Common findings from the 2023 ICAS audit monitoring visits
The ICAS Audit Monitoring Team highlights the common findings identified in the 2023 monitoring visits.
2023 was another transitional year for ICAS Audit Monitoring, with a number of changes in the review team taking place through the year, and ongoing development of new monitoring methodologies and documentation.
The bulk of the visits in 2023 were required under the statutory six-year cycle. The remaining visits were conducted on a shortened cycle, informed by the monitoring team’s ongoing risk assessment process. The schedule remained somewhat atypical, but there remain key themes and common findings that all audit registered firms should consider and learn from.
Visit outcomes
The percentage of visits that presented serious and systemic issues has fallen compared to the previous year. 8% of visits in 2023 presented serious issues (14% in 2022) and 24% of visits presented systemic issues (36% in 2022), which is a positive trend. However, a smaller percentage of visits required no follow-up action in 2023, with only 20% of visits being closed without further submissions or other follow-up actions being required by the Committee (29% in 2022). What is left is an increase in visits presenting isolated issues, which has risen to 48% in 2023 (21% in 2022).
Visits falling in to the ‘serious’ and ‘systemic’ categories are always reported to the full Authorisation Committee (‘the Committee’), as they are considered to present the most significant findings. In the most serious cases, the Committee has considered whether further regulatory action is required, and that has included stringent follow-up actions and, where appropriate, regulatory penalties.
Where audit file quality has seen a general trend of improvement (as seen in the charts below), the reduction in visits without follow-up action has been impacted by a number of firms having ‘whole firm’ findings, or due to isolated issues affecting only some audit files, affecting the visit outcome.
 |  |
|---|
Audit file quality 2023
Generally, there was a slight improvement in the level of audit quality seen on the files compared to 2022. The majority of files reviewed in the year (60%) were of a good standard or only required limited improvement, which is a significant improvement on the levels of compliance noted in the previous year, when only 33% of files fell into that category.
A small number of 1 Grade files were reviewed in 2023, which reflected particularly good levels of compliance. These files presented no areas of concern regarding the sufficiency and quality of audit evidence or the appropriateness of significant audit judgments in the areas reviewed. Further, there were only limited weaknesses in the documentation of audit work.
The team also reviewed more files of a 2A standard in 2023, with 57% of the files reviewed reflecting only limited concerns regarding the sufficiency or quality of audit evidence or the appropriateness of significant audit judgments in the areas reviewed, and where weaknesses in documentation were restricted to a relatively small number of areas. This is a substantial improvement from 2022 when only 33% of the files reviewed were of a 2A standard.
The monitoring team understands the significant challenges that firms face in maintaining audit quality, at a time of increasing regulatory expectations, while at the same time ensuring audits are conducted on a commercial basis. In that context the number of 1 and 2A Grade files is seen as a positive outcome and we hope that this continues into 2024.
The 2023 monitoring year saw fewer files of a 2B and 3 standard, though these still accounted for 40% of the files reviewed. These poorer files, by their nature, present more serious breaches of ISAs and Audit Regulations and also bring the clear potential for further regulatory action to be considered required by the Committee in order to bring standards up to the required level.
 |  |
|---|
Common ISA breaches
Other than general weaknesses in audit documentation (relating to ISA 230), the most common ISA breaches identified in our monitoring work during 2023 related to:
- ISA 240 - Fraud (80% of visits)
- ISA 315 - Risk assessment (76% of visits)
- ISA 500 – Audit evidence (76% of visits)
- ISA 570 – Going concern (60% of visits)
- ISA 530 – Audit sampling (44% of visits)
Further detail on the common issue identified relating to these ISAs, and some guidance with regards improving levels of compliance, is given within the report.
Common breaches of the Audit Regulations
As may be expected, the most common Audit Regulation breached in 2023 was Audit Regulation 3.10, as it related to compliance with the ISAs. 92% of visits saw this regulation breached, which reflects every visit on which an audit file was reviewed. Other than the ISA breaches noted above, the most common breaches of the Audit Regulations related to:
- Audit Regulation 3.08 – Statutory requirements (40% of visits)
- Audit Regulation 3.02 – Acceptance and reappointment / Ethical compliance (36% of visits)
- Audit Regulation 3.10 – As it relates to compliance with ISQM(UK)1 (32% of visits)
- Audit Regulation 3.20 – Audit compliance review (32% of visits)
- Audit Regulation 3.03 – Acceptance and reappointment (24% of visits)
Again, further detail on the issue raised under these Audit Regulations is provided in the monitoring report, along with guidance aimed at helping firms improve compliance with these regulations as well as a few other key regulations that while breached less often can have a big impact on the visit outcomes.
Read the full report for more information on the common findings identified in the 2023 monitoring visits, along with some prompts to help make sure they don’t happen on your files.
