pages that the partner should either be concluding or reviewing, such as the risk assessment page, the audit summary page, and the quality control page.
- We provide full training for users, so if this is you please contact us and book a training session.
- Download the latest user handbook.
7. Insufficient (or non-existent) audit documentation
Obviously not talking about Audit Assistant users :)
8. Has not demonstrated professional scepticism
The notes point out that there may be no single way in which the auditor’s professional scepticism is documented. It is more an attitude of having a questioning mind, being alert to anything that may indicate misstatement due to error or fraud and critically assessing audit evidence. Nevertheless the audit documentation should provide evidence of the auditor’s exercise of professional scepticism in accordance with the ISAs (NZ), addressing questions such as:
- Has the auditor responded appropriately in circumstances when inconsistent or contradictory audit evidence was obtained?
- Does the documentation indicate alertness to anything that may indicate misstatement due to error or fraud?
- Has the auditor sought evidence to challenge rather than just corroborate management’s assertions?
- If information is inconsistent with the auditor’s final conclusion regarding a significant matter, have they documented how the inconsistency was addressed?
9. Inappropriate sample sizes
As part of the audit documentation, there must be a logical connection made between sample size for test of details with factors such as:
- Assessment of risk.
- Use of other substantive procedures directed at the same assertion.
- Ability to stratify the population.
Thought must be applied to reducing sampling risk to an acceptable level, and the logic of the decision must be documented.
The notes point out that two types of conclusion can result if this connection is not made:
- That a material misstatement does not exist when in fact it does.
- That a material misstatement does exist when in fact it does not.
Within Audit Assistant we prompt for these kinds of discussions as part of our planning and tests of details areas.
We hope this tips give some direction as to where you might consider some internal training or updates to procedures. Please contact us if you have any questions or comments about any of these issues or would like any assistance.