Unit learning outcomes
By the end of this unit, you will be able to:
- explain the concept of assurance and why assurance is required
- evaluate the reasons for assurance engagements being carried out by appropriately qualified professionals with an attitude of professional scepticism and the exercise of professional judgement
- discuss the importance of regulation of the profession and ethical behaviour to a professional
- provide an informed view on the role and capacity for the development of the role of assurance practitioners in society, including its contribution to accountability processes in the modern, international business world.
13.1 Introduction
According to the International Framework for Assurance Engagements, an assurance engagement is “an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.”
In today’s complex business environment credible and trustworthy information is the lifeblood of an organisation (as it is for wider society). The information published by an organisation can be used to hold it accountable for its actions, but only if that information can be trusted. Public faith in institutions, from governments to corporations and the media, is eroding. Scandals, misinformation and widening economic inequality fuel cynicism. People increasingly doubt the information they receive and the motives of those in power. This lack of trust hinders cooperation, weakens social cohesion, and makes tackling complex challenges like climate change immensely difficult. Rebuilding trust requires transparency, accountability and a renewed commitment to the common good. This need for trust is where the concept of assurance comes in.
In other words, assurance engagement refers to a systematic process conducted by independent professionals to provide credibility and reliability to financial or other information of an organisation. The primary aim is to improve the quality of information for decision-makers and, in turn, to enhance investor confidence by ensuring that financial statements and other related information are accurate transparent, and in compliance with relevant regulations.
13.2 A brief history of assurance and auditing
In this chapter, when we refer to an audit, we mean the external audit or the statutory audit. In comparison, an internal audit ensures compliance and efficiency within an organisation, and it helps internal management of a business to get a clear picture of the financial status of the business and of whether compliance, efficiency and effectiveness permeate the business. Internal auditing is not covered in this chapter.
The concept of seeking verification of information boasts a rich history shaped by evolving needs and financial scandals. The office of external auditor and the practice of external auditing are of ancient origin. It first appeared when civilisations advanced to the point where a system of checks on a steward of funds was needed to confirm their honesty. The person whose duty it was to make such checks became known as the ‘auditor’, derived from the Latin ‘audire’, which means ‘to hear’.
The ancient Egyptians and the ancient Greeks used systems of check and countercheck between the financial officials. In Roman times, a trustworthy quaestor was appointed to verify expenditure, protect assets and ensure full collection of taxes. This concept was revived by King Henry I of England two and half thousand years later, when he appointed auditors to hear the accounts of the barons who ruled various areas and collected taxes on the King’s behalf. From the 1700s, during the Industrial Revolution, there was an increase in investors who wanted to put funds into a company but did not want to run the organisation and they needed audit reports to reassure them of the value of their investments. Hence there was always a substantial market demand for external audits. Every society which has developed systematic record-keeping has also produced some kind of accounts verification mechanism.
The demand for external auditing services grew rapidly in the last two decades of the nineteenth century and, as a result, the role of the auditor expanded substantially over time. By 1844, when the Joint Stock Companies Act was passed, this required that “Directors shall cause the Books of the Company to be balanced, and a full and fair Balance Sheet to be made up” as well as appointing auditors to check all transactions, although in the UK the auditors were not necessarily qualified and usually shareholders chosen by their fellow members. In India, auditors had to be formally qualified from 1866 but in most countries the market for audit services became more regulated after the major financial crisis between 1929 and 1931. By the mid-twentieth century, the focus of external auditing slowly shifted away from the prevention and detection of fraud towards an expression of an opinion on the credibility of available accounting information. Similar patterns have been followed in other jurisdictions dependent on the legal requirements in place for audit. In the US, the Securities and Exchange Commission (SEC) Act of 1934 required all SEC registrants to have their financial statements audited.
Bear in mind that all auditors today must be qualified chartered accountants (or qualified public accountants), but not all qualified chartered accountants are auditors. Qualified chartered accountants work in a variety of environments in practice (non-audit jobs such as consultancy, or non-assurance jobs such as tax advisory and bookkeeping) and in industry (for example, many CFOs and CEOs are chartered accountants).
In the early 2000s, the role of external auditors was brought into sharp focus with the collapse of Enron, one of the biggest companies on the US stock market. Their auditing firm, Arthur Andersen, was found to be complicit in falsifying records and hiding losses for Enron management. Eventually, lack of trust in the auditors led to the firm’s demise. More recent scandals which imply deficiencies in the statutory audit involve, among others, Carillion and Patisserie Valerie in the UK, and Wirecard in Germany.
Pause to reflect
Watch this video for a brief history of auditing.
- Do you think the audit is fit for purpose?
- Considering how it has developed over time, does it meet the needs of interested parties making decisions on the information provided by organisations?
- What public information would you like assurance of? Why is this important?
13.3 What do assurance providers do?
Assurance providers, of which professionally qualified auditors are the most common type, act as independent guardians of trust in the financial world. Their role goes beyond simply checking numbers; they provide a crucial layer of scrutiny that ensures the information that businesses present is reliable and can be trusted.
Pause to reflect
This scrutiny is in the hands of the audit profession, which is dominated by the Big 4 audit companies: PWC, Deloitte, KPMG and Ernst and Young. Watch these two videos to learn more about them:
- Who are the Big Four firms and what do they do?
- How a sleeper issue inside the Big Four accounting giants could topple the economy.
Consider the impact of the power the big audit firms hold over society.
- Do you think that the Big Four are now too large?
- Consider both the benefits and drawbacks that result from a market dominated by so few large organisations.
The core function of an assurance provider is to review an organisation‘s published information, internal controls or other processes. This review is not a cursory glance; it is a methodical process that involves focusing on key risk areas and gathering evidence to support the opinion they are giving.
Auditors first gain a deep understanding of the organisation’s operations, including its industry, risks and internal controls. This allows them to tailor their approach and identify potential areas of concern. Using their judgement, auditors assess the risks of material misstatement (which means errors or omissions big enough to influence decisions). This involves considering factors like the complexity of the business, the history of accounting issues and the prevalence of fraud. Based on the risk assessment, auditors design specific procedures to test the information. Procedures may involve reviewing documentation, performing calculations and conducting interviews. Through the designed procedures, auditors gather evidence to support the assertions being tested. This evidence can be physical documents, electronic records or management explanations. They need to gather sufficient and appropriate evidence to back up the assertion they are testing. After careful consideration of all the evidence gathered, auditors form an opinion on the information, controls or other process they have been asked to give their assurance of. All the above processes culminate in auditors providing a report or an opinion on the financial statements.
For more details on how to audit, watch the video ‘What is an Audit?’ from the IFAC.
Assurance providers rely heavily on a specific skillset to effectively execute their role. The following are three key skills for auditors:
Judgement: Auditing situations are rarely clear-cut. Auditors need strong judgement to assess risks, determine the nature and extent of testing procedures, and ultimately form an opinion on the information presented. This judgement is honed through experience and a deep understanding of accounting principles, accounting standards (for example, those of the IFRS), and auditing standards (for example, those of the International Standards on Auditing (ISA)).
Professional scepticism: Scepticism is vital. Auditors cannot simply assume the information they receive is accurate. They must be critical thinkers who question management assertions, investigate anomalies, challenge assumptions and look for hidden agendas. The exercise of professional scepticism helps auditors to ensure a thorough and unbiased review and leads them to always seek evidence to support their conclusions.
Ethics: Maintaining the highest ethical standards is paramount. Assurance providers are expected to follow a strict code of ethics that emphasises objectivity, independence, confidentiality and professional integrity. This ensures their work is unbiased and reliable, fostering trust in the information in which assurance is being given.
Pause to reflect
- What other skills do auditors need which enable interested parties to trust information?
- How could these skills be used in other ways to enhance trust and credibility in information published by organisations?
Example: An auditor refuses to overlook a material misstatement in an organisation’s financial statements, even when pressured by an organisation’s management to do so.
- What necessary skills of auditors are highlighted in this example?
13.4 Assurance vs audit
Two terms which are frequently misunderstood are the terms “assurance” and “audit”. Assurance is a broader term that encompasses various services that provide independent assessment and verification of information. An audit is a specific type of assurance engagement that involves an in-depth examination of an organisation’s financial statements.
Professor Chris Humphrey challenges these definitions. He argues that auditors could use their skills to “provide ‘original’ information as part of their role and linking the audit process very much to demonstrating and enhancing the resilience of companies”, thus assurance would be a subset of auditing.
Read the article Audit needs dynamic repair.
Pause to reflect
- Should auditors be producing information on organisation, not just assuring the information that is published in the financial statements? Why?
- Do they have the skills to do this?
- Is this something an interested party would pay for?
13.5 The information gap and agency theory
The need for assurance comes from the fact that those running an organisation and producing information are not the only interested parties. Shareholders provide funds, the government collects taxes and, increasingly, the public is interested in whether the organisation is ethical and environmentally responsible. These interested parties want assurance that the information being provided by the organisation is trustworthy.
Agency theory is a framework used in economics and business to analyse relationships between interested parties where the owners (the principal) delegate tasks or decision-making authority to the organisation’s management (the agent or the steward) to act on their behalf. Figure 13.1 shows the principal and the agent for the preparation of financial statements and how the auditor is appointed to add credibility.
When the running of an organisation is delegated to an agent (for example, to management), an inherent conflict of interest is created because the agent may not always prioritise the principal’s goals over their own.1 This inherent conflict of interest is often referred to as the principal–agent problem and can result in information asymmetry; the principal may not have complete information about the agent’s actions or capabilities and the chance arises for the agent to act opportunistically. In addition, the agent does not bear the full consequences of their actions, so may take excessive risks with the principal’s funds.
Agents recognise that principals will be more willing to believe performance reports if they are verified by an independent party such as an auditor. Independent auditors, armed with professional scepticism and a deep understanding, scrutinise the information to increase confidence and inspire the interested parties’ trust.
In the case of financial statements, the principals are the shareholders who appoint statutory auditors to provide an opinion on the statements which are prepared by management, acting as agents. However, the statutory auditors are paid for by the organisation, which immediately puts their independence in question: how can the assurance providers be independent of the organisations they are reporting on if they are being paid by them?
13.6 The challenge of independence
Balancing their independence with client satisfaction is a constant tightrope walk for the assurance profession. Several factors can jeopardise auditor independence; these threats are summarised in Figure 13.2.
Familiarity threat | The threat that building a long or close relationship with a client’s management can create a reluctance to challenge their decisions, potentially compromising professional scepticism |
---|---|
Self-review threat | The threat that an auditor will not appropriately evaluate or review the results of a judgement made previously by colleagues from the same firm |
Intimidation threat | The threat that an auditor will be deterred from acting objectively or raising concerns or reporting their true findings because of actual or perceived pressures, including attempts to exercise undue influence over the auditor |
Self-interest threat | The threat that a financial or other interest will inappropriately influence the auditor’s judgement or behaviour |
Management threat | The threat that an auditor will make management decisions or be perceived to be acting as a representative of management of a client |
Advocacy | The threat that an auditor will promote a client’s position to the point that the auditor’s objectivity is compromised |
Financial interest | When an assurance team member or their immediate family has a financial interest in a client |
To mitigate these challenges, the profession or its regulators implement several safeguards. Some examples include ethical codes establishing clear guidelines for statutory auditors to avoid conflicts and maintain objectivity. For more details on the Ethical Standard for Auditors, visit International Code of Ethics for Professional Accountants | Ethics Board. Public companies typically have independent audit committees that oversee the statutory audit process, acting as a buffer against management pressure. Further regulation governs how long partners can serve on various audits, the extent to which non-audit services can be sold to audit clients, and the degree of reliance on clients.
Read about mandatory audit firm rotation in this article Implementing mandatory audit firm rotation: Effects on audit and non-audit fees.
EY was recently fined in the UK for going beyond the 70% cap on non-audit services. Read the article: Sanctions against Ernst & Young LLP for more information.
Watch more on these challenges in the The consultancy conundrum.
In Europe, for example, audit engagement partners are prohibited from auditing the same listed company for more than five years, after which a five-year gap must follow. Providing certain non-audit services to listed audit clients or contingent fees for audit services is banned. Fees for non-audit services must not be greater than 70% of the audit fee. Receiving more than 10% of total audit office income from a listed audit client (15% for non-listed clients) is not allowed. Additionally, some jurisdictions mandate audit rotation to prevent auditors from becoming too familiar with a client, thereby reducing the risk of compromised objectivity.
Maintaining the perception of independence can be even harder than achieving it in reality. It is a constant balancing act, requiring auditors to navigate complex relationships and demonstrate their unwavering commitment to the highest level of professional integrity. They must be independent and be seen to be independent.
Pause to reflect
- Consider why it is important for auditors to both be independent and be seen to be independent.
- What key characteristics must assurance providers have so that they can be trusted to be independent, even if they are being paid by the organisations they are reporting on?
- Can you think of examples for each of the threats to auditor’s independence listed in Figure 13.2?
13.7 What information can organisations get assurance over?
While the statutory audit of financial statements is the most common type of assurance (see Section 13.8 for more details), auditors are increasingly being approached to inspire confidence and reduce risk on a wide range of other information, controls and processes. A statutory audit legally requires auditors to provide reasonable assurance. This means they express a written opinion (the auditor’s report) on whether financial statements are ‘true and fair’ or not.
Other assurance engagements might provide limited assurance with a negative expression that nothing has come to the attention of the assurance provider that the information is not true. Limited assurance is sometimes sought for information such as modern-day slavery statements, sustainability reporting and carbon assurance.
Pause to reflect
More details on limited and reasonable assurance can be found here.
- Is limited assurance worthwhile?
- Does an assurance provider saying ‘nothing has come to the attention of the assurance provider that the information is not true’ inspire much confidence for the principal who commissioned the auditor?
- Is reasonable assurance what is needed? Or a higher level of assurance? Or complete assurance?
- As an interested party of an organisation, what assurance wording would you like to see used?
13.8 Carbon assurance
The UK has been a leading jurisdiction on the reporting of climate risks. The Companies Act Regulations 2013 calls for corporate disclosure of the ‘annual quantity of emissions in tons of carbon dioxide equivalent from activities for which that company is responsible’ (Article 465) (that is, mainly numerical information). The Streamlined Energy and Carbon Reporting framework also required large UK companies to disclose their energy use, carbon emissions and greenhouse gas outputs from 2019. As a result, since then, there has been a tendency by companies to convey more numerical content in the sustainability reports.2
The Task Force on Climate-Related Financial Disclosures (TCFD) report (2017) further recommends ‘disclosing clear, comparable and consistent information about the risks and opportunities presented by climate change. Their widespread adoption will ensure that the effects of climate change become routinely considered in business and investment decisions. Adoption of these recommendations will also help companies better demonstrate responsibility and foresight in their consideration of climate issues.’3 The 2020 HM Treasury interim report recommended the TCFD-aligned climate disclosures, which was later enforced by the Financial Conduct Authority (FCA).
Climate-related risk disclosures can form a part of companies’ non-financial disclosure, as well as being made within the financial report. Across the world many organisations must include carbon emissions disclosures but the assurance of these disclosures is usually voluntary. Whether to assure is at the discretion of the company; so why would companies seek assurance of carbon emissions disclosures? Companies will likely use assurance in response to the increasing pressure from stakeholders for verified carbon-related information, to enhance the credibility of their carbon disclosures, and/or to construct their legitimacy.4
Carbon legitimacy refers to the public perception of a company’s environmental practices, specifically in relation to its carbon footprint and emissions reduction efforts. In essence, it’s the degree to which a company is seen as credible and trustworthy in its claims about its environmental sustainability.
Firms subject to higher carbon risks, such as energy firms, therefore are likely to voluntarily seek carbon assurance.5 In fact, ‘the presence of greater situational incentives renders supporting information value relevant only when combined with independent assurance’.6 This is particularly important because voluntary carbon disclosure can significantly enhance companies’ carbon legitimacy.7
Assurance engagements are generally based on the carbon information disclosed in the stand-alone sustainability reports or in parts of annual reports. Sometimes a financial auditor might complete this work, but the standards are what is known as profession agnostic, which means that carbon assurance does not need to be undertaken by a qualified auditor. Often consultancy or engineering firms undertake this work. Whether this work is predominantly carried out by professional accountants or others varies by jurisdiction. For more information see the IFAC report mapping the state of play for sustainability assurance.
Scope 1 refers to the direct emissions from companies’ owned/controlled sources. Scope 2 encompasses the indirect emissions from consuming purchased electricity, heat, and/or steam. Scope 3 includes the other indirect emissions, such as waste disposal, transportation and outsources activities, which can significantly differ between companies.8
Carbon assurance is often sought over the disclosure of emissions which the Greenhouse Gas Protocol describe as scope 1, 2 or 3.
Scope 1 and 2 emissions are easier to provide assurance over as they are direct and indirect emissions for an organisation and so can be easily verified. Scope 3 are harder to gain assurance over as they are hard to trace and based on disclosures from suppliers to the organisation, yet these emissions generally constitute about ‘70% of businesses’ carbon footprint.9 It is not yet mandatory to have assurance over carbon disclosures worldwide, although there are legislator moves in the US and the EU to put this in place.
For a comparison of assurance requirements see this KPMG article: Limited vs reasonable assurance.
Whether voluntary or mandatory, existing literature highlights the potential positive impact of assurance on carbon accounting quality, as well as emissions (for example, Berg et al., 2024; Rohani et al., 2023). Carbon assurance enhances value by reducing transaction costs and addressing the carbon knowledge gap among interested parties.10
Pause to reflect
Undertake your own research and expand your perspective by reflecting on the following questions:
- Why should companies seek reasonable assurance considering the additional costs companies will encounter?
- Should all types of businesses seek reasonable carbon assurance?
- What changes are needed to encourage organisations to seek legitimacy of their carbon claims?
- Which entities are best suited to embrace the change?
While carbon assurance can mitigate the risks of greenwashing and unchecked environmental, social and governance (ESG) claims, assurance is not yet mandatory in all countries although the implementation of the International Auditing Standard Board’s (ISSA5000); the European Sustainability Reporting Standards are expected to accelerate national assurance requirements. In a world where climate reporting is not trusted by the public, this could be a way to restore confidence in the environmental credentials organisations claim.
13.9 The statutory audit
An organisation’s annual report, including its financial statements, is used to tell the story of its financial health, social standing, moral position and future prospects. This report is also known as the financial statement, which, among other details, paints a picture of the financial, environmental and social sustainability of an organisation. Interested parties use the annual report and the financial statements to make informed decisions on where to invest, which organisations to lend or grant funds to, whether to accept employment, or if they should become a customer.
The expectation gap
As with every story, there are different ways it can be told and the judgements and estimations used in creating the information can vary considerably, even when the information is financial statements that follow reporting standards. Auditors can therefore be engaged to inspire confidence and trust in the financial statements and reduce the risk of errors. The role of the statutory auditor in creating this trust has evolved over time and there is a clear expectation gap between what the responsibilities of the statutory auditors are and what the public think they do.
Certain types of business organisations are required by law to undergo a statutory audit of their financial statements, for example, all limited companies (with the exemption for ‘small’ or dormant companies). The exact nature of the organisations that are required by law to be audited will vary across jurisdictions. Other organisations may choose to undergo an audit, for example, sole traders and partnerships, ‘small’ companies, clubs and charities.
The most widely misunderstood of these is fraud. Statutory auditors are not directly responsible for preventing or detecting fraud (this falls to the organisation’s directors); their work should be expected to uncover material misstatements caused by fraud or error. A material misstatement is an item which is incorrect by such a degree that it may influence the economic and investment decisions of users. Statutory auditors insist that any material misstatements found must be corrected by the organisation if they want the auditors to provide an opinion on the final version of the financial accounts, which states that they are true and fair. The mistakes found by the auditors are often not publicly available.
Another expectation gap is that the public assumes a positive opinion reflects that the organisation will continue into the long-term future and that the organisation would be a good investment or that they act ethically. The opinion of statutory auditors, however, focuses on the organisation’s ability to continue as a going concern for the foreseeable future (typically 12 months), not on the organisation’s long-term potential or their ethical conduct.
Pause to reflect
- Are these responsibilities appropriate for modern-day statutory auditors?
- Should the auditors be responsible for fraud?
- Should they be looking for all errors, not just material ones?
- Should they be able to form an opinion beyond 12 months?
- Should they be making ethical judgements? Or considerations of the abilities of management in running the organisation?
- What alternatives would you suggest?
Audit risk
The final common misunderstanding is that auditors test everything. Auditors generally will complete a risk-based audit in which they focus on the elements of the accounts that have a higher risk of being materially misstated and test only a sample of transactions. They focus on minimising their audit risk: the possibility that an auditor issues an inappropriate audit opinion when the financial statements are materially misstated. In simpler terms, audit risk is the risk of the auditor signing off on financial statements that contain significant errors. There are three main components: inherent risk (this risk of errors in the organisation’s environment), control risk (the risk that the organisation does not have adequate systems in place to prevent, detect or correct errors), and detection risk (the risk that the statutory auditor misses the risk). The goal of the auditor is to reduce audit risk to an acceptably low level.
Pause to reflect
Look at some audit reports in financial statements.
Download two sets of financial statements from the website of organisations you are interested in and read the audit report.
Use this guide: Understanding audit reports
- What do the reports have in common? What is different about them?
- What risks are identified?
- Search for ‘auditors’ remuneration’ or ‘audit fees’ in the financial statements. How much were the auditors paid for their report?
- Listed companies do not usually receive qualified audit opinions. Why might this be the case?
The regulation of the profession
The regulation of the statutory audit profession aims to ensure credibility, independence and high-quality audits. The summary below summarises the key role-players.
Regulatory bodies |
These bodies oversee the profession, setting standards and enforcing compliance. Examples include the Financial Reporting Council (FRC) in the UK, the Public Company Accounting Oversight Board (PCAOB) in the US. A list of European Auditing Oversight bodies can be found here. In Australia and New Zealand the Accounting Professional and Ethical Standards Board (APESB) oversees the accounting profession. |
---|---|
Professional bodies |
There are many professional bodies who can license, register and monitor auditors. For example, the Institute of Chartered Accountants in England and Wales (ICAEW) in the UK and Institut der Wirtschaftsprufer in Deutschland in Germany. Many of these are members of IFAC. |
Audit standards |
These are detailed guidelines for conducting audits, ensuring consistency and quality across engagements. The International Standards on Auditing (ISA) issued by the International Auditing and Assurance Board (IAASB) serve as a global benchmark. |
Auditor qualification and licensing |
Aspiring auditors must meet specific educational and experience requirements to be licensed or registered before practicing. |
Independence rules |
Regulations aim to prevent conflicts of interest by restricting the types of non-audit services auditors can provide to their audit clients. The FRC’s Ethical Standard for Auditors, which includes the independence rules, can be found here. The APESB ethical standards can be found here. |
Quality control reviews |
Regulatory bodies, such as the FRC in the UK, periodically review audit firms’ internal quality control procedures to ensure they comply with standards and are effective in identifying and addressing audit risks. These reports are available publicly here. |
Enforcement actions |
In cases of non-compliance or audit failures, regulatory bodies can impose disciplinary action on auditors or audit firms, ranging from fines to suspension or revocation of licences. Decisions are normally made public. See for example, the Australian Companies Auditors Disciplinary Board and the UK FRC enforcement cases. |
Overall, audit regulation is a multifaceted approach designed to protect the integrity of financial reporting and maintain public trust in the audit profession.
Pause to reflect
Locate a recent auditing scandal. You can find the latest auditing news on the Accountancy Age website.
- What organisation was involved in the scandal, and what industry does it operate in?
- Who was the auditing firm responsible for the organisation’s audit?
- What type of financial irregularities were identified? Were there any accounting red flags missed by the auditors?
- What were the potential causes and consequences of the scandal?
- What does this scandal tell us about how auditors need to change or was it a one off?
- Do future corporate executives, managers, auditors and accounting professionals receive adequate ethical training and as rigorous as it is expected by society?
- Is a more thorough evaluation and critical review of governance structures required?
Review and reform
Audit failure typically triggers regulatory review. This has been the case in recent years in both the UK, in response to a series of high-profile audit failures, and also in Germany following the failure of Wirecard. In particular, the late 2010s saw a plethora of reviews (such as Kingman, Brydon and the BEIS Select Committee) in the UK surrounding the purpose and role of audit. Despite these inquiries the core objectives of audits have not changed significantly in over a century. Visit this page for an audit reforms timeline since 2018.
Pause to reflect
This report outlines some of the problems identified in the UK: Company audits: issues and proposed reforms.
The 2019 Brydon report in the UK proposed major reforms to the audit market to restore trust in the system, which you can read more about.
Consider the proposals suggested by the report, do you think they would help improve the image of statutory auditing? How might organisations react? Would professional auditors be in favour of the reforms? Are they still relevant?
In in July 2024, a draft audit reform and corporate governance bill was proposed in the King’s Speech, rekindling hope for meaningful reform. What do you think should happen in the profession?
13.10 Emerging trends in audit and assurance
The world of auditing may need to undergo a significant transformation. Two major changes are technology-powered insights and ESG integration. Traditional audits relied heavily on manual data analysis. Today, cutting-edge technologies such as large language models (LLMs) are changing the game. These AI-powered tools can analyse vast amounts of financial data, identify anomalies and uncover hidden patterns. This might even lead to continuous auditing where 100% of specific transactions are reviewed for a period, making audits less predictable for organisations and potentially more effective. As ESG factors become increasingly important, auditors are playing a bigger role in verifying these metrics. For example, auditors may need to audit a loan agreement where a company’s gender pay gap is a key performance indicator (KPI) for maintaining the loan, and thus they will need to confirm the data used to calculate the gender pay gap.
The future of auditing is an evolving landscape and promises to be a fascinating blend of technology, expanded focus and a renewed emphasis on social impact. Overregulation may not be the answer.
New technology could lead to continuous real-time insights and potentially prevent major financial reporting issues. This could help auditors to provide more insightful and value-added services to their clients and identify possible fraud and other irregularities. Blockchain technology can enable auditors to verify the accuracy and authenticity of client transactions and ensure that the client blockchain-based systems work securely and effectively. Complex financial data could be presented visually through interactive dashboards, allowing auditors to identify trends and anomalies much faster. In the future auditors will need to be highly competent in a range of technology tools and techniques and be able to apply them effectively to audit engagements.
The focus of audit might also be shifted to sustainability assurance as explored in Section 13.8 or cybersecurity preparedness and controls. Auditors could also assist government agencies in uncovering fraud and waste, promoting better use of public funds. This increased scope will mean more auditors are needed and there is a growing audit talent gap and a shortage of students and qualified professionals to fill key roles.
Pause to reflect
Think beyond the Big Four and unleash your creativity. How can audit skills be used to make a positive impact on society in the future? Here are some prompts to get you started:
- Auditing sustainability practices: Imagine auditors verifying an organisation’s commitment to sustainable sourcing or responsible waste management.
- Financial wellness audits for individuals: Could auditors help individuals assess their financial health and develop strategies for long-term well-being?
- Auditing the gig economy: With the rise of freelance work, how could auditors ensure fair pay and worker protections in the gig economy?
The future of auditing is wide open. By embracing technology, expanding the scope of audits and focusing on social impact, auditors can play a vital role in building a more transparent, sustainable and equitable future, but only if they act now to restore themselves as trusted advisors.
13.11 Summary
- Assurance engagements enable users to place a degree of confidence in information presented to them by organisations.
- Audit and assurance requirements are outlined by regulations which specify the types of organisations that must be audited. This varies across jurisdictions.
- Auditing requires work to identify key risks and to obtain sufficient evidence to provide an ‘opinion’. This work is undertaken by members of professional bodies who are appropriately qualified and regulated.
- As professional accountants, auditors must adhere to a code of ethics and manage any threats to independence.
- Assurance of carbon reporting is increasingly required.
Further reading
ICAEW Audit futures. Thinking differently is audit.
KPMG clarity on the future of audit.
Humprey, C., O’Dwyer, B., & Martinoff, M., (2024). Escaping ‘Groundhog Day’: the transformative possibilities of reconceptualising audit. Accounting and Business Research, 2024.
Latest auditing news at Accountancy Age.
References
- Basioudis, I., Cuellar-Fernández, B. and Garcia Lacalle, J. (2024). Implementing mandatory audit firm rotation: Effects on audit and non-audit fees. Revista de contabilidad, 27(1), 174–192.
- Basioudis, I. G. (2022). Editorial: Special issue on the future of audit—A collection of personal reflections. International Journal of Auditing, 26(1), 1–3.
- Berg, F., Oliver Huidobro, J., Rigobon, R. (2024). On the Importance of Assurance in Carbon Accounting.
- Datt, R., Luo, L., Tang, Q., and Mallik, G. (2018). An international study of determinants of voluntary carbon assurance. Journal of International Accounting Research, 17(3), 1–20.
- Fan, H., Tang, Q., and Pan, L. (2021). An international study of carbon information asymmetry and independent carbon assurance. The British Accounting Review, 53, 100971.
- Gipper, B., Sequeira, F., and Shi, S. (2023). Carbon Accounting Quality: Measurement and the Role of Assurance. SSRN 4627783.
- HM Treasury. (2020). Interim report of the UK’s joint government-regulator TCFD taskforce (2020).
- Hummel, K. and Rotzel, P. (2019). Mandating the sustainability disclosure in annual reports evidence from the United Kingdom. Schmalenbach Business Review, 71(2), 205–247.
- Humphrey, C., Sonnerfeldt, A., Komori, N., and Curtis, E. (2021). Audit and the pursuit of dynamic repair. European Accounting Review, 30(3), 445–471.
- Mitnick, B. M. (1975). The Theory of Agency: A Framework. In B. M. Mitnick, The Theory of Agency. Cambridge University Press.
- Rohani, A., and Jabbour, M. (2024). Carbon legitimacy in UK companies: Actions or words?. Journal of Applied Accounting Research, 5(2), 298–324.
- Rohani, A., Jabbour, M., and Aliyu, S. (2023). Corporate incentives for obtaining higher level of carbon assurance: Seeking legitimacy or improving performance? Journal of Applied Accounting Research, 24(4), 701–725.
- Task Force on Climate-Related Financial Disclosures. (2017).
- The Streamlined Energy and Carbon Reporting Framework. (2019).
- Toms, S. (2019). Financial scandals: A historical overview. Accounting and Business Research, 49(5), 477–499.