SAICA recently hosted representatives from the International Auditing and Assurance Standards Board (IAASB) and received first-hand feedback on their work relating to quality control and related projects, with touchpoints regarding audit quality and how this is set to affect practice going forward
The objective of the IAASB, being an international independent standard-setting body, is to serve the public interest by setting high-quality international standards for auditing, assurance, and other related areas, thereby enhancing consistency and quality of these services provided by the accountancy profession throughout the world. This then translates into the continued relevance and value of auditing, assurance and related services, and confidence of users in the profession.
In line with the strategic objective of the IAASB to develop and maintain high-quality audits, the priority projects that are currently under way include the revision of the following standards:
- ISA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures (ISA 540)
- ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment (ISA 315 (Revised))
- Quality Control Standards, including ISQC 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Service Engagements and ISA 220, Quality Control for an Audit of Financial Statements (Quality Control Standards), and
- ISA 600, Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) (ISA 600) The question that comes to mind is why these specific projects have been identified and how do they relate to the broader focus on enhancing audit quality. Based on the first-hand feedback received, the reasons cited for this were clarified, as follows.
ISA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures
Accounting estimates are an integral part of the financial reporting process and as such, it would be unlikely that ISA 540 would not feature in the audit of a set of financial statements. This project started with a focus on the issues relating to the audit of financial institutions in the context of the pending effective date of IFRS 9, Financial Instruments (IFRS 9); and more particularly the new approach to the recognition, measurement, and disclosure of loan loss provisions.
As this project progressed, it became evident that the difficulties being experienced in practice were not unique to IFRS 9 and financial institutions; it was much broader than this. The issues relating to complexities of accounting estimates; the nature of judgement involved; the extent of management judgement; including the level of subjectivity and estimation uncertainty were prevalent in other areas, such as revenue, leasing, tangible and intangible assets, insurance contracts, etc. It was then decided that this project should not be approached as a quick fix in response to IFRS 9 and a review of the standard as a whole should be performed in addressing all the relevant issues that are being experienced by auditors in auditing accounting estimates of different nature and complexity.
A project update was issued in March 2016 and more recently, the exposure draft of the revised ISA 540 was issued; with a comment deadline of 1 August 2017. The IAASB have applied a different approach in revising this standard, including the introduction of a scalability model; recognising the vast spectrum of applicable accounting estimates and the challenges in drafting a standard that caters for all possibilities.
The specific focus on the scalability of standards is also a clear indication that the IAASB is conscious of the needs of small and medium practices, as well as the application of its standards in the audit of smaller entities.
ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment
As part of the clarified ISAs’ post-implementation review, one of the standards that emerged with the biggest challenges and in-practice issues was ISA 315 (Revised). ISA 315 (Revised) is foundational to the audit in that it drives the work effort of the auditor; yet there seems to be a gap between the planning, including the risk assessment performed in identifying and assessing the risks of material misstatement of the financial statements and the further audit procedures that are ultimately performed. At this point, this appears to be an implementation issue rather than a problem that needs to corrected in the standard. The IAASB may therefore consider other avenues that can provide implementation guidance.
Other issues relating to ISA 315 (Revised) that the IAASB are currently grappling with include:
In terms of ISA 315 (Revised), the auditor performs all this work to understand the entity and its environment but what does the auditor actually do with all this information and how does this then feed into the identification and assessment of risk.
Qualitative risk factors. This concept emerged as part of the ISA 540 project and the IAASB are considering this concept in revising ISA 315 (Revised). The crux of the concept of qualitative risk factors is that the auditor creates an expectation of where there could be risks of material misstatement based on qualitative risk factors, such as complex areas; areas where there is ambiguity; areas open to interpretation; areas where there has been change or areas where there is uncertainty. These expectations are then either confirmed, or rejected based on the planning performed.
Strengthening the link between the auditors understanding of the entity and its environment and the risk assessment. This goes back to the concept of the auditor creating an expectation about where the risks of material misstatements could be, based on an understanding of the financial reporting framework and taking into account qualitative risk factors.
The concept of internal controls relevant to the audit and the meaning of this.
The concept of significant risk, the approach to the identification of significant risks and the sufficiency of the response to risks other than significant risks; introducing the concept of a ‘spectrum of risk’, as opposed to a primary distinction between significant risks and not-significant risks.
Quality control standards, including ISQC 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements and Other Assurance and Related Service Engagements and ISA 220, Quality Control for an Audit of Financial Statements
In December 2015, the IAASB released their Invitation to Comment, Enhancing Audit Quality in the Public Interest: A Focus on Professional Skepticism, Quality Control, and Group Audits (ITC). Based on the feedback received from the ITC, it was found, among other matters, that the current ISQC 1 does not have a central theme common to all the requirements; it is hard to scale; it is overwhelming for smaller practitioners, particularly where the practices is not audit related or where the client base consists of smaller type entities where the complexities of ISQC 1 do not seem to be appropriate.
In the ITC, the concept of a quality management approach (QMA) to quality control was introduced; an approach based on the notion of the firm being more proactive in thinking about how to manage quality at the firm level, in the context of identifying and assessing its quality risks and implementing appropriate policies and procedures in response to the assessed quality risks. QMA also seems an opportunity for the IAASB to build the platform that would enable the drafting of a standard that is capable of being scaled. The IAASB are sensitive to not lose the robustness of the existing standard (that is, the key elements of a firm’s quality control system). It is therefore foreseen that the revised standard will also demonstrate how the firm would incorporate the existing elements contained in ISQC 1 into its quality management system (QMS).
With respect to quality control at the engagement level, in the initial review of ISA 220, the IAASB are trying to drive the principle of a QMS down to the level of individual audit engagements. The engagement partner remains solely accountable and responsible for the QMS at the engagement level. The IAASB have also recognised that ISA 220 can drive a more proactive consideration of how/where things could go wrong with respect to quality at the engagement level. Therefore, deliberations are focused on how to make the current requirements contained in ISA 220 more adaptable to the specific characteristics of a given engagement and how the engagement partner is going to practically direct and supervise the engagement.
ISA 600, Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors)
ISA 600 is seen to be a useful standard in that it helps firms in developing audit methodologies in relation to group audits, including dealing with components and the work of component auditors, and designing a group audit approach; thinking about the significance of the components, etc. However, ISA 600 also contains gaps in that auditors are required to incorporate foundational concepts that are not addressed in the standard into the audit methodologies, including the consideration of challenges/risks that face the audit, such as:
Where there is one significant component and many much smaller components, how does the auditor deal with this?
How does the auditor deal with the decentralised nature of the engagement?
How does the auditor deal with the client’s use of shared services?
What does the engagement partner do when they cannot gain access to a component auditor’s working paper?
Furthermore, there is not a clear understanding of how ISA 600 interfaces with ISA 220 and how the auditor really applies the principles of ISA 220 when dealing with another auditor.
The IAASB are cognisant of the fact that there is work to be done on ISA 600 and in the same way, they recognise that the project relating to the revision of the quality control standards needs to be advanced first in order to link the concept of a QMS to the special consideration contained in ISA 600.
In closing
The IAASB’s project relating to the revision of ISQC 1, which is focused on the overall objective to enhance audit quality, is seen as the foundation to the completion of the other projects and is therefore receiving priority at this point.
The other projects, namely the revision of ISA 220, ISA 315 (Revised), ISA 540 and ISA 600, also all relate to the activities of the IAASB aimed at strengthening professional scepticism in enhancing audit quality. The areas relating to the firm’s QMS and professional scepticism are multifaceted, complex projects that need to be fed into the other projects and can therefore not be seen as once off, quick fix revisions to an isolated standard(s).
The standard-setting process is a lengthy, time-consuming exercise. It is further complicated by the evolving environment in which audits are being performed. However, in setting standards that followed a robust process, contain clear principles, requirements and application material, and are capable of being adapted to changing environments, the auditing and assurance profession will be placed in good stead in continuing to provide investors with confidence in the assurance process.
Author: Hayley Barker Hoogwerf is Project Director: Assurance at SAICA