IFAC's Points of View
Achieving High-Quality Audits
High-quality audits of financial statements are essential to strong organizations, financial markets and economies. While audits have historically focused on enhancing the confidence of investors and other providers of capital, other stakeholders also benefit—including directors, management, employees, analysts, regulators, rating agencies, customers, suppliers, and the general public. Acknowledging this context, high-quality audits clearly serve the public interest.
Important conversations are taking place worldwide about corporate reporting, audit quality, stakeholder expectations, and corporate governance.1 It is critical that policy makers adopt a balanced and evidence-based perspective that recognizes the overall, and long-established success of audit, while effectively and proportionately remediating any shortcomings in a spirit of continuous improvement.
Achieving high-quality audits requires a well-functioning ecosystem built upon ethics and independence, preconditions to achieving high-quality audits. This ecosystem involves a number of factors and participants including the right people, the right governance, and the right regulation. These elements must all work together to produce the right audit that meets the expectations of stakeholders. The quality of audit must be assessed by the right measurements. In the absence of any of these components, the audit may not meet the expectations of stakeholders.2
All participants in the audit and assurance ecosystem must act to improve the audit process, the skill-set and mind-set of accounting professionals, the governance activities of companies and firms, the regulations and standards that support entity reporting and auditor behavior, and how audit quality is assessed.
1. The Right Process
The objective of an audit is to provide investors and other stakeholders with reasonable assurance as to whether the financial statements, taken as a whole, are prepared in accordance with the applicable financial reporting framework and are free from material misstatement. Audits help directors and others responsible for oversight of a reporting entity to assess the robustness of the financial information prepared by management and obtain critical insights into an entity’s financial controls and associated risks. Audit and assurance services have evolved—and they must continue to do so—in order to meet the ever-changing needs of stakeholders.
- IFAC believes that audit stakeholders—particularly company boards, governing bodies, and management—should view audit as a value-added process rather than a compliance exercise that simply results in an audit opinion on the financial statements. Through the process of conducting the audit, the work of management in preparing reported information is examined. The process should enhance confidence in the assessment of risks, estimates and valuations, internal controls, data gathering, and how management is held accountable. We support efforts that enable the auditor to deliver greater transparency and value in the audit report—for example, requirements to communicate Key Audit Matters (under ISA 701)3 and Critical Audit Matters (under PCAOB AS 3101)4.
- IFAC believes that the use of technology should enable high-quality audits. Technology-driven tools can facilitate a more comprehensive examination of virtually all transactions and significantly increase the efficiency and effectiveness of audits. Applying technology to audit methodology can enhance the identification and analysis of high-risk matters that require specialized expertise. However, the application of technology to audit is unlikely, on its own, to lead to providing more than “reasonable assurance” nor always lead to the detection of fraud. Standard setters must continue to progress work that addresses advancements in, and the use of technology by audited entities, as well as how automated tools and techniques can be used in audit and assurance engagements5.
- We embrace the evolution of assurance services that better meet the needs of investors and a wider stakeholder group6, —including assurance of internal controls and risk management systems, fraud detection or forensic reviews, forward looking / going concern assessments (including ability to pay dividends), digital reporting, “non-GAAP” metrics, and reports or disclosures that enhance corporate reporting (including information reported under the International Integrated Reporting Framework).7 As the market need for these services evolves, and frameworks for the provision and assurance of such information are developed, organizations should benefit from these assurance engagements and regulators should consider what level of oversight and assurance is appropriate.
1 Several jurisdictions (e.g., Australia, South Africa, Netherlands, United Kingdom) are conducting reviews focused on various aspects of corporate reporting as well as the assurance of reported information.
2 This IFAC Point of View is relevant to achieving high-quality audits for private and public sector organizations—both large and small—but has particular relevance to Public Interest Entities (“PIEs”).
3 ISA 701 Communicating Key Audit Matters is the independent Auditor’s Report is effective for audits of financial statements for periods ending on or after December 15, 2016.
4 Adopted by the PCAOB, June 1, 2017: https://pcaobus.org/Rulemaking/Docket034/2017-001-auditors-report-final-rule.pdf
5 Note: Recently completed and active projects of the IAASB include ISA 315 (Revised 2019), the three Quality Management projects, and proposed ISA 600 (Revised). In addition, the Audit Evidence and Technology workstreams of the IAASB are focusing on audit evidence related issues throughout the ISAs as driven by technology, among other factors, and on developing and issuing non-authoritative guidance material that addresses the effect of technology when applying certain aspects of the ISAs. For Audit Evidence: https://www.iaasb.org/consultations-projects/audit-evidence For Technology: https://www.iaasb.org/consultations-projects/technology
6 For example, ICAEW’s “three pillars” framework contemplates additional, or bespoke, assurance engagements beyond the required statutory audit: https://www.icaew.com/technical/thought-leadership/audit-and-assurance-thought-leadership/user-driven-assurance-fresh-thinking
7 IFAC Point of View: Enhancing Corporate Reporting: https://www.ifac.org/what-we-do/speak-out-global-voice/points-view/enhancing-corporate-reporting