FRC Annual Review of Audit Quality
The FRC has published its annual review of audit quality. This provides an overview of its assessment of quality among the Tier 1 firms, which are those with the largest share of the UK PIE audit market.
FRC Annual Review of Audit Quality
At the end of July, the Financial Reporting Council (FRC) published its annual review of audit quality. This provides an overview of its assessment of quality among the Tier 1 firms, which are those with the largest share of the UK Public Interest Entity (PIE) audit market. The findings whilst relating to the largest firms do provide useful pointers for audit firms of all sizes.
The FRC applies a risk-based approach to its audit inspections and pays particular attention to key areas of estimation and judgement (including impairment, valuation, going concern and provisions) as well as the audit of revenue and journal entries in its inspections. Additionally, the FRC also reviewed risk assessment (including fraud and climate risk), audit planning, and communications to Audit Committees.
The FRC’s most common findings from its inspections continue to be in the audit of revenue and areas of estimation and judgement. For revenue, findings included issues with contract testing, data analytics and data input testing. For estimation and judgement, they were most often linked to weaknesses in the evaluation of key assumptions and judgements, and the challenge of management. Common findings relating to journals testing, General IT Controls (GITCs), inventory and provisions were also found. The FRC highlights the importance of the auditor’s work in these areas:
Auditors should obtain sufficient and appropriate audit evidence to assess whether revenue is accurately recognised as it is a key driver of the entity’s results.
Auditors should adequately assess and challenge management’s evaluation of impairment as this often involves significant judgement and can be subject to management bias or error.
Auditors should adequately assess and challenge the reasonableness of management’s estimates and assumptions to respond to the risk of management bias.
Journals testing is a key procedure to address the risk of management override of controls and fraud. Auditors should test the appropriateness of journals entries, including examining the supporting evidence for the items selected.
Where an audit approach relies on IT systems, data and associated automated controls, related General IT controls should be tested to a satisfactory level to support the reliance placed and ensure that sufficient, appropriate audit evidence is obtained overall.
Auditors should perform appropriate procedures to assess the existence and valuation of inventory as it can be significant to an entity’s balance sheet
Good Practice Identified
The most common areas of good practice identified were largely consistent with those identified in previous inspection cycles. Several good practices were identified in the same areas as the common inspection findings. Most notably, all firms had good practice relating to the challenge of management for the audit of accounting estimates and judgements, with several examples in the areas of impairment and provisions. This demonstrates that consistency in audit execution remains a key area of challenge, and one in which firms have more to do to ensure consistent audit quality across their audits. Other examples of good practice related to effective use of specialists, challenge of management for related judgements and thorough risk assessment for climate and fraud related risks.
Quality Management
The International Standard on Quality Management (UK) 1 (ISQM (UK) 1) replaced the quality control standard (ISQC (UK) 1) and introduced a fundamental change for firms’ quality management approaches. This evolution from quality control to a customised system of quality management means a transition from reactive quality checks to proactive, comprehensive, and risk-based quality management, which is more responsive to the complex and dynamic business landscape, and the diverse and nuanced challenges faced by different firms. ISQM (UK) 1 also emphasises the role of leadership and governance, the importance of a quality orientated culture, and the need for continuous improvement. Key differences between ISQC (UK) 1 and ISQM (UK) 1 include:
| ISQC (UK)1 requires | ISQM (UK) 1 requires: |
|---|---|
| Specified quality control processes and policies. | Identification of risks and responses to enable achievement of specified quality management |
| Policies and processes over human resources. | Quality management of human, intellectual and technological resources, including those from networks and service providers. |
| Policies and processes over consultations. | Broader quality management of information and communication, including information being communicated throughout the firm, with personnel communicating with the firm and one another. |
| A culture recognising the importance of audit quality. | A culture that recognises the importance of serving the public interest, professional ethics and behaviours, and all personnel being responsible for quality. |
| Monitoring and remediation processes focused on completed audit engagements. | Proactive monitoring of the System of Quality Management (SoQM) as a whole, with timely, effective remediation and an, at least annual, holistic evaluation, of the SoQM. |
| Quality focused remuneration policies for audit partners. | All leadership to be held responsible and accountable for quality, and those responsible for the SoQM to be evaluated with consideration of the evaluation of the SoQM. |
The FRC reviewed the Tier 1 firms’ implementation of ISQM (UK) 1 which included assessing the design and implementation of the firms’ internal procedures for monitoring the effectiveness of their SoQMs and the processes and conclusions for their first annual evaluations. The FRC did not independently perform, or reperform, the firms’ overall annual evaluations.
Key areas for improvement identified, included where firms needed to strengthen their monitoring processes to ensure that responses to quality risks are designed and operating effectively and to assess other relevant sources of information relating to the extent of mitigation of quality risks. Enhancing the evidencing of the firms’ annual evaluation processes, including assessing if any findings indicate potential SoQM deficiencies, individually or in aggregate were also identified.
Notably, one firm ultimately concluded that it did not have reasonable assurance over their SoQM. As this is the first year of the new standard, the FRC are supporting firms in their development of effective and proportionate SoQMs and will continue to challenge their conclusions in future inspections.
Although designed to be scalable, the FRC noted that implementation of ISQM (UK) 1 has been more challenging for firms outside of Tier 1, particularly regarding the monitoring and remediation processes. In response to that, the FRC are increasing the frequency of its supervisory engagement with these firms to support continuous improvement through inspections, briefings, roundtables and publications.
Emerging Risks and Trends
Through its continuous engagement with the firms, the FRC identified firm specific emerging risk and trends that may impact on audit quality, including:
The increased use of offshore delivery centres to perform higher risk, more complex audit work.
Changes in firm structure that may increase the risk of conflicts or independence issues.
Rapid growth and significant portfolio changes that directly impact audit quality because of insufficient resources.
Changes to audit software that may not work as planned.
Artificial Intelligence (AI)
AI, and other technological advancements, is another key area of focus for the future of the audit profession. Whilst the FRC recognises opportunities for firms that engaging with technological developments might bring into the workplace, it expects them to adopt a measured approach to implementation of such technologies. Firms need to consider relevant regulations, guidance, and wider developing frameworks, including the UK Government's AI principles before introducing such technologies.
The FRC expects firms to bring to its attention any systemic risks or frictions are identified in relation to use of new technologies. The FRC also acknowledges that acquiring and implementing AI related tools and requisite skills can be expensive, potentially limiting smaller firms' ability to use them. Therefore, it encourages firms and their representative bodies to consider these challenges and to collaborate with it to find solutions.
Monitoring by the Quality Assurance Department of ICAEW of Tier 1 Firms
All Tier 1 firms are audit registered by ICAEW. Key findings on the audits requiring improvement or significant improvement were as follows:
- Errors in primary financial statements
- Weaknesses in audit of revenue
- Reliance on work done by other network firms
- Lack of challenge to management in relation to going concern
- Flaws in substantive analytical procedures
- Weaknesses in audit of inventory
- Lack of consideration of the potential capitalisation of development costs
Good practices identified were as follows:
- Challenge of management evident across audit areas such as:
- accounting for prior period restatements, impairment and valuation
- assumptions underlying expected credit loss provisions and going concern
- Robust approaches to the audit of revenue including
- well thought-out use of ‘proof in total’ testing, and
- inclusion of unpredictability in audit approach to inventory
- Clear evidence of interaction with component auditors, with supervision and review of their work
- Comprehensive audit documentation including:
- response to potential litigation
- internal consultation
- consideration of impairment risks
- journal selection and testing
- work on going concern
The FRC’s ‘Annual Review of Audit Quality’ can be viewed at: FRC Annual Review
