KEEP A SCEPTICAL EDGE

KEEP A SCEPTICAL EDGE

Familiarity With a client and the self-review threat don’t have to impede an auditor’s performance.

A professional auditor is trained to be sceptical from his or her first day on the job, and he or she needs to maintain this scepticism throughout the course of every audit. In larger engagements, safeguards are put in place to ensure that scepticism is always reinforced; a junior auditor’s judgements regarding audit evidence are questioned by the engagement audit senior, whose judgements in turn are questioned by the audit manager, whose judgements are in turn questioned by the audit partner, and so on.

While there are mechanisms to promote scepticism in multiperson audit engagements, ensuring scepticisms during the audit of a micro-entity, when the auditor often works alone, is not as straightforward. For example, consider this situation. An auditor, engaged by a client for the past few years, expects to perform the audit engagement alone. The client is run by an experienced executive director, who is also in charge of finances, and an active board of directors that has experience in governance. Management ask the auditor to help draft the annual financial statements. There has not been a lot of change in the client’s sector over the past year and the numbers in that year’s trial balance appear reasonable. Overall, this audit appears to be low risk and the auditor expects to complete the engagement in a day or two.

In this scenario, what should the auditor do to ensure sufficiently sceptical attitude, especially when receiving information and answers from management and following up unusual trends? More specifically, how will the auditor meet the standard of scepticism required in every audit? To answer these questions, it is important to understand scepticism requirements.

The relevant audit requirements regarding scepticism is stated in International Standards of Auditing (ISA) 200.15: “The audit shall plan and perform an audit with professional scepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated.”

This principled requirement is supported with application material in ISA 200 A18 to A22, which explains why scepticism is important to an auditor’s responsibilities: “The auditor cannot be expected to disregard past experience of the honesty and integrity of the entity’s management and those charged with governance. Nevertheless, a belief that management and those charged with governance are honest and have integrity does not relieve the auditor of the need to maintain professional scepticism or allow the auditor to be satisfied with less than persuasive audit evidence when obtaining reasonable assurance.

And therein lies the problem. How does an auditor working alone maintain a sceptical edge while auditing a very small entity? This requires that an auditor overcome the power of suggestion and familiarity with management and those charged with governance, believing they are honest and have integrity thanks to past experience. Unless sufficient safeguards are in place in such an environment, an auditor may too readily accept the information and answers and fail to follow up unusual trends.

One of the great benefits of partner and staff continuity on any audit is the specific knowledge that the independent auditor learns over time and applies to that engagement over the years. As well as making for an efficient audit, having past experience can both facilitate good communication and make it easier for an auditor to spot problems and make workable recommendations for changes when needed.

The benefits of staff continuity generally outweigh the danger of familiarity, provided adequate safeguards are in place to guard against a threat to independence. Having adequate safeguards is especially important if the auditor is working alone.

The challenges face by an auditor working alone and second guessing his or her work must be overcome. For example, assisting management in statement preparation is seen by clients as a value-added service. Helping management prepare statements with the auditor will then audit typically does not pose a significant threat to independence, provided there are a few or no difficult accounting judgements required for statement preparation, which is often the case with micro-entity financial reporting. However, an auditor must nonetheless have adequate safeguards in place to guard against the self-review threat, as micro-entity management usually has little to no understanding of the financial report framework and relies heavily on the auditor’s experience.

SAFEGUARDING THE SCEPTICAL EDGE WHILE AUDITING MICRO-ENTITIES

Ensure pre-conditions for engagement acceptance are in place (ISA) 210.06). Not only may micro-entity management not have a good understanding of the financial reporting framework and ask the auditor to have a significant role in statement preparation, but management also may not understand that it is ultimately responsible for its financial statements. As a result, the auditor must first determine whether management is capable of accepting that responsibility before starting the audit. Key elements of management’s taking responsibility are understanding and approving the information in those statements.

It is as the engagement acceptance stage that the auditor should also consider whether there are sufficient safeguards in place to mitigate the self-review threat. This is the time to ask such questions as: what significant judgements are required for statement preparation? Are any of them usual for this type of client? Are there likely to be any management biases? Are the reporting deadlines unusually tight?

To help the auditor determine if his or her judgement is sound when forming his or her audit opinion at the end of the engagement, the auditor should determine if:

  • There may be any inconsistent evidence, unreliable documents and answers to questions or evidence of management bias;
  • Communication with the client throughout the audit has been satisfactory; and
  • There have been any unreasonable delays in obtaining information.

Know the client’s business. A significant factor in evaluating the persuasiveness of audit evidence is being able to compare it with the expectations, which helps the auditor look out for danger signals. It is essential to know enough about a client and its business to develop meaningful expectations, such as the expected ratio of staff costs to revenue, cost-of-sales to sales, investment income to investments. It is critical to establish an acceptable range outside of which additional audit procedures would be required.

An auditor is required to perform analytical procedures at the beginning of every audit to assist in the identification of risks of material misstatement (ISA) 315.05 (R)) and must also perform a similar task prior to signing the audit report (ISA 520.6 and ISA 700.11). The auditor should document his or her thought process used to arrive at the original estimates, and his or her conclusions when comparing actual results with those estimates. If an auditor’s work is not reviewed by someone else, it is important to be careful to ensure there is sufficient appropriate evidence to explain the unexpected and that documentation reflects an appropriate degree of professional scepticism.

INTRODUCE AN ELEMENT OF THE UNEXPECTED INTO EVERY AUDIT

Audit standards require introducing an element of the unexpected in every audit. Spending time obtaining additional audit evidence over and above what would normally be obtained could unearth an industry insight or an unsuspected area that requires additional audit emphasis, and perhaps a control improvement. Examples of additional work could include an increased focus on payroll processing, expense report documentation and approval, approval of electronic payments, computer backup and security procedures or the budget process.

PERIOD FILE REVIEW

The quality control standard for firms requires that every engagement partner have an independent monitoring review of an assurance engagement file on a cyclical basis, for example once every three years (ISQC1 48(a) and A66). This requirement helps ensure that judgements and evidence of professional scepticism are adequately documented. File review can only strengthen every engagement partner’s professional performance, especially when the auditor performs engagements alone. Having one file reviewed every three years is likely not frequent enough, especially where an auditor’s work is not often reviewed by a second person.

Reference:

Small & Medium Practice Newsletter – Quarter 1 2016