Presentation by Dawn McGeachy, BAccS, FCUIC, ACUIC, FCGA, LPA
Member, IFAC SMP Committee at the International Federation of Accountants & Institute of Chartered Accountants of Jamaica Business Development Conference, March 18, 2014
Japan IT Week 2024 Brochure by 47Billion (English)
Audit Quality, Deficiencies and Documentation
1. Page 1 | Confidential and Proprietary Information
Examining Audit Quality, Common
Engagement Deficiencies and the
Importance of Documentation
Dawn McGeachy, BAccS, FCUIC, ACUIC, FCGA, LPA
Member, IFAC SMP Committee
International Federation of Accountants &
Institute of Chartered Accountants of Jamaica
Business Development Conference
Jamaica Conference Centre
March 18, 2014
2. Page 2 | Confidential and Proprietary Information
In the Beginning………
• ISQC1, Quality Control for Firms that Perform Audits and
Reviews of Historical Financial Information and Other
Assurance and Related Service Engagements became
effective as of December 15, 2009 (firm level)
• ISA 220, Quality Control for an Audit of Financial
Statements, effective for audits of financial statements for
periods beginning on or after December 15, 2009
(engagement level)
3. Page 3 | Confidential and Proprietary Information
How the Profession Is Responding
In the News
• IAASB Staff Q&A publication, Applying ISQC 1 Proportionately
with the Nature and Size of a Firm
• Forum of Firms Information Paper, Engagement Quality Control
Reviews: Practical Considerations
• CPA Canada release, Enhancing Audit Quality: Canadian
Perspectives, Conclusions and Recommendations
• European Commission proposals on specific requirements
regarding statutory audits of public-interest entities
4. Page 4 | Confidential and Proprietary Information
How the Profession Is Responding
In the News
• IAASB project to enhance auditor reporting
• US Public Company Accounting Oversight Board (PCAOB) concept
releases dealing with the form and content of reports on audited
financial statements and with ways to enhance auditor independence,
objectivity, and professional skepticism
• UK Financial Reporting Council proposals for effective company
stewardship
• Financial Stability Board’s thematic review on risk governance
• Takes stock of risk governance practices at both national authorities and
firms, notes progress made since the financial crisis, identifies sound
practices, and offers recommendations to support further improvements
• And more …
5. Page 5 | Confidential and Proprietary Information
Why Should We Care?
• The public appears to be increasingly concerned about
audit failures.
• There are gaps—in both expectations and information
• Firms are being sanctioned more frequently with greater
punishment being meted out.
• The profession is struggling to demonstrate it has heard
these concerns and is doing something about it.
6. Page 6 | Confidential and Proprietary Information
Looking to Real Life Examples
Table 4: Alleged Auditor Involvement by Auditor Type
(n = 87 companies)
Type of Case Number of Cases
Naming National
Firm Auditors
Number of Cases
Naming Non-
National Firm
Auditors
Total
Bogus Audit 0 6 6
Actual audit, but
audit was deficient
35 46 81
Total 35 52 87
7. Page 7 | Confidential and Proprietary Information
Looking to Real Life Examples
Table 7: Primary Deficiencies in Actual Audits
(n = 81 companies)
Problem Area Percentage (Number) of
Cases
1. Failure to gather sufficient competent audit evidence 73% (59 cases)
2. Failure to exercise due professional care 67% (54)
3. Insufficient level of professional skepticism 60% (49)
4. Failure to obtain adequate evidence related to management representations 54% (44)
5. Failure to express an appropriate audit opinion 47% (38)
6. Incorrect/inconsistent interpretation or application or requirements of GAAP 37% (30)
7. Inadequate consideration of fraud risks 33% (27)
8. Inadequate planning and supervision 31% (25)
9. Failure to adequately address audit risk and materiality 21% (17)
10. Inadequate preparation and maintenance of audit documentation 20% (16)
11. Failure to adequately communicate with the audit committee 17% (14)
12. Failure to recognize/ensure disclosure of key related parties 15% (12)
13. Failure to adequately perform audit procedures in response to assessed risks 15% (12)
14. Inappropriate confirmation procedures 15% (12)
15. Failure to evaluate adequacy of disclosure 15% (12)
16. Internal control-related issues including over-reliance on internal controls, failure to obtain an understanding of internal control, and failure to obtain an
understanding of the entity and its environment.
14% (11)
8. Page 8 | Confidential and Proprietary Information
Inspection Findings
Consistent findings include concerns about:
• Professional skepticism
• Supervision and review
• Substantive analytical procedures (predicted results
compared to actual results)
• The quality of audit evidence in audit files
9. Page 9 | Confidential and Proprietary Information
Root Causes of Audit Failure
• Misapplication or misinterpretation of generally accepted
auditing standards;
• The auditor commits fraud by knowingly issuing a more
favorable audit report than is warranted;
• The auditor is unduly influenced by having direct or
indirect financial interest in the client; and
• The auditor is unduly influenced because of some
personal relationship with the client beyond what is
expected in a normal audit between independent parties.
10. Page 10 | Confidential and Proprietary Information
Leadership Responsibilities for Quality Within Firm
11. Page 11 | Confidential and Proprietary Information
Back to Basics—Examining ISQC 1 Requirements
7 Key Actions
1. Always write it down – document, document, document (ISQC
1.57)
2. Lead from the front giving consistent messages on the importance
of quality control (ISQC 1.18)
3. Always act ethically in accordance with the IESBA Code of Ethics
for Professional Accountants (ISQC 1.20)
4. Focus on the right clients being matched by the right skills with an
emphasis on integrity and competencies (ISQC 1.31)
12. Page 12 | Confidential and Proprietary Information
Back to Basics—Examining ISQC 1 Requirements
7 Key Actions
5. Maintain capable and competent personnel giving due attention to
the firm’s human resources policies and procedures (ISQC 1.29)
6. Delivery quality audits, consulting when needed and meeting
requirements for engagement quality control review (ISQC 34 -35)
7. Monitor the firm’s system of quality control and carry out a periodic
objective inspection of a selection of competed audit
engagements (ISQC 1.48)
13. Page 13 | Confidential and Proprietary Information
• Completeness and accuracy
• Clarity and understanding
• Pertinence
• Logical arrangement
• Legibility and neatness
General Guidelines
14. Page 14 | Confidential and Proprietary Information
• At a minimum, all working paper files should include:
– Planning
– Review/examination or evaluation of adequacy and
effectiveness of the system of internal control
(if applicable)
– Procedures performed, information obtained, and
conclusions reached
– File review
– Reporting
– Any follow-up
Organization of Working Papers
15. Page 15 | Confidential and Proprietary Information
• Documentation of information obtained about the
component of the file being reviewed
• Authoritative support for findings/recommendations
contained in the accountants/auditor communication
• Means of evaluation
• Provides a guide for how to complete subsequent
engagements for the client
Telling the Story
16. Page 16 | Confidential and Proprietary Information
• Partner involvement in planning
• Customizing working paper forms and checklists
(scalable for different sizes and complexity, particular
industries, and particular engagement risks)
• Ongoing staff communication and file reviews
• Engagement productivity
• Identify areas where staff training is required
• Determine what to include or exclude
• Identify how to address the risk of fraud (if applicable)
• Efficient allocation of staff and other resources
Planning
17. Page 17 | Confidential and Proprietary Information
• Undistracted time between the engagement partner and
key engagement personnel
• Willingness to make key decisions based on appropriate
professional judgment
• Inform engagement team what the entity is all about
• What has changed since last year and the implications of
these changes so that they are in a position to focus on
where documentation changes might be required
• Ensure engagement team understands what they are
required to do and why
Ingredients for Effective Planning
18. Page 18 | Confidential and Proprietary Information
• Include identifying characteristics of the specific items or
matters tested or reviewed
• Document discussions of significant matters with
management
• Identify how you addressed information discovered that
contradicts or is inconsistent with your previous
understanding or representations made by management
• Any departures from a basic principle or essential
procedure, and the alternative procedure performed
Adequate Documentation
19. Page 19 | Confidential and Proprietary Information
• Necessary for quality control purposes
• Provides assurance that the work delegated by the partner
has been properly completed
• Provides evidence that an effective engagement has been
carried out
• Increases the economy, efficiency, and effectiveness of the
engagement
• Provides sufficient details and up-to-date facts which justify
the reasonableness of the accountant/auditor’s conclusions
• Retains a record of matters of continuing significance to the
client
Importance of Documentation
20. Page 20 | Confidential and Proprietary Information
• Has a clear objective (i.e., in the case of an audit provides the
audit assertion tested)
• States the year/period end (so that it cannot be confused with
a different time frame)
• Details the full extent of the test (i.e. number of items tested
and how this number was determined)
• When reference is made to another WP, the full reference to
the other WP
• States the results of the procedure/testing, without bias,
based on documented facts
• Conclusions reached that are consistent with the results of the
procedures/testing (and that will withstand independent
scrutiny)
• Clear index referencing
• Initialed and dated by preparer and reviewer(s)
“Good” Documentation
21. Page 21 | Confidential and Proprietary Information
• Summary of the results of work performed (could
someone retrace your steps?)
• If the file contains internal control and workflow
evaluations, conclusions on the adequacy of the system
or process
• Testing conclusions
Each Step Along the Way
22. Page 22 | Confidential and Proprietary Information
• Audit documentation
– Assists the engagement team in planning and performing
the audit
– Assists supervisory engagement team members in
directing and supervising the work
– Enables accountability
– Provides a record of matters of continuing significance;
– Enables the conduct of quality control reviews and practice
inspections
• ISA 230 also includes an Appendix which details specific audit
documentation requirements in other CASs
• This provides easy reference for DOCUMENTATION that is
required to be included within each audit working paper file
ISA Requirements—ISA 230
23. Page 23 | Confidential and Proprietary Information
• Audit evidence
– Requirement is to design and perform audit procedures in such a
way as to enable the auditor to obtain sufficient appropriate audit
evidence to be able to draw reasonable conclusions on which to
base the auditor’s opinion
• Consider
– Relevance and reliability of the information
– Accuracy and completeness of the information
– Is the information detailed AND sufficiently precise for audit
purposes?
ISA Requirements—ISA 500
24. Page 24 | Confidential and Proprietary Information
• Audit evidence—specific considerations for selected
items, including:
– Inventory
– Litigation and Claims
– Segment Information
ISA Requirements—ISA 501
25. Page 25 | Confidential and Proprietary Information
• Inventory
– If material, sufficient appropriate audit evidence must
be obtained regarding the existence and condition of
inventory by:
• Attendance at the physical inventory counting
(unless impracticable); and
• Performing audit procedures over the entity’s final
inventory records to determine whether it accurately
reflects actual inventory count results.
ISA Requirements—ISA 501
26. Page 26 | Confidential and Proprietary Information
• Inventory
– If the physical count is conducted at a date other than the
date of the financial statements, the auditor MUST perform
audit procedures to obtain evidence about whether
changes in inventory between the count date and the date
of the financial statements are properly recorded.
– If the physical count has been scheduled for the
year/period-end date and the auditor is unable to attend
due to unforeseen circumstances the auditor MUST make
or observe some physical counts on an alternative date,
and perform audit procedures on intervening transactions.
ISA Requirements—ISA 501
27. Page 27 | Confidential and Proprietary Information
• Inventory
– If inventory under the custody and control of a third
party is MATERIAL to the financial statements, the
auditor MUST obtain evidence regarding its existence
and condition by:
• Requesting confirmation from the third party as to
the quantities and condition of inventory held on
behalf of the entity; and
• Performing an inspection or other audit procedures
appropriate in the circumstances.
ISA Requirements—ISA 501
28. Page 28 | Confidential and Proprietary Information
• Litigation and Claims
– The auditor must design and perform audit procedures that
make it possible to identify litigation and claims.
– If RMM has been identified, or when audit procedures
indicate that other material litigation or claims may exist,
the auditor shall seek DIRECT communication with the
entity’s EXTERNAL legal counsel.
– Material litigations and claims MUST be disclosed and
accounted for in the financial statements.
– Other relevant procedures may have been identified
through the RMM procedures during the planning phase of
the audit.
ISA Requirements—ISA 501
29. Page 29 | Confidential and Proprietary Information
• Communication with external legal counsel includes:
– A list of litigation and claims;
– Management’s assessment of the outcome of each of
the identified litigation and claims and its estimate of
the financial implications, including costs involved; and
– A request that legal counsel confirm the
reasonableness of management’s assertions and
provide further information if the list is considered to be
incomplete or incorrect.
ISA Requirements—ISA 501
30. Page 30 | Confidential and Proprietary Information
• Segment Information
– Obtain an understanding of the methods used by
management in determining segment information; and
– Perform analytical procedures and other audit
procedures (as appropriate).
ISA Requirements—ISA 501
31. Page 31 | Confidential and Proprietary Information
Professional Skepticism
Academic research suggests there are 6 characteristics of
skepticism:
1. Questioning mindset
2. Suspension of judgement
3. Search for knowledge
4. Interpersonal understanding
5. Autonomy
6. Self-esteem
32. Page 32 | Confidential and Proprietary Information
More than ever, the need to maintain professional
scepticism is critical:
• Over-reliance on management representations
• Acceptance of unreliable information or evidence
• Inconsistent or contradictory information and evidence
• Tendency to look for corroborating information or
evidence rather than challenging management’s
assertions
Professional Skepticism
33. Page 33 | Confidential and Proprietary Information
Improve training
• Strengthen inquiry techniques
• Challenge management’s assertions
• Consider different alternatives
• Seek reliable information/evidence
• Respond to inconsistencies and contradictions
Professional Skepticism—What Can You Do?
34. Page 34 | Confidential and Proprietary Information
Increase awareness of standards
• Ensure staff have an understanding of the reason for
required procedures
• Promote a questioning mind
Professional Skepticism—What Can You Do?
35. Page 35 | Confidential and Proprietary Information
Strengthen documentation procedures
• Ensure that documentation includes the thought process,
NOT just conclusions from the work done
• Must provide a roadmap of the engagement and how
conclusions were reached
Professional Skepticism—What Can You Do?
36. Page 36 | Confidential and Proprietary Information
• Revise the file index, if required;
• Consider how file information can best be reviewed—
current year and next year:
– Document all risks identified, and their assessment, in one place
– Standardize how internal controls will be documented
(if applicable)
– Record engagement issues, the resolution, and any related
communications to management and TCWG in one place
Continual Improvement
37. Page 37 | Confidential and Proprietary Information
• Any time it is necessary to modify existing working paper
file documentation regardless of the nature of the
modifications or additions, document:
– When and by whom they were made, and reviewed;
– The specific reasons for making them; and
– The effect, if any, on the accountant/auditor report issued.
After Final Assembly
38. Page 38 | Confidential and Proprietary Information
Document
• Circumstances encountered
• New or additional procedures performed
• Evidence obtained
• Conclusions reached
• When and by whom the resulting changes to
documentation were made and reviewed
Exceptional Circumstances