Are International Auditing Standards suitable for small audits?
Craig Fisher (pictured left) from the NZAuASB and Justin Reid (right) from the AUASB recently attended an IAASB Conference in Paris.
Also at question was what other alternative services are being provided around the world, as well as gaining a better understanding the specific challenges facing Small to Medium Practices (SMPs) in the audits of Small to Medium Entities (SMEs)
International Standards on Auditing (ISAs) are the gold standard when it comes to audit standards. They are set by a truly international body with a sound governance and due process framework which seeks input from as broad a range of stakeholders as possible. As such, they have been adopted by a large proportion of countries as their official audit standards. In addition, many countries that have yet to adopt them use the ISAs as the base for their own domestic standards.
However due to a range of reasons ISAs have increasingly been perceived as possibly inappropriate for small audits by some parties.
This article highlights some of the issues that led to the IAASB forum, key features of the forum, and some possible ways forward.
Representing ‘down under’ at the Paris conference
Held over two days (26-27 January), the Paris forum saw close to 100 delegates from all over the world meet to exclusively discuss the issues facing the auditing of SMEs by SMPs.
On the agenda were two key issues:
- What non-audit services were SMPs providing their SME clients, and
- Were the ISAs in their current form scalable for the use on SMEs?
Both New Zealand and Australia have adopted ISAs as part of our respective countries’ commitment to global standards and best practice and on a world stage, we are essentially countries dominated by SMPs who are auditing SMEs.
It was therefore important that the authors as respective members of the New Zealand and Australian auditing and assurance standards boards attended this inaugural and vitally important international forum.
It was a pleasure to represent our countries because from an international perspective we are generally seen as proactive first world economies, responsible international citizens, albeit very small countries in population terms, that are somewhat geographically isolated, but also have a habit of getting on with the job and with practical solutions. Hence, we are often a lovely test case for other larger counterparts to observe and learn from.
New Zealand and Australia also have a very strong and active involvement and positive reputation in standard setting circles.
While it may be seen as a cliché by some: we do punch well above our weight. As a New Zealander for example one only needs to look around the room at such an international standard forum to observe that most other attendees come from cities with larger populations than our entire country! Yet our views are sought after and listened to.
It is also very pleasing from a trans-Tasman harmonisation perspective that we also usually speak with a common viewpoint.
Is there a problem?
Anyone involved in auditing over the past 20 years will attest to a continued growth in the number, specificity, and volume of audit standards that an auditor of historical financial statements is required to comply with.
While many will argue that the fundamentals of a good independent audit remain largely the same, there is no denying we have now ended up with much more detailed and explicit standards.
Contributing factors for this over time have been:
- A move to creating a single globally applicable standard set that can apply to any audit
- Increasing complexity of business
- Increasing concern over quality of auditing as a safeguard
- Increased regulatory input and influence, and
- An ongoing desire to reduce the ever-present audit ‘expectation gap’.
Several of the above factors are also quite multi-layered. For example, creating a globally applicable standard set involves the challenge of accommodating varied legal and business practices in different countries.
There is also the fundamental challenge of language translation to achieve a common understanding. A complexity not to be underestimated when some terms simply do not exist in some languages!
With regard to the increased regulatory input, this has been a key and growing feature in recent years.
Following Enron and the more recent GFC, the number of, and the sphere of influence by financial regulators has continued to grow and the audit profession has not been immune to their growing influence. In fact, some would assert that auditors have been disproportionally impacted by increased regulation.
This is because they are a profession that operates under strong ethical guidelines and standards. As a result, they can be regulated, perhaps more easily than some other participants, in the financial information supply chain.
The result has been significantly increased compliance obligations and increasing tensions in many jurisdictions.
While the logic of requiring regulation is undoubtedly sound for the protection of capital markets, there are views that regulatory impact, especially in terms of compliance cost, may be becoming disproportionate.
Has the pendulum swung too far and are the gains from the increased regulation outweighing the compliance costs?
Another key feature of regulator input on audit and assurance standards has been moving these from a principle-based approach to what some would say is a muddled combination of both rules and principles.
This has further served to lengthen the ISAs.
Ironically, the attempts to better explain audit requirements within standards by providing greater application material has served to not only lengthen them, but some have argued widened, the gap between auditors and the expectations of regulators.
This is perceived to be due to many regulators having interpreted application material within the ISAs as minimum requirements.
The adoption of the ISAs with the concept of “mandatory” requirements has resulted in many regulators constantly challenging auditors over the application of professional judgement and scepticism when choosing not to apply “mandatory” elements to an SME audit.
There is also the conundrum in auditing that generally the smaller the entity, the more disproportionate the cost of audit compliance.
Hence the combination of increasingly poor economics of providing audit to SMEs, combined with the increasing regulatory pressure and risk, is having the impact of driving some auditors out of the profession.
Calls for change
With all the above impacting the “single set of audit standards to be applied to all audits”, there have been increasing calls for change in the ISAs to better accommodate for the audit of SMEs. Hence it was very pleasing to see the IAASB acknowledging this increasing issue and along with the kind hosting of French professional bodies hosting this forum.
With over 100 attendees from international standard setters, professional accounting bodies, audit firms, and even some regulators, interest was high.
The Nordic Federation have even gone as far as to try and develop a draft simple standard for the audits of small entities. This Nordic Standard for Audit of Small Entities (SASE) was discussed, with concerns raised over the unintended consequences of a differential audit standard.
- two-tiered audit providers;
- a perception that an SME audit would be considered an inferior product; and
- worldwide consensus would be impossible to achieve on what an SME audit standard should or should not contain. When exploring this topic even trying to reach a sensible consensus on what is the definition of a SME proved challenging!
Australasia had similar loud calls a few years ago, for “differential auditing standards”. However, while initially attractive as a concept, once you investigate this concept in practical detail it quickly proves problematic. There already exists quite an audit “expectation” gap, and the danger of adding a different level of audit would serve to add further confusion.
Hence, despite some mixed views, the conference was not supportive of the development of new standards directed towards the audit of SMEs. There was consensus that ISAs are portable and scalable for any sized (or risk) audit.
However, there was also consensus that there needs to be better understanding of the concepts of scalability (which is a synonym for flexibility), and proportionality (risk) which are fundamental to the concept of applying professional judgement.
Are the ISAs scalable for the audit of SMEs?
Brendan Murtagh, IAASB Member (Ireland) spoke at the Paris forum specifically on the issue of the scalability and proportionality of the ISAs.
Brendan reminded the forum that the ISAs are principles-based (scalable) standards built on the foundation of professional judgement of the auditor applying a risk-based (proportional) approach.
Attendees, were reminded that auditors in applying the ISAs to any sized audit engagement are expected to apply their professional judgement in several circumstances that are particularly relevant for SMEs.
- Many of the ISAs are clearly not relevant when auditing an SME, such as ISA 610 Using the Work of Internal Auditors
- Many conditions do not exist in the audit of your average SME, thus allowing the auditor to scale down the ISAs application in those circumstances. An example might be the absence of any need for an auditor’s expert as the SME does not have specialist assets requiring complex or subjective valuations, and
- Often transactions and balances are not complex or less likely to be subject to fair value judgements than large listed audit clients, therefore the SME audit can often be considered lower risk. A lower risk of material misstatement again provides the auditor considerable ability to apply their own professional judgement with respect to the nature, timing and extent of the audit procedures conducted.
Going forward the IAASB has on its work plan a focus on the audits of SMEs. Also, at present the revision of two key ISAs (ISA 315 Identifying and Assessing the Risk of Material Misstatement and ISA 540 Auditing Accounting Estimates) are addressing the need to build proportionality into the revisions as well as the ability for auditors to perform risk assessment procedures commensurate with the size and nature of the entity.
These were welcome words to the attendees at the forum and demonstrate the commitment the IAASB has to ensuring that SMP auditors conducting the audits of SMEs are seen as a vital part of the auditing profession going forward.
While many possibilities were thoroughly discussed and debated at the conference, the following were some of the key practical solutions put forward:
- Improved communication and education – of auditors, of users of audits, and of regulators. While the IAASB is trying to do this, success will only be achieved if all parties who can make a difference are involved, e.g. local standard setters and professional bodies, auditors and regulators.
- A fundamental change in standard setting mind-set and approach. That is, to start drafting standards for the simplest situations, and then providing additional detail for more complex situations when these apply. Currently ISAs are written to apply to all situations and hence tend to mean that an SMP/SME auditor needs to wade through a lot of detail. On top of this there is additional guidance for SMPs in applying to SMEs so ironically the small auditors of a small entity may actually have to read the most of any auditor in performing their audit.
This change in approach sounds logical and simple but will no doubt be much more complex, especially in progressively changing all existing audit standards and the practical implications of the speed with which any change can be effected and become applicable.
Where to from here?
The future development of auditing standards at both an international and national level, must continue to consider the needs of SMPs who require practical yet high quality solutions to the ever-growing complexity of audit standards.
As audit standards are revised to naturally address the larger higher risk audit engagements, the standard setters appear committed to ensuring that the outlook includes the consideration of scalability and proportionality for SMPs conducting the audit of SMEs.
The authors both hope that the wider stakeholders of auditors’ reports, including regulators, are able to also apply the same level of professional judgement when it comes to the interpretation of auditing standards.
About the Authors
Craig Fisher FCA is a member of the NZAuASB and is and Audit Partner and Chairman of RSM in New Zealand.
Justin Reid is a member of the AUASB and is an independent provider of consulting assurance services.