Save content
Have you found this content useful? Use the button above to save it to your profile.
shaft of light showing the way | accountingweb | Professional scepticism in an audit
iStock_travislincoln_shaft_of_light

How do you demonstrate professional scepticism?

by

With no standard way to demonstrate professional scepticism in audit, Steven Collings looks at some case studies to help shine a light on the way ahead.

5th Dec 2023
Save content
Have you found this content useful? Use the button above to save it to your profile.

One of the most frequent criticisms when it comes to regulators and reviewers assessing audit work is evidence of a lack of professional scepticism. Professional scepticism is something that cannot be taught. International Standard on Auditing (ISA) (UK) 200, Overall objectives of the independent auditor and the conduct of an audit in accordance with international standards on auditing (UK) defines professional scepticism as: “An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.”

Training staff to maintain professional scepticism can be a fine art. However, when applied, it enables the auditor to exercise professional judgment, especially concerning decisions about:

  • the nature, timing and extent of audit procedures to be performed
  • whether sufficient appropriate audit evidence has been obtained, or whether more procedures need to be carried out
  • the evaluation of management’s judgments when arriving at amounts and disclosures in the financial statements
  • conclusions drawn based on the audit evidence obtained – for example, assessing the reasonableness of accounting estimates made by management in the accounts.

The concept of professional scepticism

The problem that many auditors have with the concept of professional scepticism is that there is no single way of demonstrating how it has been applied. With this article, the hope is to provide some light at the end of the tunnel where audit firms have received feedback that their files demonstrate a lack of professional scepticism. I will do this by using some discussions with various file reviewers over the past year. 

These discussions have taken place in both lectures and through a request for feedback for a project I am currently working on. During these discussions, no client names were mentioned and the people I spoke to have been anonymised. This is one particular discussion I had with a reviewer who I will refer to as Mr F. 

An audit firm had been subjected to a routine monitoring visit by their professional body. The professional body concerned inspected two audit files and “significant improvements” were required on both files. Consequently, the professional body required the firm to obtain pre-issuance reviews (also known as a hot review) and to submit the results of this review to the professional body before signing the auditor’s report.

Mr F carried out the next pre-issuance review in his capacity as independent reviewer (note, this review took place before the publication of ISQM (UK) 2 Engagement Quality Reviews). During his review he noted the auditor had stated on every area of the audit file: “I have applied professional scepticism in this area of the audit.”

Mr F said that there was no evidence of professional scepticism being applied in key areas of the audit that require judgment. While there were notable improvements made to the audit file from the previous inspection by the professional body, the demonstration of professional scepticism was lacking and simply concluding that professional scepticism has been applied will often not be sufficient to demonstrate its application.

Demonstrating professional scepticism

So how can we demonstrate that we have applied an appropriate degree of professional scepticism during an audit if merely concluding that we have done so is not enough?

The first port of call will, of course, be the firm’s system of quality management which must be compliant with the requirements of ISQM (UK) 1, Quality management for firms that perform audits or reviews of financial statements, or other assurance or related services engagements. The audit firm will need to have policies and procedures in place that contain specific emphasis on the importance of exercising professional scepticism.

One of the ways in which a firm can demonstrate the application of professional scepticism is in the audit team discussion at the planning stage. An important part of the team meeting is for the team to discuss the susceptibility of the financial statements to material misstatement, including fraud. I’ll demonstrate a common pitfall through the use of another discussion I had with another file reviewer.

Ms G is a file reviewer who conducts pre- and post-issuance (“hot” and “cold”) reviews. Ms G told me that one of the most common issues she sees in audit files is a phrase along the lines of: “We are not expecting fraud to arise in this year’s audit as none arose in previous years’ audits and we have acted for the client for a number of years.”

Many audit firms fall into the trap of relying on past experience concerning the honesty and integrity of clients and hence make such a statement in the planning section of the file.

The audit engagement team must set aside their previous experience of management (in terms of their integrity and honesty) and focus on how the financial statements could be materially misstated due to fraud or error. Here are some examples.

  • If there is a lack of segregation of duties in the payroll cycle, a “ghost” employee could be set up and funds diverted into the fraudster’s bank account.
  • Fictitious suppliers could be set up on the purchase ledger from which to divert funds.
  • If there is a lack of authorisation procedures (especially in purchasing), goods could be purchased for an individual’s own use. 
  • If there is a complex group structure or several related parties, this could be a fraud risk factor.
  • Dominant management may override the system of internal control for personal financial gain.
  • Regular control account write-offs could be indicative of a fraud risk factor, particularly on bank reconciliations. 
  • A weak internal control environment can create a higher risk of misstatement due to fraud. 

Note, this is not a comprehensive list. 

Ms G confirmed that if a reviewer sees comments on a file stating that there is no expectation of fraud at the planning stage, the likelihood of the audit engagement team applying professional scepticism throughout the audit is typically very low. 

Scepticism at the planning stage

During the planning meeting, questioning how the financial statements could be misstated due to fraud and/or error and documenting those situations demonstrates that there is professional scepticism being applied at the planning stage of the audit.

During the course of the audit, maintaining a questioning mind (and documenting how that has been done) will demonstrate professional scepticism. Here’s another conversation I had with a file reviewer.

Mr L has worked at various training organisations over the years and carried out reviews of audit work for firms acting for non-public interest entity clients.

During the review of the audit work on provisions, Mr L noted that a material provision had been made in the financial statements that related to a legal dispute. The recognition criteria for the provision had apparently been met. Audit work merely consisted of recalculating the provision and obtaining a written representation. 

Mr L failed the file, not only on the area of provisions, but also on other areas such as sample sizes being 20 throughout the audit with no evidence of how the samples had been arrived at. However, in respect of the provisions cycle, the questions that should have been asked by the audit engagement team include the following.

  • Have the recognition criteria for a provision been met? In other words, is there an obligation as a result of a past event that is probable (more likely than not) to result in an outflow of economic benefits that can be reliably measured? 
  • How has management arrived at the provision? Merely recalculating the provision is not enough.
  • What is the risk that the provision is misstated?
  • Have there been any payments made post-year end that confirm the valuation (valuation being a key assertion) of the provision?
  • Is there any correspondence from lawyers or the third party involved in the dispute that can quantify the level of the provision?

Mr L confirmed that there was clearly no professional scepticism being applied in this area because the audit engagement team had not challenged management over the provision. They had accepted the recognition criteria had been met without any thought as to whether this was the case, or not. There was no management challenge over the value of the provision and because a provision is essentially a liability of uncertain timing or amount, there is a risk that this provision could be misstated as a way of trying to manipulate the results in the financial statements.

Obtaining a written representation is also not enough. ISA (UK) 580, Written representations confirms that, on their own, written representations are insufficient audit evidence and should serve to complement other forms of audit evidence. In this particular scenario, the auditor over-relied on a written representation, which should be avoided. 

As the provision was material, this insufficient work increased audit risk (the risk that the auditor forms the incorrect opinion on the financial statements). If audit evidence was lacking, the auditor may have found it necessary to modify (qualify) the audit opinion due to a limitation of scope. 

Revenue recognition

ISA (UK) 240 The auditor’s responsibilities relating to fraud in an audit of financial statements singles out revenue as a potential fraud risk. A common pitfall that audit firms tend to fall into is where they rebut the presumption that fraud in relation to revenue recognition is not applicable to the client. Again, this can lead reviewers to conclude that professional scepticism is not being maintained on the audit. 

Discussions with various file reviewers indicate that they often see that auditors have either overlooked revenue recognition completely or that only specific assertions have been audited. 

Rebutting the risk of fraud in relation to revenue recognition in its entirety is permissible, but only in very limited situations. Examples include a holding company that only earns bank interest. Therefore, in the majority of cases, the risk of fraud in relation to revenue recognition cannot be rebutted. 

Document every challenge

The key to demonstrating professional scepticism on an audit file is to document what has been done and to document every challenge at each stage of the audit. It can (and often is) tricky to document professional scepticism because there is no prescriptive way of doing this. Not taking everything at face value that is presented to the audit engagement team by the client and questioning various transactions in the financial statements (especially those that involve significant judgments and estimates) will direct the team on the right path.

Replies (6)

Please login or register to join the discussion.

avatar
By Justin Bryant
05th Dec 2023 14:40

I am skeptical of any professional who rates themselves via overt, excessive self-promotion, like, inter alia, these guys:

https://www.legalbusiness.co.uk/analysis/social-media-influencers-social...

Thanks (1)
Replying to Justin Bryant:
avatar
By Justin Bryant
08th Dec 2023 10:25
Thanks (0)
Replying to Justin Bryant:
avatar
By Justin Bryant
12th Dec 2023 13:04
Thanks (0)
avatar
By SuperAccountingSteve
06th Dec 2023 10:17

In regard to history of no fraud, people change, and their circumstances change (financial pressures), I remember reading once quite a large % 30% or 40% of people will steal, if they think they wont be caught.

Thanks (0)
Replying to SuperAccountingSteve:
avatar
By Open all hours
06th Dec 2023 13:25

In reply to an MLR check some years ago I said that the only way of knowing how to rate any clients risk status was to know the size and colour of the carrot before them and the strength of the stick behind them.

Life can change in a split second and in extremis I would say that any of us and any of our clients are capable of pretty much anything.

Thanks (0)
Replying to SuperAccountingSteve:
avatar
By Postingcomments
06th Dec 2023 14:13

I reckon (ie totally guess) that about 10% of a country will pretty always do the right thing. 10% pretty much always won't.

The 80% in the middle can go either way, depending on risk of getting caught, their circs, the level of temptation etc etc. So you need your checks, even to watch those who have been good year in and year out - because most people can potentially go the other way at any time.

You can never fully trust a person. That's my observation from clients' bitter experiences over the years.

Thanks (0)