True and Fair's policy enhancement in audit performance and auditor's reporting
Founder and Managing Partner
True and Fair Professionals Network
I am deeply passionate about audits and the quality of audits therein. As outlined earlier True and Fair has developed two sets of policies - a basic and enhanced version. The latter are for firms looking to fundamentally change the way audits are performed and reported. Here is a detailed explanation of the enhancements that will be included in the quality policies of True and Fair.
1. (Re)Defining Audit:
The word ‘audit’ is derived from the Latin word audire which means ‘to hear’. Wikipedia says “During medieval times, when manual bookkeeping was prevalent, auditors in Britain used to hear the accounts read out for them and checked that the organisation's personnel were not negligent or fraudulent.”
Whilst I don’t know when the objectives of audits were first instituted, I do believe that providing reasonable assurance as a primary goal is clearly outdated.
Stakeholders these days expect significantly more than reasonable assurance. While I do agree that no auditor can give absolute assurance due to the inherent limitations, continuing to call it reasonable assurance is not aligned to needs of the hour.
Today’s auditor does more work, has a more meticulous process to perform audits, and spends a fair amount of time evaluating evidence. Auditors today also rely heavily on tools and technology to analyse data and in effect tests 100% of the population susceptible to risk.
Now considering all the various tasks performed by auditors it is only fair to say they should be able to confidently state in their report that the audit “provides an assurance, subject to the inherent limitation in an audit due to management override of control and the inherent concept of materiality underlying an audit, that the financial statements present a true and fair view.”
2. Division of Responsibility:
When a company appoints an auditor to audit their financial statements shareholders expect them to take full responsibility including that of the consolidated financial statements.
Section 143 (1) of the Companies Act, 2013 states that ‘the auditor of a company which is a holding company shall also have the right of access to the records of all its subsidiaries so far as it relates to the consolidation of its financial statements with that of its subsidiaries.’
In my reading, the right of access has been provided only to enable the auditor to perform his duty since section 143 talks of both right and duty of the auditor.
SA 600 - “Using the Work of Another Auditor” permits the division of responsibility in an audit and allows the principal auditor to rely on the work of another auditor subject to performing certain procedures. ICAI states that it has not adopted ISA 600 which does not permit division of responsibility by the principal auditor.
Joint audits: SA 299 “Joint Audit of Financial Statements” a unique policy in the SAs in India (as there is no corresponding standard under ISA) also permits division of responsibility, with each auditor taking responsibility only for the areas audited by him. Such a division or responsibility, in my view, is against the spirit and objective of joint audit which by virtue of the term must have the perspective of two auditors.
Permitting a division of responsibility defeats the primary objective of joint audits.
True and Fair’s audit practice policies do not support division of responsibility. Though the audit report may state division of responsibility in form, in substance the audit report will indicate that the principal auditor and / or joint auditors is taking the responsibility for full financial statements subject to any basic negligence by the other auditor.
The auditor will prepare a detailed description in his report that will list out all the steps taken before placing reliance on the work of the other / joint auditor.
3. Focus on fraud:
“An auditor is not a blood hound but a watchdog.” This is a common statement made to describe the role of an auditor. While it is true that the scope of an auditor is not to perform an investigation to detect fraud, it is equally true that the audit should consider, plan and perform adequate steps to detect fraud during the performance of his audit.
True and Fair will enable audit firms to get audit support from forensic auditors. We will also mandate chartered accountant firms to identify certain employees of the firm as fraud specialists and provide them with necessary training to perform their role objectively.
It is ironic to note that fraud has not been considered as a key audit matter in any audit reports even though auditors are expected to spend significant time to mitigate such risk. True and Fair’s audit practice policies will place adequate emphasis on consideration of frauds in audits. We will list out exhaustive procedures to detect and mitigate such risks apart from detailed guidelines on reporting in audits. As a first step True and Fair’s audit practice policies will consider related party transactions, management estimates and going concern as presumed fraud risk with a rebuttable presumption.
True and Fair’s policy on audit practice permits audit sampling only in the area of controls and in substantive testing of account balances with low risk. For all other areas, True and Fair’s policies require performance of data analytics and 100% testing of the interested population impacted by the risk.
5. Need for other professionals in an audit:
The engagement team comprises of the engagement partner, manager, other staff, IT audit, forensic and valuation specialists along with engagement quality control reviewer, True and Fair’s policy on audit practice encourages engagement teams to be guided by an independant industry specialist and a specialist to review the quality of audit. It is preferred that this exercise of the specialist performing a review is carried out before the report is issued in order to improve the quality of the audit.
6. Auditor’s reporting:
Present day, audit reports are templatised and are used commonly by all audit firms. These reports are similar in their look and feel to the extent that if you hide the name of the company in an audit report you will not be able to identify the company it belongs to. These report templates do not provide meaningful information to its users. I believe that the reporting obligations for auditors as prescribed under the laws and regulations are only the minimum requirements and the auditor should enhance the information contained in the report to make it meaningful..
In light of this, True and Fair will encourage audit firms to issue a ‘talking’ audit report to the Board of the company it is auditing. Such a ‘talking’ audit report may be included in the annual report of the entity and disseminated at large.
The ‘talking’ audit report shall describe in brief the entire audit life cycle for the company right from appointment, to planning, audit performance and reporting. It will also include significant matters of discussion with management, details of fees proposed, negotiated and finalised by the management, auditor’s overall conclusion on the fees and the like.
We will provide an exhaustive library of technical guidance, practice aids, standard formats relating to audit which will be hosted on the cloud.
True and Fair plans to launch the service offerings for Phase 1 by March 2023 so that audit firms have adequate time to use it before any requirements for joint audits kick in. We are confident that our services will enable audit firms to make a compelling and competitive pitch for themselves in the audit universe.