Audit: Lessons to be learnt
Drawing on audit failures such as Conviviality, Steve Collings reviews the lessons audit firms should learn from the FRC’s audit quality report.
On 14 July 2020, the Financial Reporting Council (FRC) published the results of their audit inspections. Seven firms were included in the FRC’s review and a total of 130 audits were inspected. The reports indicate various improvements that are needed and highlighted three areas where all firms needed step-up:
- Impairment of goodwill and intangibles
- Revenue and contracts
- Provisions (including loan loss provisions)
A recent AccountingWEB article also highlighted a further issue at Grant Thornton where the firm had been fined £1.95m (reduced from £3m) due to issues relating to technical failures in their audit of Conviviality.
So, are there any lessons which other audit firms can learn from these reports, including ones issued by the relevant professional bodies?
In a lot of cases, the FRC and the various professional bodies highlight certain areas where improvements are needed; and they are usually the subjective areas of the financial statements (for example, revenue recognition, impairment and intangible assets). For smaller firms, documentation issues seem to crop up quite a lot (ie a lack of planning documentation or a lack of documentation which explains the audit procedures applied and the conclusions drawn therefrom).
This article focuses on some of the more common issues that audit firms should take on board to avoid contentious issues arising during an inspection by the FRC or professional body.
FRC Ethical Standard
The FRC issued a revised Ethical Standard (ES) which took effect on 15 March 2020 (except for paragraph 5.42 which refers to the audit of ‘an other entity of public interest’ which applies to periods commencing on or after 15 December 2020) . Key changes reflected in this revised ES include:
- A list of permitted non-audit services for UK public-interest entities (PIEs) – see section 5B of the ES. Generally, these will include non-audit services required by law and regulation and other assurance services which are closely related to the audit or annual report and reporting accountant services. No other services can be provided.
- Additional clarification of the ‘objective, reasonable and informed third party test’ which requires consideration of the perspective of public-interest stakeholders.
- An outright ban for all audited entities on internal audit services, secondments and contingent fee arrangements.
In respect of the third bullet point, there is a ‘cooling in’ period in respect of internal audit services provided to EU PIEs. The provider of internal audit services will not be able to carry out external audit functions until a 12-month cooling in period has elapsed. The transitional provision means that this restriction does not have retrospective application.
There has also been an amendment concerning the ethics partner’s function. There is now a requirement for the audit engagement partner to report to those charged with governance, the firm’s independent non-executives and the FRC or (in the case of a non-PIE) the relevant professional body where the ethics partner’s advice is not followed.
It is important that audit firms understand the requirements of the revised ES to avoid any sanctions being imposed on the individual/firm through non-compliance with the standard.
Other audit-related concerns
Many smaller firms carry out audit services whose work is reviewed by their relevant professional body. Some professional bodies publish reports as to how firms are performing when it comes to audit work and there are several areas which seem to crop up regularly in reviews which can cause problems for firms when it comes to discussing the review. Some of the more common issues are as follows:
- Concluding at the planning stage that there will not be any fraud detected. This issue was touched on in a recent article in respect of the audit team meeting. If a conclusion is drawn at the planning stage that fraud is not an issue, this is likely to demonstrate a lack of professional scepticism.
- Failing to test journals which address the risk of management override of controls (see ISA (UK) 240, para 32). Management override of controls is always a significant risk and care must be taken to ensure that the risk is not inappropriately rebutted by the audit team. If it is rebutted, there must be a strong enough justification.
Revenue and trade debtors
- Failing to test all material income streams or concentrating audit procedures on a significant income stream but leaving a smaller (but material) income stream untested.
- Starting income completeness testing from inside the accounting system (ie from the sales invoice) rather than from outside of the system (ie the customer order or other trigger point of the sale transaction).
- Reliance on trade debtors’ circularisation letters as the main source of audit evidence. A debtors’ circularisation letter will only cover the existence and rights and obligations assertions – they do not address the valuation assertion. Just because the customer agrees a balance may be outstanding at the balance sheet date does not mean they are going to pay it. Hence additional procedures should be undertaken to corroborate the valuation of trade debtors at the balance sheet date, such as extended after-date cash receipts testing.
- Focusing on debtor balances which are overdue and omitting those that are within credit terms. While older balances will need to be tested for recoverability (as there is a higher risk that debtors are overstated if any such balances are irrecoverable), the auditor should also carry out procedures on balances which are within credit terms. If they do not do this, they could leave out a material amount of debtors that are within credit terms.
- With the effects of Covid-19 still with us, the concept of going concern has moved up the ranks of importance. More audited entities are expected to make some going concern disclosures in their financial statements which are Covid-19-related. Keep in mind that management must review a period of at least 12 months from the date of approval of the financial statements and not 12 months from the balance sheet date.
- Where adequate disclosure of going concern uncertainties have been made in the financial statements, the auditor’s report should include a ‘Material Uncertainty Related to Going Concern’ (MURGC) paragraph. An Emphasis of Matter paragraph is no longer used to cross-refer to these disclosures (ISA (UK) 570 Going Concern, paragraph 22). A MURGC paragraph is only used when the material uncertainties related to going concern have been adequately disclosed. If they have not been adequately disclosed, this will result in the auditor expressing a modified audit opinion so a MURGC paragraph will not be appropriate in this instance.
- Professional bodies have reported there is often a lack of evidence that the audit firm has made appropriate inquiries of those charged with governance in respect of related parties. In addition, file reviewers may have come across transactions with related parties that have not been disclosed in the financial statements properly.
- For smaller entities choosing to report under FRS 102, Section 1A Small Entities, such entities are only required to make limited related party disclosures; namely in respect of material transactions that have not been concluded under normal market conditions and have been entered into with:
- owners holding a participating interest in the small entity;
- companies in which the small entity has a participating interest; and
- the small entity’s directors or members of its governing body.
The standard does not define ‘normal market conditions’ so it is always advisable that the auditor of the small entity (where the small entity has an audit for whatever reason) documents their own conclusions in this respect.
- The danger with written representations is that they are relied upon as sole audit evidence. Written representations on their own are weak forms of evidence because they are internally generated and hence should serve to complement other audit evidence.
- The date of the written representation should be as near to, or the same date as, the auditor’s report. The written representation must not be dated after the date of the auditor’s report.
Auditing nowadays is becoming increasingly more complex and as the FRC is starting to revise and reissue auditing standards, this complexity is likely to increase in the future. For firms that carry out audit work, it is always worth reading feedback reports from the FRC and the professional bodies to see if in-house procedures may need to be reviewed.