The current wave of auditing scandals has opened a debate among academics, regulators, and the auditing profession on how to restore public confidence in corporate financial disclosures and fraud risk assessments. The transparency and reliability of financial data play a key role in assessing the key risks in the securities market, banking industry and the society. The reliability of financial information can be achieved through the performance of high-quality audits. Audit quality is an essential matter for internal and external stakeholders.
The revised ISA 220 Quality Management for an Audit of Financial Statements establishes that the quality management system of an audit firm should consist of the following elements: Management and leadership; The firm's risk assessment processes; Relevant ethical requirements; Acceptance and continuation of client relationships and Specific Resources; Monitoring; Information and Communication.
Due to audit quality importance, the International Auditing and Assurance Standards Board (IAASB) issued quality control standards; the International Standard on Quality Control (ISQC) NO.1 and the International Standard on Auditing (ISA) No.220, Such standards involve a set of quality control elements to be implemented both at the audit firm level (i.e. ISQC1) and at the engagement level (i.e. ISA 220) including for example leadership responsibilities, assignment of the engagement team, engagement performance (i.e. direction, supervision, review) and documentation.
This article interrogates whether auditor performance toward fraud risk assessment can be an indicator for the effectiveness of some of the ISA 220 quality control elements, seeking mainly the elements of management and leadership & acceptance and continuation of client relationships.
The Revised ISA 220 introduces a new paragraph 34, "Differences of opinion", which states that if there are different opinions in the team on certain issues or between them and the provisions for getting out of this situation should be reflected in the quality control procedures of the audit firm. However, the project leader or manager must issue an audit report until all differences of opinion have been resolved.
In order to contribute to this discussion and to extend current literature on audit quality measures the researcher will investigate whether auditor fraud risk assessment can be relied upon as a direct measure or indicator for the effectiveness of some of the quality control elements set by ISA No.220, and also indicate the important elements (e.g. leadership, information and communication and manager/partner attention to the audit team).
Analyzing the draft revised quality standards: ISA 220 (revised) Quality Management for an Audit of Financial Statements, the researcher can emphasize and recommend the following:
1) audit firms need to review and modify their quality management policies and procedures at the firm level,
2) audit firms need to review and modify their quality management policies and procedures on the audit mission,
3) when conducting an audit, it is necessary to consider resources from the point of view not only human, but also technological and intellectual resources,
4) greater attention should be paid to the audit procedures for checking the principle of going concern and subsequent events after the financial statements.
Audit firms should also monitor and manage effectively and efficiently all the factors with high impact on audit reports. Finally, audit firms should apply management by exception principle to save cost, time and enhance profitability even on lower audit charges to clients.
Audit quality is viewed as one of the important factors that affect the credibility of financial statements and risk management processes. Users are more likely to demonstrate a high level of confidence concerning the information presented in financial statements if the audit of the fraud risk management is perceived to be of high quality. In order to remain competitive in today’s environment, audit firms must continue to improve the quality of audit services provided and maximize the client satisfaction. Therefore, an assessment of the audit quality of audit firms must be performed in order to ensure that the audit processes implemented by audit firms are systematic, effective and comply with ISA 220.
Proper training to less experienced auditors should be provided in tasks related to fraud risk assessment. Moreover, more research is needed to study and analyze quantitative measures of audit quality to provide more comprehensive and representative set of measures taking into consideration the other ISA 220 quality control elements. The proposed audit quality indicator, i.e. fraud risk assessment, could be more understandable and useful to auditors, audit committee, and quality inspection units as they are more involved and have access to such matters rather than financial statement users.
In conclusion, there should be more academic efforts that aim at developing direct measures of audit quality on fraud risk assessments. There is a need to develop measures to serve as indicators for the effective application of quality control elements set by ISA 220.
Combined Assurance has become a well-known corporate terminology. Many of our South African organizations rely on robust assurance methodologies to implement this phenomenon, but the coverage of their Combined Assurance models is restricted. It has been reported previously as a significant finding that “there appears to be a dependency on Enterprise Risk Management process as a prerequisite for the execution of a Combined Assurance process” Zhou, S., Simnett, R., & Hoang, H (2019).
Although Enterprise Risk Management is a well-researched field, limited research is available on the introduction and maintenance of Combined Assurance processes. This brings the author to write and research further about Internal Audit’s influence in driving the Combined Assurance model.
This research article explores the status of current Combined Assurance practices as experienced by Internal Audit practitioners of auditing firms in South Africa. The main objective is to create awareness and promote the status of Combined Assurance and also hopefully, engage audit practitioners in the implementation of Combined Assurance.
As more organizations expand and become highly complex, so does the number of functions required to ensure that the board can properly perform their duties for effective control and risk management in that organization. In this case, there is the problem of how to prevent management become overwhelmed by information, thereby creating an “assurance fatigue”. Combined assurance is one such instrument that can solve this problem by integrating alignment processes in the company, controlling effectiveness, and optimizing overall assurance for audit.
Organizations have traditionally used numerous assurance providers to help their boards of directors fulfil their responsibilities for the control and effective methods of senior management, legal departments, quality control, compliance, health and safety, corporate social responsibility and internal and external audits etc. As assurance providers carry out measures to ensure isolation, check, control and cost governing bodies may suffer from fatigue and assurance gaps that lead to their inefficient reporting. After receiving several opinions, the Board might fail to perform its oversight role effectively.
A Combined Assurance report should supply information in such a way that Senior Management, the Audit Committee, and the Supervisory Committee receive a comprehensive and holistic view of the effectiveness of Governance, Risks, and Controls in their organization to enable them to take any necessary actions. By aligning and harmonizing assurance activities and ways of working across different functions, delivering assurance becomes increasingly efficient and effective.
One of the most frequently cited sources of information about Combined Assurance is King III, which is a non-legislative code based on principles and practices. This code adopts an “Apply or Explain” approach. Awareness of Combined Assurance Globally, as surveyed by Raemaekers, K., Maroun, W., & Padia, N. (2016) proves that only 59% of respondents from South African private organizations are aware of Combined Assurance, although there were large differences between regions. Factors Affecting Adoption of Combined Assurance according to the survey results, awareness and implementation of Combined Assurance seem low.
The most important aspect of Combined Assurance, first and foremost, is that the significant financial risks relating to material misstatement of the organization’s financial position are identified. Secondly, the Internal Audit activity performs a formal assessment of the effectiveness of the internal controls relating to the high risks, in the form of a written report. Combined assurance is regarded as an accountability mechanism that helps boards and audit committees in exercising their oversight roles properly. The Internal Audit makes out to be one of the most important role players within an organization’s Combined Assurance processes. The written assessment of the effectiveness of internal controls is seen as the outcome based on Principle 7.3.6 of the King III Report. Forte, J., & Barac, K (2021). have also expressed that Combined Assurance is where the credibility-enhancing processes of the internal auditor, the external auditor, and the effectiveness of risk management and internal controls and processes are publicly reported by the company (audit committee). If all the associated stakeholders and or assurance providers offer valuable and constructive feedback on how to assess, manage, mitigate, and integrate the significant internal control risks facing the organization, it has the potential to result in increased sound corporate governance and Combined Assurance.
Top management should ensure the delivery of monitoring and evaluation of services that enhance their organization's ability to measure and monitor successes or failures of policies, over and above the effectiveness of strategies and interventions adopted.
Combined Assurance implementation is a phenomenon that is still at various low levels of maturity. The organizations that are struggling with full implementation identified some of the following as limiting factors: a lack of buy-in from executive management; the immature second line of defense functions; different regulatory environments, and the lack of Combined Assurance champions. Key foundational areas identified as requisite for successful implementation related to appointing a Combined Assurance champion and an executive sponsor, mature first and second line of defense functions, formal statements of roles and responsibilities of assurance providers, and buy-in and active participation from the Audit Committee Chairperson.
Allowing the Internal Audit function a key role in driving this task, obtaining buy-in support from the top management, and standardizing control assessment and risk ratings are some of the few vital ways to assist in the implementation of Combined Assurance.
Internal Auditors are key role players in the corporate governance structure of an increasing number of organizations and are a fundamental component of the Combined Assurance Taskforce.
As the saying goes, all roads lead to Rome. In-depth interviews with audit practitioners all around the globe show that implementing Combined Assurance should be considered a journey, not something that can be put in place from day one.
Women have been long casted as weaker beings in need of
protection; perceived less important than men, and are denied the
opportunities, choices and pay that are offered to men. These challenges are
much more visible for women in developing countries such as RSA where the
inequalities of income and gender are intertwined in a way that further denies
women the basic right to equality. This bring me to the topic of discrimination
and patriarchy in my line of career, auditing.
Female leaders are still a minority in the auditing profession,
especially at the Director or Partner level. Past research studies have
explored the sources of this gender inequality, amongst them being - pay
disparity, safety and security, lack of investor trust.
It has been previously proven that women who achieve partnership
in large firms (not in some smaller firms) are confronted with a second-level
glass ceiling, as they do not play active leading roles within their firms. That
is one of the reason(s) women leaders continue to lead the audit business in an
independent capacity if not small sized audit firm.
There are a number of workshop trainings and monitoring tools that
have been initiated with the sole objective to create non-discrimination and
environments conducive to women’s career advancement. These initiatives have
been programmed to disguise patriarchal power dynamics, which continue to
impact women’s empowerment for leadership positions. I have observed from my
past work experience that female audit partners, relative to male audit
partners, tend to have smaller clients with smaller audit fees. This hinders
the ability of female partners to exercise their powers and affect their
organisational gender equality.
Some of the recommended actions include the training of women on
advanced technological audit software, creating a culture of respect and
transparency, providing networking and mentoring opportunities to women, having
effective policies such as work from home and flexible hours, especially in
this era.
I do not take away that RSA has improved as a movement encouraging
women’s development in leadership. However, even perfection has room for
improvement.