In recent years, technology has had a significant influence on the way auditors communicate with clients. A key part of this trend has been the shift from exclusively on-site auditing to a blend of on-site and remote activities which recognises the important role technology plays in streamlining workflow and communication. Technology has been utilised to perform an audit from organising planning and closing meetings, to gathering of audit evidence, making enquiries, and conducting discussions with the client which reduced the need to visit the location where the client and their records are based.
With the COVID-19 crisis coming into picture, the manner of audit delivery has been significantly altered. Restrictions on face-to-face interactions impelled audits to be conducted remotely. Further, the external audit profession in Australia has faced a major skills shortage for some time. Professional services firms in Australia traditionally have relied on overseas recruitment and secondments to fill the shortage of skilled auditors to cope with the concentration of June year-ends. However, the closure of the Australian border with COVID-19 ended this practice.
It will likely be another 12 months before the number of external auditors available to service clients returns to pre-COVID levels. In this environment, remote auditing provides a temporary solution to the audit skills shortage that is likely to remain after borders reopen.
What are some of the risks and challenges associated with ‘remote auditing’?
With remote work arrangements and the absence of in-person interactions, it has been a testing time for audit firms and their clients. Some of the immediate challenges faced by auditors relate to access to client facilities, communication with client personnel, and obtaining financial records and documentation. There is a need to gain better understanding of the client’s risk profile and to assess how the pandemic has affected their business.
The more important risk that auditors face with remote audits is assessing the integrity of the information being provided. Records may be false or misleading as PDF files can be edited, signatures can be applied, and user login details can be used to ‘stamp’ electronic approvals. Communication by way of phone calls, emails and portals also affects the auditor’s ability to take in ‘visual cues’ of dishonesty as compared to face-to-face questioning and random audit sampling of records on-site.
While challenges and risks are imposed by remote audits, it also has its advantages! Auditors are now no longer being limited by their location. Both staff auditors and the client’s home office can be situated in different locations without having any problems in logistics and delivery of the engagement. This creates more opportunities for both audit firms and businesses as there is a larger pool of resources and a wide array of firms which can cater the audit requirements. The remote work arrangement also promotes efficiency on both parties as site travel is eliminated and audit requests can be attended to at the most convenient time of the client, reducing potential disruptions to their day-to-day operations.
There is no question that remote auditing is here to stay. In this environment, the auditor must weigh up the risks and costs associated with remote auditing versus visiting the client’s location as it is crucial for the auditor to collect sufficient, reliable, relevant, and useful information to meet audit objectives. Test of controls and enquiries must be performed and documented to note how the auditor dealt with the risks of remote auditing and how the records and information provided online were scrutinised. If the responsible auditor concludes evidence gathering may have been compromised by off-site review, then the auditor should consider the impact of these implications and the need to be reported within the audit report being issued.
It is also important to note ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment (2021) will become effective for financial years beginning on or after 15 December 2021. The revised standard tackles upcoming changes in relation to core ‘inherent’ risks and the need to further consider IT application controls as part of the auditor’s planning and risk assessment process. IT application controls can no longer be limited to solely the accounting system or software but will need to consider other programs such as Adobe, DocuSign and email directories. It is expected that more extensive documentation will be required as part of this change.
Communication is always important in the audit process and with remote audits, it is critical to take a proactive approach to client engagement. In going online, there is an even stronger focus on the personal touch, through identifying and maximising client touch points and by using videoconferencing to engage with clients more directly. Some firms already experienced with online communication portals have actually seen an improvement in communication. The relationship between firm and client becomes more collaborative and consultative.
If you’d like feedback on how remote auditing can be effectively used to provide an efficient and professional service, speak with our Director, Danielle Nye.
Contact Danielle Nye on 1300 734 707 or visit our website www.audits.com.au.
- Audit Training – Why It’s Important & What to Consider - 5 December 2022
- Is Remote Auditing Here To Stay? - 24 February 2022
- Cybersecurity and External Audits – Risk and Response - 19 January 2022