IFAC Public Discussion

IFAC's Small and Medium Practices (SMP) Committee has released a free implementation guide to assist SMPs and other practitioners in applying International Standards on Auditing (ISAs) to the audits of small and medium entities (SMEs). The Guide provides a detailed analysis of all ISAs issued as of December 31, 2006 and their requirements in the context of an SME audit. This is the first version of the Guide. While we consider this Guide to be of high quality and useful in its present form, like any first edition it can be improved. Hence, we are committed to updating this Guide on a regular basis so as to ensure that it reflects current standards and is as useful as possible.

The next update is scheduled for late-2009 and will be based on the newly clarified ISAs that take effect for audits of periods beginning on or after December 15, 2009. In order to ensure the second version is even more useful than this one, we welcome comments from IFAC member bodies, national standard setters, practitioners, and others over the coming 18 months. These comments will be used to assess the Guide's usefulness and to improve it prior to publishing the second edition.

Hence, the SMP Committee is seeking your views, in particular, on the following:

1. How do you use the Guide? For example, do you use it as a basis for training and/or a practical reference guide, or in some other way?
2. Is the cross-referencing to the ISAs sufficient for you to easily refer to the ISAs while reading the Guide?
3. Do you believe that the Guide has appropriately integrated all of the relevant ISAs into the audit process?
4. Do you consider the guidance to be conducive to the performance of an efficient, effective and economic ISA-compliant audit of smaller entities?
5. Do you find the illustrative case study helpful? In particular, do you consider the case study example documentation to be comprehensive and of practical assistance, particularly in connection with the audit of smaller owner-managed businesses?
6. Do you find the Guide easy to navigate? If not, do you have suggestions for how navigation can be improved?
7. In what other ways do you think the Guide can be made more useful?
8. Are you aware of any derivative products - such as training materials, audit software, forms, checklists, and programs - that have been developed based on the Guide? If so, can you please provide details.

The Auditing Practices Board's SME audit sub-committee is pleased to provide its comments on the Guide to Using International Standards on Auditing in the Audits of Small- and Medium-sized Entities (the Guide). 

Conceptual material explaining the ISAs 
The sub-committee takes the view that while the Guide may be of assistance to some groups (for example students and training providers) in understanding auditing, it will not be used by auditors of small and medium sized entities in the UK and Ireland to understand the application of the ISA as:

• The conceptual material is written from a ‘zero base' of knowledge about auditing; as a result it is much too long. Experienced practitioners need more emphasis to be placed on those areas which are new in the ISAs and where auditors of smaller entities are likely to experience implementation difficulties.
• The conceptual material is generic to all audits and does not focus sufficiently on particular issues relating to SME audits (except in the case of some of the ‘Consider' points, which are generally helpful).
• It promotes a ‘controls intensive' audit approach which is unlikely to be effective on smaller audits.  While ISA 315 requires a certain understanding of internal controls the sub-committee believes that the emphasis on controls promoted by the guide is excessive and will not be cost effective.

Detailed comments on the technical content of the Guide are given in a letter submitted to IFAC.  The main themes of this are: 

• The way that the Guide is structured may make sense as a teaching aid but is unlikely to reflect the way an audit is actually performed - when several activities will be performed at the same time. The ISAs do not mandate, or even suggest, that such a disaggregated process should be applied. The danger of promulgating a disaggregated approach (e.g. separating risk identification from risk evaluation and having separate consideration of internal controls) is that it will add to planning time and documentation requirements.
• There are some areas where the guidance is inconsistent with the current ISAs (e.g. the list of specific substantive procedures on page 225 is inaccurate) in other areas because the reference to ISA is incomplete, important nuances have been missed (e.g. the reference on page 114 to "As the audit progresses, materiality "should" be updated for "any" new information gained during the audit."). A thorough review against the ISAs needs to be performed before the next edition is issued.
• The Guide, at every stage, emphasises the need for documentation; if followed by practitioners this is likely to result in an extremely costly audit. As described below our experience in the UK is that auditors need assistance with what need not be documented.
• The Guide often uses terminology that is not in the ISAs. There is a danger that terms such as ‘entity level controls' ,'business process controls' and ' business risks'  will confuse auditors. Wherever possible terms used in the ISAs should be used.
• A number of the audit techniques illustrated in the Guide [such as the risk register (page 140) and the control design matrix (page 175)], while interesting ideas are likely to be extremely time consuming to prepare and maintain especially on a small audit. These techniques add to the overall perception that the Guide results in an over-engineered audit of a small entity that is unlikely to be cost effective.
• The Guide does not give sufficient importance to ISA 220 and explaining how quality control is achieved in a smaller audit.
• The terms "should," "would," and "will" are used extensively throughout the Guide in relation to actions to be taken by the auditor.  These terms need to be avoided unless they clearly relate to a requirement in the ISAs, otherwise there is a significant risk that the auditors will see them as de facto requirements.

The challenge of updating the Guide for the Clarity ISAs
The Guide is based on the extant ISAs. As part of the Clarity Project a number of the ISAs have been revised. The sub-committee has reviewed the Clarity ISAs and believes that several of these will provide challenges for auditors of small and medium sized entities to apply, particularly:

200 - Objective and General Principles Governing an Audit of Financial Statements
260 - Communication of Audit Matters With Those Charged With Governance
320 - Materiality in Planning and Performing an Audit
402 - Audit Considerations Relating to Entities Using Service Organizations
450 - Evaluation of Misstatements Identified During the Audit
505 - External Confirmations
540 - Auditing Accounting Estimates, Including Fair Value Accounting Estimates, And Related Disclosures
550 - Related Parties
580 - Management Representations
600 - The Audit of Group Financial Statements
620 - Using the Work of an Expert

The sub-committee hopes that the IFAC SMP Committee will not underestimate the magnitude of the task of extending the conceptual material to explain the Clarity ISAs and the technical difficulty involved. The sub-committee also hopes that there will be extensive dialogue between the authors of the Guide and the authors of the ISAs to ensure that these matters are properly addressed. A strong emphasis on quality control within IFAC will be essential to ensure that the Guide is a proper reflection of the Clarity ISAs; without this there is a significant risk that an inappropriate understanding of the new requirements will be promulgated internationally and the objectives of the IAASB undermined.

Case study material
In the UK and Ireland most small firms use proprietary audit systems and consequently, the case material is more likely to be used by the suppliers of these systems than directly by smaller audit firms. That said, case study material can be a useful mechanism to both help with understanding the ISAs and achieve a consistent application of them in practice. While supportive of the idea of having a case study the sub-committee thought that the particular Dephta Furniture case study failed in a number of important regards. In particular:

• Some aspects of Dephta Furniture are not characteristic of an SME (eg having a dedicated IT manager is unlikely in a company employing just 19 people). The audit approach also lacked credibility.
• The case study did not help to explain, or apply, the important features of the risk ISAs (ISA 315 and 330) in particular it did not:
    o Demonstrate what risk assessment procedures are and how they can be used to contribute to the risk assessment,
    o Demonstrate how the understanding of internal controls affects risk assessment, or
    o Show how auditors should respond to significant risks.
• Given the commercial environment in which many smaller audit firms work the primary need is to illustrate how the ISAs can be implemented cost effectively. The sub-committee did not think that the case study material was helpful in this regard, in particular:
    o It seemed to emphasise testing of internal controls  - it seems rather unlikely that testing of controls would generate reliable audit evidence in this sort of entity with very little segregation of duties,
    o There is extensive documentation regarding internal control design and implementation on revenues and receivables. This will be costly to prepare yet the case study does not demonstrate how this understanding is used.
    o The link between the assessed level of risks and the work done is very tentative.
    o There is a suggestion that the inventory count would be attended both at the year end and at an interim date - surely not!
• Concerns exist that some of the techniques illustrated in the Guide may be perceived as the only approach to implementing the ISAs. 

Documentation
ISAs 315 and 330 were introduced in the UK and Ireland in 2004.  Small practitioners found them difficult to implement in a cost effective manner, a particular concern related to the extent of audit documentation required.

In response the APB issued, in 2007, Practice Note 26: Guidance on Smaller Entity Audit Documentation.  In developing the APB guidance, it became clear that it would be difficult to provide practical guidance to explain audit documentation in any way other than through examples.  We are therefore supportive of the approach of including case study material within the Guide.  However, there are a number of aspects of the APB illustrative examples which make them different from the Dephta Furniture material including:

• The working party drew substantially on practical experience in order that the illustrative examples that were included were as realistic as possible.  From discussion with practitioners, there is little recognition that the case study material might be found on smaller entity audit files.
• We recognised that the illustrative examples in our guidance are in effect training material and so, to address concerns as to the status of the example audit documentation, headings on all the pages where such material is presented make it clear that the examples are presented for illustrative purposes only.
• The illustrative examples in the APB material illustrate a variety of possible approaches to audit documentation.  This emphasises that there is not only one way to carry out an audit under the ISAs and it encourages auditors to think about the underlying approach and audit according to what is necessary in the circumstances.  Illustrating just one particular approach without any indication that another may be used is not helpful.

Practice Note 26 has been supported by both audit practitioners and training providers in the UK. It has also been discussed and supported at meetings of National Audit Standard Setters. We have made it available to the IFAC SMP committee but note that it does not seem to have been used in the development of the Guide.

Summary
1. The sub-committee supports the SMP Committee's goal of developing guidance to assist auditors of auditors of small and medium sized entities implement the ISAs and believes that this can be of significant benefit to the implementation of the Clarity ISAs provided that it is available for use soon after these new standards become effective (ie early in 2010).
2. The conceptual material in the Guide may be of assistance to some groups (for example students and training providers) in understanding auditing but it is unlikely to be used by auditors of small and medium sized entities in the UK and Ireland. Accordingly, the title of the Guide is likely to lead to misunderstandings and disappointment.
3. IFAC SMP Committee should not underestimate the magnitude of the task of extending the conceptual material to cover the new Clarity ISAs and the technical difficulty involved. We hope that there will be extensive dialogue between the authors of the Guide and the authors of the ISAs to ensure that these matters are properly addressed. From a quality control standpoint it is vital that IAASB (formally or informally) has direct input to this project.
4. While supportive of the idea of having a case study the sub-committee thought that the particular Dephta Furniture case study failed in a number of important regards.
5. Developing a comprehensive case study that covers all aspects of an audit in a way that is credible and helpful is an ambitious project.  A modular approach may be more practical.
6. Based on our experience, a high priority should be around the documentation requirements relating to ISAs 315 and 330.  The APB will be happy to make available its Practice Note 26 for use internationally if that was considered to be of assistance.

I have used IFAC SMP implementation guide as a  study tool in preparation for the final exam in auditing for my masters degree in accounting and auditing from the norwegian business school in Bergen, Norway.

Section 1.3.3, page 57-58, sets up four combined assertations, completeness, existence, accuracy and valuation (C/E/A/V). These combined assertations could be even more simplified.
 
For the two last assertations, the difference is not significant: Accuracy can also contain valuation (accurate valuation). This can be exemplified by the fact that one for the balance sheet, normally would use C/E/V assertations, where as for the income statement, one would normally use C/E/A, indicating that Accuracy and Valuation adresses a similar sort of assertations. 
 
For the combined assertations, Existence also include Occurance. An alternative approach is classify both existence and occence as a matter of validity; neither a non-occurring transaction nor a non-existent asset is valid. Thus Validity could be a better assertation than Existence.
 
IFAC is not the only organization to make combined assertations. Also ABREMA has made such combinations used for teaching purposes on the subject of auditing, se http://www.abrema.net/index.html. ABREMA uses the above mentioned combination of Completeness, Validity and Accuracy as basic assertations. The ABREMA model and IFAC SMP implementation guide are to excellent study tools with different strengths, and are more or less consistent with one another. Therefore, same basic assertations for the two tools would be a good inprovement.