How the new audit evidence standard can improve audit quality

The new principles-based standard on audit evidence, issued last week by the AICPA Auditing Standards Board, addresses issues such as emerging technology, professional skepticism, and expanding sources of information. Jay Brodish, CPA, a partner at PwC, and Bob Dohrer, CPA, CGMA, the chief auditor of the AICPA, discuss the standard in detail, explaining how it can be applied to today’s evolving business climate.

What you’ll learn from this episode:

• A breakdown of the standard’s effective dates.
• Examples of how the standard will help modernize auditing.
• Why Dohrer says there’s a tendency “to focus on fundamental concepts” any time a new standard is issued.
• Examples and guidance that practitioners can apply to auditing amid the coronavirus pandemic.

Play the episode below or read the edited transcript:

To comment on this podcast or to suggest an idea for another podcast, contact Neil Amato, a JofA senior editor, at Neil.Amato@aicpa-cima.com.

Transcript:

Neil Amato: The proposal for a new audit evidence standard was published about a year ago. I guess for Jay to lead off, can you provide an overview of the standard and where things stand with its finalization and implementation?

Jay Brodish: Sure, Neil. Thanks. The standard itself will be effective for calendar year 2022 audits, and I think it’s a culmination of a multiyear effort to modernize the evidence standard. When you think about it, the standard itself only has 10 paragraphs of requirements, but it’s really around the application materials, the guidance, and the examples that are provided around audit evidence and kind of bringing audit evidence more current, modernizing the examples that are in the standard.

That’s where it is. Bob, do you want to add anything?

Bob Dohrer: No. I think that’s right, Jay. Certainly it’s been an interesting journey I think for the

Auditing Standards Board going through this process. Very happy that the exposure period is done and finalization has taken place. Looking forward to implementation.

Brodish: I was just going to say one other thing, Neil, just on the standard itself. I think practitioners will find it helpful. There’s a lot of examples and guidance that were provided that I think, particularly given some of the challenges we’re encountering right now from a COVID perspective, working remote, alternative forms of evidence, things of that nature that I think are particularly helpful that I think practitioners will find as they look into standards.

Amato: So why is now the time to have a new standard on audit evidence? I guess, Bob, do you want to start on that one?

Dohrer: Sure, Neil. I’d be happy to. As I referenced earlier, it’s been an interesting journey. If we look back in history a little bit, one would realize that the last or most recent prior to this new standard, the most recent changes we had to our audit evidence standard occurred over a decade ago. Certainly that standard was developed in a time where principally audit evidence was obtained from internal sources to the entity. It consisted primarily almost entirely of paper, hard-copy documents. And if you think back not only the last 10 years but think about even the last year or two, as a matter of fact, how rapidly and significantly business has evolved, the way business is conducted, transactions are undertaken. One simply has to think about the onslaught of social media, the internet, big data, all of those things.

So we really believe that it was time that in order to bring audit quality forward, it was important that we modernized our audit evidence standard to recognize those facets. I think it’s interesting Jay picked up on initially during this process, of course, kind of at the last part of the finalization process, the pandemic broke loose. And I know Jay and his task force spend significant time looking at the finished document, kind of stress-testing it against the environment that we found ourselves in, the electronic information, the remote audit procedures, things like that.

So what started out originally as a modernization effort in general actually culminated in reaffirmation that where we were at today was a good place for the standard to be at also. So it’s been an interesting process, and I think the time is absolutely now to have this standard coming into effect, as Jay mentioned, in 2022.

Brodish: And I think to Bob’s point, it was interesting when we stepped back because we were close to finalizing the standard when the pandemic struck. We really took a holistic look at the standard to say, “Do we need to modify anything? Do we need to provide any additional examples or things of that nature to address what was going on?” Interestingly, I think we found that for the most part the proposed standard at that point was fit for purpose. We made a few clarifying examples and things of that nature but found that a lot of the examples we had provided in things of that nature were structured in a way that could be utilized for purposes of auditors thinking about from a working remote situation.

Amato: So specifically, how would the standard effect audit practices?

Brodish: Neil, I’ll take a crack at that. I think with any new standard, auditors need to step back and look at the requirements, how they impact their methodology, how they impact the guidance they provide, those within their firm as an example. I do think one of the interesting aspects of this that I talked about earlier was the requirements section of the standard is a couple pages long. So thinking about it from a methodology perspective, probably firms are going to need to take a look at how it might impact their existing guidance.

But I think where the changes will be with respect to the standard is the examples and guidance in how practitioners may think about applying that. So when I think about some aspects of the standard, it updates the types of evidence. It modernizes the types of things we would expect going from — I’d say the previous standard was very focused on paper documents and evidence that you would obtain directly from your clients, whereas now we’ve sort of looked at different forms of evidence that you might receive and also evaluating different third-party evidence, external information sources, things of that nature. So sort of expanding beyond those to think about and provide guidance on when you might need to be comfortable with completeness and accuracy of data or whether you may need to assess reliability of external information.

So I think the impact will be kind of helping auditors think through different types of evidence and whether, as they start planning their audits going forward, whether different types of evidence may be appropriate or sufficiently persuasive for the purpose with which you need.

Amato: Jay mentions some ways that could it probably improve audit quality. Bob, would you like to expand on that, on how you see the standard improving audit quality?

Dohrer: Yeah. Well, thank you, Neil. And I think Jay covered many aspects. I think more generally just stepping back, any time there’s a new standard it causes people to refocus or to focus on fundamental concepts underlying our standards that have been in existence and served us so well for decades.

When you think about basic things like the relevance and reliability of audit evidence, I think what we’ve been able to do with this standard is to modernize a framework or a set of considerations. And although those will certainly be helpful years down the road, I think the biggest benefit to audit quality in the near term will simply be getting auditors to focus on some of those fundamental things – the accuracy, the completeness as Jay mentioned, susceptibility to bias, authenticity, all those types of things. So I see that as being very important.

I think the other piece that we’re focused clearly today on our new audit evidence standard but also to understand the other efforts underway with the AICPA on a broader base as well as the Auditing Standards Board itself, the agenda. There is no doubt that in today’s world, financial reporting, accounting standards, so on and so forth, is becoming more and more complex. The onslaught of nonfinancial information and even some of the highly uncertain economic times that we find ourselves in really have put an onus on the auditor to think beyond what we traditionally have as being a numbers type, kind of a right-brain thinking concept.

So to think about things like bias and authenticity and whether the information corroborates or contradicts other information is really critical at this point in time. I think you take all of that together and it certainly serves to enhance audit quality now and into the future.

Brodish: I think as Bob said, one of the opportunities here for auditors is to really think about what is the evidence they need. And I think it challenges auditors a bit to think there may be different forms of evidence that may serve the purpose for what you need, but you may need to think about it differently. Whether, as Bob said, whether you think about bias or whether you think about alternative forms of evidence. They really may be appropriate but you may need to do some completeness and accuracy procedures or make sure you understand the client roles over data, as an example.

So I do think it gives an opportunity to think a little bit differently about the evidence we’re receiving, and then also to make sure that those judgments are documented appropriately.

Amato: With any new standard, there are going to be questions and obstacles as it’s starting to be applied. What would you say are the potential implementation challenges?

Brodish: Neil, I think the challenges here are — it’s interesting. This is a documentation standard versus a performance standard. So the standard itself is not necessarily going to tell you what to do. But I think it’s going to challenge auditors to, again, think a little holistically about the types of evidence you’re obtaining and then in instances where maybe you’re not going the status quo or you’re going to try doing things a little differently, documenting those judgments from that perspective.

I could also see — and this may be more of an AICPA question around just when you think about the standard itself, there’s a lot of examples and guidance. There’s an exhibit that was provided, nonauthoritative exhibit. But there may be some requests from maybe some more implementation guidance, maybe a couple of examples try not to be overly prescriptive in the standard. But I think there’s always opportunities to provide — here’s an example where we might provide how the standard could be applied. I think that was one of our thought processes of adding and exhibit that demonstrated a particular procedure around revenue where a procedure could be structured to perform both risk assessment and substantive evidence.

Again, it was a thought process. We thought it was particularly well vetted that helps to demonstrate some of the thinking in the standard.

Dohrer: Jay, I think you hit on some important points there. This standard is probably about as principles-based a type of standard that we’ve issued in quite some time. And I think in that regard, auditors may feel a little bit uneasy or uncertain when implementing the standard because there is certainly not a step-by-step procedure manual or a formula to implement these concepts. It really is a holistic thinking exercise that needs to go on.

It’s interesting that one of the things that we hear at the AICPA quite commonly is that people want principles-based standards. They want to be able to use professional judgment while applying good, healthy professional skepticism. And this standard gives them that opportunity.

It will be interesting to see the reaction when auditors start implementing the standard because, as I said, it’s one that it’s not connect the dots, it’s not item 1A, item 1B. It is thinking about different facets or aspects of audit evidence and what makes that evidence or information reliable and taking that into account all at the same time, and not discounting information simply because one facet isn’t quite as important in that context as another.

So it will be very interesting. Jay mentioned the AICPA with implementation material. I think you hit it on the head, Jay. I’m glad you mentioned the nonauthoritative exhibit that’s included in the standard. I think the question about whether an audit procedure can serve to provide both risk assessment evidence as well as substantive audit evidence concurrently is one that we have been asked many, many times in the last couple of years. And I’m really excited and very happy that the Auditing Standards Board has answered that question. And not only answered the question but provided an example or an illustration of how it might be done. So I think that’s great.

But it’s only, I think, the first step in a broader implementation plan because I think because of the principles involved in the use of judgment, I think it will be helpful for the AICPA to develop some other scenarios and case studies where a thought process can kind of be explained of where we get to when applying the standard because it may not be self-evident on its face.

Brodish: To Bob’s point, I think the nonauthoritative guidance is important right now. It is an area that is being looked at. The AICPA is not alone at looking at modernization or updating the evidence standard. Other standard setters are also looking at that so I think it’s important as the profession thinks about that, that it’s both a function of laying out our views but also making sure there’s consistency collaboration with the other standard setters.

Dohrer: Neil, I think maybe to illustrate the principles-based nature of the standard that requires judgment to use, the current standard that we have as I mentioned developed 10 years or more ago contained many — Jay, we called them truisms, I think, in the early days of the task force — where general statements that were made such as information or audit evidence obtained from a source external to the entity was higher quality than information obtained internally from the entity or more reliable, for example, and things like that.

So there were these general rules of thumb that you could use. And I think one thing we’ve done with this standard is, while still recognizing the concepts of reliability is important and certainly the credibility of the source especially from what you obtain information is important, it’s not necessarily so that information you get from one source is of a better or worse quality simply because the source is different. There are all the other aspects that go into it: how precise it is, how complete it is, how accurate it is, and those sorts of things.

So I think that’s going to be something that will take some time, and we do have a couple years now to work with our members in trying to explain that some of those broad generalizations just are different in today’s context and we provided something that will help them to think through how they will arrive at the same decisions about sufficiency and appropriateness of audit evidence.

Amato: That leads in pretty well to the next question. You mentioned time; you mentioned a few years. Tell us again timeline for next steps on the standard.

Dohrer: Thanks, Neil. I have to say this is one of the areas, it’s both exciting of course and at the same time there’s a little bit of kind of mandatory standard-setting protocol that needs to go into place with this. We know when the auditing standards board issues a new standard, there are some things that need to occur in practice, not the least of which — first of all, it takes us some time to get it through editorial and make sure it’s exactly the way we need to be. We expect that standard to be published shortly in mid-July or so at the latest.

But more importantly, the third-party methodology providers as well as the larger firms that maintain their own audit methodologies and tools and guidance need to obtain the standard, understand the standard. They need to go through a development process to incorporate the new standard into their methodologies and tools. There needs to be training of all the firm personnel. Certainly, for example, we’ve got a session at ENGAGE this year where we’ll start training on this.

Then the actual engagements upon which a new standard is implemented need to be out on the horizon a little bit to prepare everybody to be ready.

So usually when we issue a new standard it’s generally, roughly speaking, about 18 months to 24 months before we actually make it effective and, as Jay referred to, that’s for calendar year end audits of 2022 financial statements.

However, it’s always interesting. We issue these standards because we do believe they will improve audit quality and they’re in the public interest. So as is the case with all of our standards except those where we specifically prohibit it, the standard can be implemented early if a firm, auditor or CPA is ready to do so. And so that’s a possibility.

Which just means that the AICPA, immediately after the standard is published, begins a process of implementing and providing the training, developing materials. We mentioned some of the nonauthoritative perhaps illustrations and examples that we’ll do. All of that will occur over the next 12 months or so and ultimately lead to, in about a year, having all of that material in place so that it can be then implemented in 2022.

Jay, do you want to maybe expand a little bit on what your firm or a firm in general goes through with a new standard?

Brodish: Sure. I mean, all the firms would go through a process. This is not the only standard being updated, so you go through a process of evaluating the standard, comparing the standard to your existing guidance and methodology, sometimes updating words and updating policies and things of that nature. That process takes a period of time to do, as Bob said.

My thought would be that over calendar 2020 and some into 2021, firms are going to be working on this policy so that they’re updated, training has been put in place and the thought would be, given it’s a calendar 2022 implementation or effective date, you’d want to be in a position so you had all of that ready to go at the beginning of calendar 2022 because it is applicable. Again, you gather evidence sometimes throughout the whole year. You may start interim testing earlier in the year, so I think that’s another reason we wanted sufficient time to make sure auditors and their firms were prepared.

Amato: Well, this has been great. Anything to say in closing, any summation thoughts?

Brodish: I think with respect to evidence, it really gives the profession an opportunity to step back and acknowledge sort of where we are from a technological perspective, what’s going on currently with respect to working remote practices. But I think from a standard perspective it really is structured in a way to look at how business is being conducted, the type of evidence we’re obtaining in today’s business environment, and then really having auditors think about what really makes sense, what they really need to obtain. But then also making sure that those judgments, especially if you’re changing how you’ve done it historically, but making sure they’re documented appropriately.

Dohrer: Well, Neil, just a couple maybe not even directly related to audit evidence but just more broadly related to our AICPA strategy, work plan, and as it relates to the auditing standards board. This is certainly one of the more significant standards that we’ve issued in the recent past. But it’s not the only standard that’s kind of moving in lockstep with our overall effort, with our strategy of the audit of the future and modernizing our audit standard.

So while this is a key linchpin that we felt had to be in place for us to move forward, we currently have projects involving risk assessment, which is so fundamental to audit, that will enhance the auditors in risk assessment process and do so in a more principles-based way.

We’re looking at our attestation standards to make those more flexible and deal with evolving subject matters going forward and doing some fundamental work also with quality control structures within firms, especially as those will also address the firm’s use of technology, resources, automation, things of that nature.

So Jay has been absolutely a leader with this task force and getting this new standard across the finish line, and it’s kind of the leader of the pack as we unfold more of our strategy for modernizing the audit of the future going forward.

Amato: Jay, Bob, thank you very much.

Brodish: Thanks, Neil.

Dohrer: Thank you, Neil. And thanks, Jay, for all your work. It’s a pleasure.

Brodish: Thank you.