Common themes from Mercia file reviews

At Mercia, we complete over 1,200 file review assignments every year. Whilst every file is different, our file reviewers come across common themes in many of the reviews they undertake. In this article, we are going to look at four of the most common issues and how firms can address these.

With recent changes to ISA 600, groups have been in the spotlight. Note that this section does not discuss changes to ISA 600, if you would like to learn more, this article is a good starting point.

Even prior to these changes, our file reviewers often came across problems in the approach to and execution of group audit assignments. These issues include

• Insufficient scoping of the group and its components
• A lack of clarity over the work to be completed on the group financial statements
• Insufficient work performed on the parent to support its own audit opinion
• Poor documentation of the group structure
• A lack of risk assessment at the group level
• A lack of evidence of review or direction of the work of component auditors (where used).

Firms must ensure that files clearly document how the group is structured and how the work across different components has been scoped and planned.

Going concern

Whilst most files we review show clear evidence of consideration of going concern and subsequent events, the approach taken does not always reflect the requirements of ISA 570 Going Concern.

Work on going concern often neglects to demonstrate that management have performed their own assessment, which should then be reviewed and challenged by the audit team.

Instead, files often include detailed file notes explaining why the audit team believe the entity to be a going concern but with a lack of challenge as to the assumptions included in the associated budgets and forecasts.

As a result, it often appears that going concern has not been discussed with management and instead the audit team have made the assessment for management, which is not appropriate.

Firms must ensure that they have documented management’s assessment and the audit file shows how management’s assumptions have been tested and challenged.

Systems and controls

Whilst there are several areas compliances with ISA 315 where there is room for improvement, the area which crops up on most files is systems and controls. All too often, auditors fail to properly document not only key transaction cycles but also the controls specifically required under paragraph 26 of the ISA, which may not be part of the transaction cycle. As a result, walkthroughs of the transaction cycle to confirm design and implementation, do not always cover the controls required to be reviewed.

In addition, files often overlook the requirement to consider the broader control environment including areas such as risk management, how systems and controls are monitored and how the culture of the entity contributes to the control environment.

These are critical overarching areas which can define the overall risk associated with the audit and are required to be documented under ISA 315. It is not sufficient to only document the key business cycles.

Audit teams should familiarise themselves with the controls required to be identified and ensure that systems notes cover all relevant areas, with appropriate work to evaluate the design and confirm implementation of the key controls.

In addition to documenting the key business cycles, audit teams must ensure they document the overarching control environment as part of their audit risk assessment.

Omissions from narrative reporting

We continue to see directors’ and strategic reports which are missing critical elements required by legislation. These most commonly include (but are not limited to):

• Disclosures to comply with the Streamlined Energy and Carbon Reporting Regulations
• Disclosures to comply with Section 172 of the Companies Act relating to how the directors have promoted the success of the company.

Whilst these are relatively new disclosures, affecting larger companies, it is often the case that audit teams have not sufficiently checked the financial statements document prior to issue and have instead relied on the software to include the relevant sections.

It is critical that firms ensure that detailed reviews by experienced members of the audit team have been undertaken and a disclosure checklist has been completed and reviewed. We continue to see files where there is no evidence of review of the financial statements or disclosure checklists which have been incorrectly completed.