Assurance & Reporting: COVID-19 and external audit
As the Coronavirus pandemic has spread across the world during the last year, this has had significant impact on working practices. Lecturer, Heather McNellis CA, explores the different ways external audit has been impacted and the additional factors and procedures that must now be considered whilst conducting an audit.
Working remotely
Due to the restrictions in workplaces and social distancing measures, offices have been closed for both auditors and clients for some time now. The result has been a vast increase in remote working and teams are now conducting audit virtually. However, this doesn’t come without its challenges. Staff need to ensure that they have the appropriate technology to work, can use virtual platforms to communicate with colleagues and clients, schedule time to speak to clients, all while balancing personal commitments such as caring responsibilities. Prior to the pandemic, many firms had already embraced the use of technology as a means of communication alongside flexible homeworking practices. However, the volume of traffic now going through these platforms has increased exponentially.
Security considerations
Another thing that must be considered is security around client documents. If any paper documents are obtained, these should be stored securely within auditors’ homes and disposed of properly, using appropriate and confidential waste disposal services. Electronic documents should be password protected and stored on secure servers. The use of the internet should be considered carefully, including using VPN (Virtual Private Networks) to ensure data is kept safe. Any breaches or suspected breaches should be reported within firms and dealt with quickly and appropriately.
Impact on audit considerations
Along with the practical issues, there are additional impacts on audit considerations to be taken into account during the pandemic. Some of these are explored in greater detail below.
Planning and risk assessment
Whilst undertaking planning and risk assessment procedures, Coronavirus implications must be considered as part of this process. Impairment and going concern assessments must be considered in relation to assets and ability to continue to trade during this pandemic.
In understanding the entity, any changes made to the entity in response to COVID-19 should be documented carefully – this should also be incorporated into assessing the level of risk within the entity – reassessing previous risks and taking care to identify any new risks.
Materiality that is considered at initial planning, must be continually reviewed to incorporate anything new that comes to light, particularly as the pandemic changes so quickly, we will always have to consider revisiting our planning materiality. In accordance with ISA 320, this must be evaluated for impact of COVID-19. As materiality is adjusted for COVID-19, consideration will also be needed about the impact of previously unadjusted differences which may now become material and need to be adjusted for.
Controls
It is required that auditors obtain an understanding of the entity’s internal controls, even if auditors do not intend to rely on the controls. Due to COVID-19, it is likely that the control environment has changed in response – this will inform the risk assessment process and may lead to additional risks of material misstatement.
If controls are being relied upon, and therefore require testing, this may result in challenges due to the pandemic. A control may not have operated throughout the year due to disruption in working practices.
Additionally, if any new areas of significant risk are identified, the auditor must obtain an understanding of the entity’s controls and control activities related to that risk.
Normally, a procedure that auditors use to understand processes and controls is to perform a walkthrough – however this may be challenging with offices being shut and restrictions in place. Either alternative procedures should be performed, or additional risks may be identified, and the level substantive testing adjusted accordingly.
Obtaining audit evidence
Prior to the pandemic, technology was already being used as a way of obtaining audit evidence. However, there are areas where this is more challenging – observing procedures, reviewing files that are classified as confidential, and performing physical stock counts.
Furthermore, with companies also working remotely or being closed temporarily there may be areas where there are missing or documentation/schedules/reconciliations that are hard to access.
This has presented challenges for auditors to obtain sufficient and appropriate audit evidence to support their opinion, in line with ISA 500.
Reporting
COVID-19 may result in an increase in modified audit reports, where there may be issues of material misstatement or material uncertainty surrounding going concern, or where auditors were unable to obtain sufficient, appropriate audit evidence.
Audit firms may also include information on COVID-19 and its impact within their report in relation to key audit matters.
Furthermore, audit opinions for inclusion with annual reports should be signed (as stated by the Companies Act 2006). Given remote working, the traditional ‘wet ink’ signing of an audit report may not be practical. The Companies Act does not stipulate the form of the signature; however, UK law has generally recognised the validity of a wide variety of electronic signatures, providing an alternative for auditors.