In looking forward to your 2021 audit planning, the peer review process is often met with many fears or uncertainties. Peer reviews have become increasingly challenging as the years progress. How can your firm stay ahead of the challenges to ensure a successful year?
In this November 2020 webcast, “Peer Review Insights: How to be Better Prepared and Spot Common Audit Deficiencies”, Shawn O’Brien, Principal Consultant at Thomson Reuters, leads the discussion on peer review planning along with Alison Parker, Executive Editor at Thomson Reuters, and Bryna Campbell, CPA, CGMA, Principal at Gross Mendelsohn & Associates. Together, they provide some tips and examples on how to proactively avoid those audit challenges and combat the biggest fears that develop alongside peer reviews.
2021 audit planning: spotting common deficiencies.
In a 2018 survey of peer reviewers, results found that more than 50% of audits failed to comply. This may not come as a shock to some, as there are many trials among practitioners in this area.
“The biggest deficiency that I see are teams that do not identify specific risks,” Shawn points out. “The team goes in, understands the entity, but does not identify those risk. They may know about them, but they do not get them documented in the files. They do not get them documented in the engagement tools.”
A 2019 study from Assurance Research Advisory Group backed these claims, showing many teams are not identifying new risks throughout the audit or changing their responses to audit risks year to year. The standards are clear that we want to assess the risks at the relevant assertion level, which helps us to then link those risks to the nature and timing extent of our audit procedures.
“Teams are also not identifying or documenting inherent risk rationale or telling the story,” adds Shawn. “I’ve run into some teams that default to high risk. If you put some thought into it, ultimately we want to make a good risk assessment and then trust it.”
Furthermore, not understanding or documenting controls responsive to significant risk adds to these deficiencies. For example, in Checkpoint Engage, when marking something as a significant risk, there should be a cross-reference to some of the controls they have in place in order to mitigate those risks.
“More often than not people know what they’re doing,” says Bryna. “The teams have the knowledge, but the documentation and the linkage to your procedures in the risk assessment is the challenge. That’s one of the biggest concerns and biggest areas we see that we must spend more time on, in addition to helping people use the tools that are available to them.”
Have more inherent risk and procedure discussions.
Not providing enough information or documentation is the main struggle in reviews, and often these tasks rely on the lesser experienced team members within the firm. How do you guide these individuals to utilize the proper technology and find risks when they do not have 30 years of experience under their belt?
“Where we find it very impactful is to have robust planning meetings,” notes Bryna. “We have really good discussions within our team and talk about what those risks are, keeping sheets that are lists of inherent risk discussions.
“I think inherent risk is a challenging discussion for people unless you keep some of those reminders in front of you. Then, once you have the discussion after you identify the risk, you can talk specifically in planning of what procedures you’re going to implement. You can also look back and challenge those procedures you’ve done in the past. Are they meeting what you’re trying to accomplish?”
Preparation is everything. Having these robust discussions, and particularly having them early, aides the team to know what they should be doing once they hit the ground running. You should not only be looking at risks, but your procedures. This will bring more efficiency to your audits and minimizes the depth of supervision needed.
Fears as peer review season approaches.
For many auditors, the biggest concern is where the peer review process is heading and what is happening now. The peer review process is getting much more challenging, not only for the firms going through the review, but for the peer reviewers because their files are then sent out for review. You hope your firm continues to receive great feedback from the peer review process and internal inspection, but there is a concern as to whether this becomes punitive– —whether you’re getting a clean opinion or at risk when people inquire into your peer review.
“I think it’s fair to say throughout my entire career it has always been about documentation, making sure that we’re allowing the work papers to stand alone so the reviewer will understand the basis for how you made your risk assessments and how you’ve selected your audit procedures to address the risk,” notes Bryna. “So, the biggest concern I have is often the lack of linkage between risk assessments and audit procedures performed.”
“It’s difficult enough because the peer review process is a reactive process already,” says Shawn. “We’re looking at files that were completed six months to a year ago in some cases, and hopefully through attending this webcast, we can help you get ahead of some of these fears for a successful season.”