State of Audit
As the audit profession approaches the new year, what is the current state of audit? Specifically, what areas should auditors concentrate on in order to ensure high-quality audits in 2021? Patrick Tokarski, senior technology product manager at Wolters Kluwer joined Steven Morrison, CPA and partner at CohenReznick to answer these questions. View the recorded webinar to watch the complete discussion.
In light of the ongoing AICPA Enhancing Audit Quality Initiative, 44% of attendees chose “quality and compliance” as the biggest challenge facing the profession. In fact, a survey of peer reviewers in 2017 found more than 50% of engagements failed to comply with AU-C 315 or 330. That means many auditors fall short of compliance when it comes to properly assessing risk and responding risk during engagements.
Top 5 areas of concern for audit quality
Each year, the AICPA publishes a report about the Enhancing Audit Quality Initiative. Significantly, the report includes five areas of special focus for enhancing audit quality in the coming year. For 2021, the AICPA recommends paying attention to these areas:
- Engagement acceptance
- SOC engagements
- Risk assessment
- Internal control
- Revenue recognition
With regards to engagement acceptance, the AICPA found that firms performing few engagements overall or few within an industry have more issues. Therefore, firms will want to make sure they have a good grasp of each client’s business and industry in order to review the necessary materials. Further, the issue with SOC engagements is similar; firms that do few SOC engagements have more issues. Make sure your firm is up to speed on SOC engagement requirements and has updated practice aids. Next, let’s take a deeper dive into the remaining three areas: Risk assessment, internal control, and revenue recognition.
Common issues with risk assessment
The present state of audit reveals several common problem areas involving risk assessment. First, risk assessment suffers when auditors do not understand the client’s internal controls. Second, issues arise when auditors fail to address significant risks from AU-C 315 by either not documenting them or not responding to them. Third, engagements run into trouble when auditors don’t focus on assertion level risks. A number of firms have had issues with assessing risk at the account level, rather than drilling down into the assertions. And finally, problems with engagements occur when auditors do not link risks to procedures.
“Due to COVID-19, that there may be a number of risks in audits not previously present. Auditors are spending a little bit more time now planning and performing proper risk assessments. So I encourage auditors to use this time, pre-busy season to really think through their risk assessments, read through AU-C 315, and AU-C 330. You’ll see these terms: Inherent risk, control risk, significant risk, and think about what those definitions are.”Steven Morrison, CohenRezneick
Top challenges with internal controls
The AICPA Enhancing Audit Quality Initiative report noted a couple of issues around internal controls. To begin with, too many auditors believe some of their clients do not have any internal controls. This is almost never the case. In fact, if a firm truly had a client completely lacking controls, it might not be possible to audit them. Next, auditors sometimes don’t understand which internal controls are relevant to the audit. The requirements for understanding which control activities are relevant to the audit can differ from one entity to another.
“For the first few months of 2020, the entities’ controls may have been very much the same as they were in previous years. But it was a whole different ball game for another whole large group of entities after mid-March, when people were suddenly working remotely, policies and procedures changed, or they were circumvented, or they were abbreviated, or sometimes they were built up even more because of it, depending on the entity. So, you’re going to find some interesting walkthrough work papers this year that are going to be bifurcated, if you will, pre-COVID, post-COVID, and some might even have a third category of when things started to reopen, which may have just been a return to the controls they had previously, or maybe somewhat of a blend between being onsite and being offsite.”Steven Morrison, CohenRezneick
Revenue recognition, ASC 606 and auditor independence
Revenue recognition has been one of the most challenging standards for the profession to implement. Not only is the ASC 606 guidance material difficult, but there have also been a number of deferrals. Firms with clients in industries with complicated revenue recognition should seek out specific training. Further, depending on your firm’s involvement in helping clients implement ASC 606, consider implications for auditor independence.
“Think about revenue recognition. Revenue is the largest line item on most financial statements. So I would encourage everybody to consider using the AICPA and FASB resources. Note that public entities sometimes have differences from nonpublic, sometimes on effective dates and maybe in the level of disclosure of certain other matters… But keep in mind, there does come a point where we may be violating our independence. The AICPA has a hotline for independence as well.”Steven Morrison, CohenRezneick
Audit technology helps firms navigate the challenges
Having the right audit technology will help firms seeking to improve their ‘state of audit’, and specifically their audit quality in these five areas. In particular, cloud-based audit technology has made it easier for audit teams to collaborate remotely during COVID-19. The current state of audit technology at Wolters Kluwer includes a range of integrated, cloud solutions designed to support audit quality. For additional thoughts about how to leverage audit technology to improve audit quality, please view the recorded webinar.