We complete many audit cold file review assignments every year. Whilst every audit file is different, and the approach by each firm varies, there are common themes in many of the reviews we undertake. Here we look at three of the most common issues and how firms should deal with them.
IT Systems and Controls
Compliance with ISA (Ireland) 315 ‘Identifying and Assessing the Risks of Material Misstatement’ still causes problems even though the standard came into effect for accounting periods beginning 15 December 2021. Frequently, auditors fail to properly document not only key transaction cycles but also the specific control activities required under ISA 315.26 which may not be part of the transaction cycle. As a result, walkthroughs of the transaction cycle to confirm:
- Design,
- Operating effectiveness and
- Implementation
do not always cover the controls required to be reviewed.
Audit files often overlook the requirement to consider the broader control environment including areas such as:
- risk management,
- how systems and controls are monitored,
- how the culture of the entity contributes to the control environment and
- how the control environment interacts with outsourced service providers like payroll, for example.
It is not sufficient to only document the key business cycles. The audit file must also document the overarching control environment as part of the audit risk assessment.
A useful IT Controls Questionnaire (as a downloadable Word document) to help with documenting part of this process, is available on our website, for €60+VAT at this link.
Going Concern
Many audit files don’t reflect the approach to fulfil the requirements of ISA (Ireland) 570 on Going Concern.
The audit work on going concern that is evidenced on the audit file often neglects to show that management have first of all prepared their own going concern assessment, which is supposed to be reviewed and appropriately challenged by the auditors.
Instead, files often include detailed notes, prepared by the auditors, explaining why the audit team believe the entity to be a going concern, but with little evidence of a challenge of management’s assumptions included an assessment of the budgets and forecasts prepared by management. It can appear that the files include a going concern assessment prepared for management by the auditors, which an inappropriate non-audit service.
Firms are required to show that they have documented management’s assessment of going concern and show how they have tested management’s assumptions, being careful not to be biased in favour or against any particular outcome.
Fraud
Quite often we see on audit files the following text or something similar – ‘the management tell us there has never been a fraud, so therefore there is no fraud in the latest financial year’’.
This approach hardly displays the kind of scepticism required by the standard. For example, ISA (Ireland) 240.13 states (our underline) ‘the auditor shall maintain professional scepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and those charged with governance.
Auditors, please also note the three Appendices at the back of ISA 240 which are not new and are well worth a read, when planning an assignment:
Appendix 1 – Examples of Fraud Risk Factors;
Appendix 2 – Examples of Possible Audit Procedures to Address the Assessed Risks of Material Misstatement Due to Fraud (we call this the ‘Auditors Toolbox’); and
Appendix 3 – Examples of Circumstances that Indicate the Possibility of Fraud.
How can John McCarthy Consulting help?
Our audit file review service is available either on-site or remotely where we will provide you with a written report benchmarking your audit file against the appropriate standards. You will receive a gap analysis of where your firm stands on a particular assignment within clear direction as to appropriate action to consider for improvement.
For more on engagement and representation letter templates and a variety of CPD webinars on money laundering and other accounting/audit related topics, please go to our website for:
- Anti-Money Laundering Policies Controls and Procedures Manual (March 2022) — View the table of contents
- Letters of engagement and similar templates—Please visit our website here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items bought together.
- ISQM TOOLKIT, or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard. We typically tailor ISQM training and brainstorming sessions to suit your firm’s unique requirements. Please contact John McCarthy FCA by email at john@jmcc.ie.
