The big picture for auditors during 2024 includes the updated ICAEW Audit Regulations and Guidance, application of new and revised international auditing standards and UK auditing standards such as ISQM 1, ISA 315 and ISA (UK) 240, how high inflation impacts accounting and considerations for auditors, and areas of focus for ICAEW’s Quality Assurance Department (QAD). All of these and more were among the topics and tips covered in my November 2023 faculty webinar (available as a recording with slides). This article focuses on six of the themes that were covered.

1. Comply with the new CPD rules

The ICAEW requirement for verified continuing professional development (CPD) from 1 November 2023 is something that firms may be reminded of during QAD visits. CPD needs to be appropriately tailored, especially if you’re working in specialist areas, and the International Education Standard 8 (IES 8), on audit engagement partner competence, needs to remain a key priority for every existing and aspiring responsible individual (RI).

During the webinar questions were asked about whether it is the individual ICAEW member or their firm that has responsibility for compliance. Although each individual member is responsible for their compliance with new CPD rules, firms generally take the lead on behalf of partners and staff.

2. Think carefully about acceptance and cessation protocols

This is an interesting and important priority for QAD. With larger firms letting certain audits go and exiting some sectors as they reassess their portfolios, there are lots of opportunities for smaller firms to tender for interesting work. However, during a time when resourcing is a challenge for many firms, there’s a risk that some may be biting off more than they can chew. 

It’s important that a firm’s system of quality management (SoQM) has robust acceptance protocols to consider the merits and downsides of taking on new work. Additional safeguards, such as independent reviews, might be appropriate where new audits present challenges. In some scenarios it may simply be a question of turning away possible work. A well-prepared cessation statement from an outgoing auditor, where required, will be an important consideration here when deciding whether to take on a new audit.

3. Conduct your first annual SoQM appraisal

QAD reviewers are discussing ISQM 1 implementation with all firms at the current time and there are indications that reviewers have been generally encouraged by what they’ve seen. 

The anniversary of the implementation of ISQM 1 was 15 December 2023. It’s now time for firms to complete a first annual appraisal of their SoQM, although appraisals will not have to coincide with the anniversary of the standard’s introduction every year. 

This SoQM appraisal will ideally be based on monitoring and remediation work performed during the year. If this is something that firms haven’t yet caught up on, there is still time. Revisit the risk action plan prepared in advance of first-time application of the standard. Have relevant actions been successful? Assess the output of cold file reviews performed during the year and any related root cause analysis. More generally, have informal discussions within the audit leadership team. What’s going well and not so well in audit? Are further actions needed?

4. Keep the revised risk standards on your radar

Although ISA 315 and ISA (UK) 240 (applicable for accounting periods beginning on or after 15 December 2021) have recently been a major point of focus for firms, during 2024 QAD expects to review more files which have applied the revised standards. The fundamentals of the risk-based approach to planning an audit haven’t changed. However, the revised standards do present some challenges. Here are the practical tips we shared during the webinar:

• When identifying and assessing risks, don’t confuse financial statement-level risk (pervasive risks like management override) and assertion-level risks (specific to particular account balances, classes of transaction, disclosures and related assertions). An identified risk is not likely to be in both categories.
• Remember that standard audit methodologies will often lead you to conclude that control risk is ‘not applicable’ where a controls-based approach to the audit is not being adopted. However, this does not mean that design and implementation work on important internal controls isn’t needed. It is.
• Some firms have asked clients to complete questionnaires dealing with the audit entity’s information technology (IT) environment and related controls and then filed these without further comment or discussion. Auditor consideration of what clients say about this area is key. Don’t let them do all the heavy lifting on IT.
• Where a risk is considered significant, the auditor has to nail it. Points highlighted during the webinar were: (1) the need for more persuasive evidence; and (2) evidence of good and timely RI review of the work performed and conclusions reached.

The webinar considered the potential for firms to use the revised ISA 315 to leverage audit efficiencies and participants questioned how this might be achieved. Effective use of audit data analytics and tests of control are one way to go, but these still seem to be largely the preserve of bigger firms. 

Smaller firms might consider whether they’re doing too much work in immaterial areas or areas which are material but where no significant risks have been identified. In responding to assessed risks, paragraph 18 of ISA 330 requires some substantive testing where a class of transaction, account balance or disclosure is material, but are multiple tests being performed to address relevant assertions where far fewer would suffice? Firms may want to give this careful thought.

5. Consider problem areas around construction contracts

This has been a difficult area for audit firms for many years. Although there are lots of important considerations when auditing such contracts, the webinar highlighted two aspects. 

First, always properly understand and document exactly how contracts and contract accounting operate for the client concerned. Most companies in this sector have slightly different systems and processes. 

Second, when gaining this understanding and challenging client estimates, such as in respect of anticipated costs to complete, for example, actively seek to communicate with contract managers and others outside the finance function – and evidence this on file.

6. Check audit report wording carefully

The audit report is the important output of the work firms do, so check carefully that the wording is right, particularly if you are issuing a non-standard opinion, such as a modified opinion, or where the audit is a specialist assignment, like a pension scheme or a charity. Overreliance on software-generated reports in these situations can be a recipe for disaster.

The webinar considered the results of reviews recently performed by the Financial Conduct Authority (FCA) on audit reports included in annual reports of Cooperative and Community Benefit Societies (CCBSs) and filed with the FCA. A number of the reports reviewed by the FCA were found to be incorrect. The Audit and Assurance Faculty’s suite of excellent audit report guides are an invaluable source of reference. The Technical Advisory Service helpsheet on the audit of clubs, associations and societies also spells out the specific reporting requirements for different types of CCBSs. 

Peter Herbert, Director, Insight Training