Page 1 | Confidential and Proprietary Information

Audits of SMEs – Sometimes

Less is More

Mats Olsson

Member, IFAC Small and Medium

Practices Committee

KibR Seminar, Warsaw

November 7, 2013

Page 2 | Confidential and Proprietary Information

Agenda

• Insights from IFAC SMP Quick Poll

• SMP Committee

– Input to Standard Setting (IAASB)

• Proportional application of ISAs and ISQC 1

– ISAs 200, 210, 315 and ISQC 1

• Tips for Audit Efficiency

• IFAC Resources

– Knowledge Sharing / Implementation

Page 3 | Confidential and Proprietary Information

IFAC SMP Quick Poll Findings

• Keeping up with standards and regulation is biggest

challenge facing SMPs

• Pace of change was that aspect of standards and

regulation that posed the greatest challenge for SMPs

• Audit & assurance were the types of standards and

regulation that posed the 2nd greatest challenge for SMPs

Page 4 | Confidential and Proprietary Information

Input to Standards (IAASB)

• Robust and regular input on key projects

– Proportionality/scalability is key consideration

– Comment letter on A Framework for Audit Quality CP (May)

– Comments on ISA Implementation Monitoring project (April)

• Response to IAASB strategy survey (April)

– Need for stable platform but…..

– Internal controls and documentation may be insufficiently scalable

– ISQC 1 needs to be more risk-based and proportionate

– Need for impact analysis and post-implementation reviews

Page 5 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 I

• ISAs - Overview

– New structure in which information is presented in separate sections:

Introduction, Objective, Definitions, Requirements and Application and

Other Explanatory Material

– Emphasis on professional judgment, the standards are principles

based which allows practitioners to tailor audit procedures

– Contain special considerations for smaller entity audits

– Some ISAs only apply to larger entity audits

– Many requirements may not be relevant to SME audits

Page 6 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 II

• ISA 200, Overall Objectives of the Independent Auditor

and the Conduct of an Audit in Accordance with

International Standards on Auditing

– The practitioner needs to comply with all ISAs relevant to the audit

and with all requirements in ISAs relevant to the audit

– A complete knowledge of all the standards is essential in order to

make a professional judgment as to what to leave out

Page 7 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 III

• Examples of some of the ISAs that would not be relevant

in an SME audit include:

– ISA 402 Audit Considerations Relating to an Entity Using a Service

Organization if the SME does not use a service organization

– ISA 510 Initial Audit Engagements – Opening Balances if the SME

is a continuing, and not an initial, engagement

– ISA 600, Special Considerations – Audits of Group Financial

Statements (Including the Work of Component Auditors) if the SME

audit engagement is not a group audit

– ISA 610 Using the Work of Internal Auditors if the SME has no

internal audit function

Page 8 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 IV

• ISA 200 continued:

– Not all ISAs are relevant to every audit as the standards are

designed to cover audits in every situation globally. For example, it

is possible that there are requirements which are not relevant to

some SME audits including:

– requirements to test the expectation that controls are operating

effectively (ISA 330)

– requirements when an engagement needs an engagement quality

control review (ISA 220)

Page 9 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1

• ISA 210 Agreeing the Terms of Audit Engagements

– Paragraph 6, agreeing the terms of engagement with management

and paragraphs 9 and 10 which require you to communicate the

terms in writing to management in a letter will be applicable in

every engagement

– Paragraphs 7 and 8 deal with an imposed scope limitation and the

situation where the preconditions do not exist. Paragraphs 14 – 17

deals with changes to the terms of engagement in mid-audit and

paragraphs 18 - 21 the situation where laws and regulation

supersede the ISAs

• It is important to know what the requirements are, but these situations

are also likely to be far and few between for most SME audits

Page 10 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 V

• ISA 210 Agreeing the Terms of Audit Engagements

continued

– To summarize, of the 16 requirements in IAS 210, paragraphs 6, 9

and 10 are critical and will apply in every engagement. For SMPs,

knowing they have to deal with 3 main requirements out of 16 is a

lot less daunting than considering all 16 every time.

Page 11 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 VI

• ISA 315 Identifying and Assessing the Risks of Material

Misstatement through Understanding the Entity and Its

Environment

– The objective of the auditor is to identify and assess the risks of material

misstatement, whether due to fraud or error, at the financial statement and

assertion levels, through understanding the entity and its environment,

including the entity’s internal control, thereby providing a basis for

designing and implementing responses to the assessed risks of material

misstatement.

• Focus on Significant risks – effectiveness and efficiency

– Understand the business – important from an engagement risk

perspective

– Identify significant risks up front and focus audit effort on these

– .

Page 12 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 VII

• ISA 315 focus on Significant risks – effectiveness and

efficiency continued

– Substantive tests are required for each material class of transactions,

account balances and disclosures, but tests of details only required for

significant risks

– Consider analytical procedures (follow requirements of ISA 520 Analytical

Procedures) for non-significant risk items where appropriate

– Use professional judgment to determine what substantive tests to use on

items not considered significant risks

– ISAs explicitly encourage the auditor to exercise professional judgment in

determining the form and extent of documentation – they acknowledge

extent may vary depending on the circumstances

Page 13 | Confidential and Proprietary Information

Proportional Application of ISAs and ISQC 1 VIII

• ISQC 1 Quality Control for Firms that Perform Audits and

Reviews of Financial Statements and Other Assurance

and Related Services Engagements

– Applies to firms of all sizes that provide services covered by the IAASB’s

International Standards

– Requirement for the firm to comply with each requirement of the standard

unless, in the circumstances of the firm, the requirement is not relevant to

the services provided…

– Contains special considerations for smaller practices

– Indicates that the form and content of documentation evidencing the

operation of each of the elements of the system of quality control is a

matter of judgment and depends on the size, nature and complexity of the

firm and number of offices

Page 14 | Confidential and Proprietary Information

Tips for Audit Efficiency

• Automation – standardized templates and customized

checklists

• Software – utilizing commercially available products

• Planning – timeframe, list of deliverables, client meeting

• Risk based approach – in line with ISAs

• Staff training/ supervision

• Communication

Page 15 | Confidential and Proprietary Information

Knowledge Sharing – Implementation

• Building and sharing knowledge, including access to

resources and tools, amongst member bodies and SMPs

– Implementing standards (incl. ISAs, ISQC 1)

– Insight articles (e.g., efficiently auditing SMEs, review engagements)

– Comprehensive guides on how to efficiently implement ISAs and

ISQC 1 (guidance, case studies, checklists etc.)

– Guide to Review Engagements (Dec. 2013)

– Suite of links to free resources from member bodies

Page 16 | Confidential and Proprietary Information

Knowledge Sharing – Implementation II

ISA Guide Volume 1

• Fundamental concepts of a risk-

based audit in conformance with the

ISAs

ISA Guide Volume 2

• Practical guidance on performing

SME audits. Includes two illustrative

case studies—one of an SME audit

and one of a micro-entity audit

Page 17 | Confidential and Proprietary Information

Knowledge Sharing – Implementation III

• QC Guide

• Helps SMPs apply ISQC 1

proportionately and

efficiently. Includes

guidance, case study, two

sample QC manuals and

checklists

• Reference, training,

customize manuals and

checklists

Page 18 | Confidential and Proprietary Information

References – General

IFAC SMP Committee website: http://www.ifac.org/smp

IFAC SMP Twitter: https://www.twitter.com/IFAC_SMP (please follow us)

IFAC SMP eNews: https://www.ifac.org/login?register (please subscribe)

IFAC SMP Community:

http://www.linkedin.com/groups?home=&gid=4542841&trk=anet_ug_hm (please join us)

IFACnet http://ifacnet.com/

IFAC SMP Quick Poll: Mid-Year 2013: http://www.ifac.org/publications-resources/ifac-smp-

quick-poll-mid-year-2013 (please take the Nov./Dec. 2014 poll)

Resources and tools (all): http://www.ifac.org/about-ifac/small-and-medium-practices-

committee/smp-resources-and-tools

IFAC Translations and Permissions: http://www.ifac.org/about-ifac/translations-permissions

• Links to implementation of ISAs resources:

https://delicious.com/#ifacsmpcommittee/Implementation,Audit

• Links to implementation of ISQC 1 resources:

https://delicious.com/#ifacsmpcommittee/Implementation,Quality%20Control

Page 19 | Confidential and Proprietary Information

References – IAASB

• Staff Q&A, Applying ISAs Proportionately with the Size and Complexity of an Entity:

http://www.ifac.org/publications-resources/staff-questions-answers-applying-isas-

proportionately-size-and-complexity-ent

• Staff Q&A, Applying ISQC 1 Proportionately with the Nature and Size of a Firm:

http://www.ifac.org/sites/default/files/publications/files/Staff%20QA%20ISQC%201%20Prop

ortionality_FINAL.pdf

• The Clarified ISAs—Findings from the Post-Implementation Review:

http://www.ifac.org/publications-resources/clarified-isas-findings-post-implementation-

review

Page 20 | Confidential and Proprietary Information

References – Knowledge Sharing - Implementation

• Guide to Using International Standards on Auditing in the Audits of Small- and Medium-

Sized Entities (Third Edition) (incl. companion manual and slides):

https://www.ifac.org/publications-resources/guide-using-international-standards-auditing-

audits-small-and-medium-sized-en

• Guide to Quality Control for Small- and Medium-Sized Practices (Third Edition) (incl.

companion manual and slides): www.ifac.org/publications-resources/guide-quality-control-

small-and-medium-sized-practices-third-edition-0

• Boosting the Quality and Efficiency of Smaller Entity Audits article:

https://www.ifac.org/news-events/2013-07/boosting-quality-and-efficiency-smaller-entity-

audits

• Tips for Cost-Effective ISA Application article: https://www.ifac.org/publications-

resources/tips-cost-effective-isa-application

• Tips for Cost-Effective ISQC 1 Application article: https://www.ifac.org/publications-

resources/tips-cost-effective-isqc-1-application

Page 21 | Confidential and Proprietary Information

Thank You

www.ifac.org/smp