Audit roundup

Audit quality standards

One of the first items asked for during audit monitoring is a copy of a firm’s ISQC1 (International Standard on Quality control) manual. ISQC1 requires that audit firms develop and implement a quality control procedures manual; guidance on writing such a manual is available.

However, ISQC1 is being replaced by International Standard on Quality Management (ISQM) (Ireland) 1 and 2 and an amended ISA 220.  The new standards are effective from 15 December 2022, giving audit practices time to apply the new standard and replace their ISQC1 manual with an ISQM manual.

Fraud and auditors

The Irish Auditing and Accounting Supervisory Authority (IAASA) issued a revised version of ISA (Ireland) 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements.

The proposed changes are described as evolutionary rather than revolutionary, but include an enhanced responsibility on auditors to perform more robust fraud detection audit techniques, to perform ‘stand-back’ reviews of the evidence, and to be more challenging of management and innovative in their audit approach. The revised standard is effective for audits of financial statements for periods beginning on or after 15 December 2021.

ISA 240 has three appendices that serve as a useful fraud training guide for new audit staff, or as a reminder to more experienced audit staff. They include examples of fraud risk factors, possible audit procedures to detect fraud and examples of circumstances that indicate the possibility of fraud.

International audit developments

ISA 600 (Revised), Special Considerations – Audits of Group Financial Statements (Including the Work of Component Auditors) has been issued internationally and will be considered for adoption in Ireland in 2022. There has been an increasing incidence of referrals to Irish resident auditors for the audit of Irish subsidiaries of UK groups, largely as a result of UK auditors relinquishing their Irish audit licences, which has put the duties and responsibilities of component auditors into sharp focus.

A revision of ISA 500, Audit Evidence is also under way internationally and any international amendment is likely to also be adopted in Ireland. The revisions will deal with the changes in the nature of the information now available to auditors, including the use of technology.

Meanwhile, the International Auditing and Assurance Standards Board (IAASB) is working on an auditing standard for audits of less complex entities, partly in response to concerns voiced by some SMP auditors that standards are only written with large company audits in mind and are therefore difficult and expensive to apply for a small company.

Audit quality

ACCA Advisory Services has identified a number of recurring issues for audit firms:

• Some of the off-the-shelf ISQC1 manuals detail a requirement for every regulated client to have a hot file review, although this is not a requirement of the ISAs. However, it is a breach of ethical standards for a firm to fail to follow its own procedures manual. Different approaches to quality control for a regulated client are available within auditing standards and these options should be listed within the firm’s ISQC1 manual, rather than simply an absolute requirement to a hot file review.
• Similarly, some standard ISQC1 manuals have an absolute requirement for a hot file review when the auditor has been in position for more than 10 years and does not have a second partner to rotate the audit to. A hot file review is not the only option available in auditing standards;  a consultation and review or, indeed, deciding to do no additional control procedures, are also options where the client is lower risk.
• Some off-the-shelf audit engagement letters have a limit of liability clause. Although such clauses can be effective for non-statutory assignments such as tax and bookkeeping, they are unlawful in respect of audit work.
• Any company regulated by the Central Bank, including even the smallest insurance broker, is not entitled to use the Ethical Standards, Provisions Available for the Audit of Smaller Entities (PAASE). Using these when the company is regulated is a breach of the ethical standards and must be reported to ACCA at the time of the firm’s audit certificate renewal (or to IAASA for public interest entity audits).
• Firms should check the going concern paragraph in the standard audit report for financial statements produced by accounting software packages to ensure that they are using the correct wording.