The FRC’s Audit Quality Review team visited the six largest audit firms to review their audit methodology, guidance and training in respect of fraud risks and consideration of laws and regulations. They also reviewed relevant aspects of the audit procedures performed on 26 audits during those visits. 

The review follows the first thematic review on auditors’ materiality judgments published by the FRC in December 2013.  Thematic reviews analyse further aspects of auditing which are not considered in detail during the FRC’s routine audit inspections of individual firms.  Thematic reviews seek to “identify both good practice and areas of common weakness” among audit firms. 

During their review, the FRC identified a number of “good practice observations” which audit firms should continue: 

Good practice observations in respect of fraud: 

Requiring specific audit procedures to be performed for listed entities, including reviewing analysts’ reports, to identify fraud risk factors.

Using forensic specialists in fraud risk discussions and in running computer assisted audit techniques (CAATs) for journal testing.

Using CAATs on all audits to test journal entries, with exceptions expected to be rare.

In relation to the risk of management override of controls, requiring completion of a final conclusions document summarising the results of all audit procedures performed and reaching an overall conclusion.

Requiring audit teams to review the results of audit work performed for all accounting estimates in one place to assess whether there are any indications of management bias. 

Good practice observations in respect of laws and regulations: 

Using a proforma document identifying the applicable laws and regulations; how they might affect the financial statements; and assessing the design and implementation of relevant controls.

Providing appropriate training and guidance to audit teams on how they should respond to the UK Bribery Act in conducting audits. 

However, alongside these good practices there were also “a number of areas where auditors should improve the quality and effectiveness of the audit procedures”.  The report identifies areas where improvement is required and provides a number of key messages for auditors to address these:  

Key messages in relation to fraud: 

• Auditors should increase their focus on identifying fraud risk factors in both planning and conducting the audit.  This would include ensuring that fraud risk discussions during planning are partner led and focus on identifying fraud risk factors as well as those risks of misstatement in the financial statements due to fraud.
• Auditors should reassess fraud risk factors that arise during the course of the audit at the end of the audit and form a conclusion as to whether fraud risks have been reduced to an acceptable level.
• Auditors should ensure that their approach is tailored to the entity they are auditing.
• Auditors should always evaluate the design and implementation of the entity’s internal controls to detect and prevent fraud risks.
• Once auditors have considered all relevant audit evidence obtained during the audit they should form an overall conclusion relating to the risks of material misstatement due to fraud.
• Audit quality in this area will be increased with more frequent and up to date training. 

Key messages in relation to laws and regulations: 

• Auditors should have a greater understanding of the laws and regulations that affect the entity they are auditing including those that have a direct or indirect impact on the financial statements.
• Discussions with management should include management responsible for compliance matters and should concentrate on identifying laws and regulations that have a direct impact on the financial statements and whether the company is in compliance.
• Auditors should perform design and implementation testing to evaluate compliance with laws and regulations and should exercise greater professional skepticism in relation to possible breaches.
• Audit quality in this area will be increased with more frequent and up to date training. 

The report recognises that Audit Committees “play an essential role in ensuring the quality of financial reporting”.  To assist them, the report summarises a number of areas to enhance Audit Committees’ oversight of the audit process in relation to fraud risks and laws and regulations: 

Key messages in relation to fraud: 

Audit Committees should expect to discuss fraud risk factors with their auditors.

Audit Committees should ensure they have reviewed the key controls in place to mitigate the risk of material misstatement in the financial statements due to fraud and discuss these with their auditors.

Audit Committees should discuss with their auditors how they have concluded on their audit procedures to respond to the risks of material misstatement due to fraud. 

Key messages in relation to laws and regulations: 

Audit Committees should discuss with their auditors the relevant laws and regulations affecting the business that have, or may have, a material impact on the financial statements.

Audit Committees should ensure they have reviewed the key controls in place to mitigate the risk of material misstatement due to non-compliance with laws and regulations and discuss these with their auditors.

Audit Committees should ensure that the entity has appropriate processes and controls in place in response to the UK Bribery Act 2010 and enquire as to the steps that their auditors are taking to address this risk.

Audit Committees should seek to understand how compliance with relevant laws and regulations has been addressed by their auditors during the audit. 

The FRC “will expect to see improvements in the areas identified” in future inspections of individual firms. 

The press release and full report can be obtained from the FRC website.