As auditors navigate the financial waters ahead, what challenges might exist and how can you best prepare for 2023?
Using a data-driven approach through the Enhancing Audit Quality initiative, AICPA & CIMA have identified possible issues and ways to overcome them in four main topics: risk assessments, single audits, auditor's reports and technology-enabled auditing.
Read on to see the resources available to guide you in achieving high-quality, compliant audits in 2023.
Challenge 1: Risk assessment and an entity’s system of internal control
Understanding an entity’s system of internal control, as a part of the auditor’s risk assessment procedures, was a challenge identified during the height of the COVID-19 pandemic in 2021. Internal controls are likely to continue to challenge firms and are a focal point in the new risk assessment standard, Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, which will take effect for audits of clients with 2023 calendar-year ends.
Now is the time for auditors to make sure they understand the standard released in October 2021 and are ready to comply for calendar-year 2023 audits.
Other common areas of opportunities include:
Assessing or documenting the assessment of risk at the relevant assertion level and financial statement level
Documenting the firm’s identification and assessment of the risk of material misstatement and response thereto (linkage)
Evaluating the design and implementation of controls relevant to the audit
Documenting the assessment of inherent risk at less than high
Performing the required procedures when relying on a System and Organization Controls (SOC) Report
Resources on risk assessment
The AICPA’s Enhancing Audit Quality team has created resources, including webcasts, so that you can learn from the most common audit quality issues.
Risk Assessment Today informs you of common and recurring challenges to recognize and avoid
Risk Assessment Under SAS No. 145 teaches you about the new and updated concepts for better risk assessments
Remote Auditing: Lessons Learned discusses best practices for navigating remote auditing
Auditing Fraud Risk in the Current Environment identifies where fraud is most common and advises you how to respond
Take Control of Your Audit: Avoid Common Internal Control Missteps offers advice to fortify your risk assessment strategy
Challenge 2: Single audits
Single audits are highly specialized and require additional in-depth technical expertise. The volume of single audits is expected to continue to surge due to federal COVID-19 relief funding.
Here are some areas specific to single audit engagements that auditors should pay attention to:
Identifying and testing sufficient and appropriate major programs. Key areas for auditors to consider during major program determination include:
Clusters of programs
Requirements of Type A and B program risk assessments
Grouping programs with the same Assistance Listing number
Criteria for a low-risk auditee
Documenting the testing of controls and compliance for the relevant assertions related to each applicable compliance requirement with a direct and material effect for the major program
Documenting the adequacy of the planned sample size for test of controls over compliance to achieve a low level of control risk
Documenting procedures related to the Schedule of Expenditures of Federal Awards (SEFA), including internal controls over the preparation of the SEFA, procedures to determine whether the SEFA is fairly presented in all material respects, and reconciliation of the SEFA to amounts in the financial statements
Including all the required elements of professional standards in the Independent Auditor’s Report or the Auditor’s Report on Internal Control over Financial Reporting and on Compliance and Other Matters
Resources on single audits
Federal COVID-19 relief funding has various regulatory and compliance nuances that are not common to traditional federal funding. Even if you have significant experience performing single audits, you’ll need to ensure you are prepared. Free resources are available from the Governmental Audit Quality Center(GAQC) to help auditors and auditees successfully complete their single audit engagements.
Challenge 3: Auditor’s reports
The now effective Auditor’s Suite of Reporting standards, SAS Nos. 134–140 created a new reporting model, including SAS No. 134, Auditor Reporting and Amendments, Including Amendments Addressing Disclosures in the Audit of Financial Statements, significantly amending AU-C section 700, Forming an Opinion and Reporting on Financial Statements, and AU-C section 705, Modifications to the Opinion in the Independent Auditor's Report.
The importance of an appropriate auditor’s report is reiterated in SAS No. 146, Quality Management for an Engagement Conducted in Accordance With Generally Accepted Auditing Standards.
The requirements under the recently adopted standards create risks and opportunities, and auditors are advised to consider the following related to reporting:
Ensuring that all the required content is included in the auditor’s report
Properly expressing an appropriate opinion
Reading the auditor’s report to avoid errors and incorrect statements regarding the audit’s scope, entity’s accounting principles, audit findings, or any other statement of substance
Resources on producing accurate reports
The auditor’s report is the only public-facing deliverable in an audit. With recent changes to the guidance about the report, you’ll need to ensure you have the most up-to-date information. To enhance your skills, consider taking the following self-study courses:
Breaking Down the New Auditor's Report for Non-ERISA Engagements(AU-C section 700)
Breaking Down the New Auditor's Reporting Suite of Standards for Non-ERISA Engagements(AU-C section 700 and other relevant 700 series sections)
Breaking Down the New Auditor's Reporting Suite of Standards for ERISA Engagements(AU-C section 703, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, and other relevant 700 series sections)
Challenge 4: Technology-enabled auditing
In a survey of peer reviewers conducted over the summer of 2022, respondents overwhelmingly agreed that firms would benefit from using technology more effectively and efficiently in an audit.
Technology can lead to more informed decision-making and the timely delivery of information and reports your clients and their stakeholders need. The emergence of new technology is accelerating, and firms should embrace technological advancements.
Technology can enhance audits, with software elevating your ability to:
Analyze complete sets of data
Increase the efficiency and effectiveness of risk assessments
Design appropriate audit procedures
Resources on advancing your technology
On the AICPA’s audit and assurance webpage, you’ll find publications and courses about technology that enhances auditing. Whether you want to learn about how practitioners are using technology when performing their audit risk assessments or data analytics, or how it’s improving audit evidence, we’ve got tools for you:
When you and your firm are ready to take another step in implementing technological solutions, know that we are committed to providing resources to help your firm continuously enhance audit quality.