2The Changing Audit Environment The external audit underpins quality and credibility of financial reporting and public confidenceRevolutionary change over the last 20 years in how and when financial information is communicatedGlobal financial crisis has further triggered questionsRelevance of the audit and trust in the audit professionQuality of auditing – effectiveness, professional judgment, professional skepticismIncreased complexity in financial reporting and global business activity has increased users’ need for more information
3Audit quality framework – now and future ISQC1 and the ISAs OverviewAudit quality framework – now and futureISQC1 and the ISAsStructureProportional application, including documentationIAASB update – other projects and plansAudit efficiencyTipsResourcesGiven the context of the changing audit environment, what I’d like to talk about today is [see slide]
4Framework for Audit Quality Key ElementsInputsProcessOutputsInteractionsContextual Factors.
5Framework for Audit Quality - Objectives Raise awareness of the key elements of audit qualityEncourage stakeholders to reflect on ways to improve audit qualityFacilitate greater dialogue between key stakeholders on the topicThe AQ Framework describes the input and output factors that contribute to audit quality at the engagement, audit firm, and national levels, and demonstrates the importance of appropriate interactions among stakeholders and the relevance of various contextual factors.
6Framework for Audit Quality – Acknowledging SME’s InputsAuditor viewed as a valued business and tax advisorSMPs have very direct influence on governance arrangements, consultation, and monitoring activitiesCan you have relatively straightforward quality control policies and proceduresExternal consultation, technical support and using independent staff in quality monitoring processes may be challenging for SMPsA culture of consultation may need to involve external technical resources (e.g., professional accountancy organizations, other firms, or suitably resourced third-party organizations)SMPs with only a small number of audit clients may have difficulties retaining staff with relevant audit knowledge and experience
7Framework for Audit Quality – Acknowledging SME’s OutputsStrong and frequent communications with senior management due to close involvement in the entity’s business and lengthy relationshipsEnhanced opportunity to provide meaningful advice to clientsContextual FactorsBusiness practices and information systems, and applicable financial reporting framework, are sometimes les complexLittle distinction between management and those charged with governance (e.g., an owner-manager will usually fulfil both roles)Audit committees are rare and, when they exist, members are often not independent or financial literateReporting deadlines can be less onerous
8Framework for Audit Quality – Next Steps All stakeholders encouraged to consider how they may use the Framework in reflecting how they may influence improvement in audit qualityActions to raise awareness and promote the use of the Framework and identify future opportunities to enhance audit qualityAudit Quality webpage on the IAASB’s websiteProminence in IAASB outreach and liaison activitiesUse in revising ISQC 1 and ISA 220Future follow-up activities after a period of time to understand how and in what way the Framework is being used
9Audit quality framework – now and future ISQC1 and the ISAs OverviewAudit quality framework – now and futureISQC1 and the ISAsStructureProportional application, including documentationIAASB update – other projects and plansAudit efficiencyTipsResourcesGiven the context of the changing audit environment, what I’d like to talk about today is [see slide]
10Understanding the ISAs – Overall Structure PrefaceScope and AuthorityGlossaryTerms applicable to the standardsISQC1QC for firmsISAs37 in all, 570+ requirements (incl. ISQC1)
11Structure of the ISAsClarity structure in which information is presented in separate sections: Introduction, Objective, Definitions, Requirements and Application and other Explanatory MaterialEmphasis on professional judgment, the standards are principles based which allows practitioners to tailor audit proceduresContain special considerations for smaller entity auditsSome ISAs only apply to larger entity auditsMany requirements may not be relevant to SME audits
12Proportional Application – ISQC 1 ISQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Statements and other Assurance and Related Service EngagementsApplies to firms of all sizes that provide services covered by the IAASB’s International StandardsMust comply with each requirement unless, in the circumstances of the firm, it is not relevant to the services providedContains special considerations for smaller practicesThe form and content of documentation evidencing the operation of each elements of the system of quality control is a matter of judgment and depends on the size, nature and complexity of the firm and number of offices
13Proportional Application – ISA 200 ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on AuditingThe practitioner needs to comply with all ISAs relevant to the audit and with all requirements in ISAs relevant to the auditA complete knowledge of all the standards is essential in order to make a professional judgment as to what to leave outNot all ISAs are relevant to every audit as the standards are designed to cover audits in every situation globally
14Proportional Application – ISA 210 ISA 210 Agreeing Terms of Audit EngagementsParagraph 6, agreeing the terms of engagement with management, and paragraphs 9 and 10, which require you to communicate the terms in writing to management in a letter, will be applicable in every engagementParagraphs 7 and 8 deal with an imposed scope limitation and the situation where the preconditions do not exist. Paragraphs deal with changes to the terms of engagement in mid-audit and paragraphs the situation where laws and regulation supersede the ISAsIt is important to know what the requirements are, but these situations are also likely to be far and few between for SME audits
15Proportional Application – ISA 210 (con’t) ISA 210 Agreeing Terms of Audit Engagements continuedTo summarize, of the 16 requirements in ISA 210, paragraphs 6, 9 and 10 are critical and will apply in every engagement. For SMPs, knowing they have to deal with 3 main requirements out of 16 is a lot less daunting than considering all 16 every time.
16Proportional Application – ISA 315 ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its EnvironmentThe objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.Focus on significant risks – effectiveness and efficiency- Understand the business – important from an engagement risk perspective- Identify significant risks up front and focus audit effort on these
17Proportional Application – ISA 315 (con’t) ISA 315 focus on significant risks – effectiveness and efficiency continuedSubstantive tests are required for each material class of transactions, account balances and disclosures, but tests of details only required for significant risksConsider analytical procedures (follow requirements of ISA 520 Analytical Procedures) for non-significant risk items where appropriateUse professional judgment to determine what substantive tests to use on items not considered significant risksISAs explicitly encourage the auditor to exercise professional judgement in determining the form and extent of documentation – they acknowledge extent may vary depending on the circumstances
18Proportional Application – some ISAs not relevant Examples of some of the ISAs that would not be relevant in an SME audit include:ISA 402 Audit Considerations Relating to an Entity Using a Service Organization if the SME does not use a service organizationISA 510 Initial Audit Engagements – Opening Balances if the SME is a continuing, and not an initial, engagementISA 600, Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) if the SME audit engagement is not a group audit.ISA 610 Using the Work of Internal Auditors if the SME has no internal audit function
19Documentation – ISA 230ISA 230 on documentation is one of the shortest ISAsOnly 9 requirements but another 22 specific requirements in other ISAs listed in the appendixMust be in detail (e.g. specific items sampled) and who did what and when (paragraph 9)Document discussions of significant matters, inconsistencies, and departures from requirements (paragraphs 10-12)Remainder covers matters arising after the audit report is signed, and assembly of the file
20Purposes of Audit Documentation Evidence of the auditor’s basis for a conclusion about the achievement of the overall objectives of the auditor (ISA 200 para 11)“A sufficient and appropriate record of the basis for the auditor’s report” (ISA 230 para 5)Evidence that the audit was planned and performed in accordance with ISAs
21Additional purposes (ISA 230 para 3) Assist in planning/performing the auditAssist the direction, supervision and review of the audit work (ISA 220 para 2)Enabling the engagement team to be accountable for its workRecord matters relevant to future auditsEnabling EQCR/ISQC 1 reviewEnabling external inspections
22‘Sufficient’ audit documentation “Oral explanations by the auditor, on their own, do not represent adequate support for the work the auditor performed or conclusions the auditor reached, but may be used to explain or clarify information contained in the audit documentation” (ISA 230 para A5)If it’s not documented … it wasn’t done!
23Documentation – Regulators’ Observations I Worldwide regulators complain about poor documentationToo much documentation in some established and low risk areas and not enough in other difficult areasPoor evidence of link between risk analysis and procedures performed – problems identified but not addressedNot enough showing the thought processes – but how!?Sample sizes being cut, materiality levels being raised, analytical procedures not being used much – without documentation for the justification of this – big issues
24Documentation – Regulators’ Observations II ISA 200: scepticism is an attitude including a questioning mind, being alert to conditions which may indicate possible misstatement, and a critical assessment of audit evidenceScepticism is not cynicism / distrusting everything: assume documents are genuine unless reason to suspect notScepticism is about challenging assumptions and actively considering the possibility of biasLittle evidence of professional scepticismInsufficient evidence of challenge to client assumptions (e.g., impairments, going concern): often, the challenge took place in meetings but was not documented
25Documentation – Real Problem Excessive documentation for compliance purposes is real problem – keeps auditors from engaging with the clientLargely a product of over-engineered and inefficient audit methodologies – leading to under- or over-auditingPoor documentation by auditors – for exampleKeeping interesting but irrelevant information on the fileFull documents rather than extractsNot making use of facilities for electronic cross-referencingPoor checklists used indiscriminately without thought
26Audit quality framework – now and future ISQC1 and the ISAs OverviewAudit quality framework – now and futureISQC1 and the ISAsStructureProportional application, including documentationIAASB update – other projects and plansAudit efficiencyTipsResourcesGiven the context of the changing audit environment, what I’d like to talk about today is [see slide]
27Projects nearing completion Major changes to the audit report (late 2014)Improved auditor reporting is essential to the continued relevance of – and trust in – the audit profession globallyThe audit opinion is valued, but the auditor’s report could be more informativeUsers, in particular investors, want more relevant and decision-useful information about the entity, the financial statements and the audit thereofRequirements to determining and communicate Key Audit MattersISA 720 (early 2015?)Identify “other information” in the auditor’s reportClarify responsibilitiesAuditing Financial Statement Disclosures (mid 2015?)Changes proposed across a number of ISAsReinforce consistent and proper application of existing requirements
28Proposed Work Program 2015–2016 – Feedback Initially suggested focus on three priority projectsQuality Control (QC); Special Audit Considerations Relating to Financial Institutions; Professional SkepticismClear from responses that the IAASB needs to advance its thinking in certain areas sooner than originally anticipatedPerhaps less important to complete projects on an accelerated basisRespondentsAgreed with project on QC – mixed views on how to addressed issuesAgreed with topic of Professional Skepticism – further consideration as to nature of projectRecognized importance of Financial Institutions, largely supportive, but some caution against developing industry-specific ISAs; rather non- authoritative material?Expressed strong views to bring forward group audits (ISA 600)Encouraged timely work on agreed-upon procedures (ISRS 4400) and risk assessment (ISA 315)
29The IAASB’s Innovation Working Group Explore emerging developments in the audit, assurance and related services fields for the purpose of assisting the IAASB in identifying opportunities for relevant and effective standard setting, or determining other potential actions, in a timely and informed mannerPossible actions may includeInformation gathering – private outreach/ dialogue or academic researchFollow up actions – Thought piece/ awareness (Staff publication/ IAASB Position paper), public outreach or consultation paper or discussionStandard settingAreas of priority include integrated reporting (<IR>) and effects of evolving use of technology on audits (including data analytics)
30Global Adoption of Clarified ISAs Jurisdictions Using Clarified ISAs Already, or Committed to Using Them in the Near Future (103)Asia and Oceania (21): Australia, Bangladesh, China, Hong Kong, India, Indonesia, Japan, Kazakhstan, Kyrgyz Republic, Malaysia, Mongolia, Nepal, New Zealand, Pakistan, Philippines, Singapore, South Korea, Sri Lanka, Thailand, Uzbekistan (listed entities), VietnamAmericas (17): Argentina, Bahamas, Barbados, Brazil, Canada, Cayman Islands, Chile, Costa Rica, El Salvador, Guyana, Jamaica, Mexico, Panama, Puerto Rico (private companies), Trinidad and Tobago, Uruguay, USA (private companies)Europe (39): Albania, Armenia, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France (Experts Comptables), FYR Macedonia, Georgia, Greece, Hungary, Iceland, Ireland, Italy, Kosovo, Latvia, Lithuania, Luxembourg, Malta, Moldova, Montenegro, Netherlands, Norway, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine, United KingdomAfrica/Middle East (26): Benin, Botswana, Ghana, Jordan, Kenya, Kuwait, Lebanon, Lesotho, Malawi, Mali, Mauritius, Namibia, Nigeria, Palestine, Rwanda, Senegal, Sierra Leone, South Africa, Swaziland, Tanzania, Togo, Tunisia, Uganda, United Arab Emirates (Abu Dhabi and Dubai), Zambia, Zimbabwe
31Audit quality framework – now and future ISQC1 and the ISAs OverviewAudit quality framework – now and futureISQC1 and the ISAsStructureProportional application, including documentationIAASB update – other projects and plansAudit efficiencyTipsResourcesGiven the context of the changing audit environment, what I’d like to talk about today is [see slide]
32Tips for Audit Efficiency Automation – standardized templates and customized checklistsSoftware – utilizing commercially available productsPlanning – timeframe, list of deliverables, client meetingRisk based approach – in line with ISAsStaff training / supervisionCommunicationThere are a number of practical steps which could be considered for improving audit efficiencies.AutomationAutomating the audit practice provides an opportunity to improve audit quality at both firm-wide and individual engagement levels. At the firm level, setting up standardized templates helps ensure that all phases have been completed in every audit. Customized checklists can be updated as needed and incorporated into individual engagement files at the beginning of every engagement. It is important that every file is customized for the individual client. The generic firm template is a great place to start, but it is only a start.SoftwareWhen using commercially available software SMPs engagements, you can roll forward last year’s electronic file almost instantly and have ‘mapped’ trial balance codes for efficiency if generating the financial statements. You can also an engagement letter and list of deliverables required when you visit the client at the beginning of the audit. If you import data from one application program to another, data conversion errors should be eliminated and grouping and arithmetical errors can be minimized.PlanningThe essential component for an efficient audit is proper planning and organisation both from the perspective of the audit firm and the business. It is important that the timeframe is agreed in advance with clearly specified delivery dates. The field work should be scheduled and the board meeting to sign the accounts agreed. A list of client deliverables should be provided by the audit firm. The initial planning meeting should be scheduled in advance.Risk based approachThe audit team should focus on working smarter, not harder. The work should be concentrated on the key risk areas with the level and amount of work tailored accordingly. A thorough analytical review should be undertaken which identifies the key risks and the level of testing that will be performed on these and other areas. This review should include scoping out of balances which are fully understood and would not lead to a material misstatement. When considering the audit approach, sometimes less is more. The audit team should limit procedures on areas considered to be low risk and focus attention and time on significant risks or historical areas known to cause issues.Staff training/ supervisionThe audit firm must ensure that their staff are resourced at the correct level and that more junior team members receive adequate supervision to complete the work to a high standard. Senior reviews of the testing must be scheduled in a timely manner, so any open points are closed when the audit team is onsite and not later at greater cost.CommunicationRegular, effective communication is important for individuals in audit team and the business. A daily tracker with open queries is useful tool to facilitate these conversations. As a result any issues will also be discussed early, so there is less likelihood of last minute changes and late surprises.
33Knowledge Sharing – Implementation ISA Guide Volume 1Fundamental concepts of a risk-based audit in conformance with the ISAsISA Guide Volume 2Practical guidance on performing SME audits. Includes two illustrative case studies—one of an SME audit and one of a micro-entity auditTo be discussed in detail later in the session on Guide to Using ISAs in the Audits of SMEs.
34Knowledge Sharing – Implementation (cont) QC GuideHelps SMPs apply ISQC 1 proportionately and efficiently. Includes guidance, case study, two sample QC manuals and checklistsReference, training, customize manuals and checklists
35IFAC Global Knowledge Gateway Global Knowledge Gateway Audi & AssuranceAudit & Assurance includes sub topics on:Agreed-upon proceduresAuditCompilationOther assuranceQuality controlReview
36References – IAASBStaff Q&A, Applying ISAs Proportionately with the Size and Complexity of an Entity: answers-applying-isas-proportionately-size-and-complexity-entStaff Q&A, Applying ISQC 1 Proportionately with the Nature and Size of a Firm: QC%201%20Proportionality_FINAL.pdfThe Clarified ISAs—Findings from the Post-Implementation Review: implementation-review
37References – Knowledge Sharing - Implementation Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities (Third Edition) (incl. companion manual and slides): https://www.ifac.org/publications-resources/guide-using- international-standards-auditing-audits-small-and-medium-sized-enGuide to Quality Control for Small- and Medium-Sized Practices (Third Edition) (incl. companion manual and slides): resources/guide-quality-control-small-and-medium-sized-practices-third-edition-0Boosting the Quality and Efficiency of Smaller Entity Audits article: https://www.ifac.org/news-events/ /boosting-quality-and-efficiency- smaller-entity-auditsTips for Cost-Effective ISA Application article: https://www.ifac.org/publications-resources/tips-cost-effective-isa-applicationTips for Cost-Effective ISQC 1 Application article: https://www.ifac.org/publications-resources/tips-cost-effective-isqc-1-application