Is this a ‘good’ audit file?
In an age where auditing and financial reporting are heavily regulated by both the professional bodies and external regulators, such as the Audit Inspection Unit, practitioners often ask me during lectures whether their files would "pass" an inspection.
Clearly I cannot determine whether a file would pass without seeing it, but I can highlight some key areas where practitioners often trip up during external reviews which may offer some solution as to how firms should improve their files to enable them to stand up to scrutiny by an external inspector.
One of the most frequently cited deficiencies in a review of a file is the fact that an up to date engagement letter is not on file. Where an engagement letter is on file the audit engagement partner should review the terms of the engagement and consider whether the client needs to be reminded of the terms.
Under the “clarified” ISAs, audit firms will need to update their engagement terms to ensure they reflect the “preconditions” of the engagement under ISA 210 Terms of Audit Engagements.
Remember, you should not undertake an audit without a signed letter of engagement in place.
If a file is going to fail an inspection, the chances are that it will fail on either planning or completion. Firms who undertake audit work without doing any sufficient planning are essentially “doomed”.
Sound planning will include:
- detailed notes on what the client does and how it conducts its operations
- business and audit risks
- how management identify and manage business risks
- the internal control systems and the effectiveness of the control environment
- matters arising from prior year files
- significant financial reporting issues and a review of the critical accounting policies
- debt and financing structure
- investments and group activities (where applicable)
- objectives and strategies of the business
The planning meeting held between the audit team members will also be included within the planning section, together with any preliminary discussions held with the client pre-audit. Regulators frequently cite inadequate planning as one of the key “hotspots” when they undertake inspections.
Also, remember that under the clarified ISAs, the audit team discussion must cover the susceptibility of material misstatement of the financial statements due to related party issues as well as fraud.
In a lot of cases audit files will contain the abbreviation “N/A” in quite a number of areas. It is worth mentioning that some regulators are considering the abbreviation to stand for “not attempted” as opposed to “not applicable”. In cases where an audit test is deemed to be not applicable it is often beneficial to include a reason as to why the auditor considers such a test to be “not applicable”, for example if a standard audit procedure would not generate sufficient appropriate audit evidence, for whatever reason, it should be documented as to why the test would be inadequate and what alternative procedures have been used.
Lack of evidence
Along with poor planning, a lack of audit evidence is up there with the regular “hotspots”. Under the ISAs, audit evidence needs to be both “sufficient” and “appropriate”. ISA 500 Audit Evidence recognises “sufficiency” as the measure of the quantity of audit evidence, whereas “appropriateness” is the measure of the quality of the audit evidence.
It is a sad fact that audit firms frequently appear in the disciplinary pages of their professional institute’s magazine for issuing unqualified audit opinions when the audit evidence they have gathered is both insufficient and inappropriate (i.e. the evidence does not support the opinion expressed).
On the flip side of lack of evidence, be careful not to “over-audit” certain areas. Spending hours and hours auditing a £200 petty cash balance is inappropriate or over-auditing certain areas of the accounts because they are “easy” is a waste of resources. Also remember that photocopying reams of invoices is also unnecessary, though copies of invoices might be obtained for tax purposes but could well be put on a separate accounts file.
During file reviews it is clearly obvious that materiality has been calculated at the planning stage, but then completely forgotten about during the course of the audit. Materiality must be reassessed when facts come to light which might have caused a different materiality level to be considered. Also, do not forget the new concept of “
” which I covered in a recent article. This is to be applied on high risk areas, such as related parties and directors’ remuneration.