The revisions to ISA 315 Identifying and Assessing the Risks of Material Misstatement and ISA (UK) 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements apply soon. Should I consider early adoption?
Both of these revised ISAs are effective for periods beginning on or after 15 December 2021, so in most cases the changes will apply to December 2022 year ends.
In principle, early adoption is a good idea. In my opinion, the revisions to ISA 315 and ISA (UK) 240 contribute to improved audit quality.
However, many auditors might find early adoption something of a challenge because I know that many firms have not finalised the necessary changes to their audit methodologies/software and rolled out the necessary training to audit teams. Therefore, early adoption might only be possible for those firms that have these in place. Whether you might want to focus resources on accelerating some aspects of your implementation is another matter.
There is one notable situation where I think that early adoption might be useful and particularly worth the effort, and that is first year audits for year ends prior to December 2022.
When audit firms acquire new audits, a great deal of time can be spent in the first year on the initial set up, including understanding the entity and risk assessment. It occurs to me that doing this work and documenting all of it using the firm’s old methodology might be inefficient if a significant change of audit methodology in the next year requires much of it to be done differently.
It would be best to accelerate staff training and use of the revised methodology and working papers/software, so that you can avoid issues of this sort when rolling forward.
Whether or not you decide on early adoption, there are ICAEW resources available to assist.
A recent Audit & Beyond article points you at various articles, webinars and other resources related to ISA 315 and do not forget to read the standard itself – in particular, appendices 5 and 6, which provide helpful guidance on common IT-related risks and relevant controls.
The same can reasonably be said of ISA (UK) 240: don’t overlook the content of the standard as a support tool. The appendices include useful examples of:
- fraud risk factors;
- possible audit procedures to address the assessed risks of material misstatement due to fraud; and
- circumstances that indicate the possibility of fraud.
There is an Audit & Beyond article outlining key changes in ISA (UK) 240 and pointing readers at helpful resources.
At ICAEW’s Financial Reporting, Audit and Assurance Conference in October 2021, a speaker from the Financial Reporting Council (FRC) offered insights on key changes in ISA (UK) 240 and what they are trying to achieve – and it is followed by an interesting live Q&A session. A recording of this session is available.
I note that the FRC is encouraging early adoption of the ISQMs. Is that something that I should be seriously considering?
Not only is the FRC encouraging early adoption, it is ‘strongly’ encouraging it.
The key revised standards are:
- ISQM (UK) 1 Quality management for firms that perform audits or reviews of financial statements, or other assurance or related services engagements; and
- ISQM (UK) 2 Engagement quality reviews.
ISQM (UK) 1 requires the system of quality management to be designed and implemented by 15 December 2022, with an evaluation of this within one year following this date. Like the revised ISA 315 and ISA (UK) 240, I think that the revised ISQMs do offer opportunities for improvements to audit quality. Also, as with revised ISAs 315 and 240, I do not see many firms that are ready right now for early adoption.
The process of designing a system of quality management, under ISQM 1, is not quick and many firms are waiting for further guidance from professional bodies and resources from their service providers, in order to move things forward.
As a consequence, significant early adoption will, in practice, be impossible for many audit firms. However, this does not mean that firms should not be proactive in planning for how they will adopt these standards. There are elements of ISQM 1 that could and maybe should be adopted early.
In particular, I am a big fan of root cause analysis (RCA). I think that it can make a major contribution to improving audit quality where deficiencies are identified. Also, I think that it might take some time for auditors to become good at RCA, so starting to trial it as early as possible seems like a sensible idea to me.
Once you get started, some parts of the process may even seem strangely familiar because trying to find the cause of a deficiency and then taking action to try to prevent reoccurrence is not exactly a new experience for auditors – even if it was not called RCA.
There are, however, a lot of things to think about when implementing RCA as part of your transition to the new quality management standards. There are various resources available from the faculty to assist firms with this and more resources are on their way. The faculty is making them available, along with other quality management resources, through a special ‘Quality management in audit firms’ hub.
Those who are new to RCA may want to begin their journey with an article that suggests 12 steps to get you started and heading in the right direction
A recent cold file review criticised my audit file for having insufficient audit documentation. Personally, I think that the documentation was adequate for the purposes of the audit team, although I do admit that finding some of it took some searching for on the file. Is it really necessary to start documenting the glaringly obvious and to summarise everything just to make life a bit easier for external reviewers?
In short, my answer is yes! The requirement of audit documentation is to enable a reviewer, with no previous knowledge of the audit, to understand what was done. A file that is difficult to review does nobody any favours. It is important to:
- record what might seem obvious to those who are familiar with the audit, but perhaps might not be to those who do not know it so well;
- be consistent when organising files, to make things easier to find;
- have good cross referencing; and
- where necessary, coherently summarise audit areas that are large and involved.
Remember that file review is the cornerstone of audit quality. Of course, audit files are not just prepared for cold file reviewers and monitoring visits. Senior, manager and partner reviews are essential and if a file is difficult to review these might become inefficient and, even worse, there might be a risk that deficiencies in audit quality remain undetected after the review.
You may want to revisit some of the articles offering practical tips on ways to improve audit files (including the quality of documentation) that have appeared in Audit & Beyond. For example:
- reflecting pandemic circumstances in audit files, which has links to lots of practical guidance
- a series of three articles on improving audit files articles appeared in the June, September and December 2021 edition of Audit & Beyond.
- a series of three articles on improving audit files
- how documentation can improve audit quality, which includes links to other related ICAEW resources
About the author
John Selwood, freelance lecturer and writer
Audit & Beyond
This article was first featured in the May 2022 edition of Audit & Beyond.