Why audit failures often begin with silence (Ep. 18)

Show Notes

When companies collapse shortly after receiving a clean audit opinion, the same question always follows: where were the auditors? But audit failure rarely begins at the moment the opinion is signed.

In this episode of Financial Reporting Conversations, Wayne Basford and Judith Leung unpack how audit failures quietly develop through a cascade of decisions made throughout the audit process from client acceptance and understanding the business to risk assessment, audit procedures, and failures in professional skepticism.

🎧 In this episode, you’ll learn:

• Why audit failures often begin long before sign-off
• How poor client acceptance decisions affect audit quality
• Why understanding the business drives risk assessment
• How “filing exercises” replace genuine auditing
• Why contradictory audit evidence is often ignored
• How audit failure becomes a cascade of decisions

Financial Reporting Conversations is brought to you by Basford Consulting helping professionals go beyond compliance and get financial reporting right.

For technical insights, training, and resources that make the unknowns in financial reporting known, visit basfordconsulting.com

🔗 Connect with us:
LinkedIn: Wayne Basford & Judith Leung
YouTube: @BasfordConsulting
Website: basfordconsulting.com

Transcript

SPEAKER_00 0:00

Welcome to Financial Reporting Conversations brought to you by Bas for Consulting.

SPEAKER_01 0:04

We're here to make the unknowns and knowledge of accounting, auditing and climate standards known so you can avoid the blindfredding mistakes and do financial reporting better.

SPEAKER_00 0:13

Each episode will unpack what the standards really say, what they mean in practice.

SPEAKER_01 0:18

Whether you're a preparer, auditor, director, or litigator, our aim is to help you get it right. When the company collapses shortly after receiving a clean audit opinion, the same question almost always appears. Where were the auditors? It's the questions investors ask. It's the questions regulators ask. And it's the question that dominates the headlines. But that question assumes audit failures happen in a single moment. Today, Wayne and I are going to talk about that order failure rarely happens at the end of the audit. Instead, it develops gradually through a sequence of decisions made throughout the engagement. Welcome to Financial Reporting Conversations. In this series, Why Audits Go Wrong, we explore the conditions that shape order quality and the situations in which audits can fail. In today's episode, we're looking at what we might call the timeline of audit failure. We discuss how audit failures can begin before the audit even starts, how misunderstandings about the business can shape the direction of the audit, and why decisions made throughout the engagement ultimately determine the audit opinion. As usual, I'm joined by Wayne Bassford. Wayne, most people think audit failures occur when the auditor signs the wrong opinion, but you argue that the failure often begins much earlier. Why is that?

SPEAKER_00 1:41

I'm trying to frame it as the cascade of audit failure. It's just a build-up as we get down each step and then suddenly we issue the wrong audit opinion. A lot of lawyers ask me questions. The question they asked me, was the financial report prepared in accordance with accounting standards? And if your answer to that is no, why not? And then the next question is: was the audit performed in accordance with auditing standards? And did the auditor issue the correct audit opinion? If the answer to that is no, why not? And then the answer to that is not they want these. My lawyers want it, it's that it was that process there. And I typically then take it right the way back to ultimately they accepted the client when they hadn't got the resource to perform the audit, they did not understand the client, they did not understand the client's business, they did not understand its governance, its internal control, its competitors, and because they didn't understand it, they didn't identify the risk of material misstatement, and then this horrible cascade. If you don't understand, identify the risk of material misstatement, you just don't do the work, you don't get the evidence, and then at the end you issue the wrong audit opinion. But where did that failure start? Go right upstream and say you shouldn't have accepted the audit.

SPEAKER_01 3:18

Okay, so let's start there. Let's start at that beginning of that audit timeline. That why is that stage so important? Client acceptance.

SPEAKER_00 3:27

Because you must have the resource to be able to provide reasonable assurance. And that's not as easy as it sounds. So have you got your sufficient audit teams? Very likely have, very likely can get outsourced staff, so you can get numbers, but can you get the right resource that has the experience of that industry? Have you got the aspect of dealing with components in foreign countries? And remember, if if a company has got weak internal control, if a company has got poor governance, if a company is risky, if a company is expanding, going into new products in an area of great competition, that increases inherent risk. And the principle of audit: the more the riskier a client is, the more evidence you need, the more resources you need to provide to that audit to get sufficient appropriate audit evidence. And when you look at the number of audit failures, you go, that audit firm should not have accepted that client. That audit firm should not have retained that client. The audit firm could not put sufficient resources onto that newly acquired business. That audit firm really didn't understand that industry to be able to design procedures.

SPEAKER_01 5:03

Let's move on to the next step of the timeline. Once the engagement begins, the next step is understanding the business. Why does that stage carry so much weight?

SPEAKER_00 5:13

Foundation of all audit. I understand the business in order to identify the risk of material misstatement. I understand the business in order to determine the significant risks of material misstatement. I have to understand its funding, I have to understand its internal control, I have to understand its governance, I have to understand the environment in which the entity is operating in. Because all of those increase the risk of material misstatement if I don't understand the business and understanding it an appropriate level of understanding. All businesses make widgets, sell widgets, provide services that clean widgets. What makes this company unique? What is the risks that make this company unique? And if you don't understand the business, you don't identify the risks, you don't respond to those risks.

SPEAKER_01 6:10

Thanks, Wayne. So by this point of the audit, two things have already happened. The firm has decided to accept the client, and the audit team has formed an understanding of the business. And Wayne had talked about those early judgments are incorrect, how it can affect and cascades down to the rest of the audit. Now let's talk about the next stage, risk assessment. You um I think previously you mentioned to me you uh that risk assessment is one of the most critical stages in the entire audit process. Why does it play such a central role?

SPEAKER_00 6:45

Well, two bits to going back to that understanding the business. Understanding the business is not randomly filing uh copies of ASX announcements or randomly copying uh sections from the director's report. Understanding the business is not doing a random uh Bloomberg high-level view of a certain industry, professional services in Australia, technical boutique uh accounting services in Australia. You need to understand the business, and then you're only after you've understood the business, what is the risks that could cause a material misstatement, including through fraud or error? So which areas are complex? You know you go into inherent risk, which areas are complex? That'd be revenue recognition, impairment, share based payments, derivative, etc. Which aspects are subjective estimates, share base payments, revenue, impairment, etc. Which areas are subject to bias? Well, what and what drives bias? Now that is risk identification, and you do that by assertion. The number of audit files I see because ISA 240 tells us to revenue recognition is a significant risk and material misstatement. I see that key audit matters. We have determined that revenue recognition is a significant risk and material misstatement. You live in a world of IFRS 15 five-step approach, the number of key audit matters that do not address which bit of the five-step approach could give a significant risk and material misstatement. Is that step one? Is it performance obligations? Is it step three? Consideration, is it step four, which is most likely allocating consideration to the distinct performance obligations? You can't just say revenue recognition is a risk material misstatement. You need to get underneath it and say, this is how it could go wrong. This is what could cause a material misstatement, and I am going to design this procedure to make sure they got step one right or stop step four right. I am doing construction contracts. There is a risk that that new contract that we won on a massively competitive tender building something that we've never built before in a jurisdiction that we've never built before. Maybe that's the one that could go wrong. Maybe that's the one where I might be underestimating my cost to complete. And because that I understand the business, I am going to focus all of my attention on the cost to complete estimates on contract C. You need to understand the risks at the appropriate level.

SPEAKER_01 9:55

If you're finding this discussion useful, please take a moment to click like, subscribe, and share. It helps others in the financial reporting community discover financial reporting conversations and keeps you up to date with every new episode. So once we identify the risk and understand the risk at the appropriate level, the audit teams are meant to design procedures to address them. Where can things go wrong at that stage?

SPEAKER_00 10:22

Copy and paste, use the standard work program, no tailoring. We will always test five contracts, ten contracts. We've not focused in on what a lot of auditors these days don't understand the assertion that the test is they don't understand the risk by assertion. They then don't understand what assertion an audit procedure is addressing. And again, this horrible phrase that we're using too much, it turns into a filing exercise, not an auditing exercise. My job is to collect randomly 10 tests from the library within caseware. I will then randomly file that information. Well, sorry, it won't, I'll file it in the correct section of the audit file, and I will not tie in anything to do with risks and evidence. This is just purely a filing exercise because I want this busy season over as quickly as I possibly can without thinking about risk.

SPEAKER_01 11:31

Yep, so once we have designed our procedures, what risk arise during the execution stage?

SPEAKER_00 11:38

Not thinking. We've designed the procedures, they're good procedures, they might actually be the appropriate procedure, but the person undertaking those procedures doesn't really understand why they're doing those procedures. The person really, again, doesn't want to think about why they're doing those procedures, just wants to get it finished, wants to file it, wants to go home, and ignores contradictory audit evidence, ignores that doesn't make sense. The one I classically like we do sampling, we do statistical sampling, and annoyingly with statistical sampling, you find an error, and then the oh god, I'll I'll pick another one. Oh, that's good. The second one I picked worked. Completely understanding the idea of statistics and statistical sampling. So people do not understand, they they trust the human nature. I don't going back to the commerciality or it or even human nature, I don't want to upset my client. I really if the more questions I ask, the more work I've got to do, and the chances are the more annoyed my client will be. Let's just not ask that question. You know, that's once you get into this execution phase.

SPEAKER_01 12:55

To the next step, when we've put all the procedures and we've got all the findings or evidence gathered, I think that's the technical term. What do you do at that stage? What's the next step?

SPEAKER_00 13:08

So when we get into ACE 330, when we get into ACE 700, you need to step back. Have I got sufficient appropriate audit evidence to issue reasonable assurance? Have I got enough work to say revenues recognized under in accordance with 15, the recoverable amount makes sense under 36? Step back. And then you go, and have I got any contradictory audit evidence? And that contradictory audit evidence can come through procedures, can come about through subsequent event testing, ISA 560 testing, and does my knowledge of this business all make sense, and I'm happy revenue makes sense, I'm happy that going concern it makes sense, I'm happy recoverable amount makes sense. I'm not stepping back in anything because I've not looked at it, it makes no sense. But all I'm doing is making sure each component is full. Everything's been filed, doesn't matter what it is, but I I've finished the audit because I put something in every box. That's not how an audit works, or that's not how an audit should work.

SPEAKER_01 14:29

After we evaluate the evidence, uh then we come to a point where we had to express an audit opinion. If weaknesses have occurred throughout the earlier stages, what happens at this point?

SPEAKER_00 14:42

You get the audit opinion wrong and you failed the objective of an audit as set out in ISA 200. You give an unmodified opinion on a set of financials that is materially misstated. And you know that is this cascade of audit failure. Why did I end up issuing that wrong opinion? Well, I never understood the business. I send a team out that would never have been able to spot a risk, even if it had hit them in the face. The team could not design procedures to respond to that risk. They just randomly collected procedures from the caseware library. They got the audit evidence and they didn't read it, they ignored contradictory audit evidence, but chances are it's a good client. Statistically, 99% of clients prepare their accounts correctly. Or maybe less than that, but statistically, nobody will ever find out that the client didn't prepare their accounts correctly. So sign an unmodified audit opinion incorrectly and fail the objective of an audit.

SPEAKER_01 16:00

Wrapping up with one final question: what is the lesson someone listening should take away from our discussion today?

SPEAKER_00 16:09

It is audit is a process, a quality audit is a process. It is not I can sign off at the end of it. I will just be able to look at an audit file in the last week of September and pull it out of the mess. It has got bedrock of the firm, the firm's quality management. Have you got processes for only accepting audits that you can properly staff? Have you got a process for allocating the appropriate staff, training the staff? So I sitting there as head of audit, I am happy my firm will only accept audits it can audit that he can actually have sufficient resources to get sufficient appropriate audit evidence to provide reasonable assurance. My team, I send my teams out to the client, they know the industry, they've given enough time to understand the industry, and they will take diligently, they will understand the business. And when they're understanding the business, they're not just copying pasting from the director's report or ASX announcements, they are understanding the business with start with the end in mind, they are understanding the business to identify the risk of material misstatement. And once they identify the risk and misstatement, and they actually understand how risk misstatement work by assertion, that team is skilled enough to design, pick the procedures from the caseware library to address those risks by assertion. The team, even though it's delegated down to lower levels grads, they perform those procedures diligently. And if they ever s see any contradictory audit evidence, they will consider the contradictory audit evidence. They are sceptical, they're questioning, they're not just filing, they're actually being auditors, and then we step back before we rushed oh we've got to sign off, it's it's uh deadlines in three days' time. The audit partner, the engagement partner, is in sufficient time, does stand back? What were the risks? Read his key audit matters, and I have I got sufficient audit evidence to give an opinion on those key audit matters. Is there any contradictory audit evidence? And this is auditing 101, but this stage of an audit, horribly when you look at audit failures, which one went wrong, it's it starts upstream and then just smashes down the rapids until the wrong audit opinion.

SPEAKER_01 19:07

Audit failure is not just a single event when the audit partner signs the wrong opinion. It's usually the result of a sequence of decisions, as Wayne have talked about, made throughout the engagement. And understanding that timeline helps explain why improving audit quality requires attention and thought at every stage of the audit process. And this is what our series talks about why audits go wrong and we explore different issues that contribute to audits going wrong. So thank you for joining us for this episode of Financial Reporting Conversations, and we hope you will join us next time when we continue to examine the risks and decisions that shape financial reporting and audit quality.

SPEAKER_00 19:52

Thanks for listening to Financial Reporting Conversations. For guidance on applying accounting and auditing standards or to access our online training programs, please visit basfordconsulting.com.

SPEAKER_01 20:03

Don't forget to like, subscribe, and share this episode with your colleagues and contacts. We'll see you next time where we make the unknowns in financial reporting known.