- The Brydon Review in the UK has brought a new energy to the debate on the future of audit
- How are auditors covering what the public expects: to provide insights and integrity in so many areas?
- What if the financial statement audit were one module, accompanied by other modules?
There has been much discussion internationally and in Australia and New Zealand about what new areas auditors could or should provide insights and integrity on: more on business risk, cyber security, organisational culture, climate change - to name a few. But how can this all fit together in a way that makes sense and doesn't exacerbate the confusion around what auditors do?
Modular design, or "modularity in design," is an approach that subdivides a system into smaller parts called modules (or skids), that can be independently created and then used in different systems. We think this is a useful starting point
The Brydon Review just kicking off in the UK has brought a new energy to the debate on the future of audit. CA ANZ's President Stephen Walker recently met with Sir Donald himself to talk about what this involves and how we can contribute. Following a raft of other enquiries last year in the UK, debate in the UK has landed firmly on the question of how audit is covering what the public expect and how it could evolve. At the same time, technology is opening the opportunity to revisit areas that have previously have been in the too hard basket. Fraud risks - whether material to the financials or not - cyber security, effectiveness of controls, and many non-financial indicators are ripe for this conversation.
"A modular design approach could offer many advantages… Rather than lumping everything into a creeping scope around the financial statement audit which deserves its own attention and emphasis."
We think it’s important to cover how this would all fit together from the outset so it's workable for auditors, companies, and of course understandable by the community. A modular design approach could offer many advantages. The financial statement audit remains vital in capital markets - what if this were one module, accompanied by other modules? For instance, controls attestation, cyber, perhaps in some cases a deeper dive on going concern as was recently proposed in the UK? Rather than lumping everything into a creeping scope around the financial statement audit which deserves its own attention and emphasis.
This would provide the advantage of also giving due prominence to the different aspects that auditors are providing insights on. With the rapid development of extended external reporting and integrated approaches to assurance, it also means that you could have the separate pieces brought together to give stakeholders a broad view on the assurance across the organisation and what it means (or doesn't mean) when it comes to risk and their decisions.
Another advantage is in allowing for the application of different modules in different situations. For instance, different sectors subject to different risks or varying scale could be catered for without auditing standards becoming overly convoluted to deal with specific issues. The current auditing and assurance framework and standards are largely compatible with this type of modular approach
However, modular thinking may take some change. Notably, moving away from a strictly purist view of the word "audit", only ever referring to a financial statement audit. The public and many expert stakeholders tend to see this word as implying all the things assurance involves, beyond the financials. So a modular approach might offer an opportunity to bridge the gap in language - a small but meaningful step on the road to bridging the expectation gap.