ThinkTWENTY20

By Gundi Jeffrey, Managing Editor

Although Canada’s accounting firms have been focusing on increasing their efforts to deliver quality audits, the Canadian Public Accounting Board (CPAB) still believes there is more work to be done. The recent inspection findings in its 2018 Annual Inspection Results – which more than doubled from the year before – indicate that “sustainable audit quality is still a challenge across the firms. We believe that the strength of a firm’s audit quality management systems will be critical to accelerating improvements in the sustainability of high-quality public company audits.”

CPAB’s CEO Carol Paradine confirms that “although the firms have been steadily improving over the years, the management of audit quality remains a challenge.” But, she adds, the world is changing and they have to cope with all sorts of new audit issues. “The findings show some correlation with increased mergers and acquisition activity, and also some emerging businesses areas, such as the cannabis and crypto assets industries, so they may not yet have been able to develop a consistent way to approach the new challenges these issues present.”

The report adds that “all participating audit firms must enhance their commitment to continuous improvement at every level of their organization and embed a culture of quality to deliver audits that are of consistently high quality.” It points out that 2018 was the first year of CPAB undertaking an enhanced assessment of the quality management systems at the country’s four largest public accounting firms and “we found that all firms require improvement.”

And the firms are working on delivering that commitment. According to a statement EY LLP gave ThinkTWENTY20, “delivering high-quality audits is central to our purpose of building a better working world and is our top priority. Quality audits are, and always will be, our priority to serve the public interest and promote trust and confidence in financial reporting.” 

“Innovation, continuous improvement and consistency of execution are key themes in our Assurance practice,” the statement adds, “with technology being a catalyst to drive continuous improvements in quality. We continue to be fully committed to the important work that CPAB does through this rigorous and vital inspection process.”

Risk Focus

All firms that audit a Canadian public company must register with CPAB and be inspected (273 firms at December 31, 2018). Each year, CPAB inspects all firms that audit 100 or more reporting issuers. There are currently 14 firms in this group, auditing about 7,000 reporting issuers. These firms, and their foreign affiliates, audit approximately 99.5 per cent of all of Canada’s reporting issuers. All other audit firms are typically inspected at least once every three years. During 2018, CPAB inspected 32 firms (2017: 45) and 139 engagement files (2017: 154).

The report points out that CPAB’s risk-based methodology for choosing files for inspection is  biased toward looking at higher-risk audit areas of the more complex public companies or areas where an audit firm may have less expertise, “so there is a greater likelihood of encountering audit quality issues. Our inspections do not look at every aspect of every file and are not designed to identify areas where auditors met or exceeded standards.” Results, says CPAB, “should not be extrapolated across the entire audit population, but instead viewed as an indication of how firms address their most challenging situations.”

According to the report, the 2017 inspections of the annual firms had the lowest findings in years – a banner year for the firms. This changed significantly in the 2018 inspections. One hundred and twenty two audit files were inspected (2017:128) and significant findings were identified in 34 (2017:15), more than double the year before. The breakdown is as follows:

• Big Four firms: 80 engagement files; 16 with significant findings. 
• Four national/network firms: 23 engagement files; 10 with significant findings.
• Six large regional firms: 19 engagement files; 8 with significant findings.

In comparison, for the non-annual firms, CPAB inspected 17 engagement files at 18 firms and came up with eight significant findings.

According to CPAB, most of the significant findings required the firms to carry out additional audit procedures to determine whether the financial statements needed to be restated due to material errors. As for the remaining findings, the firms had to add evidence to the audit files in question to show they had obtained sufficient and appropriate audit evidence for a major balance sheet item or transaction stream. The report adds that, for the 14 firms inspected annually, there have been two restatements to date.

Weaknesses Persist

While most audits inspected comply with the required standards, CPAB found that recurring engagement file inspection themes indicate that weaknesses in quality management systems persist, leading to inconsistent audit execution. “Firm policies and processes − at both the leadership and engagement team levels − that manage risk and get the right people working on the right things at the right time, all the time, are essential to delivering high quality audits, consistently.” 

Adds Paradine, “we ask the firms to undertake a root cause analysis (of our findings) and some of that is under way at the moment. That means looking at things like the culture of the firms, for example, looking at how a firm prioritizes audit quality over other business outcomes of the practice; training – are the auditors receiving the right training at the right time?; supervision – are the partners spending enough time with the less experienced team members?; the timing of the audit work – we have identified that the more work is performed at the last minute, the more the likelihood that the quality of the audit suffers.” 

New Methodology

In response to these issues, in 2018 CPAB began to introduce a new methodology to assess existing quality management systems and to help accelerate improvements at the country’s four largest public accounting firms: Deloitte LLP, Ernst & Young LLP, KPMG LLP and PwC LLP.  The idea, says Paradine, “was to focus on the audit quality management systems, processes and controls that the firms have in place.”

This new assessment approach requires firms to demonstrate the effectiveness of their quality management systems. It emphasizes the need to systemically embed audit quality processes – preventative and detective – into ongoing operations across the entire assurance portfolio so that audit deficiencies are identified and corrected in real time or, at a minimum, before an audit opinion is released. “Monitoring and inspecting audit quality after the fact is not enough.”

“We expect firms to fully document their firm-wide quality management systems and control processes, including the testing of the effectiveness of each control. And, just like the early days of certification, while progress has been made, we found a lack of robust documentation and formalized self-assessment mechanisms across the firms,” the report says.  

“Each firm has made and continues to make a significant effort to improve, better articulate and document its quality management systems and controls, and to link them to CPAB’s five assessment criteria:  accountability for audit quality, risk management, talent management, resource management, and oversight. This foundational work was driven by the global network centre in some firms, and by the Canadian firm’s national office in others.” CPAB acknowledges that the firms are “rethinking how they manage their operations to deliver higher audit quality and more consistent execution across offices and practices.”

Common Findings

Business combinations

Deficiencies in auditing fair values in business combinations, impairment of assets and revenue recognition represented approximately half the significant findings in the 2018 inspections cycle. As in prior years, the other half was related to significant but non-complex account balances and transactions streams where basic audit procedures were either not performed (for example, inventory counts not attended) or not performed appropriately (testing of inventory costing was insufficient).

Acquired assets and liabilities must be recorded at their estimated fair values, stresses the report. In 2017 and 2018 a common inspection finding was insufficient work performed to assess the reasonableness of management’s financial inputs and assumptions incorporated into the fair value estimate of assets acquired or liabilities assumed. Other examples of significant findings included provisional estimates and arrangements outside a business combination. 

Fair value estimates can be provisional at year end if management is still seeking information regarding the business combination. These amounts may be adjusted before the end of the measurement period in the following year if additional information improves the precision of the estimate. Auditors must, however, perform sufficient procedures to assure the provisional estimates are not materially misstated based on information available at year end. CPAB identified instances where minimal or no audit procedures were performed to understand how management made the estimate and what additional information might be required, or to assess the reasonableness of the underlying assumptions.  “As a result, the auditor would not have identified a material misstatement in the assets or liabilities acquired.”       

When negotiating an acquisition, the parties may also agree to settle previously existing arrangements or enter into new but separate arrangements. Careful consideration of the facts and circumstances is necessary to determine what agreements should be considered part of the business combination and what should be treated separately – failing to do so could result in a material misstatement in the assets and liabilities recognized. CPAB identified instances where the auditors did not have a sufficient understanding of the relationships between the parties to the transaction and the nature of the business arrangements to objectively assess whether the accounting was appropriate. 

Impairment of assets 

Assets are frequently tested for impairment to determine if they need to be written down to their recoverable amount. There are various acceptable methods for estimating this amount − the most common incorporates a projected discounted cash flow model. Determining appropriate inputs to this model can be difficult. For example, the conditions that triggered the impairment test are often related to uncertainty about future value and cash flows. 

In a number of cases, engagement teams accepted the inputs to management’s cash flow model without sufficiently testing if those inputs were reasonable and supportable. If inputs are not reasonable and an impairment loss should have been recognized, the financial statements are misstated. Investor confidence could be compromised if the impairment is not recognized in the appropriate period.

Revenue recognition 

A company that earns revenue from the construction of assets in accordance with a contract may recognize that revenue as the work progresses provided key elements can be reliably measured (such as total contract revenue, costs incurred, cost to complete and stage of completion). While understanding management’s process for estimating these amounts is a critical first step, inquiry of management alone is not sufficient without corroborating evidence. Engagement teams are often challenged to obtain sufficient audit evidence to support both the measurement and reliability of the key elements. This challenge increases when there are complicating factors like modifications to the contract without formal approval or outstanding claims against the customer for costs related to delays or specifications changes. Errors result in incorrectly recorded revenue, gross margins and earnings, and can have a significant impact on investors’ evaluation of company performance.

Auditing in a New Frontier

The report notes that new ways of doing business and changing technology also had an impact on the 2018 inspection results.

CPAB knows that there are approximately 50 Canadian reporting issuers that either hold crypto-assets or are engaged in crypto transactions. So far, it has inspected the audits of three reporting issuers that were active crypto-miners and/or holders of crypto-assets and found significant findings in all three files reviewed. The report notes that the audit firms involved are in the process of remediating the deficiencies. In December 2018, CPAB published Auditing in the Crypto-asset Sector, outlining its expectations of auditors across several higher-risk areas. The Board is actively monitoring developments in this emerging industry.

As well, Paradine points out that “we have seen a modest level of activity related to data analytics and other emerging technologies, most of it being in the areas of matching of accounts. We continue to watch the development and implementation of new tools and procedures and provide our perspective on how they can enable enhanced audit quality. For example, we are assessing procedures performed to ensure the completeness and integrity of client data used in data analytics audit routines.”

It advises directors to “consider asking their auditor if changes will be made to the audit approach to incorporate emerging technology tools (data analytics, artificial intelligence, machine learning, etc.) and, if so, what support will be needed, and what are the benefits and challenges. Other points for query could include the purpose of the data analytic, and how company data is stored, secured and validated for accuracy.”

“It certainly is a changing world,” says Paradine, “but the same problems outside of that changing world persist – audit quality remains a challenge.” 

Absolutely, the firms are dedicated to fixing this, she adds. “We have noticed they are spending an increased amount of time and a great deal of work on their quality systems.” The big firms, in particular, have started a process of monitoring and reporting on their quality management systems in anticipation of new standards in this area.  “On a global basis, there are some proposed new standards on quality control systems,” Paradine notes.

Paradine is referring to the fact that, last December, the International Auditing and Assurance Standards Board (IAASB) proposed revisions to three of its quality management standards. The revisions would change how firms manage quality and could, if implemented, affect their organizational structures and operations. As well, the revisions would require greater leadership by engagement partners in managing and achieving quality engagements. The IAASB expects to have comments by July 1, this year.

Specific key changes include:

• A new proactive risk-based approach to firms’ systems of quality management.
• Modernizing the standards for an evolving and increasingly complex environment, including addressing the impact of technology, networks and use of external service providers.
• Increasing firm leadership responsibilities and accountability, and improving firm governance.
• More rigorous monitoring of quality management systems and remediation of deficiencies.
• Enhancing the engagement partner’s responsibility for audit engagement leadership and audit quality.
• Addressing the robustness of engagement quality reviews, including engagement selection, documentation and performance.

Paradine explains that “the firms are anticipating these new standards and getting ahead of their release. They are already working on the implementation of the new standards.” If that is the case, she wonders, “why are we still getting those results?” She believes that, “if you have to deal with unusual transactions, or new industries, you may not have been able to develop a consistent way to approach the new challenges. And, sometimes, the standard setters haven’t yet released standards on how to approach these situations. But they are working on it – and so are the firms.”