The COVID-19 pandemic and the resulting economic uncertainty has impacted entities around the world. It has also affected how auditors plan and execute their audits. Yet despite the number of challenges to overcome, the delivery of high-quality audits is paramount.
With busy-season upon us, and year-end engagements underway, I reached out to Angelo Giardina, director in the Thought Leadership group at the Canadian Public Accountability Board (CPAB), to discuss issues that are causing audits to be more challenging this year given the effects of the COVID-19 pandemic—not only for larger accounting firms, but also for small and medium-sized practitioners.
Angelo’s current role at CPAB focuses on raising awareness, stimulating conversations, and encouraging the sharing of views on audit quality issues, including the role of the audit committee, external auditor, and management in enhancing audit quality. This makes Angelo a great person to speak to regarding relevant and timely reminders for auditors as they navigate their audits.
Topics covered in our Q&A discussion include:
- remote work
- team composition and supervision
- electronic audit evidence
- professional skepticism
- risk assessment
- understanding of internal controls
- understanding of the IT environment and related general IT controls
- fraud risk
- going concern
Kaylynn Pippo: It has been a year since the COVID-19 pandemic hit Canada and working from home became the norm for many. How do you think auditors have adjusted to this remote working environment?
Angelo Giardina: We’ve been keeping up-to-date on the challenges auditors are facing through extensive discussions with leaders of audit firms, audit committee chairs, and audit regulators from around the world. We’ll have more to say about how the pandemic has impacted audit quality later this year after we inspect more of the impacted audits.
However, what we’ve heard is that the shift to remote audit work was made possible by investments in technology made by the audit firms. Auditors have been extracting and processing data remotely using advanced audit tools since well before the onset of the pandemic. That’s not to say that remote audits have been easy. The most cited challenges are remote supervision and coordination of engagement teams in the remote environment. There are also all the common challenges faced by all professionals with remote work. I’m referring to things like long working hours and back-to-back video conference meetings, all while having to manage commitments at home like taking care of kids, answering doorbells…you get the picture!
In your opinion, what is the biggest challenge facing auditors for year-end audits this year?
There may not be one big challenge that applies to all audits because the pandemic has impacted entities and audit risks differently. Instead, I prefer to think about audit challenges in this environment as belonging to one of two broad categories:
- The first relates to how audits are being carried out. Namely, the challenges associated with the auditors’ own remote working arrangements, the remote working arrangements of the audited entity’s management/personnel, or both. A test of any audit leader’s project management skills will be managing the supervision and coordination of the engagement team as well as coordination with the entity’s management and personnel. What will also be challenging is evaluating the appropriateness of significant changes to the audit approach that are likely to arise from the prior year audit, including the quality of evidence obtained by the engagement team.
- The second relates to the elevated levels of uncertainty caused by the pandemic, and the difficulties this creates for management when preparing financial statements, including developing accounting estimates. Uncertainties range from whether demand for the entities’ goods and services will return to supply chain disruptions to broader questions about the regulatory environment, including the timing and duration of further lockdowns. This will make the task of auditing a broad variety of management’s key judgments, including those associated with accounting estimates, particularly challenging.
With client personnel and audit teams both working predominantly from home, what are some additional things auditors should be thinking about when planning and performing procedures remotely?
To answer this question, I’ll focus on three things: supervision, electronic audit evidence, and professional skepticism.
In some ways, audits of even long-standing clients may feel like first-time audits because of changes auditors are likely to encounter in processes and controls at those entities. Identified and assessed risks of material misstatement will likely be different than those assessed in previous audits, as will be the audit approaches to respond to those risks. I’m anticipating that engagement team leaders will need to be more involved in supervising the audit, including planning and testing of areas traditionally considered to be simpler.
But what does supervision look like in this environment? In the pre-pandemic world, engagement teams sat together in audit rooms located in entities’ offices. Audit rooms were ideal training grounds for less-experienced members of the team, and also provided audit engagement leaders with a good vantage point to identify areas of the audit that were off track. The challenge for engagement leaders will be to recreate the dynamic of the audit room virtually. This could be achieved through a combination of regular all-team touchpoints, one-on-one coaching of less-experienced team members, and so on. Audit firms and engagement leaders should also be encouraging engagement teams to consult on unique matters they encounter in the COVID-19 environment.
Electronic audit evidence
Most of the audit evidence obtained in a remote audit will be received electronically. For entities further along in their digital transformation journeys, much of that evidence already resides natively in electronic format. For more manual information systems, management will be scanning or taking pictures of sales contracts, invoices, shipping documents, etc., for audit purposes.
Auditors should be thinking about the reliability of all electronic evidence, including its completeness, accuracy, and authenticity. This includes native electronic evidence or transformed paper-based evidence. This is particularly important because of the financial strains facing many entities and related incentives and opportunities that exist to manipulate electronic evidence. In exercising an appropriate level of professional skepticism, auditors should be thinking of how to evaluate the reliability of that information, including whether to obtain an understanding of processes and controls over the preparation and maintenance of that evidence.
Exercising professional skepticism will involve more than evaluating the reliability of electronic audit evidence. As auditors, we are accustomed to looking out for what’s changed from the prior year. It’s more challenging to question management when things remain the same. With so many entities pivoting to new business models during the pandemic and the transition of entities’ finance staff to remote work, auditors should be skeptical when they hear that business processes and controls have not changed. Exercising professional skepticism may involve going beyond what was done is previous years, including extending inquiries to operational staff to corroborate representations from management.
How might audit team composition be impacted this year? Have you heard any tips or best practices from audit firms in this regard?
Our focus at CPAB over the past few years has been on evaluating the quality management systems of firms as they manage their risks at the audit-portfolio basis. In this environment, talent and resource management take on an elevated level of importance for all firms.
Engagement teams will likely be assessing the need for additional specialized skills and resources to help them navigate the incremental complexities in their audits. We expect that valuation, information technology and forensic specialists will be in high demand and, accordingly, in short supply. A good practice for audit leaders will be to anticipate specialist resources early in the audit planning process to avoid bottleneck issues later during the audit. Similarly, monitoring at the firm level will ensure that specialist resources are optimally allocated across a firm’s audit portfolio.
Another important part of planning the audit engagement is determining materiality. Given the unusual results for 2020, how might this impact factors the auditor needs to consider, including the volatility of benchmarks often used in the calculation of materiality and performance materiality?
Materiality thresholds will often need to be set lower for many 2020 calendar year audits because of downward pressure on some of the more common benchmarks used by auditors—including profit before tax and assets.
An important reminder is that fundamental to materiality determinations are auditors’ assessments of the financial information needs of users of the financial statements. Auditors should anticipate that there have been changes to users of the financial statements, as well as changes to the key performance indicators users are typically focused on.
The auditor’s risk assessment is essential to support a high-quality engagement. Could you share some areas where we can expect risks of material misstatement to be impacted by the effects of COVID-19?
I want to be careful not to set expectations about which account balances, classes of transactions or disclosures should be assessed as higher risks of material misstatement because entities have been impacted differently by the pandemic. Nevertheless, it’s probably accurate to say that assertion-level risks associated with a broad variety of accounting estimates will likely be elevated.
What will make these accounting estimates difficult for management to develop is the pervasive level of uncertainty impacting entities’ outlook and operations. A considerable amount of judgment will be required by management to determine which methods, assumptions and data to use when developing its accounting estimates.
Auditors should be assessing the need for additional specialized skills or knowledge. Historical patterns and data considered relevant in previous periods will often no longer be representative of current or future market conditions when developing accounting estimates. For example, auditor experts may be needed to determine whether supplemental assumptions or data should have been considered by management.
Readers should refer to the audit practice alert by staff at the International Auditing and Assurance Standards Board (IAASB) Auditing Accounting Estimates in the Current Evolving Environment Due to COVID-19 on how to apply the International Standard on Auditing Accounting Estimates, ISA 540 (Revised), in a COVID-19 environment.
In many cases, organizations are focusing their efforts on surviving and adapting their business models. How might this impact the client’s processes and controls, and the auditor’s work to understand internal controls relevant to the audit?
A possible consequence of being in crisis management mode for entities is that management’s focus on internal controls could have taken a back seat to other priorities. In this environment, auditors should anticipate that for many entities, internal controls have become misaligned with the new business risks facing many entities.
Readers are encouraged to refer to our COVID-19 publication: Understanding Internal Control in the Audit to learn more. I’ll highlight a few things from the report:
- Auditors should be expecting to identify changes to the controls they've evaluated in previous audits as entities address new risks arising from the pandemic. One of many possible examples includes new processes and controls put in place at entities to ensure that information submissions for COVID-19 government-assistance programs are reliable.
- Auditors should revisit their risk assessments periodically to ensure that they reflect ongoing changes to the entity as it responds fluidly to the crisis. In some cases, auditors may need to modify previously planned audit procedures or design new procedures to respond to revised risk assessments.
In the current environment, there may be increased reliance on information technology (IT) by the entity. Could you talk about the importance of the auditor’s understanding of the IT environment and related general IT controls?
We’ve been hearing that entities accelerated their digital transformations during the pandemic. For some, this was needed to facilitate the transition of entities’ staff to remote work. Another commonly cited reason was to move interactions with customers to online platforms to observe social distancing requirements.
An increased reliance by entities on IT gives rise to new risks. For example, systems or programs could be inaccurately processing data, processing inaccurate data, or both. Systems or programs may also be at risk of being accessed inappropriately by employees or outside parties through cyber-attacks. Certainly, cybersecurity risks have been on the rise during the pandemic as entity staff working at home have been more susceptible to phishing attacks. Cyber incidents may be relevant to auditors when they impact financial reporting systems.
It’s important for auditors to obtain an understanding of how entities’ information systems have changed during the pandemic and the related controls put in place by management to mitigate related risks, including risks arising from use of IT. This is true even when auditors plan to follow a substantive approach because it assists them in determining the nature, timing and extent of substantive audit procedures.
Auditors should be looking out for the following:
- relaxed policies related to IT program changes or the granting of access privileges to key IT systems
- reduced IT staff leading to reduced IT monitoring activities
- delays in implementing critical IT projects
Let’s now talk more specifically about fraud risk. In an environment where a client’s system of internal control may be operating differently from normal, the risk of fraud in the financial statements may be heightened. There may also be increased incentives, opportunities, or rationalizations to commit fraud. Can you please share your thoughts on things auditors should look out for as they perform their audits, to identify and address elevated fraud risk?
There are several things that we believe will enhance an auditor’s ability to detect fraud. Many of them were described in the fraud thematic review report that we published last year. We believe they are even more relevant in the current environment.
- Obtaining a good understanding of management’s process for identifying and responding to fraud risks, including their preventative and detective anti-fraud controls. This understanding helps auditors determine how susceptible management’s process is to being circumvented and, accordingly, whether opportunities for fraud to occur exist.
- Considering whether to engage forensic specialists to assist the team with their fraud risk assessment. The digitalization and automation of financial reporting systems has increased the sophistication of fraud schemes. Forensic specialists can help cut through the complexity.
- Understanding the entity’s whistleblower programs. Research suggests that fraud is often identified through tips from employees, customers, vendors and other anonymous sources.
- Understanding management compensation arrangements and analysts’ expectations. Financial reporting frauds tend to cluster around financial metrics that are tied to management compensation.
Another area that deserves attention is how to carry out fraud-related inquiries of management and others when in-person meetings are impracticable. In our view, these inquiries should, at a minimum, be performed by videoconference to give auditors the opportunity to read the body language of interviewees. This is certainly not an area that can be performed by email.
Given the unprecedented uncertainty brought on by COVID-19, going concern is one of the topics that auditors are most frequently asking about. While the impact of the pandemic on entities will differ depending on the specific conditions and events and management’s plans, can you share your thoughts on some of the challenges faced by auditors in evaluating going concern assessments?
There will be situations where material uncertainties are clearly present and situations where they are clearly not. The challenge for auditors is that grey zone somewhere in the middle – the so-called close-call scenarios.
Auditors should expect to identify many more close-call going concern scenarios in their 2020 audits. This is where management concludes that no material uncertainties exist, but that their conclusion involved considerable judgment. For example, management may determine that material uncertainties are mitigated by corrective actions they plan to take, including refinancing loans. However, auditors may find that a successful track record in refinancing loans may no longer be realistic in the current environment. In close-call situations, auditors should consider asking management to enhance their assessments, including expanding cash flow forecasts to include several realistic scenarios and sensitivities to further support their conclusions (i.e., that no material uncertainty exists).
An important reminder is that management is required to disclose key judgments made in the process of applying the entity's accounting policies (IAS 1, paragraph 122). This includes disclosing key judgments made in close-call scenarios relating to going concern assessments. These types of disclosures are important to achieve fair presentation of the financial statements. Auditors need to consider the implications for their audits when these disclosures are missing or inadequate.
Are there any closing thoughts or final reminders for auditors that you would like to end with?
We recognize that the obstacles that entities are facing in this environment can be daunting. However, it is in moments of crisis that the attention of the investing public is particularly focused on auditors. The pressures and challenges of the COVID-19 pandemic cannot lessen the auditor’s responsibilities to comply with auditing and professional standards. Audits will be more challenging and may, in many cases, take longer to perform. It will be important for auditors to take the time they need to respond to the risks and complexities of audits even if that means delays in completing their audits.
We encourage auditors to visit our COVID-19 page to access our latest thought leadership in this area.
This is likely to be a difficult year for many auditors. Each set of financial statements audited is likely to be affected, to some degree, by the current adverse economic conditions as a result of the pandemic. In many cases, the risks of material misstatement will be higher than in prior years, impacting the audit approaches to respond to assessed risks. Audit teams may wish to place an increased focus on making sure that staff and specialists with appropriate training and experience are assigned to each audit, and that the level of direction, supervision and review are appropriate to the circumstances of each audit. The need to apply professional skepticism will be particularly important in these difficult times.
For additional COVID-19-related audit and accounting resources, access our dedicated auditing resource hub and accounting resource hub, which are updated regularly.
Keep the conversation going
What areas are you challenged by the most in your audits since the onset of the pandemic? Are you finding the CPA Canada and other available resources helpful? Would you benefit from more detailed COVID-19-related audit guidance on any specific topics? Post a comment below or email me directly.
Don’t miss out! Get in-depth analysis and insight on current audit and assurance issues delivered straight to your inbox. Sign up for our Audit Quality blog by checking Audit Quality Blog under My Subscriptions in your profile. SUBSCRIBE NOW
Conversations about Audit Quality is designed to create an exchange of ideas on global audit quality developments and issues and their impact in Canada.
The views and opinions expressed in this article are those of the author and do not necessarily reflect that of CPA Canada.