ICAEW’s latest Audit Monitoring Report shows that 95% of non-Public Interest Entity audits reviewed at the largest seven firms in 2022/23 were rated as ‘good’ or ‘generally acceptable’.
“This is the best set of results we have seen for these firms and highlights the investments they have made,” says Rama Krishnan, Chair of ICAEW’s Audit Registration Committee.
There was, however, a slight dip in the quality of audits reviewed in 2022/23 across all firms, with 71% of audits being rated ‘good’ or ‘generally acceptable’, compared to 76% in 2021/22.
“We can’t say at this stage whether this year’s drop in average audit quality indicates a longer-term concern,” emphasises Trevor Smith, Quality Assurance Department (QAD) Director at ICAEW. This is because ICAEW is required to review all audit-registered firms at least once every six years, although it reviews the largest firms annually. So, more than 95% of firms reviewed this year are different to those reviewed the previous year.
“Trying to do any year-on-year comparisons is therefore incredibly difficult,” explains Duncan Wiggetts, ICAEW’s Chief Officer for Professional Standards. “We can only really understand whether there’s improvement when we review these same firms in six years’ time. However, with respect to the largest firms we review every year, it’s possible to make a legitimate comparison, and that’s where we’re clearly seeing an improvement.”
Build on ISQM1
To help firms avoid the shortcomings revealed in this year’s cohort of firms, the monitoring report sets out the key drivers behind those audits requiring ‘improvement’ or ‘significant’ improvement.
“If you look back over previous monitoring reports,” says Trevor, “you’ll see similar sorts of issues coming up year after year because they’re the most challenging areas to audit: group accounts and related audit work, stock and long-term contracts, valuations, and revenue.”
In this year’s report, Trevor discusses the key issues identified in each of these areas and offers tips on things to consider and how to avoid the pitfalls. (See p 8.) He also provides a list of questions firms should be asking themselves. (See p 14.)
More broadly, and to drive improvement across all areas of audit, he urges firms to build on their implementation of the International Standard on Quality Management 1 (ISQM1).
“Our audit-regulated firms have already put a lot of resources into ISQM1,” he explains. “It’s meant them going back to basics and saying: what are our risks against our quality objectives, how do we address those risks in our policies and procedures, and then, how do we monitor these and address any problems?”
“Firms now have a great opportunity to use all the work they’ve done to move forward,” he says. “And the most successful firms will be those that continue to challenge themselves each year, asking: have we got the right processes in place, do we need to change anything, are we undertaking the most effective monitoring and remediation activities, including for example, internal or external cold file reviews, what do the findings of our root cause analysis tell us, and are there any other checks and balances we need?”
“You’ve embedded a better system by which you can self-monitor and improve,” he urges. “So don't waste it. Even if you're a small firm with a few audits, there's still usually plenty for you to learn and move forward with.”
Don’t dabble in audit
“We know that audit isn't easy,” emphasises Trevor. “It isn't something you can do as an aside. And the findings from our monitoring reports, the cases ICAEW investigates, and developments in the wider market, all reinforce that you can't dabble in audit.”
“It's perfectly fine to just carry out a small number of audits,” he clarifies. “But you've got to do them well. You've got to be committed, and that includes everything that goes with that: robust quality management procedures, effective training, and good staff support.”
Duncan adds: “We’re seeing too many audit investigation reports where the firm took on too much and was too stretched resource-wise, to the extent that some parts of the audit have just been ticked off as being done because a manager is under pressure.”
“We urge firms taking on new audits to make sure they audit themselves first, so they know they’ve got the right level of resource to add that audit to what they're already doing, and they’ve got the right expertise to deal with the specific issues and risks associated with that audit.”
As a regulator, ICAEW is always seeking new ways to prevent problems arising and spot potential risks. To help with this, it now has an audit risk officer who focuses on proactively identifying and monitoring audit risks as they occur within ICAEW audit-registered firms.
Part of the audit risk officer’s role is to look out for unusual movements of audits and contact the firm taking on the audit to discuss what procedures it has in place to mitigate any quality risks.
“If you’re contacted, you need to be able to show you’ve considered the risk of a particular audit and provide assurances that you understand the risks and have robust plans and procedures to deal with them,” says Duncan.
Improving knowledge and skills
One of the key recommendations in the monitoring report is that all audit firms review their training and guidance to ensure partners and staff have the appropriate skills.
There have long been requirements for appropriate continuing professional development (CPD) to be undertaken by responsible individuals and other ICAEW members involved in an audit, but the changes in ICAEW’s recently updated CPD regime should also, over time, further support ongoing education and skills development in audit.
“As an example, the revised CPD framework will allow us to better understand what sort of training, education and other information people are tapping into,” says Duncan. “And that will help us to devise appropriate future educational material.”
“Because we will have more information, we can see the sources people are going to. We can then compare what they're doing in terms of training with any gaps in expertise QAD are identifying during reviews.”
“Within firms’ internal processes and ISQM1, they should be monitoring the effectiveness of CPD and how they translate the training they do into audit practice,” adds Trevor. “So, if you look at it from the ISQM1 perspective, the new CPD regime supports that process too.”
Wider culture
Training and skills development are about more than improving technical knowledge. “If you stand back and look at the big firms, you’ll see they've invested heavily in a whole range of relevant training,” says Trevor. “This includes ethics training, and encouraging professional scepticism and open communication, all of which have an impact on audit quality. It's not only about purely technical training.”
“We’re still finding a lack of professional scepticism in some firms,” notes Duncan. “We’re seeing investigation reports where people have simply taken the word of the client and never gone and gathered independent evidence.”
ICAEW has produced three educational dramas designed to provoke discussion and challenge mindsets about how to deal with complex decisions and how to speak up if you think something isn’t right.
“The two films that cover audit bring out the soft skills required in audit, including professional scepticism and challenging management, and show the consequences when things go wrong,” explains Duncan.
So far, mainly large firms have used the audit films. But ICAEW is encouraging more smaller firms to consider including them in their staff training. “They’re engaging and bring something new to audit training,” says Trevor. “And, with retention of staff an ongoing challenge, engaged staff are more likely to be happy staff who want to stay.”
Future focus
The report concludes with a look ahead to monitoring during 2023/24, flagging new ISAs and sustained attention to quality management, as well as CPD, as the key areas of focus.
Audits in 2023/24 will be the first done using the new fraud and risk assessment ISAs (240 and 315). “Audit never stands still,” says Trevor. “You're always going to have to grapple with new standards and other changes, and ISQM is the bedrock that's going to support you in that.”
“We want you to keep both ISQM1 and CPD in mind, and to keep looking ahead to what's coming along the track,” he adds. “We urge you to use the findings of our audit monitoring report, read Audit News and Regulatory and Conduct News, and see what's going on across the profession.”
“There are plenty of opportunities in the current audit market,” he concludes. “So, whether you’re already doing audits, or taking on new ones, make sure you do them well. Keep up to date, pay attention to quality management principles, assess and mitigate risks, allocate the right resources, support your staff, and use all the information and advice available to you.”