Practitioners have adjusted to difficult circumstances by devising innovative processes to gather sufficient appropriate audit evidence virtually, all while learning the nuances of government assistance programs and pandemic-related business disruptions that need to be considered when they audit clients' financial statements.
At the same time, the profession has pushed forward through the crisis to develop standards that will promote continued quality improvements long after the coronavirus pandemic has passed. Here are five topics that will be top-of-mind for firms and practitioners in this unusual time (see also the sidebar, "5 Key Issues for Finance Departments").
The AICPA Auditing Standards Board (ASB) approved its new risk assessment standard in August, and it will take effect for audits of financial statements for periods ending on or after Dec. 15, 2023.
Statement on Auditing Standards (SAS) No. 145, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, was developed to address deficiencies in the process of obtaining the required understanding of internal control. Like the ASB quality management standard that's under development, SAS No. 145 is mostly converged with International Auditing and Assurance Standards Board (IAASB) standards.
The concept of the risk-based audit provides practitioners with an opportunity to deliver maximum quality in the most effective and efficient way possible. But studies have found that auditors sometimes need to get a more complete understanding of the risks related to the audit before designing audit procedures.
SAS No. 145 is intended to enable auditors to appropriately:
- Understand the client's system of internal control.
- Gain an understanding of the client's IT considerations, including addressing risks related to the client's use of IT.
- Determine risks of material misstatement, including significant risks.
The standard contains several key provisions designed to enhance a practitioner's professional skepticism and provides guidance intended to modernize rules in an evolving business environment.
Revisions are included to promote scalability, with the idea that the complexity of an entity and its environment, including internal control, is more relevant to scalability than the entity's size.
ASB Chair Tracy Harding, CPA, said the standard clarifies a number of issues, including the requirement for the auditor to gain an understanding of internal control even when they don't intend to test operating effectiveness of internal controls.
"Our main goal for this standard has been to improve its clarity, to be more clear on what we intend with risk assessment, and really have intended all along," Harding said. "We have seen some indications through peer review that some firms don't have an understanding that's consistent with what the board intends."
NEW REPORTING REQUIREMENTS
Implementation of a suite of new auditor reporting standards created by the ASB also will be an important task for practitioners in the coming months if they have not already completed the adoption process.
The new standards are designed to provide CPAs and their clients with substantial benefits because they are designed to enhance the communicative value of the auditor's report. The standards are generally aligned with those previously issued by the IAASB and the PCAOB.
The effective dates of the standards, issued in SASs No. 134 and 136-140, were delayed for one year because of the pandemic. The standards now take effect for audits of financial statements for periods ending on or after Dec. 15, 2021.
The new standards are:
- SAS No. 134, Auditor Reporting and Amendments, Including Amendments Addressing Disclosures in the Audit of Financial Statements, as amended by SASs No. 137, 138, and 140.
- SAS No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, as amended by SASs No. 138 and 140.
- SAS No. 137, The Auditor's Responsibilities Relating to Other Information Included in Annual Reports.
- SAS No. 138, Amendments to the Description of the Concept of Materiality.
- SAS No. 139, Amendments to AU-C Sections 800, 805, and 810 to Incorporate Auditor Reporting Changes From SAS No. 134.
- SAS No. 140, Amendments to AU-C Sections 725, 730, 930, 935, and 940 to Incorporate Auditor Reporting Changes From SAS Nos. 134 and 137.
Another standard, SAS No. 135, Omnibus Statement on Auditing Standards — 2019, often gets mentioned at the same time as the reporting standards because it has the same effective date, but its focus is not on auditor reporting. The ASB recommends that SASs No. 134-140 be implemented concurrently because they are interrelated. For example, the wording in the auditor's report when misstatements are considered material is addressed in SAS No. 138, so the wording of the auditor's report as prepared according to SASs No. 134 and 136 would only be correct if the requirements in SAS No. 138 are also considered.
Requirements of the standards include:
- Placing the opinion at the front of the report, with additional wording about the auditor's responsibility for the going concern assessment; management's going concern responsibilities if called for by the financial reporting framework; and the requirement for the auditor to be independent and comply with certain ethical responsibilities.
- A paragraph describing the auditor's responsibility to read the annual report and point out any inconsistencies with the financial statements or known material misstatements of fact.
- If the client engages the auditor to report key audit matters as part of the audit, the standards describe how those should be reported.
"This implementation is upon us," Harding said. "We're trying to make sure people are updating their methodologies, their templates, whatever they use for their standard audit reports, and training their people as necessary."
Harding also recommended communicating with users of audit reports such as boards of directors, bankers, and investors, to prepare them for the changes in the report. Harding suggested that auditors may wish to provide users with a pro forma version of what the new audit report might look like to facilitate discussion on the changes.
The question of where work should be done when pandemic restrictions are relaxed is doubly challenging for auditors.
Much of the rest of the office-based business world is deciding whether employees who started working from home at the beginning of the pandemic should continue working remotely or return to the office once it's safe. Many have said their path forward may be a hybrid approach that requires some time in the office and permits some work from home.
Auditors need to decide that issue in addition to addressing whether they will continue using remote procedures amid current and future states of the pandemic.
In some cases, auditors had been working more with clients remotely and less in person even before the pandemic. But pandemic-related restrictions led many processes that previously were almost routinely done in person to be performed remotely.
Firm leaders, while considering current health and safety protocols, will reevaluate the necessity of on-site work in audits. Areas that are most likely to go back to on-site procedures following the pandemic include:
- Inventory observation: Firms developed well-conceived procedures for reviewing inventory via video feeds at the start of the pandemic, and drones are emerging as a future-focused tool for this procedure. But auditors still may wish to visit warehouses and other storage facilities to explore inventory in person.
- Client personnel interviews: Video calls provide auditors with an opportunity to observe nonverbal cues. But a foot that's tapping nervously on the floor still may be more readily observed in the client's office. In a video call, there is no informal conversation after the scheduled meeting; in-person interviews offer the chance for follow-up outside the meeting room.
- Assessing control environment and design effectiveness of controls: If clients who are returning to the office move away from web-based or virtual controls and resume their pre-pandemic control activities, these controls may be better observed on-site.
Whether procedures are performed remotely or in person, the basic principles of understanding processes, risk assessment, testing, forming a conclusion, and documentation apply.
"I always say whether it's an electronic system or it was people 100 years ago doing things, it's a process, and you've got to understand that process and test that process," said David Torrillo, CPA/ABV, managing member of Torrillo & Associates LLC in Glen Mills, Pa. "That's what needs to be done. You need to make sure that process is working appropriately so you can rely on that audit evidence."
This may be the most chaotic time in the history of single audits, which were first mandated in the Single Audit Act of 1984, P.L. 98-502, as a means for ensuring that federal government funds are expended appropriately by grant recipients.
A dramatic rise in federal government spending in response to the COVID-19 pandemic has resulted in a huge increase in the number of grant recipients that will need single audits, which are compliance audits performed under Government Auditing Standards and the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (also known as the Uniform Guidance). Nonfederal entities that spend at least $750,000 of federal funds in a given fiscal year are required to undergo a single audit. Further, some pandemic funding has also extended single audit requirements to not-for-profit entities.
The increase in organizations receiving enough federal funds to require a single audit creates opportunities for audit firms, but experts advise extreme caution. Single audits are extremely specialized engagements. Practitioners and firms that don't have experience on these engagements have a high risk of performing low-quality audits.
Experts advise that those without specialized experience decline these engagements, refer clients to more experienced firms, or undergo extensive single audit training if they choose to accept these engagements.
"Stop it at the door if it's not in your wheelhouse — that's my first advice," said Erica Forhan, CPA, a partner in the Moss Adams Professional Practice Group and the firm's director of audit and attest. "Otherwise, if a firm is going to take it on, get educated."
The AICPA Governmental Audit Quality Center has information and resources on single audits, including those that discuss the implications of COVID-19 funding, summaries of Office of Management and Budget (OMB) compliance supplements, and other updates that pertain to the pandemic. In the wake of the pandemic relief efforts, there are many new federal programs and many first-time recipients, and the federal rules for program compliance and related audit guidance have been numerous and sometimes confusing.
The OMB's decision that Paycheck Protection Program funds would not be subject to single audit relieved the pressure on the system somewhat, but practitioners need to be extremely careful that they understand new compliance rules as they relate to other significant new sources of federal funding, including the four largest new federal programs subject to single audit — the Coronavirus State and Local Fiscal Recovery Funds, the Coronavirus Relief Fund, the Education Stabilization Fund, and the Provider Relief Fund — which in total comprise almost $1 trillion in federal funding.
"Take the time to read the rules because it is not like any other year that you're auditing," Forhan said. "You really have to focus on what the rules are saying to know what to do with it. You just can't take much for granted in a single audit this year if a client spent any kind of COVID funding."
A previous deadline delay helped somewhat, as the OMB instructed awarding agencies to allow recipients and subrecipients with fiscal year ends through June 30, 2021, to delay the completion and submission of the single audit reporting package to six months beyond the normal due date. However, with some 2020 audits still in process due to pandemic delays and issues, many audit organizations are challenged from a workload compression perspective. Further, there may be no relief in sight as significant new federal funding may result from other legislation working its way through Congress such as infrastructure legislation.
The ASB is developing a new quality management standard that will be more tailored to an audit firm's individual needs. The ASB issued a quality management exposure draft in February and will review comments on the proposed standard this month with a goal of issuing a final standard in the second quarter of 2022. The standards proposed in the ED were mostly converged with those recently adopted by the IAASB; the PCAOB also has indicated that the IAASB's quality management standard could be the starting point for a U.S. public company auditing standard in the future.
The ASB proposal would require firm leadership to conduct a firmwide self-assessment of their processes to identify their own quality risks with a holistic approach that would consider everything from the types of engagements performed to the clients served to the recruiting, retention, and training of the firm's people.
Firms would be required to document those risks and monitor for changes that have the potential to affect quality. The proposal is designed to move firms away from a one-size-fits-all, checklist-oriented quality control approach to an approach that will focus on firm-specific risks to quality.
This new, tailored risk assessment and process documentation will require resources and take time. But in many cases, it might also eliminate unnecessary quality control tasks that firms are required to perform under current standards, even though the applicability to their individual circumstances is limited. Jon Heath, CPA, who chairs one of two joint task forces that are working to develop the quality management standards, said costs and benefits are being taken into account.
"[It's important] that we reach the objective, which is higher quality, but we do it in a way that is not so taxing on the firm that they can't really operate inside the environment as things are changing," Heath said.
The ASB proposal would:
- Require an annual evaluation of the quality management system and inspection of completed engagements on a cyclical basis.
- Require that the engagement partner wait two years after leaving an audit team before serving as an engagement quality reviewer on that audit.
- Prohibit an individual from performing inspections of engagements on which he or she served as an engagement team member or an engagement quality reviewer.
Some of these requirements may be reconsidered by the ASB based on feedback received during the public comment process. In addition, the ASB is developing implementation guidance that's designed to be helpful to practitioners once the standard is issued. Resources related to the quality management project are available at www.aicpa.org.
"A focus of the proposed standards is for firms to consider how their system of quality management both supports and oversees the work being performed by the engagement teams," said Sara Lord, CPA, who chairs the other ASB task force that is developing the standards. "It is intended to bring an individualized approach to enhancing quality."
5 key issues for finance departments
Nineteen months after pandemic-related shutdowns began in the United States, finance departments have many issues to consider. Here are some things that are at the top of many agendas:
Standards implementation resumes
It may be difficult to believe, but it's time to get to work on implementing various accounting standards whose effective dates were delayed by FASB or GASB near the start of the pandemic. Lease accounting is one of the most prominent standards affected. Private companies and private not-for-profits face a lease accounting effective date of fiscal years beginning after Dec. 15, 2021, and interim periods within fiscal years beginning after Dec. 15, 2022. GASB's new effective date for lease accounting is fiscal years beginning after June 15, 2021, and all reporting periods thereafter.
Going concern remains at the forefront
A lack of customers and cash flow amid shutdowns made going concern a critical issue in financial reporting at the beginning of the pandemic. The challenges have shifted somewhat, as many companies now are dealing with worker shortages, supply challenges, and inflation. Going concern remains an important consideration, even if the reasons for business difficulties have changed.
Accounting estimates still are challenging
It remains difficult to develop reasonable and supportable forecasts because customer behavior and other market-based factors still are difficult to predict amid the shifting environment of the pandemic. Detailed disclosures remain important at this time.
Asset impairments may still be necessary
In some cases, assets that were impaired in the early stages of the pandemic may still be impaired. The value of property, plant, and equipment might still be diminished as remote working continues for some companies at least on a part-time basis. And in many cases, financing receivables, inventory, and contract assets may be much different from what they were before the pandemic. Finance teams should be familiar with the impairment guidance required for long-lived assets as well as financial assets.
Even amid many challenges, opportunities for improvement with artificial intelligence and other mechanized tools exist in accounts receivable, travel and entertainment, and other accounting processes as well as operations activities. Taking advantage of this technology can help companies improve efficiency and save costs at an important time.
About the author
Ken Tysiac is the JofA's editorial director. To comment on this article or to suggest an idea for another article, contact him at Kenneth.Tysiac@aicpa-cima.com.
"Pandemic Still Complicates Going Concern Disclosures," JofA, June 14, 2021
"Tips for Lease Accounting Amid Financial Uncertainty," JofA, May 13, 2021
"Single Audits: Using Compliance Supplements for Success," JofA, Aug. 12, 2021
"Why Single-Audit Demand Is Rising; an Update on Tax Preparer Legislation," JofA, July 8, 2021
Risk Assessment During the Recovery
CPE SELF-STUDY: This course will review the risk assessment standard requirements and discuss the importance of risk assessment during the pandemic recovery period. It will help you to improve audit quality by avoiding common challenges.
Experienced In-Charge/Senior - Risk Assessment and Advanced Internal Control
CPE SELF-STUDY: Covering key considerations regarding risk assessment, including with respect to internal control, this CPE course will analyze information regarding deficiencies and common peer review and inspection findings to avoid them from recurring.
Conducting a Remote Audit
WEBCAST:Remote auditing has become part of the “new normal". Review key techniques to overcome the distance from your client and new best practices in remote audits so you will be prepared for anything the future holds.
Single Audit Fundamentals + Single Audit Guide
PUBLICATION & WEBCAST: Gain foundational knowledge of performing single audits while keeping up to date with authoritative guidance found in the AICPA's Government Auditing Standards and Single Audit Guide.
For more information or to make a purchase, go to future.aicpa.org/cpe-learning or call the Institute at 888-777-7077.