INTRODUCTION

WHY READ THIS BOOK?

Good quality, smaller ISA audits are conducted all over the world, profitably

The sole aim of this book is to help auditors perform more efficient and effective ISA audits. While the focus of the technical material in this book is on the requirements of the ISAs, the overriding objective is always to help auditors perform audits in a manner that promotes cost-effectiveness, efficiency and a high level of audit quality in equal measure.

We believe that there is a strong link between audit quality, and efficient and cost-effective audits. We believe that audit firms performing the best audits are often the most profitable, and that firms with audit quality issues are rarely performing profitable audits.

Dispelling the myth that quality and cost-effectiveness are mutually exclusive is important to us. Some, possibly many, practitioners take the view that audit quality and the maintenance of technical standards are little more than a cost to be minimised. We beg to differ. When time spent gaining a better understanding of core auditing standards is seen more as an investment than a cost, it not only enables auditors to perform more cost-effective audits, it also makes them better auditors.

Another myth that holds too many auditors back is the belief that ISAs are unsuitable for the audit of SMEs. ISAs were developed so that they could be applied to the largest of audits but that does not mean that they cannot be used perfectly well in smaller audits, given a little thought about how they are applied. We know that there are many firms performing small, good quality and profitable audits as the norm. The main beneficiaries are the owners of the audited entity.

The answer to most firm-wide problems in auditing is training and the bedrock of this training is a good understanding of the core ISAs. Smaller audits conducted under standards based on ISAs are now performed all over the world, and there are many jurisdictions using ISAs in which a very large number of very small companies are still subject to statutory audit requirements. Whenever auditors are having problems with quality or efficiency, a better understanding of the core ISAs always helps.

Auditors without a clear understanding of the ISAs are far more likely to miss something out, do something that is unnecessary, do something the wrong way or spend time at the end of the audit correcting errors made during the audit process.

Where firms perform efficient and effective audits, it is often evident that the audit teams have a good knowledge of the ISAs. Their documentation might be brief, but it is clear that they have done everything that is required of them and they use the correct technical terms in their documentation. That makes it easy for internal and external reviewers to see and understand how they have complied with ISAs.

NO, YOU DO NOT NEED TO READ ALL OF THE ISAs, BUT YOU DO NEED TO UNDERSTAND THEM, ESPECIALLY THE CORE ISAs

Many experienced auditors might, not entirely unreasonably, think that reading the ISAs or reading about them is a waste of time, because there is no substitute for years of experience. A good proportion of the readers of this text will remember the situation not so long ago when there were just a handful of auditing standards. In the UK, most auditors over the age of 50 remember there being only two auditing standards and a handful of auditing guidelines. There are now over a thousand pages of ISAs (and more in national standards) and the audit approach has to be different now. An audit conducted just a few years ago is unlikely to be compliant with the current, clarified ISAs.

There are no requirements, anywhere in auditing standards, audit regulation, ethical standards or the requirements of professional bodies for auditors to ‘read’ all of those pages of ISAs per se, but practitioners are required to understand them. The only people who read all of the ISAs are people working in technical departments and authors such as us (and maybe we need to get out more). Practitioners rely on their firms’ systems, methodologies and training to mediate the requirements of ISAs and if you qualified more than two decades ago, this book is written with you very much in mind.

A knowledge of ISAs can be obtained by reading them. After all, they can be downloaded, free of charge, from the IAASB’s website and the websites of many national standard-setters. But even now that they have been clarified, they can be hard work to read, and they have little in the way of guidance on how to apply the requirements to smaller entities.

This book seeks to bring the core ISAs to life. Each section, as you might expect, summarises the requirements of the relevant ISA but we also examine why the ISA requires what it does because it helps auditors obtain a better understanding of how the requirements can be applied.

We also use feedback from practitioners to help identify real, practical problem areas and provide real, practical solutions. We have used numerous examples. Most of these examples, even the more outlandish, are based on real cases, appropriately anonymised. In the words of Mark Twain: ‘Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn’t.’ Some auditors may find some of these examples challenging and not entirely in line with what they have done in the past. But expectations have changed, regulators the world over are bolder than they once were, and they are expected to deliver changes in auditor behaviour.

What was considered adequate not long ago might not pass muster now, and we hope that our examples will give readers a more rounded understanding of the core ISAs, and a better idea of how to apply them, than merely reading them would.

WHY ARE THESE ISAs THE ‘CORE’ AUDITING STANDARDS?

It goes without saying (almost) that complying with the relevant requirements of every ISA is essential. But not all ISAs are equally important.

A core standard is one that:

• has a major impact on most audits;
• has challenging requirements;
• is often misunderstood;
• has a significant impact on audit quality and cost-effectiveness.

Regulators regularly comment on a lack of compliance with these ISAs.

When reading about ISAs, the Pareto principle applies. Auditors who gain an understanding of 20% of the ISAs will gain an understanding of 80% of the main requirements. These core standards really are that important.

Audit quality and professional scepticism

Improving audit quality has been at the top of the international agenda for the profession in recent years, particularly in the wake of the various financial crises. While most of us would agree that professional scepticism is the cornerstone of audit quality, it is hard to define, even though its presence, or more usually absence, is usually clear, at least with the benefit of hindsight.

The ISAs require the maintenance of an attitude of professional scepticism throughout the audit, but they have very little to say about it. Standard-setters, regulators, audit firms and professional bodies are struggling in an attempt to be clear about how auditors can demonstrate that they have maintained it, and how it can be more clearly embedded in auditing standards, methodologies, training and the culture of audit firms.

The examples in this text take into account the latest thinking on professional scepticism. We emphasise again the fact that what might have been considered to be sufficient appropriate audit evidence a few years ago, might not now, even though the relevant ISAs have not changed much. Attitudes towards professional scepticism are an important part of this.

Closing the gap between auditing standards and firm methodologies

Auditors were auditing long before auditing standards were invented in the 1970s. There are two ways to close the gap between auditing standards and audit firms’ own auditing procedures. One is to wrap the standard around the firms’ procedures and methodologies and adapt what practitioners do to make it conform to the standard. Using the auditing standard on engagement letters as a basis for rewriting the firms’ engagement letter is a simple example. The other is to take what practitioners do, and wrap the standard around that, starting with firm’s engagement letter and working out how to slot in anything the standard requires that happens to be missing, for example. The latter is a better description of what happens most of the time than the former, but regulators prefer the former. It makes their lives easier and they expect larger firms to map their methodologies to the standards. Training and software providers increasingly need to be mindful of this.

Causes of audit inefficiency and unprofitability in smaller firms are manifold but there are three key drivers of many problems:

• over-engineered audit methodologies and procedures that simultaneously result in under-auditing in important new areas and over-auditing in established areas;
• lengthy auditing standards designed with the larger audit in mind that need to be interpreted for smaller entity audits;
• regulatory inspections focusing on compliance with the requirements of standards, as well as the judgements made.

It is inevitable that any regulatory file inspection will focus on the documentation of compliance with standards, but auditors need to think about more than this. In reality, there is little practitioners can do about audit regulators,...