Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

How to keep the inspectors happy

by
5th Sep 2011
Save content
Have you found this content useful? Use the button above to save it to your profile.

Professional bodies are taking an increasingly rigorous, risk-based approach to compliance with practising standards and the media reports press about those who fall short. Steve Collings presents advice to help keep you in the inspectors' good books.

Under the Companies Act 2006, it is a legal requirement for recognised supervisory bodies, such as ICAEW and ACCA to license and monitor the statutory audit requirement. The professional press is regularly punctuated with reports about disciplinary hearings, many of which are due to various breaches in legislation, accounting and auditing standards and ethical standards.

A recent Any Answers question raised by Lorraine asked about the information she would need in order to survive the visit.  There seems to be uncertainty as about how these visits will go, but the reality is that they can be quite constructive. In lots of cases practitioners who were nervous before the start of the visit often find that areas have been identified that not only improves their practice, but also helps them improve efficiencies in their day-to-day work.

Unfortunately, for some, these visits do not run smoothly and it is often the case that follow-up visits will be necessary so the monitoring officer can make sure that suggested improvements have been met. There could also be certain impositions such as mandatory hot reviews for a period of time until the reviews show that audit work has improved to an acceptable standard.  In more serious cases disciplinary hearings can result, leading to sizeable fines, audit registration withdrawal and in the most serious of instances, expulsion from memberships. 

This article will look at some of the things you can do in order to survive the visit – some of which are fairly routine, but it is surprising the number of accountants who forget!  The article will concentrate mainly on audit clients, but you should also expect a request for the officer to review non-audit files.

Professional Indemnity Insurance (PII)

You must have PII in place!  Make sure that your PII arrangements are in place and up to date.  “I forgot about it” isn’t really going to bode well with regulatory bodies. 

Maintenance of Policies and Procedures

In the UK and Ireland, ISQC 1 International Standard on Quality Control requires audit firms to put in place policies and procedures in relation to their audit work.  The general principle in ISQC 1 is to ensure a firm’s audit work is of good quality and procedures are in place in relation to reporting responsibilities, dispute resolution and that reports issued by the firm are appropriate. 

The ICAEW's Quality Assurance Department (QAD) confirmed that, in the most part, firms do have procedures which are appropriate in their circumstances. The major problem monitoring officers encounter is that such policies and procedures are not adequately documented, particularly when firms come to evaluate the outcomes of their annual cold file reviews.  When you submit a file for cold review, you must ensure that you address any weaknesses within the feedback from the reviewer immediately. 

Staff Training

Even the smallest firms who undertake audit work need training. This is particularly the case now with the new Clarity ISAs in place to make sure you are applying the clarified ISAs correctly and completely. Professional institutes impose mandatory CPD, which is not just about attending courses, but also other activities such as reading AccountingWEB if you find something helps you in your professional development.  Where regulators view follow-up actions necessary because of poor quality work, it is generally down to either a lack of training or fee pressure!

Audit Documentation

Very often, one of the most frequently criticised areas of files is that of inadequate documentation.  A lot of information is stored in auditor’s heads and not documented on file. QAD have identified four particular areas where firms are failing on adequate documentation:

  1. The identification of non-audit services which are provided to the audit client.
  2. Consideration of threats that arise.
  3. The safeguards which the firm has put in place to manage the threats identified.
  4. Whether the issues in 1 to 3 above have been communicated to those charged with       governance, where applicable.

With regards to point number 1 above, firms can provide non-audit services to small companies by applying the Provisions Available to Small Entities (PASE).  PASE allows firms to provide non-audit services without putting in place safeguards against threats to independence and objectivity.  That’s all well and good, but QAD have a problem with firms who do not understand how PASE works.  For example, paragraph 7 of PASE states that when you undertake an audit for a small audit client (‘small’ as defined in the eyes of the Companies Act 2006), you do not have to put any safeguards in place in respect of a self-review threat, provided that the client:

  • has ‘informed management’; and
  • the audit firm extends the cyclical inspection of completed engagements that is performed for the purposes of quality control.

If you feel unsure about how PASE works, then download a copy of it from the APBs website.

Monitoring officers often criticise firms for not documenting procedures adequately enough in audit files, particularly in areas such as risk assessments and consideration of key areas of the financial statements such as where estimates and judgements are needed.  For example, the clarified ISA 315 requires firms to:

  • Evaluate if management have created and maintained a culture of honesty and ethical behaviour as well as whether the control environment provides an appropriate foundation for internal controls.
  • Determine how related party transactions and relationships are identified, authorised, accounted for and disclosed, including those outside the ordinary course of business.
  • Establish how control is exercised over journal entries.
  • Determine how, in preparing the financial statements, estimates are made, subsequent events identified and necessary disclosures determined.
  • Consider how business risks affecting the financial statements are identified, their significance estimated and the likelihood of occurrence.
  • Also consider how risks are identified and managed in the absence of a documented process.
  • Consider how financial performance is evaluated.

If you say that you have considered all these issues at planning, but do not document them, the inspector will be very quick to criticise you.

Insufficient Work

ISA 500 requires audit evidence to be both sufficient and appropriate.  ‘Sufficient’ refers to the quantity, as well as the quality, of the audit evidence. ‘Appropriate’ refers to the quality of the audit evidence as well as to the relevance and reliability of the evidence.  The evidence you gather must support the audit opinion expressed and firms are frequently criticised for expressing (say) an unqualified audit opinion when the file does not contain sufficient and appropriate audit evidence to suggest this opinion is, in fact, appropriate. 

Consideration of ethical standards

There are quite a lot of instances when threats to independence and objectivity are present, but no safeguards are put in place to minimise these threats to an acceptable level.  From my conversations with practitioners, it seems this is the case because many practitioners are so engrossed in making sure they comply with the clarified ISAs that they put the ESs to one side – which is a risky strategy!  Issues such as fee dependence, long association and non-audit fees are some of the most frequently cited breaches.  Firms are breaching ESs when they deliberately manipulate the audit fee in order to secure non-audit work.  Paragraph 7 of ES 4 is specific on this issue and does not allow non-audit work to influence the fees for audit work.

Client advice

Some inspectors are advising firms to fully document the advice that they give to clients. This can be done by way of a ‘file note’ and the aim is to ensure that all advice given to a client is documented in order that others within the firm can quickly get ‘up to speed’ with the file, when required, as well as protecting the firm in instances of any client disagreement.  If you currently don’t do this, it might be worth implementing this system to demonstrate best practice.

Management accounts

Lots of firms prepare interim management accounts, particularly for non-audit assignments. It is always advisable to have a client approval page stating that the management accounts have been prepared from information and explanations provided to the firm from the client (something similar to the accountants report in unaudited accounts). 

Practice Records

Remember, the regulators are interested in the practice as a whole.  The visit will usually entail file reviews and then how the firm is managed which will also involve a review of the firm’s books and records, bank accounts and such like.  Partners must therefore make sure that they keep their own house in order to avoid any criticisms from monitoring officers.

Key Areas on Client Files

I have reviewed many files over the years for firms and some of the ‘hotspots’ which I have come across during these reviews are detailed below.  It is also worth pointing out that these ‘hotspots’ are also frequently criticised by the regulators.

  • Lack of audit work performed on provisions, such as warranty provisions and other material estimates.
  • Forgetting that the ‘existence’ assertion for fixed assets should be corroborated by testing fixed assets that have been brought forward from the previous year.  Often audit firms concentrate wholly on additions during the year.
  • Where trade debtors that fall due after more than one year are material in relation to net current assets, they should be shown separately on the face of the balance sheet (per UITF 4).
  • Insufficient subsequent events testing because the firm forgets that the subsequent events review should cover a period of 12 months from the (expected) date of the auditor’s report.
  • Stating that an impairment review has been undertaken, but there is no evidence on file to support this claim.
  • Trade debtors circularisation being used as evidence to support the valuation assertion – circularisations do not give comfort over the valuation assertion.  An alternative procedure would be to use after-date cash testing.
  • Where financial statements were not audited in the previous year, the auditor’s report must refer to this fact.  Often this is forgotten about, so make sure you get it in.
  • Insufficient work on going concern – practitioners should undertake a going concern assessment for clients which claim audit exemption, particularly in more challenging economic times.  The FRC have issued guidance on going concern which you should consider when deciding on whether, or not, financial statements need reference to going concern in the disclosure notes.  For audit clients, going concern consideration is dealt with in ISA 570 Going Concern and in some particularly worrying cases, going concern is usually just addressed in the written representation obtained from the client with very little, or sometimes no other, audit work being carried out on going concern.
  • If a client has stock which is material to the financial statements, the auditor must attend the stock take as per ISA 501 Audit Evidence – Specific Consideration for Selected Items.  Sometimes this procedure is not undertaken, so if you do have a client that has a material amount of stock, make sure you attend the count.
  • Lack of net realisable value tests on stock.  In many cases a net realisable value test is not undertaken at all. 
  • Where experts are used there is sometimes little evidence on the file that the key assumptions and underlying source data used has been considered.
  • Written representations being used as sole audit evidence – this lends itself to the possibility of an incorrect opinion being formed, particularly if alternative procedures have not been adopted in areas such as related party transactions. 
  • No evidence that an audit planning meeting has taken place and where a planning meeting has been documented on file, there is often no evidence that key members of the team (e.g. seniors or the audit manager) have attended the meeting.
  • When fraud in relation to revenue recognition has been deemed as not appropriate to the client’s particular circumstances, there is often no documentation as to why this is the case. 
  • Expressing an unqualified audit opinion when there is insufficient and / or inappropriate audit evidence on file for the material areas of the financial statements.  This is a very popular breach of the rules!
  • An out-of-date letter of engagement.  As the new clarified ISAs are being used, new letters of engagement are required because ISA 210 has new requirements for the ‘preconditions’ of an audit to be included in the engagement letter.  Also you should ensure that you review the terms of the engagement annually and consider if the client should be reminded of the terms. 

This article has looked at some of the more fundamental issues which regulators such as QAD and ACCA monitoring officers will be particularly interested to make sure you’ve got right. The visit should be viewed as an opportunity to discuss areas of the practice which you feel might need strengthening.

In some unfortunate cases, however, visits go badly and the levels of action taken against the member firm can vary depending on what has actually gone wrong, or not been done. There are many external reviewers who can undertake reviews of files and in-house practice procedures and offer advice on what you are doing well and what you might need to improve so that when the ‘official’ visit occurs, you can demonstrate that you acknowledge the importance of good quality control and are at least trying to get things right. 

Steve Collings is the audit and technical partner at Leavitt Walmlsey Associates and the author of ‘The Interpretation and Application of International Standards on Auditing’ (Wiley March 2011) and ‘The AccountingWEB Guide to IFRS’ (Sift Media May 2011).  He also lectures on auditing and financial reporting issues.

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.