Audit Quality Framework & Proportionate Application of ISAs
1. Page 1
Audit Quality Framework &
Proportionate Application of
ISAs
Brendan Murtagh
IAASB Board Member
IFAC-SAFA SMP Forum
New Delhi, India
October 10, 2014
2. Page 2
The Changing Audit Environment
• The external audit underpins quality and credibility of
financial reporting and public confidence
• Revolutionary change over the last 20 years in how and
when financial information is communicated
• Global financial crisis has further triggered questions
– Relevance of the audit and trust in the audit profession
– Quality of auditing – effectiveness, professional judgment,
professional skepticism
• Increased complexity in financial reporting and global
business activity has increased users’ need for more
information
3. Page 3
Overview
• Audit quality framework – now and future
• ISQC 1 and the ISAs
• Structure
• Proportional application, including documentation
• IAASB update – other projects and plans
• Audit efficiency
• Tips
• Resources
4. Page 4
Framework for Audit Quality
.
Key Elements
• Inputs
• Process
• Outputs
• Interactions
• Contextual Factors
5. Page 5
Framework for Audit Quality - Objectives
• Raise awareness of the key elements of audit quality
• Encourage stakeholders to reflect on ways to improve
audit quality
• Facilitate greater dialogue between key stakeholders on
the topic
The AQ Framework describes the input and output factors that
contribute to audit quality at the engagement, audit firm, and national
levels, and demonstrates the importance of appropriate interactions
among stakeholders and the relevance of various contextual factors.
6. Page 6
Framework for Audit Quality – Acknowledging SME’s
• Inputs
- Auditor viewed as a valued business and tax advisor
- SMPs have very direct influence on governance arrangements,
consultation, and monitoring activities
- Can you have relatively straightforward quality control policies and
procedures
- External consultation, technical support and using independent
staff in quality monitoring processes may be challenging for SMPs
- A culture of consultation may need to involve external technical
resources (e.g., professional accountancy organizations, other
firms, or suitably resourced third-party organizations)
- SMPs with only a small number of audit clients may have
difficulties retaining staff with relevant audit knowledge and
experience
7. Page 7
Framework for Audit Quality – Acknowledging SME’s
• Outputs
- Strong and frequent communications with senior management due
to close involvement in the entity’s business and lengthy
relationships
- Enhanced opportunity to provide meaningful advice to clients
• Contextual Factors
- Business practices and information systems, and applicable
financial reporting framework, are sometimes les complex
- Little distinction between management and those charged with
governance (e.g., an owner-manager will usually fulfil both roles)
- Audit committees are rare and, when they exist, members are
often not independent or financial literate
- Reporting deadlines can be less onerous
8. Page 8
Framework for Audit Quality – Next Steps
• All stakeholders encouraged to consider how they may use
the Framework in reflecting how they may influence
improvement in audit quality
• Actions to raise awareness and promote the use of the
Framework and identify future opportunities to enhance
audit quality
– Audit Quality webpage on the IAASB’s website
– Prominence in IAASB outreach and liaison activities
– Use in revising ISQC 1 and ISA 220
– Future follow-up activities after a period of time to understand how
and in what way the Framework is being used
9. Page 9
Overview
• Audit quality framework – now and future
• ISQC1 and the ISAs
• Structure
• Proportional application, including documentation
• IAASB update – other projects and plans
• Audit efficiency
• Tips
• Resources
10. Page 10
Understanding the ISAs – Overall Structure
Preface
Scope and Authority
Glossary
Terms applicable to the standards
ISQC1
QC for firms
ISAs
37 in all, 570+ requirements (incl. ISQC1)
11. Page 11
Structure of the ISAs
• Clarity structure in which information is presented in
separate sections: Introduction, Objective, Definitions,
Requirements and Application and other Explanatory
Material
• Emphasis on professional judgment, the standards are
principles based which allows practitioners to tailor audit
procedures
• Contain special considerations for smaller entity audits
• Some ISAs only apply to larger entity audits
• Many requirements may not be relevant to SME audits
12. Page 12
Proportional Application – ISQC 1
• ISQC 1 Quality Control for Firms that Perform Audits and
Reviews of Financial Statements and other Assurance and
Related Service Engagements
- Applies to firms of all sizes that provide services covered by the
IAASB’s International Standards
- Must comply with each requirement unless, in the circumstances of
the firm, it is not relevant to the services provided
- Contains special considerations for smaller practices
- The form and content of documentation evidencing the operation of
each elements of the system of quality control is a matter of
judgment and depends on the size, nature and complexity of the
firm and number of offices
13. Page 13
Proportional Application – ISA 200
• ISA 200, Overall Objectives of the Independent Auditor and
the Conduct of an Audit in Accordance with International
Standards on Auditing
- The practitioner needs to comply with all ISAs relevant to the audit
and with all requirements in ISAs relevant to the audit
- A complete knowledge of all the standards is essential in order to
make a professional judgment as to what to leave out
- Not all ISAs are relevant to every audit as the standards are
designed to cover audits in every situation globally
14. Page 14
Proportional Application – ISA 210
• ISA 210 Agreeing Terms of Audit Engagements
- Paragraph 6, agreeing the terms of engagement with management,
and paragraphs 9 and 10, which require you to communicate the
terms in writing to management in a letter, will be applicable in
every engagement
- Paragraphs 7 and 8 deal with an imposed scope limitation and the
situation where the preconditions do not exist. Paragraphs 14-17
deal with changes to the terms of engagement in mid-audit and
paragraphs 18-21 the situation where laws and regulation
supersede the ISAs
• It is important to know what the requirements are, but these situations
are also likely to be far and few between for SME audits
15. Page 15
Proportional Application – ISA 210 (con’t)
• ISA 210 Agreeing Terms of Audit Engagements continued
- To summarize, of the 16 requirements in ISA 210, paragraphs 6, 9
and 10 are critical and will apply in every engagement. For SMPs,
knowing they have to deal with 3 main requirements out of 16 is a
lot less daunting than considering all 16 every time.
16. Page 16
Proportional Application – ISA 315
• ISA 315 Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and its
Environment
- The objective of the auditor is to identify and assess the risks of
material misstatement, whether due to fraud or error, at the
financial statement and assertion levels, through understanding the
entity and its environment, including the entity’s internal control,
thereby providing a basis for designing and implementing
responses to the assessed risks of material misstatement.
• Focus on significant risks – effectiveness and efficiency
- Understand the business – important from an engagement risk
perspective
- Identify significant risks up front and focus audit effort on these
17. Page 17
Proportional Application – ISA 315 (con’t)
• ISA 315 focus on significant risks – effectiveness and
efficiency continued
- Substantive tests are required for each material class of
transactions, account balances and disclosures, but tests of details
only required for significant risks
- Consider analytical procedures (follow requirements of ISA 520
Analytical Procedures) for non-significant risk items where
appropriate
- Use professional judgment to determine what substantive tests to
use on items not considered significant risks
- ISAs explicitly encourage the auditor to exercise professional
judgement in determining the form and extent of documentation –
they acknowledge extent may vary depending on the
circumstances
18. Page 18
Proportional Application – some ISAs not relevant
• Examples of some of the ISAs that would not be relevant
in an SME audit include:
- ISA 402 Audit Considerations Relating to an Entity Using a Service
Organization if the SME does not use a service organization
- ISA 510 Initial Audit Engagements – Opening Balances if the SME
is a continuing, and not an initial, engagement
- ISA 600, Special Considerations – Audits of Group Financial
Statements (Including the Work of Component Auditors) if the SME
audit engagement is not a group audit.
- ISA 610 Using the Work of Internal Auditors if the SME has no
internal audit function
19. Page 19
Documentation – ISA 230
• ISA 230 on documentation is one of the shortest ISAs
• Only 9 requirements but another 22 specific requirements
in other ISAs listed in the appendix
• Must be in detail (e.g. specific items sampled) and who did
what and when (paragraph 9)
• Document discussions of significant matters,
inconsistencies, and departures from requirements
(paragraphs 10-12)
• Remainder covers matters arising after the audit report is
signed, and assembly of the file
20. Page 20
Purposes of Audit Documentation
• Evidence of the auditor’s basis for a conclusion about the
achievement of the overall objectives of the auditor (ISA
200 para 11)
• “A sufficient and appropriate record of the basis for the
auditor’s report” (ISA 230 para 5)
• Evidence that the audit was planned and performed in
accordance with ISAs
21. Page 21
Additional purposes (ISA 230 para 3)
• Assist in planning/performing the audit
• Assist the direction, supervision and review of the audit
work (ISA 220 para 2)
• Enabling the engagement team to be accountable for its
work
• Record matters relevant to future audits
• Enabling EQCR/ISQC 1 review
• Enabling external inspections
22. Page 22
‘Sufficient’ audit documentation
• “Oral explanations by the auditor, on their own, do not
represent adequate support for the work the auditor
performed or conclusions the auditor reached, but may be
used to explain or clarify information contained in the audit
documentation” (ISA 230 para A5)
• If it’s not documented … it wasn’t done!
23. Page 23
Documentation – Regulators’ Observations I
• Worldwide regulators complain about poor documentation
• Too much documentation in some established and low risk
areas and not enough in other difficult areas
• Poor evidence of link between risk analysis and
procedures performed – problems identified but not
addressed
• Not enough showing the thought processes – but how!?
• Sample sizes being cut, materiality levels being raised,
analytical procedures not being used much – without
documentation for the justification of this – big issues
24. Page 24
Documentation – Regulators’ Observations II
• ISA 200: scepticism is an attitude including a questioning
mind, being alert to conditions which may indicate possible
misstatement, and a critical assessment of audit evidence
• Scepticism is not cynicism / distrusting everything: assume
documents are genuine unless reason to suspect not
• Scepticism is about challenging assumptions and actively
considering the possibility of bias
• Little evidence of professional scepticism
• Insufficient evidence of challenge to client assumptions
(e.g., impairments, going concern): often, the challenge
took place in meetings but was not documented
25. Page 25
Documentation – Real Problem
• Excessive documentation for compliance purposes is real
problem – keeps auditors from engaging with the client
• Largely a product of over-engineered and inefficient audit
methodologies – leading to under- or over-auditing
• Poor documentation by auditors – for example
- Keeping interesting but irrelevant information on the file
- Full documents rather than extracts
- Not making use of facilities for electronic cross-referencing
- Poor checklists used indiscriminately without thought
26. Page 26
Overview
• Audit quality framework – now and future
• ISQC1 and the ISAs
• Structure
• Proportional application, including documentation
• IAASB update – other projects and plans
• Audit efficiency
• Tips
• Resources
27. Page 27
Projects nearing completion
• Major changes to the audit report (late 2014)
- Improved auditor reporting is essential to the continued relevance of –
and trust in – the audit profession globally
- The audit opinion is valued, but the auditor’s report could be more
informative
- Users, in particular investors, want more relevant and decision-useful
information about the entity, the financial statements and the audit
thereof
- Requirements to determining and communicate Key Audit Matters
• ISA 720 (early 2015?)
- Identify “other information” in the auditor’s report
- Clarify responsibilities
• Auditing Financial Statement Disclosures (mid 2015?)
- Changes proposed across a number of ISAs
- Reinforce consistent and proper application of existing requirements
28. Page 28
Proposed Work Program 2015–2016 – Feedback
• Initially suggested focus on three priority projects
– Quality Control (QC); Special Audit Considerations Relating to
Financial Institutions; Professional Skepticism
• Clear from responses that the IAASB needs to advance its
thinking in certain areas sooner than originally anticipated
– Perhaps less important to complete projects on an accelerated basis
• Respondents
– Agreed with project on QC – mixed views on how to addressed issues
– Agreed with topic of Professional Skepticism – further consideration as
to nature of project
– Recognized importance of Financial Institutions, largely supportive, but
some caution against developing industry-specific ISAs; rather non-authoritative
material?
– Expressed strong views to bring forward group audits (ISA 600)
– Encouraged timely work on agreed-upon procedures (ISRS 4400) and
risk assessment (ISA 315)
29. The IAASB’s Innovation Working Group
• Explore emerging developments in the audit, assurance and
related services fields for the purpose of assisting the IAASB in
identifying opportunities for relevant and effective standard
setting, or determining other potential actions, in a timely and
informed manner
Page 29
• Possible actions may include
– Information gathering – private outreach/ dialogue or academic research
– Follow up actions – Thought piece/ awareness (Staff publication/ IAASB
Position paper), public outreach or consultation paper or discussion
– Standard setting
• Areas of priority include integrated reporting (<IR>) and effects
of evolving use of technology on audits (including data
analytics)
30. Page 30
Global Adoption of Clarified ISAs
Jurisdictions Using Clarified ISAs Already, or Committed to Using Them in the Near Future
(103)
Asia and Oceania (21): Australia, Bangladesh, China, Hong Kong, India, Indonesia, Japan,
Kazakhstan, Kyrgyz Republic, Malaysia, Mongolia, Nepal, New Zealand, Pakistan, Philippines,
Singapore, South Korea, Sri Lanka, Thailand, Uzbekistan (listed entities), Vietnam
Americas (17): Argentina, Bahamas, Barbados, Brazil, Canada, Cayman Islands, Chile, Costa
Rica, El Salvador, Guyana, Jamaica, Mexico, Panama, Puerto Rico (private companies), Trinidad
and Tobago, Uruguay, USA (private companies)
Europe (39): Albania, Armenia, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia,
Cyprus, Czech Republic, Denmark, Estonia, Finland, France (Experts Comptables), FYR
Macedonia, Georgia, Greece, Hungary, Iceland, Ireland, Italy, Kosovo, Latvia, Lithuania,
Luxembourg, Malta, Moldova, Montenegro, Netherlands, Norway, Romania, Serbia, Slovakia,
Slovenia, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom
Africa/Middle East (26): Benin, Botswana, Ghana, Jordan, Kenya, Kuwait, Lebanon, Lesotho,
Malawi, Mali, Mauritius, Namibia, Nigeria, Palestine, Rwanda, Senegal, Sierra Leone, South
Africa, Swaziland, Tanzania, Togo, Tunisia, Uganda, United Arab Emirates (Abu Dhabi and
Dubai), Zambia, Zimbabwe
31. Page 31
Overview
• Audit quality framework – now and future
• ISQC1 and the ISAs
• Structure
• Proportional application, including documentation
• IAASB update – other projects and plans
• Audit efficiency
• Tips
• Resources
32. Page 32
Tips for Audit Efficiency
• Automation – standardized templates and customized
checklists
• Software – utilizing commercially available products
• Planning – timeframe, list of deliverables, client meeting
• Risk based approach – in line with ISAs
• Staff training / supervision
• Communication
33. Page 33
Knowledge Sharing – Implementation
ISA Guide Volume 1
• Fundamental concepts of a risk-based
audit in conformance with the ISAs
ISA Guide Volume 2
• Practical guidance on performing SME
audits. Includes two illustrative case
studies—one of an SME audit and one of a
micro-entity audit
34. Page 34
Knowledge Sharing – Implementation (cont)
• QC Guide
• Helps SMPs apply ISQC 1
proportionately and
efficiently. Includes
guidance, case study, two
sample QC manuals and
checklists
• Reference, training,
customize manuals and
checklists
36. Page 36
References – IAASB
• Staff Q&A, Applying ISAs Proportionately with the Size and Complexity
of an Entity: http://www.ifac.org/publications-resources/staff-questions-answers-
applying-isas-proportionately-size-and-complexity-ent
• Staff Q&A, Applying ISQC 1 Proportionately with the Nature and Size of
a Firm:
http://www.ifac.org/sites/default/files/publications/files/Staff%20QA%20IS
QC%201%20Proportionality_FINAL.pdf
• The Clarified ISAs—Findings from the Post-Implementation Review:
http://www.ifac.org/publications-resources/clarified-isas-findings-post-implementation-
review
37. Page 37
References – Knowledge Sharing & Implementation
• Guide to Using International Standards on Auditing in the Audits of
Small- and Medium-Sized Entities (Third Edition) (incl. companion
manual and slides): https://www.ifac.org/publications-resources/guide-using-international-
standards-auditing-audits-small-and-medium-sized-en
• Guide to Quality Control for Small- and Medium-Sized Practices (Third
Edition) (incl. companion manual and slides): www.ifac.org/publications-resources/
guide-quality-control-small-and-medium-sized-practices-third-edition-0
• Boosting the Quality and Efficiency of Smaller Entity Audits article:
https://www.ifac.org/news-events/2013-07/boosting-quality-and-efficiency-smaller-
entity-audits
• Tips for Cost-Effective ISA Application article:
https://www.ifac.org/publications-resources/tips-cost-effective-isa-application
• Tips for Cost-Effective ISQC 1 Application article:
https://www.ifac.org/publications-resources/tips-cost-effective-isqc-1-application
Given the context of the changing audit environment, what I’d like to talk about today is [see slide]
Given the context of the changing audit environment, what I’d like to talk about today is [see slide]
Given the context of the changing audit environment, what I’d like to talk about today is [see slide]
Given the context of the changing audit environment, what I’d like to talk about today is [see slide]
There are a number of practical steps which could be considered for improving audit efficiencies.
Automation
Automating the audit practice provides an opportunity to improve audit quality at both firm-wide and individual engagement levels. At the firm level, setting up standardized templates helps ensure that all phases have been completed in every audit. Customized checklists can be updated as needed and incorporated into individual engagement files at the beginning of every engagement. It is important that every file is customized for the individual client. The generic firm template is a great place to start, but it is only a start.
Software
When using commercially available software SMPs engagements, you can roll forward last year’s electronic file almost instantly and have ‘mapped’ trial balance codes for efficiency if generating the financial statements. You can also e-mail an engagement letter and list of deliverables required when you visit the client at the beginning of the audit. If you import data from one application program to another, data conversion errors should be eliminated and grouping and arithmetical errors can be minimized.
Planning
The essential component for an efficient audit is proper planning and organisation both from the perspective of the audit firm and the business. It is important that the timeframe is agreed in advance with clearly specified delivery dates. The field work should be scheduled and the board meeting to sign the accounts agreed. A list of client deliverables should be provided by the audit firm. The initial planning meeting should be scheduled in advance.
Risk based approach
The audit team should focus on working smarter, not harder. The work should be concentrated on the key risk areas with the level and amount of work tailored accordingly. A thorough analytical review should be undertaken which identifies the key risks and the level of testing that will be performed on these and other areas. This review should include scoping out of balances which are fully understood and would not lead to a material misstatement. When considering the audit approach, sometimes less is more. The audit team should limit procedures on areas considered to be low risk and focus attention and time on significant risks or historical areas known to cause issues.
Staff training/ supervision
The audit firm must ensure that their staff are resourced at the correct level and that more junior team members receive adequate supervision to complete the work to a high standard. Senior reviews of the testing must be scheduled in a timely manner, so any open points are closed when the audit team is onsite and not later at greater cost.
Communication
Regular, effective communication is important for individuals in audit team and the business. A daily tracker with open queries is useful tool to facilitate these conversations. As a result any issues will also be discussed early, so there is less likelihood of last minute changes and late surprises.
To be discussed in detail later in the session on Guide to Using ISAs in the Audits of SMEs.
Global Knowledge Gateway www.ifac.org/Gateway Audi & Assurance
Audit & Assurance includes sub topics on:
Agreed-upon procedures
Audit
Compilation
Other assurance
Quality control
Review