Welcome to January! This is a great time to re-visit the State of the Audit for 2019 to ensure your preparedness for the upcoming year. Vincent Gaudiuso, CPA MST, is a peer reviewer and Partner at Buchbinder, Tunick & Company. Vincent shared insights into this year’s audit update during a recently Wolters Kluwer webinar about:
- Hot Topics impacting auditors
- Top deficiencies negatively affecting peer review
- How Wolters Kluwer’s Integrated Audit Approach can help
This blog will share some of those insights.
Hot Topic#1: Enhancing Audit Quality
First, enhancing audit quality is a top trend in the profession right now, and the focus of the AICPA. Obviously, quality audits are crucial to safeguarding the public interest. With that said, firms achieve quality audits through systematic and engagement-specific efforts. Additionally, should measure that quality using audit-quality-indicators. Note that there are two types of audit-quality-indictors to consider.
- Audit firm- level indicators, such as:
- Partner workload
- Partner-to-staff leverage
- Training hours, per professional (averaged)
- Technical resources, per professional
- Record of monitoring and remediation, e.g. a firm’s internal quality review results
- Audit professionals & engagement-level indicators, including:
- Years of experience of partners and key audit team members
- Years of industry experience of partners and staff
- Specialist hours on the engagement, like IT, valuations, and tax
- Key engagement team workloads, including hours of overtime during peak periods
- Allocation of audit hours to each phase of the audit engagement
- Frequency and impact of financial restatements
- Number of communications between the auditor and those charged with governance
- Peer review findings, litigation ad enforcement actions
A Customer’s Perspective on the State of Audit
Vince added, “The AICPA Enhancing Audit Quality (EAQ) project, born in 2014, is very interesting. The AICPA has been very responsive to the complex business environment, increasing complex regulatory environment, feedback the profession was receiving from PCAOB inspections and feedback from the Department of Labour and other government agencies such as Government Accountability Office (GAO) (and other agencies that report or follow guidance under GAO).
The news was not great. When the inspectors randomly sampled auditor workpapers they discovered many cases where the Department of Labor and the GAO were reporting back that the firm had a “passed rating” on their last review, yet when they went in to sample a handful of Employee Benefit Plans, Single Audits, Yellow Book Audits they were coming up with a lot of material they thought should have resulted in a comment. This trend was going on for some time.
At a high level, the EAQ has six different elements. The AICPA, within this plan, is trying to attract the best talent, develop robust CPA exams that are responsive to current trends in the business and current regulations, develop comprehensive standards that are responsive to the business environment we are in, obviously in the form of audit standards and provide guidance and training to the profession. They have done a great job putting out tool kits and guidance to address issues.
In particular, with respect to the peer review program, the AICPA is drilling down into the existing program to make it a more effective monitoring process. It will be more effective in terms of detecting deficiencies and driving and leading firms towards remediation. In addition, increasing enforcement to ensure firms are being responsive to the findings.
The oversight to the peer review program has been particularly astounding with respect to the impact it has had.
The AICPA has been overseeing and monitoring peer reviewers and providing enhanced oversight. What this means is if a peer reviewer is reviewing a file the AICPA may step in and piggyback the review. It was discovered that in excess of 50% of these enhanced oversights had different findings than the initial peer review – the peer reviewer initially concluded the engagements were conforming but the AICPA indicated they were conforming. As a result, a lot of insight has been communicated to the peer reviewers and the AICPA is buttoning down on peer review. The peer review checklists are much more granular than they have ever been historically.”
Hot Topic #2: Newly Issues Pronouncements from the Various Governing Bodies
Second, firms and clients must deal with new changes every year. Therefore, it is important to understand them. Consider these changes in 2019:
- AICPA changes:
- SAS 132: The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern
- SAS 133: Auditor Involvement with Exempt Offering Documents
- SSARS 24: Omnibus Statement on Standards for Accounting and Review Services – 2018
- ET sec. 1.295.143 – New interpretation regarding non-attest services: “Hosting Services”
- PCAOB changes:
- AS 3101: The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion
- IAASB changes:
- ISA 540 (Revised) Auditing Accounting Estimates and Related Disclosures
- GAO changes:
- Government Auditing Standards – 2018 Revision (Yellow Book)
Proposals on the Horizon
Third, also shown by organization, check out these proposed changes on the horizon:
- ED: Proposed Statements on Auditing Standards – Auditor Reporting
- ED: Statement on Auditing Standards – Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA
- ED: Statement on Auditing Standards – Omnibus on Auditing Standards 2018
- ED: Supplement to the Exposure Draft of Proposed Statement on Standards for Attestation Engagements Revisions to Statement on Standards for Attestation Engagements No. 18, Attestation Standards – Clarification and Recodification
- ED: Proposed Interpretation of the AICPA Code of Professional Conduct – Disclosing Client Information In Connection With a Quality Review
- AS Supervision of Audits Involving Others
- AS 1201 Work of Specialists
- AS Auditing Accounting Estimates
- IAASB ED: ISA 315 Identifying and Assessing RMM through Understanding the Entity
- IAASB Project Update: ISA 600, Group Audits
A Customer’s Perspective on the State of Audit
Regarding Vince’s perspective on these changes, here is what he said. “There is a noticeable trend between the various authoritative bodies – they are responsive to one another. There is a definite lining up of the standards. You should expect if the AICPA is issuing an amendment, it might be in response to the PCAOB.
With respect to the AICPA, changes with the auditor’s reporting should be issued this coming year. For ERISA audits, the AICPA voted on the final exposure draft and it is expected to be issued Q1 2019 and impacting those audits after years ending after 12/2020. Firms should invest time in learning the changes.”
Peer Review Findings
Fourth, every year the AICPA shares findings from peer reviews and where they need to focus the follow year to ensure firms transform how they are auditing. The current problems that remain prevalent in the industry are around internal controls and risk assessment, including:
- 40% of identified issues related to failure to gain an understanding of INTERNAL CONTROLS when identifying the client’s risks.
- 14% of issues related to incomplete or nonexistent RISK ASSESSMENT.
- 24% of issues related to auditors not linking their RISK ASSESSMENT to their responses.
- 13% of issues related to auditors assessing control RISK as less than high without appropriate tests of controls.
Thus, it is critical to re-examine how you are approaching risk assessment to ensure that your methodology will help you avoid these issues.
A Customers Perspective on the State of Audit
Further, Vince shared, “The statistics from the AICPA are very much on point as far as items encountered on peer review and items that we have considered within our firm’s quality control system.
If you boil down the cause of non-conforming engagements, in excess of 50% of the issues are systemic and they all relate to the lack of documentation.
For example, if you look at the area of internal control, which is part of risk assessment, you need to understand the control environment that exists at the client, and you need to document it. You need to document significant control activities that are in place over significant accounts. They can be considered significant because of the volume of transactions, the balances, the significant estimates that go into these areas, or the disclosures might be sensitive, for example, they might be non-observable inputs on valuation.
Here is a great example for problems with auditing internal control: if you are trying to understand internal controls but don’t drill down into the specifics of the control activity and how you walked through them to ensure what the client is telling you is actually in place so you can ensure not only is it designed but it has been implemented. Once you obtain understanding as part of gathering process, there might be potential risks you will see…for example, an activity might be missing , lack of segregation of duties, there might be incompatible functions that are being performed by one person or inadequate number of people…these are risks and risk assessment summary should identify what these risks are….and these should go into the assessment of control risk and assessment of inherent risk, and ultimately risk of material misstatement and how you are being responsive to the risks. Therefore, in this area…there are many deficiencies because documentation is not as crisp and detailed as it should be…which is aligned with the AICPA results published.
As a result, the EAQ will have a direct impact on peer reviews themselves. The specificity of the questions in the peer review checklist is much more detailed than it ever used to be. For example, if there was a “no answer” for the checklist item that checks for documenting the basis for inherent risk when below max, you will have an issue on the risk assessment-planning document. Peer Reviewers are looking at things a lot closer now, what was not a problem 3 years ago is a problem now. Keep in mind, with AUC-230, audit professionals should be able to re-perform the procedures without have someone having to help you. It is a high standard that requires more than just summaries, you need the detail.
In addition, the Oversight program is putting a lot of pressure on the peer reviewers, as a result you should expect tougher peer reviews. The rate of pass with deficiencies has increased from past years. If a firm passed with deficiencies or with findings there will now be an implementation plan or correction plan that is recommended by the peer reviewer/administrating entity (AICPA or entity within the state) to fix it, provide a copy of the monitoring report, remediation and there will be follow up at the state level.”
Avoid Common Peer Review Issues
The good news is that CCH® ProSystem fx® Knowledge Coach helps firms avoid common peer review issues. With its risk-based methodology, it is the most comprehensive, patented solution on the market today! Moreover, it addresses and solves all the risk violations that today is most commonly used methodology does not address.
- Internal Control Violations – The KBA Methodology requires the auditor to scope the engagement. As part of this scoping exercise, KBA Methodology also requires the auditor to identify the level of internal control understanding needed. This scoping is foundational to the Knowledge-Based Audit methodology, and drives risk assessment and development of further audit procedures. If the auditor attempts to move forward in the engagement without scoping, he/she will receive diagnostics alerting them to complete this work before proceeding. The KBA Methodology provides the auditor with resources to understand the design and implementation of internal controls.
- Risk Assessment Violations – The KBA methodology focuses on ensuring there is a strong uunderstanding of the Entity, Environment, and Internal Control and that Specific, Significant, and Fraud Risks are identified and that risk assessment is prompted throughout the entire engagement. This will help ensure the proper amount of work is completed, and that the work performed is in response to the risk with a clear linkage. There is a comprehensive series of alerts when the linking is not complete to ensure completeness. The KBA Methodology provides a diagnostic alert to the auditor indicating a discrepancy in the audit plan. The KBA Methodology also prompts the auditor to consider whether the results of those tests of controls support control risk assessment of less than maximum.
New in Knowledge Coach
So, what is new in Knowledge Coach in 2019 that will further help audit firms? Here is some of what is coming:
- Practice aids for Broker Dealers in KBA PCAOB
- KB Examinations of Service Organizations updated for the new AAG on SOC 2 and new Description Criteria
- Non Traditional Engagements updated for:
- Cybersecurity Risk Management
- All audit titles link to TeamMate Analytics
- New audit programs for:
- Exempt Offering Documents
- Specific Elements
In summary, there is a significant amount of activity and disruption happening in the audit profession. Because of that, it is critical that all audit firms first understand the state of their audit, i.e. how the firm can improve audit quality, which is foundational to moving forward. Equally critical is using the right technology to help drive both quality and efficiencies, such as CCH ProSystem fx Knowledge Coach.
Knowledge Coach is part of Wolters Kluwer’s Integrated Audit Approach. The Integrated Audit Approach seamlessly unites CCH Audit Accelerator, CCH ProSystem fx Engagement, TeamMate Analytics, CCH ProSystem fx Knowledge Coach, and CCH Accounting Research Manager. Additionally, it also leverages our School of Audit.
To learn more about how Knowledge Coach can improve the quality and efficiency of your audits, and help your firm differentiate and grow, visit our Knowledge Coach web page. Then, fill out the form below to continue the conversation with your account representative.
Yes, I’d like to learn more about how Knowledge Coach can help my firm.