Among the many recent and upcoming initiatives to enhance audit quality there is one underdog that could really shift the landscape, but will it be soon enough? Could ISQM 1 be the secret weapon we do not even realise we have?
There has been extensive debate lately on how to ‘fix’ audit quality. One must consider whether that is a concept with real substance. Accompanying the audit quality debate, one often encounters the expectation gap debate, the argument being that the public is expecting more of auditors than professional standards and applicable regulations require of them. What is clear, however, is that whatever the cause of the various incidents we have seen in the corporate landscape locally and abroad, something has to be done and the current situation cannot continue indefinitely.
There is no shortage of initiatives, both locally and abroad, to enhance audit quality. The IAASB has undertaken various initiatives, for example the inclusion of NOCLAR requirements in the IESBA Code and the launch of a project to look at the role of the auditor in relation to fraud and going concerns during 2020. Locally we have seen the IRBA implement a number of initiatives specifically focused on audit quality in the South African market, such as the requirement for audit firms to report to the regulator certain audit quality indicators (AQI), increased financial sanctions for disciplinary transgressions by auditors, and the upcoming implementation of mandatory audit firm rotation (MAFR). No auditor in South Africa will deny the landscape is changing and that there is ever-increasing pressure on auditors to achieve high levels of audit quality.
All the above initiatives were implemented or undertaken with thorough stakeholder consultation and planning, but it is still very important to acknowledge that no one initiative will ‘fix’ audit quality in the eyes of the public. It is practically impossible for an audit to provide absolute assurance of material misstatement in financial statements and likewise, it is just about impossible for an audit to give even reasonable assurance over the absence of fraud in financial statements, unless materiality is taken into account. To educate the public on these concepts would be immensely challenging, and hence the risk of an expectation gap will always exist. The initiatives under discussion will, however, without a doubt go some way towards improving audit quality.
A fundamental challenge to improving audit quality is the slowness of the feedback loop, especially to the public. If one considers MAFR as an example − with implementation in 2023 one would expect to see improvements in audit quality as a result of MAFR sometime after that, and for those results to filter into regulatory inspections and then to the public via regulatory reporting could take several more years. The reality is that the current corporate failures we are living through were subjected to audit work that took place, in most cases, five or more years ago and cannot be taken as a proxy for the levels of audit quality in any of those firms right now.
The other challenge with these initiatives is that while they may be effective, they are not likely to target the specific challenges of any one firm with their own audit quality. Take for example the IRBA Public Inspections Report on Audit Quality which is issued every year. Considering the variety of findings in that report, it is evident that there could be many different root causes in various firms that give rise to these findings.
Audit firms play a large part in improving and measuring their own audit quality, and in my view, ISQM 1 will play a vital role in enhancing audit quality globally because of this. The overarching principle of ISQM 1 is that the standard is scalable and allows firms to evaluate the risks that threaten their quality objectives and implement responses suitable for that particular firm to those risks. This will allow firms to do an honest evaluation of what gives rise to audit quality issues, or internal or external inspection findings, and customise their approach to addressing those risks and managing audit quality.
An important cog in the engine of ISQM 1 is that its implementation will have to be perfectly regulated. Globally regulators will have the challenging task of ensuring that the regulation is robust enough to ensure comprehensive adoption of the standard but at the same time flexible enough to allow firms to implement the standard with a meaningful measure of customisation and scaling. Firms, on the other hand, will be responsible for implementing the standard with a high level of honesty and a commitment to truly modernise and tailor their approach to quality management. Any attempt to create responses to quality risks will be meaningless if the assessment of the risks is not honest and authentic.
ISQM 1 provides an opportunity to make a significant move towards the expectations of the public of what a good audit is. The opportunity for firms to tailor their approach and channel treasured resources to where they will be most effective is invaluable, but implementation will be difficult to regulate. However, the biggest challenge for the public, regulators and firms is that we are likely to require significant patience to see the results of ISQM 1 through improved audits and regulatory inspection reporting in the public domain.
Ewald van Heerden CA(SA), Quality and Risk Management Partner at Mazars