It is no secret that the Covid-19 pandemic has had a global impact. Many organisations faced unprecedented economic challenges resulting from government lockdowns. Although some industries were hit harder than others, the impact was felt in every sector and profession. Auditing is no exception.
Few auditing firms could continue their engagements during the lockdown. Both external and internal auditors were primarily affected in two ways. Firstly, the changes to the environments of clients, result in a need to adapt audit approaches and methods. Secondly, the impact of travel restrictions on necessary client visits to obtain audit evidence. Like most professionals, auditors were forced to think outside the box.
The purpose of this article is to explore how the pandemic changed auditing.
External auditing
For External Auditing (EA), three main Covid-19 impacts were identified (Albitar, Gerged, Kikhia, & Hussainey, 2021; Arnold, 2020; Hay, Shires, & Van Dyk, 2021; McNellis, 2021):
Audit considerations – The pandemic and subsequent lockdowns caused unprecedented levels of concern regarding future earnings and the going concern principle for audit clients. Most clients’ risk profiles changed drastically overnight. Auditors could not rely on previous auditor risk assessments and were even forced to make modifications to audit opinions. They had to consider the changes when audits were planned and when the risk of material misstatement was calculated. Travel restrictions and remote working affected their ability to obtain sufficient evidence, which delayed audit engagements. Other considerations include an impact on the auditing of accounting estimates, as well as the treatment of the pandemic as a subsequent event.
Remote auditing – Lockdown restrictions forced auditors to work virtually, using technology to conduct audit engagements. This created an increased reliance on networks, virtual meeting software and audit tools, such as data analytics (DA).
Security – Audit evidence had to be obtained virtually. In some instances, auditors were granted temporary access to client information systems. The need to put measures in place to protect client information increased significantly, as auditors now used client documents in private homes.
The literature also identified three possible future impacts on EA (Albitar et al., 2021; Hay et al., 2021):
Audit fees, salaries, audit procedures, going concern assessments and audit efforts can harm audit quality.
There could be a future effect on EA responsibility. For example, the authors expect more reporting ongoing concern assessments and more responsibility for fraud, internal control, and governance changes.
A possible reform of auditor liability resulting from increased reliance on audit opinions is also implied.
Internal auditors
The literature identifies the following six impacts on internal audit (IA) (Chambers, 2021; IIA, 2020; Martinelli, Friedman, & Lanz, 2020):
Resources – The IIA (2020) highlighted that a large percentage (45%) of IA functions expect significant IA budget cuts. Decreased budgets will require IA to achieve their goals with fewer resources.
Risk assessments – Risks such as insufficient revenue generation increased significantly because organisations were not allowed to operate. Survival planning and the implementation of temporary by-pass procedures caused curtailing of traditional controls, which affected client risk profiles. Moving operations online exponentially increased risks associated with cybersecurity threats. Clients were faced with the reality that their business continuity planning was simply not good enough. Organisational risk assessments became insufficient as documented risks suddenly moved down on the priority list. This, in turn, affected IA plans, which are based on client risk assessments. They were forced to make use of flexible, short-term plans.
Continuous monitoring – The override of some traditional internal controls, along with increased remote working situations, caused auditors to enhance continuous monitoring techniques, through continuous auditing, DA or robotic process automation. Chambers (2021) proposed that auditors need to audit “at the speed of risk”, enhancing the continuous component of risk assessment.
Service delivery – Remote working regulations and online meetings restricted IA, which hindered the process of obtaining sufficient audit evidence. To ensure that client quality demands were met, auditors had to adapt to remote auditing, agile auditing, continuous auditing, robotic automation and DA to obtain evidence. Consequently, the IIA (2020) identified four competency development needs for IA teams, namely communication, cybersecurity, DA and health and safety skills.
People – Human resources, the most important element of IA, had the largest impact on the auditing profession. Although higher levels of productivity were reported, firms had to find ways to monitor staff performance. Organisations were forced to provide staff mental health interventions, remote working support, and technology. Inadvertently forcing staff into remote working environments, now require firms to gradually bring auditors back to the office.
Stakeholder communications – As management and the audit committee are the main stakeholders of IA, and as IA is seen as “the eyes and ears of management”, proper communication and reporting were more important during the pandemic.
Chambers (2021) reported that the pandemic not only impacted but likely transformed the profession. Five long-term impacts on the profession are discussed:
-Technology will be more critical to conduct future audits.
– Innovative ways, like continuous monitoring, can be used to gather audit evidence.
-Virtual meetings will be the norm.
-Increased focus on emerging risks.
-Hybrid working models for auditors.
-Audit techniques and challenges faced
Respondents indicated that they could service their clients during hard lockdown but faced delays. Remote auditing was difficult at first but became easier. They reported the following challenges about remote working (Anon., 2022; Geldenhuys, 2022):
Client readiness – Clients in the public sector were not ready for virtual audits. This resulted in delays in obtaining audit evidence. Eventually, people overcame their fear of technology and adapted, especially in the private sector.
Collecting audit evidence – Obtaining audit evidence was a major hurdle, often resulting in separate EA findings. However, these findings generally did not lead to a modified EA opinion. The credibility of IA evidence was the biggest challenge. Additional electronic evidence gathering and tracking tools had to be utilised. In certain instances, acceptable audit evidence had to be limited to available audit evidence. Some clients provided auditors with computers connected to their servers to overcome this hurdle.
Virtual interaction challenges – Virtual meetings removed the human elements like facial expressions or body language. Ensuring that all participants were on board for the entire meeting was challenging, especially in large meetings. Respondents recommended keeping meeting sizes small while requiring cameras to remain on.
Time zones – The pandemic revealed that auditing cross-border clients did not always require site visits. International clients could be serviced remotely. However, the difference in time zones resulted in long working days.
Respondents resorted to other tools, such as document tracking tools, and DA and control self-assessment (CSA). The EA respondent highlighted how the increased use of DA resulted in increased audit effectiveness and efficiency. The credibility of data and the large data sizes were still concerns. The IA respondent introduced CSA as a starting point for each IA engagement, which identified and reported weaknesses quicker. The pandemic revealed the flaws of a long IA plan, such as the “three-year rolling plan”. The current circumstances require shorter, even quarterly audit plans.
Auditing in a post-pandemic world
The IA respondent described the adjustment as follows: “To a certain extent, Covid was the best thing that could happen to the profession, as it forced us out of stagnation”. The respondents think that the following pandemic related changes will be permanent (Anon., 2022; Geldenhuys, 2022):
The hybrid working model is here to stay. While not all audit procedures can be done remotely, auditors learned that onsite visits are not always required, which will reduce travelling for audit purposes. However, to ensure inclusion and effectiveness, virtual meetings should be concise, with a limited number of attendees.
In conclusion, all professions, including audit professions, were affected severely by the Covid-19 pandemic. However, not all the effects are negative. With the right attitude, the pandemic-related changes can be used to enhance the future of auditing. – by: Cobus Janse van Rensburg, Senior Lecturer: Department of Auditing, University of Pretoria
Click here for more: https://www.saiga.co.za/saiga/magazine-july-2022/