Auditing accounting estimates has never been easy. Estimates are difficult to measure, often involve management’s judgment and can be based on highly complex models. So, by their very nature, they pose huge challenges for auditors. Not only are they difficult to audit, but their importance to investors and other stakeholders has increased in recent years, as changes to financial reporting standards have resulted in the inclusion of more accounting estimates in the financial statements.
Published in 2018 and applicable for accounting periods beginning on or after 15 December 2019, ISA 540 (Revised), Auditing Accounting Estimates and Related Disclosures, introduces a number of changes that auditors will need to understand and implement. The significance of the changes shouldn’t be underestimated.
While the standard has been written to be scalable to estimates with low risk, auditors are going to need to understand the requirements properly before they are able to make a judgment about what work they need to do.
There is going to be a fair amount of work to do to tackle the requirements in the revised standard; including appropriately capturing the changes into audit methodologies and guiding the work of auditors in this area.
This article focuses on three key areas – risk assessment, professional skepticism and documentation.
Risk assessment
While auditors will be very familiar with the idea of risk assessment and may incorporate the concept of low, medium and high risk into their methodologies, regulators are not convinced that risk assessment for estimates is being done well. Given that there are more high risk estimates now and, therefore, more potential for misstatement, this is an area that the IAASB believed needed stronger requirements and guidance.
The revised standard requires auditors to perform separate inherent risk and control risk assessments at the assertion level to form the basis for designing and performing further audit procedures to respond to the risks of material misstatement. If audit firms currently perform combined risk assessments, this is going to be a significant change for those practices and possibly more audit work.
In recognition that all risks are not equal, the revised standard also introduces the concept of the spectrum of inherent risk. This is one of the key drivers of scalability in the revised standard because where the assessed risk falls on the spectrum will determine what further audit procedures the auditor will need to perform. Ultimately, the higher on the spectrum the risk falls, the more persuasive the audit evidence needs to be.
These risk assessments will be based on auditors’ understanding of the entity, its environment and internal control, and here we also see enhanced risk assessment procedures to ensure that auditors have gained a good knowledge of the business.
As part of risk assessment procedures, auditors are required to review and document the outcome of previous accounting estimates. This is important as it helps auditors to make judgments about management’s track record in making estimates and assists in identifying and assessing the risks of material misstatement in the current period.
While auditors will be familiar with estimation uncertainty in the existing standard, the revised standard introduces and formalises the idea of ‘inherent risk factors.’ The three key ones that the standard addresses are:
- estimation uncertainty: susceptibility to an inherent lack of precision in the measurement of an accounting estimate;
- subjectivity: inherent limitations in the data or knowledge that is reasonably available about valuation attributes; and
- complexity: the complexity inherent in the process of making an accounting estimate.
There may, however, be other inherent risk factors such as change, susceptibility to misstatement due to management bias or fraud to also consider.
So, the auditors’ assessment of inherent risk will depend on the degree to which these risk factors affect the likelihood or magnitude of misstatement. The higher the risk falls on the spectrum, the more work auditors will need to do to obtain sufficient appropriate audit evidence. This is where exercising and demonstrating professional scepticism is particularly relevant.
Professional Scepticism
Because of repeated calls from regulators in recent years for auditors to be more sceptical on audits and given the extent of complexity, uncertainty and judgment involved in making some accounting estimates, this is, of course, going to be an area for scrutiny.
Having a skeptical mind-set is the bedrock of auditing, but regulators are concerned about the lack of professional scepticism demonstrated on the audit files.
The IAASB has sought to raise the bar by introducing a number of provisions designed to enhance professional skepticism. One of these is that further audit procedures designed and performed by the auditors should not be biased towards obtaining corroborative evidence or towards excluding contradictory evidence. So, auditors don’t just look for supporting evidence but equally don’t disregard contradictory evidence. Obtaining audit evidence in an unbiased manner may involve obtaining evidence from multiple sources within and outside the entity. However, auditors are not required to perform an exhaustive search to identify all sources of audit evidence. Getting the balance right is going to be tricky and auditors will need to refrain from making prejudgments or overly relying on checklists. Demonstrating that auditors have applied professional skepticism will be dependent on good planning, audit team training, coaching and supervision, and effective and timely file review.
Enhanced application of professional skepticism is also introduced through a stand-back requirement. Auditors are required to ask themselves and evaluate, based on the audit procedures performed and audit evidence obtained, whether:
- the assessments of the risks of material misstatement at the assertion level remain appropriate, including when indicators of possible management bias have been identified;
- management’s decisions relating to recognition, measurement and presentation and disclosures are in accordance with the applicable financial reporting framework; and
- sufficient appropriate audit evidence has been obtained.
While the idea of standing back and reviewing the audit evidence obtained might not sound new, it does help to emphasise that the audit of accounting estimates is an iterative process. The risk assessment requirements recognise this, and the stand-back requirement allows auditors to reflect on work performed, the appropriateness of the risk assessments and whether they have obtained unbiased sufficient appropriate audit evidence. Being skeptical (and hence unbiased) in seeking, evaluating and documenting audit evidence is therefore expected to improve audit quality.
Documentation
The revised ISA also introduces enhanced documentation requirements. Some may look familiar, but auditors shouldn’t be complacent here as these enhanced requirements are likely to require more documentation on their audit files.
ISA 540 (Revised) specifically requires audit documentation to include:
- the key elements of the auditor’s understanding of the entity and its environment, including internal control relating to accounting estimates;
- the linkage of further audit procedures with the assessed risk of material misstatement at the assertion level;
- the response to situations where management has not taken appropriate steps to understand and address estimation uncertainty;
- indicators of possible management bias, if any, and the auditor’s evaluation of the implications for the audit; and
- significant judgments made in the determination of whether the accounting estimates and related disclosures are reasonable, or are misstated, in the context of the applicable financial reporting framework.
It is particularly important that the documentation demonstrates how auditors have exercised professional scepticism throughout the audit. Auditors need to document the journey to their conclusions, including the challenges and judgments they made along the way.
For further ICAEW guidance on auditing estimates, including guides and webinars visit www.icaew.com/technical/audit-and-assurance/audit/auditing-estimates.