As 2023 comes into focus, audit firms are preparing for significant changes. Auditors need to get to grips with new risk assessment terms. For example, SAS No. 145 sees changes to the concept of significant risk and will require auditors to identify controls and evaluate whether those controls have been designed effectively and implemented. Added to that, new ISQMs are impending. Repurposing ‘last year’s file’ will not be an option when ISQM 1 comes into effect. “ISQM marks a significant shift in focus on quality and moves towards a more proactive approach,” notes ICAEW thought leadership.
As audit firms work to develop trust and transparency in the financial markets, they must ensure that they have the tools to issue high-quality guidance across the organization that is easily accessible to staff at the moment of need. In particular, five control deficiencies occur time and time again when managing manuals, forms, and templates.
1. Lack of formalized processes for reviewing and approving updates
Professional Standards teams are often burdened by the number of changes as regulations and standards are continuously updated. We often hear that there are no controls over who can make edits to content and that firms lack visibility on the guidance local firms are adopting. Email is not considered a formal process for reviewing and approving updates. In fact, relying on email can result in inconsistencies and the risk of missing changes.
2. No systematic processes and controls for assessing the impact of standards changes
Once new updates from standards bodies are reviewed and approved, they can result in a domino effect of change across global documentation, templates, and guidance. Each instance must be identified and updated, otherwise guidance material can be conflicting or out of date.
3. Version control issues
Firms with a global footprint must ensure that they are delivering consistent guidance across the organization. However, if there is no way of monitoring when the global team updates its standards, it can lead to staff relying on guidance that differs and does not comply with international standards.
4. Limited audit trails of changes made to audit policies and templates
Firms need to demonstrate to regulators and other stakeholders that they are implementing systematic processes. Recent auditing standards updates have increased this need. When a document is edited multiple times, it is impossible to determine how it has evolved over time, who made what change, or when the change was made. This can leave firms open to financial and reputational risk, and audit quality professionals need to protect their reputations as well.
5. Insufficient controls to ensure that manuals/templates in different languages are consistent
As well as managing global and international versions of manuals, firms must also manage versions in different languages. If firms are using different platforms to store and manage their content, it is difficult to guarantee that translated versions are synched with global versions, particularly if they are stored on different research platforms.
Move towards a standardized approach
In order to strengthen audit quality, firms need to ensure that they are plugging the gaps in their content processes with a standardized approach to managing audit manuals, forms and templates. Propylon’s TimeArc® platform provides a centralized place for firms to issue consistent material across multiple jurisdictions.