Many learning techniques are available these days. One example is learning from colleagues. That option is a great way to understand successes – and trials and tribulations – of what’s working or not for other firms. But, how do you go about finding unique learning opportunities?
As an illustration, earlier this year, Wolters Kluwer presented a webinar titled Preparing for Peer Review, how to avoid missteps. Three different perspectives were presented, including the AICPA’s along with two firms’ and Wolters Kluwer’s. Here is who presented:
- Carl Mayes, Senior Technical Manager of Special Projects at the AICPA, also Project Manager for the AICPA’s Enhancing Audit Quality Initiative, and he manages the execution of the AICPA’s 6-Point Plan to Improve Audits as well
- Mona Dickerson, National Assurance Director at CohnReznick
- Vincent Gaudiuso, Quality Control Partner at Buchbinder, and also Peer Reviewer
- Cathy Rowe, Director of Product Management at Wolters Kluwer
Like that webinar, where a ton of valuable information was shared, Audit Talks – Live Fall 2019 (a virtual conference) is another example. It will also have a plethora of valuable content from a variety of sources. You should attend. But we’ll get back to that in a bit. First, lets focus on some of the valuable insights your colleagues shared during that May webinar.
To start, this interview-style event was a conversation between Cathy, Carl, Vincent & Mona. For example, Cathy asked this question that came in from the audience:
“In the past I worked at a firm that always assessed control risk as high because they were not relying on the controls. I’ve recently taken a CPE where it says that this is not acceptable. Can you confirm if the practice of ‘assessing control risk is high without performing any tests’ is acceptable if the controls are not being relied upon?”
Carl responded, “The only way that you can reduce control risk below maximum is to test operating effectiveness, and ultimately to conclude that the controls are operating effectively.”
Insights from a Quality Control Partner & Peer Reviewer
Next, Cathy asked Vince, “In peer reviews that you conduct, are you seeing the same missteps, the same misconceptions?” Vince’s reply was, “We are seeing weaknesses in firm documentation with respect to internal control narratives. Identifying the relevant controls that would be responsive to the significant account areas on the engagement. That creates a ripple effect through the entire audit engagement. If you’re not documenting the controls properly, then your risk assessment documentation is not going to be complete, and it’s difficult to link that risk assessment to your further audit procedures.
Now, I’m not asserting to make this a linear process. It certainly is not. But it does start with gaining that understanding of your client for you to make that risk assessment and properly document it.”
Insights from an AICPA Manager
In another example, Cathy asked Carl about assessing risk at the assertion level because that is a big one that is a disconnect right now. Carl responded, “Yeah, it is a big one. Assessing risk at the assertion level, what we see a whole lot of times in practice is folks assessing risk at the account level. So, for example, they’ll say, “Oh, cash has low risk of material misstatement,” and then they move on.
What’s required by the standard, though, is that you assess risk at both the relevant assertion level and at the financial statement level. Also, when they say financial statement level, that means a risk that would impact multiple assertions. So, for example, a lack of competence among the accounting staff at the entity.”
Learning Techniques Continued
Carl continued, “But relevant assertion level, why do we assess it at that level? It’s because all our procedures tie back to the assertions. When, let’s say, you say cash is low risk and you’re going to perform some procedures around it. Well, what is the real risk around cash? If you don’t have any international currencies, then you may not have… you may have very low risk around cash valuation, but cash existence, maybe there are concerns around cash existence.
Additionally, each one of those assertion level risks link to assertion level responses. So, when you go and you look at the procedures that you’re going to perform at the end of the day, they link back to determining whether cash exists, whether cash is properly valued. They don’t just link to cash. It gets kind of confusing if you don’t link them at the assertion level.
That’s another area where from a peer review perspective, from a Standards perspective, if you fail to do that, that’s an omitted procedure under 585, AU-C 585, and you would have to go back and perform more work. Moreover, from a peer review perspective, that would result in a nonconforming engagement.”
Insights from a National Assurance Director
Finally, Cathy asked Mona, “Part of assessing risk at the assertion level is to first identify which assertions are relevant. Do you have any thoughts on how to do that effectively?”
Mona shared, “I think there’s sometimes some misconceptions about low risk equals no risk, or low risk in an assertion equals not relevant. Unfortunately, that’s a misconception that a lot of folks do hold. So, I typically instruct my teams that just because something is a low-risk doesn’t mean that it’s a no-risk and I don’t need to audit it. I just need to audit it with lesser expense and a different nature. However, I still must perform some procedures.
Now, when we mentioned the Standards and the requirements of the Standards, I always refer to this. It’s the definition of risk assessment procedures in AU-C 315. This is another area of confusion in that the Standards tell you that you cannot lower the extent of your substantive testing unless you’re relying on the controls. Yet, to rely on the controls, you must test the operating effectiveness of controls. Again, unfortunately, I think some folks jump to saying, “Oh well, I don’t need to look at controls unless I’m relying on them and I’m reducing my tests because of them.”
Learning Techniques Continued
Mona continued, “So, I always refer people back to the definition of risk assessment procedures which is required by AU-C 315 on all audits. The definition says that the audit procedures performed to obtain an understanding of the entity in its environment doesn’t stop there. It specifically calls out including the entity’s internal controls, and it tells you that you’re performing those procedures to identify and assess the risk of material misstatements.
Furthermore, then it goes beyond and says “whether due to fraud or error at the financial statement and relevant assertion levels” … and that’s important because there’s also misconception that, “Oh, it’s only fraud risk.” So, I feel that just the definition of what risk assessment means in the Standards kind of encompasses all four levels of the AICPA’s focus areas, and it’s a single paragraph.
Again, as a recap, really nothing has changed in the requirements. This is not new for auditors and firms that have been diligently following these standards and who understand them. Those firms that have strong quality controls and continued education focused on standards and their application are not really going to do anything differently. Especially if they have good tools and software in place that helps ensure that these areas of top focus are well applied in each audit.”
Audit Talks – LIVE Fall 2019
Surely, in these examples, you’ve already learned something that you didn’t exactly know prior to reading this blog … and that’s the point. By the way, you should check out CCH ProSystem fx Knowledge Coach to help you produce the highest quality audits efficiently.
Back to the topic at hand, though, the above webinar recap is just one example of unique learning techniques where you learn from your colleagues. Another example is Audit Talks – LIVE Fall 2019, which is on December 3rd & 4th. It’s another unique leaning technique where the AICPA, other firms and Wolters Kluwer will share a ton of valuable information.
This virtual conference costs you nothing but time. And the sessions are just a short 20-30 minutes each. So, sessions are easy to fit into busy schedules. When you join this event you’ll continue to learn from other firms, the AICPA and Wolters Kluwer. Learn more about Audit Talks – LIVE , and register now.