ICAEW resources can help auditors to assess risks faced by their firms and by entities they audit.
Approaches to and experiences of risk identification and assessment may seem different for many auditors during 2023 for a variety of reasons. This article highlights some of the main considerations for firms and their auditors and offers pointers to some helpful resources.
Auditors will need to think and behave differently during 2023 (and beyond) for reasons that will include but will not be restricted to:
- new International Standards on Quality Management (ISQMs), in particular ISQM 1; and
- revisions to International Standards on Auditing (ISA) 315 and ISA (UK) 240.
Risks to quality management in audit firms
2022 was a year when audit firms needed to assess risks to their own systems of quality management as well as assessing risks faced by entities they audit. Many firms devoted significant resources to their transition from the reactive International Standards on Quality Control (ISQCs) to the more proactive ISQMs – and all this entailed.
ISQM 1 required each audit firm to implement its quality management system by 15 December 2022 and requires them to evaluate this within one year. Results from a recent survey of 150 non-PIE audit firms randomly selected by ICAEW’s Quality Assurance Department (QAD) suggest a strong and positive implementation of ISQM 1 by many, but not all, firms that responded to the survey.
QAD urges the small minority of firms that have not yet implemented ISQM 1 to act quickly: “ISQM 1 is not simply a regulatory requirement but a valuable process that will enhance the firm’s procedures.” All active audit firms are expected to have implemented ISQM 1, and QAD will be reviewing evidence of this during its audit monitoring visits.
ISQM 1 is not simply a regulatory requirement but a valuable process that will enhance the firm’s procedures
Remember, assessing your firm’s system of quality management was not just a one-off exercise to ‘tick off’ for 15 December 2022. The iterative nature of ISQM 1 means that firms should constantly have in mind throughout the year factors that might alter their quality risks and responses. For example, external factors such as inflation and the wider economy, and the impact of the firm’s recruitment activities. That might include not just new hires but also any key roles the firm planned to fill at the time of developing its system of quality management, but did not manage to.
QAD views 2023 as a transition year, as quality monitoring and remediation procedures evolve and develop in the year to December 2023. QAD expects the effectiveness of firms’ efforts to be clearer in 2024 and beyond, after firms have evaluated and refined their quality management systems and as their client base changes.
Visit ICAEW’s hub of resources to assist with Quality management in audit firms.
Learn more from QAD about ISQM 1 implementation and expectations.
Identifying and assessing risks of material misstatement
Implementation of the revised ISA 315 for accounting periods commencing on or after 15 December 2021 has meant substantial changes for auditors. It also provided an impetus for some firms to refresh their approach to risk assessment in ways that will improve the quality and outcomes of audits.
Auditors will need to give more careful thought to misstatement risks considering a range of inherent risk factors, not unlike those in the revised ISA 540 (which are explained in our guide on inherent risk factors in auditing accounting estimates). Auditors will also need to consider the likelihood and magnitude of risk to determine its position on the ‘inherent risk spectrum’.
Auditors will need to give more careful thought to misstatement risks considering a range of inherent risk factors
More thought will also be needed on how a client’s use of information technology (IT) gives rise to risks of material misstatement in the financial statements and how IT controls, and in particular general IT controls, address such risks. There’s a useful summary of the features and risks associated with different IT applications in Appendix 5 of the revised ISA 315.
ICAEW resources are available to assist auditors as they adapt to the revised ISA 315:
Sample sizes and caps: how much is enough?
ISA 315, the entity’s IT systems and related risks
ISA 315 – applying the revised ISA – a webinar
Preparing for ISA 315, with links to other resources
Guide to requirements in the revised ISA 315, with links to other resources
Hot topics and tips on 2023 audits – a webinar
Fraud risk factors in a financial statement audit
The risk of fraud in financial statements is always a concern for auditors on every audit in every country. In the UK, however, the recent revision of ISA (UK) 240 clarifies the auditor’s roles and objectives regarding fraud, with a focus on professional scepticism. Those auditing UK entities will probably feel the difference.
Key changes in the revised ISA (UK) 240 that firms may want to focus on are:
- specific considerations in relation to fraud for the team meeting (paragraph 16).The revised fraud ISA combines with ISA 315 to eliminate notions of the engagement team meeting as a tick-box exercise;
- a requirement for auditors to be alert for conditions that indicate that a document may not be authentic; and
- enhanced requirements about communicating with management and those charged with governance – and the need to do more than just talk to them about fraud risk.
ICAEW resources are available to assist auditors as they adapt to the revised ISA (UK) 240:
Focusing on fraud in financial statements, with links to other resources
Sharpening the focus on corporate fraud: an audit firm perspective
Sharpening the focus on corporate fraud: an audit committee perspective
Audit and Fraud – an ICAEW Insights special report
Hot topics and tips on 2023 audits – a webinar