New FRC guidance deals with the challenges that auditors will face
The Financial Reporting Council (FRC) bulletin issued in March 2020 provides guidance to auditors on matters to consider, disclosure of risks and other reporting consequences arising from the emergence and spread of Covid-19. The guidance is driven by two factors:
- In order to be able to give an audit opinion that is not subject to a disclaimer or qualification due to a scope limitation, the auditor must always obtain sufficient, appropriate audit evidence.
- Even in challenging times, the flow of high-quality, independently assured information to support the functioning of capital markets is of fundamental importance. Reporting on audit engagements should be driven by the information needs of users of audited financial statements.
Auditors are always required to carry out their work exercising appropriate professional scepticism. In the current circumstances, auditors will need to consider how they demonstrate and record an appropriate level of scepticism to reflect that engagements may be delivered in a different way. Auditors need to ensure that they appropriately challenge judgements and assumptions made by management.
The guidance addresses many factors that auditors should be considering when carrying out audit engagements in the current circumstances, along with advice on how these might be addressed in reports. The FRC may issue further guidance if it is required as the situation develops.
The guidance provides a practical approach to dealing with audit problems and encourages auditors to use professional scepticism when applying the audit standards and this guidance. The addressed key factors are detailed below.
Planned audit approach
For audits that are under way relating to periods that end after 31 December 2019, the impact of Covid-19 is likely to require the auditor to revisit their risk assessment and the proposed response to identified risks.
Additionally, the planned audit approach may anticipate obtaining audit evidence about internal controls operating around the year end, which the auditor may not be able to obtain due to a lack of audit staff or a lack of access to information or personnel at the audited entity. In such circumstances, the auditor will need to consider whether alternative work is necessary and what alternative procedures they can carry out to obtain sufficient, appropriate evidence in support of their audit opinion.
At a time when entities are under increased pressure, and internal controls may be not be operating as planned, the auditor should also consider whether their assessment of risks of material misstatement due to fraud or irregularity needs to be heightened as a result, and additional audit procedures need to be carried out.
The impact of Covid-19 on an audited entity may result in non-standard amounts or disclosures being recorded in the financial statements. The auditor may want to consider how to take account of this when setting materiality.
The auditor may also need to consider whether a separate materiality level or levels should be determined and applied to the particular related classes of transactions, account balances or disclosures in accordance with paragraph 10 of ISA (UK) 320.
Communication with those charged with governance (TCWG)
Physical meetings of audit committees may now be impossible. Auditors will need to agree with audit committees how to communicate with them through other means, and how to ensure that sufficient time is set aside for comprehensive, complete and informed communication with the auditor. This will need to take account of the potential for extended communication to explain any modified audit reports, or to report any higher than expected deficiencies or misstatements, that may result from the current circumstances.
Where the auditor intends to modify their opinion, they should engage with TCWG, to explain whether the nature of the modification may be ameliorated by allowing the auditor additional time to undertake their work and obtain the evidence required. TCWG will need to consider the balance between the timing of reporting and the assurance the auditor is able to provide.
Audit evidence, including audit confirmations
The auditor must obtain sufficient appropriate audit evidence to support their auditor’s report, be it in support of substantive testing or controls testing. However, restrictions on travel, movement and visiting client sites may mean this cannot be carried out as planned.
Auditors will need to think about whether there are other ways for them to obtain sufficient appropriate audit evidence, and this may well require the use of procedures that are currently not typically used under the methodology of a firm, including through the greater use of technology.
Auditors will also need to understand, in modifying their audit approach, how audited entities are changing their operations and the control environment they operate as, for example, business continuity plans are invoked, and what this does to available evidence.
Where audit evidence would normally be gathered through physical means (observation or inspection), the current restrictions mean that these approaches are no longer feasible. However, the auditor can instead consider additional audit procedures that could be performed to enable the auditor to obtain sufficient and appropriate evidence.
Determining whether additional or alternative procedures are necessary, and, if so, which procedures are to be performed, needs to be carefully considered by the auditor on a case-by-case basis and will be dependent on the applicable facts and circumstances. It is a judgment call the auditor needs to make, considering explicitly whether evidence obtained electronically is reliable in the circumstances, and is not subject to manipulation.
If auditors are seeking to gather evidence through greater use of technology, including through the use of secure third-party systems to provide confirmations, or by the provision of evidence to the auditor through secure live streaming or screen sharing, then the auditor considers what factors will allow them to evaluate the appropriateness of that evidence. This assessment includes the risk that evidence might be manipulated, and how this risk can be mitigated.
For example, an auditor may gain sufficient appropriate evidence for a stocktake, by attending it remotely, engaging with staff at the audited entity to challenge those carrying out the work, and requesting items to be counted. This may need to be recorded on the audit file in a different way but allows the auditor to confirm that they have gathered the necessary evidence. Rather than being physically present to observe and inspect processes and control activities to determine whether controls have worked effectively, the auditor might gain sufficient appropriate evidence by carrying out this work through sharing screens, live streaming through secure means, or obtaining screen shots of the different stages of the process that verify the effective operation of controls.
Technology is widely used in business, and by auditors. It is not possible, and would not be desirable, to compile an exhaustive list of procedures, and any procedure is not guaranteed to provide sufficient, appropriate evidence. However, innovation, a careful assessment of each source of evidence, and clearly recording the judgments taken and the rationale for them will enable auditors to find new ways of delivering their work.
As in these situations the control environment may be operating differently to expectations – for instance, impacting on segregation of duties – the auditor considers the need for additional procedures to address the risk.
The basis for this assessment should be clearly documented on the file.
Where physical or technological verification procedures cannot be performed, the auditor will need to consider the implications for their opinion.
The auditor may also need to consider whether additional time is needed to perform identified procedures to seek to obtain sufficient appropriate audit evidence and, if so, whether such time will be available to the auditor. Management may be able to extend their planned timetable – for example, when the planned issuance date is sooner than that required by law or regulation or the rules of a market on which the entity’s securities are listed. Where this is the case, the auditor will need to request management to do so. If management refuses, the auditor will need to consider whether this constitutes a limitation on the scope of the audit imposed by management. If so, the auditor will need to communicate with the audit committee and take other appropriate actions to comply with the requirements of paragraphs 11 to 14 of ISA (UK) 705 (Revised June 2016).
Further guidance has also been issued by the Committee of European Auditing Oversight Bodies in this respect.
Compliance with laws and regulations
Auditors are reminded in the current circumstances that when auditing a public interest entity (PIE), they are required to report promptly to the regulator any information concerning that PIE of which the auditor has become aware while carrying out the audit and which may bring about any of the following:
- a material breach of the laws, regulations or administrative provisions which lay down, where appropriate, the conditions governing authorisation or which specifically govern pursuit of the activities of such PIE or
- a material threat or doubt concerning the continuous functioning of the PIE or
- a refusal to issue an audit opinion on the financial statements or the issuing of an adverse or qualified opinion.
Additionally, auditors of PIEs should notify the FRC of situations where they expect to report on material uncertainties in the same way. Reports can be made to AAT@frc.org.uk.
The going concern assessment made by management is a fundamental part of the audit that may be significantly affected by the current circumstances. The FRC issued a revised ISA (UK) 570 in September 2019, which is effective for periods commencing on or after 15 December 2019. It requires a more structured and rigorous auditor risk assessment, greater work effort and expanded reporting. When performing an audit for which the revised standard is not yet effective, auditors may consider using some or all of the requirements in the revised standard to help them to carry out their risk assessment and to undertake their work in this area to the necessary high standard. The requirements over going concern reporting in paragraphs 19-22 of the standard may be particularly helpful:
We expect, given the current uncertainty and volatility, that more companies and auditors may need to consider reporting on material uncertainties. Where they do so, this should draw on the available facts and circumstances. Auditors should not generically report on material uncertainties.
Governments globally have announced the availability of business support packages for affected entities, which to date have focused on providing liquidity to affected entities, with some measures to also cover business costs (eg salary costs for furloughed staff) in certain circumstances. Many entities have also imposed measures to control costs and conserve available cash.
We face an unprecedented level of uncertainty about the economy and consequent future earnings of companies over the next 12 months. It is difficult to make a meaningful base case economic forecast, let alone a plausible downside economic scenario. In this highly uncertain environment, going concern assessments will be more difficult for entities to make, and more companies will need to report a material uncertainty related to going concern. Companies and auditors should explain to investors the effect on their business of the current public health restrictions in different countries, sensitivities in different short-term scenarios, for example the length and nature of public health restrictions that are in place or may evolve during the period of assessment.
It will be important in making any assessment of going concern to ensure that companies and their auditors evaluate whether the entity both has access to sufficient liquidity and can remain solvent through the period of public health restrictions and beyond. Companies and their auditors will need to take into account the terms of their financing facilities, the terms of any liquidity or other support accessed and whether any such support taken on gives rise to future obligations. Deferral of payments now, or the receipt of grants to offset costs may alleviate liquidity challenges but may affect the entity’s solvency if the liquidity support does not continue long enough for the entity to recoup those losses from future profits.
Liquidity and solvency risks faced by the entity may be inter-related and either or both may affect its going concern status and whether it faces material uncertainties related to going concern. Auditors will need to ensure that their assessment of going concern and the evidence that they need to gather in support of that explicitly considers both liquidity and solvency factors which may affect the ability of the directors to assert that the entity is a going concern and to identify related material uncertainties.
We anticipate in the current circumstances that the auditor’s going concern work will be more extensive, require more evidence, and will continue to be performed through to the point of signing the auditor’s report. In view of this, more evidence may be required from the entity, and the auditor should set a clear expectation with the audited entity of the additional time that will be needed to complete the audit in this area to the high standard that users of the financial statements will expect.
The joint statement by the Financial Reporting Council, Prudential Regulation Authority and the Financial Conduct Authority on 26 March alerted investors that more material uncertainties on going concern were likely, given the uncertain outlook for many companies.
The joint statement strongly encouraged lenders and other parties to take into account current circumstances in responding to breaches of covenants arising from Covid-19 and its consequences.
In addition, auditors should exercise professional scepticism where management and TCWG have determined that the current circumstances are not reasonably expected to have any material financial impact on the audited entity and that no material uncertainties related to going concern exist for the entity.
In a group audit engagement, the potential impact of Covid-19 may affect the audit in two main areas.
The first is that the auditor may be unable to obtain sufficient, appropriate audit evidence to support their opinion. This may be because components operate in areas where restrictions apply – for instance, over travel or over access to information. Where this is the case, the group auditor considers what alternative procedures they can carry out to obtain the necessary evidence. This may be by carrying out additional procedures at the group level to gain assurance, including through greater use of remote working where this is possible, or through deploying staff who are able to operate in affected jurisdictions to provide the group auditor with the necessary evidence.
A further challenge may arise where the group auditor is unable to carry out their review of component auditor working papers as planned, as required by paragraph 42D-1(a) of ISA (UK) 600. We are aware that many firms believe the most effective review is one that they can carry out in person. However, with current travel restrictions in many jurisdictions, and restrictions over accessing information remotely in others, firms will have to determine whether they can find other ways to review component work, including through remote access, in a manner that is effective. There is no reason why a thoroughly executed and clearly documented electronic and video review of component auditors’ work cannot satisfy the requirement in the standard.
If the work cannot be reviewed, then it cannot provide sufficient appropriate audit evidence, and the group auditor will have to determine whether they can obtain the necessary evidence by carrying out additional procedures at the group level. Where this is not possible, the auditor will need to consider the impact on their report. As noted above, the auditor may also need to consider whether the performance of procedures they consider necessary to seek to obtain sufficient appropriate audit evidence would require deferral of the planned issuance date of the audited financial statements and, if so, the implications for the audit.
Auditors will need to comply with all the requirements in respect of quality control in ISQC (UK) 1 and ISA (UK) 220. However, in the current circumstances, some meetings, discussions and access to files will be virtual and facilitated through technology. Given this, the auditor will need to document clearly on the file how the direction, supervision and review process was structured and operated to overcome obstacles, and how communication with team members – in particular, key audit partners, engagement quality control reviewers and any firm technical reviewers – was maintained.
Reporting – key audit matters (when ISA (UK) 701 applies)
Where the impact of Covid-19 is, in the auditor’s professional judgment, one of the most significant matters to impact on the audit of the financial statements – including those that had the greatest effect on the overall audit strategy, the allocation of resources in the audit and directing the efforts of the engagement team – then the auditor considers reporting this as a key audit matter.
In reporting a key audit matter, the auditor does not use boilerplate language but reports in a way that informs users of the auditor’s report and the financial statements to support effective decision-making by those users. That will require careful case-by-case consideration of the applicable facts and circumstances. Reporting might also provide context for users about the circumstances in which the audit has been carried out, and the impact of those circumstances on the way the auditor has concluded on significant judgments.
A key audit matter paragraph can also be used to satisfy the requirements in ISA (UK) 706, where the auditor might consider an emphasis of matter paragraph.
Reporting – modified opinions
It may be likely that the current circumstances lead to more modified opinions in auditor’s reports, than would typically be the case.
Where an auditor cannot obtain sufficient appropriate audit evidence, they are required to modify their opinion in that respect. Where the possible impact on the financial statements could be both material and pervasive, the auditor is required to disclaim their opinion or, if it is material but not pervasive, to express a qualified opinion.
When an auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements are material, they are also required to modify their opinion in that respect. When the effect of such misstatements is both material and pervasive, the auditor is required to express an adverse opinion.
Auditors should remain alert to the possibility that, in the current circumstances, misstatements may occur. Such misstatements may arise, for example, due to: the application of the going concern basis of accounting when it is not appropriate; the omission of disclosures about a material uncertainty relating to going concern; or a failure to recognise adequate impairment of assets or adequate provisions for obligations or to provide related disclosures.
Communication with TCWG
The auditor engages with TCWG to explain the implications of their proposed report and consider whether there are other procedures that could be undertaken, at a future point yet to be determined that could mitigate any modification either fully or in part. This guidance recognises that auditors may be innovative in determining how they plan and perform their audit, and how they ensure that they have sufficient, appropriate audit evidence. However, equally we recognise that there may be occasions where the auditor cannot overcome the limitations in the evidence available and recognises that further delay would not change this.
Restrictions over travel and office-based working may make it impossible for an incoming auditor to carry out their review of the previous auditors working papers. Incoming auditors should consider and seek to agree what work can be undertaken remotely, supported by technology, to make an assessment. This might include access to the audit file remotely, subject to appropriate confidentiality considerations. This assessment should flag areas where confirmation of certain matters is contingent on being physically present at a later stage and ensure that these outstanding matters are completed before the conclusion of the audit.
Auditors must carefully consider all subsequent events and determine what evidence they will require in support of the disclosure of such events and any required adjustments.
Written representations will be obtained by auditors to help confirm positions reported by management. While this is a helpful supplement to the available information, written representations will never on their own constitute sufficient appropriate audit evidence.
Auditors are reminded that the Ethical Standard permits the provision of a non-audit service to support a public interest entity in addressing a time-critical and price-sensitive issue, where that service would not undermine the auditor’s independence from the perspective of an objective, reasonable and informed third party. This should be taken to include supporting companies in making applications to any of the business support schemes announced by government in response to Covid-19.
This guidance will be withdrawn once the circumstances return to normal.
If you would like to discuss any of the practical issues, please email the advisory team.