Quality is foundational to the services provided by a CPA to their client. Therefore, it is critical to have a mindset focused on both quality and continuous improvement.
To help with this mindset, the AICPA’s Enhancing Audit Quality (EAQ) initiative is a holistic solution that focuses on improving audit quality in an increasingly complex business environment. Based on their research, the AICPA publishes trends in the audit environment and areas of focus for both firms and peer review to ensure quality is enhanced and common missteps are overcome.
As we move into 2020, risk assessment and internal control continue to be a focus (listen to this short ‘Audit Talk’ to learn more). However, there are three new areas that now require attention:
- Auditing Revenue Recognition
- SOC Engagements
- Engagement Acceptance and Continuance
To learn more from the AICPA about these areas, there is an upcoming virtual ‘Audit Talk’ that you can join. It’s titled Enhancing Audit Quality Focus & Trends for 2020. During that session, we will learn more directly from Carl Mayes, CPA, Associate Director of CPA Quality & Evolution at the AICPA. Additionally, during the question period at the end of the Audit Talk, you can ask any clarifying questions that came to mind. Register here.
In preparation for this session, and in preparation for improving audit quality for 2020, it is a good opportunity to assess whether your audit tools support you in these areas.
As part of Wolters Kluwer Integrated Audit Approach, CCH® ProSystem fx® Knowledge Coach is the solution that addresses all of these areas. Let’s take a deep dive into the changes in the following areas to give you the confidence you need:
Auditing Revenue Recognition
The authors of the CCH® ProSystem fx® Knowledge Coach Risk Based Audit methodology know that firms need guidance proactively. As far back as 2017 there were tips provided within the audit practice aids alerting users to changes to upcoming changes in the revenue recognition standards. Then, in 2018 to support early implementation of ASC Topic 606, procedurals steps were added.
Specifically, the following changes were made to ensure the standards were effectively updated and support compliance:
- Revenue related documents were updated (e.g., internal control documents; understanding revenue streams; disclosure checklists; what could go wrong and control examples; related audit programs such as, estimates, debt, and PPE; estimate retroactive analysis)
- Steps in the audit program for Accounts Receivable and Revenue were added/updated (based on the guidance provided in the AICPA Audit and Accounting Guide, Revenue Recognition)
- Disclosure checklist was updated with a separate section on ASC Topic 606
The audit practice aids already addressed the concerns noted by the AICPA regarding estimates and independence:
- Audit program for Accounts Receivable and Revenue includes links to the Estimates program, which includes all the required guidance on auditing estimates, including estimates related to revenue recognition.
- Our tools include workpapers to evaluate the impact of non-attest services on independence. The non-attest services form identifies all the prohibited services and provides a format to identify and evaluate threats and safeguards for services that are not specifically prohibited.
We have continued to update the content as additional guidance and information has become available.
CCH® ProSystem fx® Knowledge Coach is designed to ask the appropriate questions to determine whether or not the firm/individual should accept the engagement. Additionally, our tools, through tailoring, drive the proper workflow for any firm/individual to complete a compliant engagement, when they follow the provided guidance. For example, our Engagement Acceptance documents prompt the auditor to consider several areas before they accept the engagement:
- Does the firm have the required technical skills & expertise in the entity’s industry?
- Does the firm have experience with the relevant regulatory or reporting requirements?
- Does the firm have sufficient competent professional staff available to perform the engagement?
- And more
Many of the problems related to SOC engagements relate to applying outdated standards, inadequate documentation and failing to include all required elements & consistent verbiage in the reporting.
Separate Knowledge-Based Audits® of Service Organizations (tools) were created in 2016 to better emphasize the unique aspects of SOC 1®, SOC 2®, SOC 3® engagements. These are updated annually and have incorporated the most current Statements on Standards for Attestation Engagements (SSAEs), as well as the most recent updates of the AICPA Audit Guides that are available.
If standard updates are made outside of our normal development cycle, CCH provides tool supplements so that user has access to documents in compliance the most current requirements.
When the AICPA changed the definition of SOC from “Service Organization Controls” to “System and Organization Controls,” we followed suit and enhanced our toolset to include the newest definitions, as well as added engagement tools for SOC for Cybersecurity to our Knowledge-Based Nonattest Services toolset.
Furthermore, with respect to the documentation problems noted related to risk assessment in a SOC engagement, it is important to keep in mind that ProSystem fx Knowledge Coach uses a Risk Based audit methodology which emphasize risk assessment, understanding of the entity, including relevant criteria and linking procedures to risks. There is also a complete set of TSP 100 and Description Criteria for users to reference to help ensure complete reporting. The tools provided also have illustrative reports the directly align with those provided by the AICPA.
So, as you can see from the above – when there are standard changes and an increased focus on quality by both the AICPA and your client, it is more important than ever to choose a methodology that you can trust.
To learn more about these focus areas, make sure you join our upcoming Audit Talks Live session with Carl Mayes!