Auditors can look forward to a particularly interesting time during 2022. The profession is still very much in the spotlight of regulators, important changes to auditing standards are coming into view, and the ‘double whammy’ impact of Brexit and COVID-19 continues.
The faculty webinar I delivered in November 2021 generated some excellent debate on these challenges. Here are six of the tips I shared, many relevant for smaller audit firms.
1. Don’t lose sight of pandemic-related accounting issues
The pandemic will create accounting challenges in 2022 and beyond. A topic cropping up a lot recently on continuing professional development (CPD) courses has been that of ‘loan contract modifications’; in other words, the accounting adjustments required when an organisation renegotiates the terms of a loan with the bank. Financial reporting standards (both international and FRS 102) require accounting approaches to differ depending on whether a renegotiation gives rise to a ‘substantial’ or ‘non-substantial’ change to the loan repayment profile. The impact on profit, depending on the approach adopted, can be significant, so it is important to get it right.
2. Keep fighting the fight on audit ethics
The most recent revisions by the Financial Reporting Council (FRC) to its Ethical Standard (ES) were effective from 15 March 2020, but they are still causing some headaches.
For very small firms, a recurring question concerns the need for hot file reviews where the responsible individual (RI) has been incumbent for more than 10 years. In short, such a safeguard will now always be needed because it is no longer possible to argue away the need for a safeguard to mitigate the long association threat in this situation. A proportionate approach is important, but a cold file review is a weak safeguard because such reviews are undertaken after the audit report has been signed.
An aspect of the FRC ES that remains off the radar for some firms – despite a lot of coverage during CPD courses – is the need to report breaches of this standard. A firm that finds it has breached the FRC ES is required to tell the UK’s ‘competent authority’ for audit on a bi-annual basis. For firms that conduct audits of public interest entities (PIEs), this competent authority is the FRC. For ICAEW firms conducting non-PIE audits, the competent authority is ICAEW. Thankfully, where there has been no breach, a ‘nil return’ report is not required.
Tip: you can download ICAEW’s form for submitting breaches of the ES, and find advice on its completion.
3. Watch for changes in sampling methodologies
Many firms will be aware of a trend during 2021 for some standard audit methodologies, produced by the large training companies, to no longer cap sample sizes. Responses to this differ: some firms see it as providing greater flexibility and better supporting risk-based decisions on sample sizes; for other firms it appears to have caused some consternation.
For firms that have been or may be affected by this trend – which may become more apparent and widespread during 2022 – it is one to watch.
A key driver for this change was not revisions to auditing standards: it was a November 2020 FRC paper, Developments in Audit 2020, which highlighted the disadvantages of sample size caps.
Also, the tendency for some smaller firms to apply capped or limited sample sizes despite this being inappropriate in view of the significant risk area being audited, or key judgements required, was identified as a significant weakness by the FRC in its more recent November 2021 Developments in Audit paper.
It will be interesting to track this issue during 2022. Will all of the big training companies bring their methodologies into line and remove caps?
Tip: for those affected by this trend, a more thoughtful approach to risk assessment and audit strategy is likely to be necessary. More regular consideration of audit strategies, such as substantive analytical review, tests of control and data analytics, may be needed to avoid sample sizes for substantive tests of detail spinning totally out of control.
4. Be prepared for the new standards – but don’t panic!
The big changes that will take effect in the UK later in 2022 are revisions to the International Standard on Auditing (ISA) 315 Identifying and Assessing the Risks of Material Misstatement and the new International Standards on Quality Management (ISQM) and notably ISQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements, although firms will also need to consider the revised fraud auditing standard, ISA (UK) 240.
Firms are advised not to panic, but also to take on board the following.
- Communicate early with your audit methodology provider to get an idea of the practical impact that the changes to ISA 315 will have – and when their updated methodology will be released.
- Although early adoption of ISA 315 is unlikely to be popular, the revised standard is worth a read now, not least appendices 5 and 6, which provide helpful guidance on common IT-related risks and relevant controls.
- When contemplating how your firm will get to grips with ISQM 1, remember that there are some standard ‘quality objectives’ already laid out in ISQM 1, so you don’t have to start with a completely blank piece of paper.
- Also consider asking your cold file reviewer to help with a ‘quality risk assessment’ early in 2022. This could also be invaluable (as could your existing ISQC 1 manual) in shaping what your quality management processes might look like.
Most changes in ISA (UK) 240 clarify and formalise the auditor’s roles and objectives regarding fraud, with a focus on ‘enhanced’ professional scepticism, but there are some new requirements, particularly around risk assessment. Only minor changes and enhancements to audit work and methodologies may be needed by many firms, but all firms may want to reflect on their current practice in this area.
Tip: look out for useful resources from ICAEW. There are some excellent existing materials available on ISA 315 revisions, on revisions to ISA (UK) 240.
Changes to ISA 315, ISA (UK) 570, ISA (UK) 700 and the new QM standards are also covered in a recent QAD update webinar.
There will also be lots more practical guidance released by the faculty throughout 2022.
5. Keep working on IES 8 compliance
ICAEW sees compliance with the International Education Standard (IES 8) Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised) as far more than a box-ticking exercise to get people ‘over the line’ when applying for RI status.
There is an increasing expectation that good audit firms (even very small ones) will ensure that IES 8 sits right at the heart of CPD for aspiring, new and experienced RIs.
IES 8 focuses on a range of competencies – professional and ethical as well as technical. It is the leadership skills that sit within the ‘professional skills’ box that are often forgotten by RIs, who are so often striving for technical expertise. Appropriate honing of leadership skills will ensure that the RI acts as a “role model for the audit team”, a specific requirement of IES 8.
Tip: do not overlook the potential of IES 8. If this standard did not make it on to your radar (and into your firm’s educational initiatives and CPD) now may be a good time to reconsider it. Look back at Audit & Beyond articles with IES 8 CPD update tips, and pointers to webinars and other relevant ICAEW material and resources.
6. Listen to the voices
As mentioned at the start of this article, recent FRC disciplinary reports have brought the audit profession very much into focus – and shone a bright light on areas where things can go and have gone wrong. Smaller audit firms often feel that such reports are not really relevant to them, but that is not always the case. During 2021, the FRC published two interesting reports that should give all firms food for thought.
They involved the audits of Associated British Engineering. There were some key recurring themes:
- Evidence of RI and manager oversight are crucial and often lacking on weak audits. Sometimes there is just not enough evidence of the engagement partner’s ‘footprint’ on the audit file. It is that leadership thing again…
- Journal testing seems to be a recurring problem, both in terms of how journals are selected for review and what work needs to be done to follow up on outliers. Adequate follow-up can be a problem when very large numbers of journals require further investigation.
In view of the rebuttable presumption about the risk of fraud in revenue recognition in paragraph 26 of the fraud auditing standard, ISA (UK) 240, it is perhaps not surprising that revenue recognition crops up regularly. On reading these reports, however, many might argue that when auditing revenue, common sense and a willingness to ask the question ‘why’ often goes a lot further than encyclopaedic knowledge of ISA paragraph numbers.
Tip: even the smallest firm can learn from the good and not so good practices of the largest firms. Regularly review FRC outputs, such as its disciplinary judgements, audit quality review and thematic reviews, and watch this space for pointers to relevant material.
It will be an interesting year ahead. Take on board these tips and keep a close eye on the resources produced by the Audit & Assurance Faculty, to ensure that your audits are up to scratch and ISA-compliant.
Peter Herbert, Director, Insight Training