Auditing has been subject to growing scrutiny across the globe in recent years, with audits of everything from listed companies and charities to self-managed superannuation funds (SMSFs) now a focus for regulators and politicians.
This attention underscores how critical it is for the profession to deliver consistency in the meaning and quality of an audit.
One of the practical challenges auditors face is keeping up with a frequently changing and swelling set of standard, legal and regulatory requirements. The same set of standards applies to the smallest of audit engagements, from a local incorporated club to the largest publicly listed companies.
Effectively carrying out an audit calls on sharp judgement, experience and professional knowledge in order to focus efforts toward the relevant risks and issues.
In the case of smaller and medium-sized entities, rather than being more “straightforward” as is sometimes assumed, it can be even more challenging to distil a large set of requirements, approaches and audit tools for purpose.
Start off on the right foot
The initial steps in an audit involve planning, understanding the entity and risk assessment. Not focusing enough on these initial steps loses out on the value of customising an audit work program and avoiding unnecessary steps.
The up-front work required by auditing standards is scalable according to the size and complexity of an entity.
A global-listed company audit may take months given the extensive logistics to plan the audit and the complexity of the entity. Contrast this with a small charity where the initial steps, although not nearly as resource-heavy, are nonetheless crucial to meet the standards and to achieve focus and efficiency.
The objective of ISA 240 The Auditor’s Responsibilities Relating to Fraud is primarily to ensure fraud risks have been identified, appropriate evidence and audit procedures have been performed to address those risks, and that auditors have acted appropriately where actual fraud is suspected.
To do this effectively, auditors should adopt an approach of “professional scepticism” throughout the audit. Professional scepticism is an ongoing focus in audit oversight programs, including Australian Securities and Investments Commission audit inspections.
CPA Australia is working to improve understanding of this essential trait through training, research and consultation.
One of the most challenging aspects in any audit is addressing the risk that something has been left out of the financial statements
Fraud risk factors will vary depending on the entity being audited, and must be considered in context.
- In a listed entity or where there are significant debt obligations, there may be significant pressure to maintain profit levels created by market expectations and accountabilities to lenders.
- In a smaller or medium sized not-for-profit, there may be incentives for fraud associated with cash or other donations and grants.
- In an SMSF, factors ranging from reducing tax to familial relationships can create pressures and opportunities for fraud.
ISA 240 provides a framework for defining fraud risks as incentives, pressures and opportunities for fraud. Whether it’s a discussion among a large group audit team or a sole practitioner considering risks on a small audit, assessing fraud risk is an essential step to undertake and document.
Completeness – what’s missing?
One of the most challenging aspects in any audit is addressing the risk that something has been left out of the financial statements. It’s important in audits of every scale to step back and consider this.
Examples in a small-to-medium entity (SME) audit may include liabilities such as invoices not paid by year end but which appear as payments in the following period, legal agreements and material risks or contingencies that require disclosure.
While the focus is often on substantive procedures to address the balances in the financial statements of an SME, considering what balances are not is just as critical.
ISA 230 Audit Documentation sets out the standard for documenting audit procedures, so an experienced auditor with no prior knowledge of the client could understand what has been done. This includes the nature, timing and extent of audit procedures, results, audit evidence, significant matters and conclusions.
Documents should include, for example, notes on the audit file about the risks considered and the key aspects of the entity considered in the initial planning of the audit.
What they may not include is a photocopy of every invoice sighted to substantiate a balance on the financial statements or a standard checklist that may not apply to the circumstances of this particular audit.
While checklists can be helpful, it’s more beneficial to understand the requirements set out in ISA 230 on how to document audit procedures, important discussions and conclusions.
Getting documentation right is critical for auditors to demonstrate the work and professional judgement applied in each
Amir Ghandar is CPA Australia’s policy adviser, auditing and assurance.
CPA Australia has available a range of tools to assist auditors including:
- Small Entities Audit Manual (SEAM)
- Face-to-face training courses
- New quarterly webinar series with updates and tips
- Podcasts and articles clarifying key topics with regulators, standard setters and other experts.
CPA Australia conducts quality reviews of members holding a public practice certificate at least every five years. Breaches of auditing standards are placed in the most serious category which require a full follow-up review within 12 months.
CPA Australia publishes an annual summary of the top 10 areas of departure from auditing standards identified in the quality review program.
This article is from the June 2014 issue of INTHEBLACK.