Risk and Scepticism ‒ What the standards don’t tell you

The audit profession has evolved in a one-size-fits-all checklist-driven exercise, where the auditing standards are seen as the only procedures necessary for performing an audit. The areas where most audit failures are experienced are those where the audit procedures can’t be regulated for each situation. These are the areas where judgment, scepticism and intimate knowledge of the entity’s business are crucial.

The latest revision of ISA 315 aim to expand and explain the necessary concepts and, alarmingly, the profession views these amendments as “new or additional audit procedures”. In reality, these concepts have been applied by reputable audit firms for decades when implementing risk-based audit procedures.

What is needed is auditing common sense. Get to know your client, source as much information as you can, including copies of agreements, business recipes and models, and industry information; and legal, safety and customer requirements. Build up a permanent file, including system information, as the historical paper trail is important to keep track of key players. Auditors have become so averse to system information and doing anything on systems because they are just too afraid of appearing overly reliant on systems. That is where the most value can be provided to the client, and nearly all fraud risks can be identified.

Our independence regulations have discouraged us from forging closer relationships with our clients. However, auditors should strive to become as familiar as possible with the client’s business. If Steinhoff’s auditors had cultivated a more intimate relationship with management, they might have understood their motivations and scrutinised related party transactions more closely.

Related party standards are so confusing that few auditors understand that the main purpose of the standard is to understand related party relationships and the nature of transactions, and to detect potential fraud, tax fraud and group manipulations.

To fully grasp our mandate as auditors, we need to be angels in our ethics, but street-wise in knowing what can go wrong, and how management, personnel, and related parties can manipulate figures and misappropriate assets. This cannot be achieved by merely filling in templates.

In conclusion, auditors need to go beyond the prescribed standards and apply critical thinking, scepticism and a deep understanding of their clients’ businesses. It is through this approach that auditors can truly fulfil their mandate and provide valuable insights to protect stakeholders’ interests

Upcoming Events