CPA Australia’s External Reporting Centre of Excellence members reflect on the impact of COVID-19 on the way audits are being conducted.
By Dr Jana Schmitz
Like the rest of the working world, it is hard to envisage where auditing would be without the technology that enables the process to be conducted remotely.
An acceleration in uptake of technology may be the single most significant impact of COVID-19, for external auditors and their clients.
“Technology was already meaningfully used by the auditing profession and greater automation was already occurring before COVID-19,” says Andrew Marks, audit director at William Buck, Melbourne.
“[Now] we are seeing a steep change in the use of technology, which will be reflected in our approach to audits in the post-COVID-19 reality.”
Marks believes that technological tools, including cloud services and data analytics, have proven to be useful in supporting auditors to continue undertaking their tasks. “We now have cloud-based software that allows clients to upload documentation,” he says.
“We also have Skype or Zoom meetings with the client throughout the audit to discuss how things are progressing. These tools allow us to conduct the audit remotely in an efficient manner.”
Similar thoughts were expressed by Nick Walker, audit partner at HLB Mann Judd.
“Fortunately, HLB Mann Judd’s digital transformation occurred before the outbreak,” says Walker. “We are already working remotely and have the required technology in place, so for us it doesn’t make much difference.”
Marks notes that without today’s technological infrastructure auditors would have encountered great difficulty.
“Several years ago, we didn’t have the technological capabilities that we have today,” says Marks. “Audit professionals would have found it extremely challenging to work from home.”
Cybersecurity: Keeping safe in the cloud
Cybercrimes are reportedly on the rise during the pandemic. As a result, to maintain standards one key area more crucial than ever is cybersecurity.
“You have to have controls in place. Everything should be encrypted, especially if you deal with confidential client data,” says Mark Hucklesby, partner and national technical director at Grant Thornton, New Zealand.
“We must understand how client data is managed and secured across the organisation’s network,” says Hucklesby. “Especially when cloud software is used.”
These views are also shared by Shaun Steenkamp, finance partner at National Bank of Australia (NAB).
“Everyone seems to use cloud software,” says Steenkamp. “But you cannot put banking customers’ details on the cloud without extensive security and controls being put in place first.”
Organisations need be aware of how their data is handled outside their offices – when staff are working from home, potentially using personal devices.
With appropriate cybersecurity software it is not all doom and gloom.
“Maintaining regulatory compliance with data security is a challenge that can be resolved,” says Steenkamp.
As the use of cloud-based technology has become integral to the operations of accounting practices and their clients alike, it is critical that organisations introduce cybersecurity awareness programs for staff and to have pre-defined cybersecurity response plans in place for sudden cyber-attacks or incidents.
Those audit firms that lack effective cybersecurity measures face the risk of breaching clients’ trust while exposing themselves to an increasing risk of unauthorised access to data and potential legal action.
Impediments to the audit
External auditors are heavily dependent on the client to provide access to data required for the audit.
Walker agrees that the necessity to work remotely coupled with the use of technology has changed the way audits are conducted.
“There is a lot more onus on the client now to make sure that they have uploaded their information onto our portal so we can access that information,” he says.
That is one of the reasons that the Australian National Audit Office (ANAO) reached out to clients to make sure ANAO auditors have remote access to data.
“The Auditor-General sent a letter to the COOs of client entities saying that the financial reporting requirements are more important than ever.
“The ANAO had to make sure they received the correct financial information that goes into the financial statements.”
Walker identifies other problems related to data availability and data integrity.
“There is a tendency for clients to blame everything on COVID-19. Revenue went down – blame COVID-19. Data is not available – blame COVID-19. At these times it is crucial for audit partners and managers to push audit staff to assess whether COVID-19 was really the reason for what clients claim to be the problem.
“If COVID-19 turns out to be the reason, audit staff need to examine what impact it had, has or will have on the client. [The] key is not just to ignore everything that happened in the first nine months of the financial year.”
On the subject of data availability, Walker says his staff have not faced major issues with clients – particularly smaller businesses – using software such as XERO, MYOB or QuickBooks.
“They are able to make their data available almost immediately through these platforms.”
Walker’s team noticed that IT general controls (ITGCs) reviews had to be deferred in some cases because IT departments of client businesses were busy setting up the remote IT infrastructure. “That is something we expected to happen,” says Walker.
In terms of the deferral of audits, Peter Kerr, executive director of the Assurance Audit Services Group at ANAO, adds that the virus has put a bit of a hiatus on some audits, especially performance audits.
Kerr stresses the importance of distinguishing between audits that are close to completion and audits that have commenced more recently.
“Audits that are in progress and are about to get wrapped up, can proceed and be concluded if we have all the information we need,” says Kerr.
“But for audits that are midway through, the Auditor-General has asked for at least a one month pause, with the exception that if clients are happy for the ANAO to continue then we can. But this is evaluated on a case-by-case basis. Some agencies are more impacted than others.”
“All things considered, audits have to continue,” says Kerr. To facilitate the continuation of audits, the ANAO is talking to agencies about how they are impacted by COVID-19 and how that affects the internal controls of the agencies.
“It’s important to have these discussions at the moment,” he says.
Hucklesby adds that extensions of financial reporting deadlines create enormous operational problems towards the back end of the audit.
“Because one may have to reassess impairment testing that was previously undertaken, but this time around changed assumptions. I can see a perfect storm emerging here around potential bottlenecks,” says Hucklesby. With reporting deadlines looming, he believes that extensions will become a pressing issue.
“The question everyone is assessing in the lead up to 30 June 2020 audits is: ‘Do we have access to enough corporate finance experts to complete the required modelling and sensitivity analyses within the timeframes, notwithstanding these filing date extensions?’”
While technology can enable the conduct of audits remotely, the impacts of COVID-19 on financial reports require challenging judgements for auditors and their clients which the uptake of technology does little to alleviate.
In response, company regulators and stock exchanges across the globe, including ASIC, ASX, NZ FMA and NZX, have extended reporting deadlines to provide preparers and auditors additional time to work through those judgements in order to sign off on the financial reports and auditors reports respectively.
Views expressed by External Reporting Centre of Excellence members are their own and do not necessarily reflect the views of their associated organisations.
Dr Jana Schmitz is a policy research analyst at CPA Australia