Jenny Faulkner: Welcome to this episode of The Mercia of Podcast. Within this session, we are going to be talking about audit quality and monitoring reviews. My name's Jenny Faulkner. I'm head of audit accounts and compliance at Mercia Group. I'm joined today with my colleague and friend, gem Racha. Gemma, do you want to introduce yourself? 

Gemma Archer: Yeah. Hi Jenny. Yeah, so my name's Jim Racha and I'm a senior manager in the a NA and compliance team here at Mercia. And I have responsibility for file reviews.  

Jenny Faulkner: Absolutely. And you. As part of your role, Gemma, you are out there doing the file reviews and also making sure that that file review service is technically up to date. 

The team members are skilled appropriately that we're always grading consistently. That's part of your role, isn't it?  

Gemma Archer: Yes. Yes. As well as sort of looking across what are we actually finding on those file reviews and how are we responding to changes in the audit landscape as well? So lots to be thinking about in particular at the moment. 

So. Absolutely.  

Jenny Faulkner: Absolutely. So let's get into some of the nitty gritty early on. I know that you've been recently undertaking the internal quality control mechanism that we have within our business which basically looks at the gradings that we've given within our file reviews and is checking for consistency. 

Against our own grading structure and ensuring then that our clients are receiving the appropriate gradings in accordance with that structure. What be your findings?  

Gemma Archer: Yeah, so, well, I'm pleased to say that as a, you know, generally speaking we perform quite well as a team and I think that's testament to the way that as a team we communicate throughout the year and we train our people and we make sure that people are getting the right training experiences at the right time. 

 In terms of sort of, I suppose, gradings, we tend to skew that a little bit towards the lower end of the grading. So we tend to look at perhaps those files which are a little bit more marginal when it comes to grades because we're sort of comfortable generally speaking that if. If a firm is, is getting a B grade, the reviewer knows that that is a B grade. 

You know, you're quite happy giving that. And of course we have all of our D grades that we give peer reviewed anyway. So really it just gives sort of, there's that bit in the middle for our sea, right? That can be a little bit more marginal. I think what was interesting was, as I was reading those reports was I did see quite common points coming up again and again. 

And really that's my opportunity to sort of see what are the team, you know, what are the team coming up with? Because as reviewers, yes, there may be occasions where we work, you know. With sort of two or more reviewers in a team at once on a set of reviews. But quite often we are working on our own. So, as somebody who does file reviews myself, it was quite nice to go. 

Oh yeah. Okay. So everyone is actually always raising points on systems and controls. For example, the IT environment or fraud and and error and how that's addressed on file. So it was quite an interesting, exercise to undertake and just get that sort of feedback from the team on. Actually, yes, we are all on the same page and we do see a lot of the same issues cropping up again and again. 

Jenny Faulkner: Yeah. I think having undertaken the role that you've just done myself for a number of years it's quite interesting to see how things have evolved, but how certain things and certain problems are perhaps quite long standing as well. So I think, you know, I've been in. Many people know I've been in Mercia for over 14 years, and I think it's fair to say there's a few issues on file reviews that have perhaps been there for around 14 years or longer. 

So it is really, really important that. We get this information out to our clients, isn't it? Because what we don't like to see, and what regulators really don't like to see is reoccurring issues. So we want to see our clients improve. We want to see them get rid of the issues that they're having. We can absolutely help with that. So our file review team, when we're out there, we are there to help. And actually that's one of the key benefits when I talk to clients about having the face-to-face visit. I mean, obviously if we're doing an electronic one, we're still talking. We're quite often still doing A teams call at debrief at the end. 

But if you are on site, you do get a little bit more time to be with the reviewer, bit of a better understanding as to not only what the issues were, but in essence the recommendations and what you can do to improve your files, or perhaps even from a quality management perspective, you know, improve the whole process of the audit monitoring. 

And that, that's really, really important for me in my role at Merc, is making sure that. The team are able to support our clients. So what do they need? And obviously, you know, as a training provider as well, we can offer support in areas that firms have struggled with. So let's understand. What would you say are the, the common issues that have come out of the most recent ME reviews? 

So,  

Gemma Archer: I think in line with sort of, I suppose in some respects the direction of travel in terms of changes in the ices and we obviously always focus on changes in regulations and, and the like. Group audits did crop up quite often and it was interesting because actually. Because of, of trying to sort of get a wide cross section of, of files. 

Obviously not every file I reviewed was a group audit. But certainly those where there were group audits being undertaken on the files reviewed, we did sort of see, well actually. The, there were problems in how people had approached their group audit. So a lot of that is happening. Those issues are happening at planning. 

So whilst when we get to the field work stage, there's often work being done on individual components and the like. What we were finding was that there wasn't really appropriate. Evidence of scoping determining under the old ISIS 600, which of those components were significant? Obviously going forward, that's all sort of fallen away and we are just more looking at the perspective of okay, here's a financial line item. 

In which components do we need to focus on that com on that financial statement line item? So there was, there was that sort of thing. There was also in some cases a lack of clarity over the work that needed to be performed on the group financial statements. So some files would have some very detailed work on the consolidation and pulling all of those findings together. 

Others didn't have very much at all. You might have the consolidation workings appearing on the file, but not a lot of narrative around them, just out of interest.  

Jenny Faulkner: Do you think that's because the auditors are involved in preparing the consolidation? Do you think there's the, there's a, a correlation between the two? 

Gemma Archer: I think there is a correlation between the two. Certainly discussions I've had with my clients when I've raised comments of this kind have been, oh, well, yeah, we've, we've pulled the consolidation together for them, or we've put it into, you know, CaseWare, Iris Digital to put, to pull the accounts together. 

So how can we show on the audit file. What we've actually done, well, they're actually two separate services. One's essentially accounts preparation and the other is the audit work. And you do need to make sure that you've done the audit work. And so that does mean looking. Those adjustments.  

Jenny Faulkner: Yeah, absolutely. 

And I suppose it's just worth reminding firms if you are doing those types of non-audit services and really making sure your ethical threats and safeguards are appropriately dealt with. 'cause from my perspective, we see that fall down a little bit in those types of scenarios, don't we? Absolutely.  

Gemma Archer: And. 
 

Can, it can be a real challenge for firms because often and I've even had discussions with sort of firms in our sort of larger client base about this, is that often consolidations will be done by people who are part of the audit team. Perhaps not part of the accounts preparation team because of differences in experience and workload, et cetera. 

So, it's really, really important to just take a step back if you're doing that kind of work and just thinking about do we have firstly sufficient independence to be able to do this? And also have we actually then done the right audit work and documented that audit work because I'm sure in a lot of cases the audit work has been done. 

But not documented. And as we know in audit, if it's not documented, it's not done.  

Jenny Faulkner: You  
 

Gemma Archer: just took the words out  

Jenny Faulkner: of my mouth, obviously, thinking along the same lines. Yeah, I mean, it's that time of when I started by saying, I'm sure the issues are still there. 14 years on the issues may have changed, but actually the underlying substance hasn't because what is. 

Often the problem is lack of documentation. Yeah. Yeah. And that's quite, that's always interesting. I would think from a, a Mercia, a grading perspective as well. You know, have we understood whether something's been done but not documented or has it not just been done? And that can often sort of lead between potentially a, a C grade or a D degrade, I would say. 

Mm-hmm. Absolutely.  

Gemma Archer: You know, things aren't, aren't black and white in what we, they're not black and white in audit, so they're certainly not black and white in audit quality reviews either. You know, there are it is for want of a better phrase, 50 shades of gray. And we want to be able to sort of make sure that we are seeing all of those shades of gray and that we are applying, you know, the right judgment in the right circumstances. 

Mm.  

Jenny Faulkner: And so obviously that will, you know, group audits are a problem, I suppose, because of the revisions to ISIS 600. The lens has a bit more focus at the moment around those areas. I think it'd be fair to say we haven't seen huge amounts under the revised standard. So. You know, this is really a case of people weren't doing it particularly well under the old standard. 

We're trying to draw out issues that may become more prevalent under the new standard, under that revised standard. Yeah. Yeah. Yeah. But groups don't affect everyone. So perhaps we could talk around some of the issues that we see in relation to perhaps more standalone audits.  

Gemma Archer: Yeah, certainly. So, one which crops up again and again is. 

Work around going concern. And I think here, what's, what's quite important for firms to think about is your risk assessment at the very start of the audit. Because quite often, even now, I think. I think with changes certainly that we've made to our methodology and encouraging firms to think about it at planning field work and completion, we are sort of trying to drive that. 

But I think there is still a little bit of a mentality out there about how going concern is the thing that you think about at the end of the audit and you don't really need to think about it beforehand. And actually if you. If you think about it at the planning stage and really properly risk assess that area and think about, well, what factors are coming up? 

You can actually then show how you've. You've driven the work that you've done and why you've done the work that you've done, and perhaps in some cases not done the work that the reviewer might otherwise expect you to have done. Because you've dealt with a risk assessment because certainly I've had conversations over the past year with firms where I've said you haven't really. 

Documented very much on your going concern review at all. And they've said, well, because we know it's a going concern. And I said, well, I can see that from looking at the accounts and you know, all of what's on the file. But again, if you'd risk assessed that to start with, then you probably could have done minimal amounts of work to meet the IA requirements rather than sort of pulling together something that doesn't really sit within. 

It sort of just sits by itself really. Whereas actually we want to be thinking about that in a,  

Jenny Faulkner: in a broader context. And I think, you know absolutely right, getting that risk assessment done is imperative not just because of it's requirement in the standards, but actually what. I find disappointing when I pick up files is where there is a degree of uncertainty or, you know, a little bit of risk there around going concern and almost the fact that it's left till the last minute when, let's be honest. 

Budgets start to come into mind, and I'm thinking here, the audit budget rather than the budget of the entity that's being audited. Because time's running out, we're on the clock. The, you know, we wanna make a profit and this is an area that sometimes falls out. What also I think can be a contributory factor is the fact that the partner may sort of say, oh, I'll do it as a tidy up exercise at the end. 

And then it perhaps. Doesn't get documented can be a problem, but it, for me, it's it's skepticism and it's the bit bound assumptions and thinking about, well, what assumptions have been used in this cashflow forecast, in this budget? Are they reasonable? Do we need to do sensitivity analysis? 

And it's, I think, still quite rare that we find really, really robust going concern work. Yeah. And I think that's still a problem for the profession.  

Gemma Archer: Yeah, it definitely is. And I think the other thing that we see a lot on files is firstly quite a rigid structure to going concern. So a lot of firms in response to quality findings have sort of. 

Either built themselves or developed over time sort of template, working papers to sort of take their teams through a process. But quite often that means that if you've got something that's a little bit more unusual or a factor outside of sort of the standard sorts of things that you think about that might affect going concern that sometimes doesn't get picked up. 

And then also we've still got this. Sort of. Approach whereby often firms are documenting as if they are doing the Going concern review, when actually the assessment, the review is actually the responsibility of management and the audit team are reviewing it to test those underlying assumptions to see if that's reasonable. 

So there's quite a lot going on in that one particular area.  

Jenny Faulkner: I, I smiled at that point, JMA, because in my head I went, Judi, how many times have I reviewed a file where a letter of support has been used in a sort of group scenario and the letter of support is addressed to the auditors. Rather than to the directors of the company who should be the ones who are assessing going concern, and therefore it should have been the directors who have gone and asked for the letter of support, letter of comfort, whatever we want to sort of refer to that as. 

So I think, yeah, it's a, it is a very, very valid point. And certainly. At that as a bit smaller end of the market, perhaps something that we see more frequently. I think as we're dealing with some of our bigger clients, they do tend to be perhaps slightly more in tune to going concern.  

Gemma Archer: Yeah. 
 

Jenny Faulkner: Brilliant. Okay. What about other areas then? So systems  

Gemma Archer: and controls is an area that crops up again and again for some reason, auditors, we aren't very good at it. I know I can think of when I was in practice probably not being that good at it myself. And the conversations I have with firms are, you know, it's a bit, it can be a bit of a time drain, I think, and often firms don't really see the value in it. 

It is a really important part of ISA 3 1 5 because it drives, again, drives your risk assessment. So it's about understanding how do your transactions get initiated, how do they get processed, how do they get recorded and eventually reported in the financial statements, but whereas I think most firms have now kind of got that. 

Bit of it covered. It's very rare that I see a file now that doesn't have systems notes on it, which was a fairly regular occurrence when I first started at Merc. I think now we sort of now need to sort of evolve that into, well, what is it that the standard really wants us to be doing with those systems notes? 

And that's when it starts to link into the identification of controls, but not just, well, what are the controls in this process? And let's walk that process through from start to finish and, and see. But actually. Making sure that we've identified our risks for our audit work, and in doing so, have identified what are the controls that can help us or are designed essentially to mitigate those risks. 

So if you know, for example, that you've got a risk in relation to completeness of income, that's where your sort of fraud risk on your revenue recognition sits is with the completeness assertion. Then what is the control within that sales cycle that ensures that income is complete and that's the bit that you need to be doing your design and implementation work on. 

And often we see sort of. Basically risks getting missed from that assessment. And we see things like journals not being addressed as part of that. So really just being comfortable as a, as an audit team as to what do I need to actually identify in terms of controls. And that's a conversation I'm having again and again with firms. 

Jenny Faulkner: And you know, obviously with ISA 3 1 5 really that standard just tried to improve what was already there. And I think that's been helpful. It has made firms reassess what work's been done. So we have seen a genuine improvement, but there are still holes. That's what we're saying really. And I was listening to, an institute webinar yesterday or recently, I should say sort of around their monitoring visits. And they were talking around risk assessment as well. And one of the areas that really resonated with me was the fact that I think sometimes. Firms if they're dealing with quite small, perhaps not very complicated businesses just assume that they don't have complicated systems, and this is really, really relevant when you. 

You're dealing, or you know, firms are dealing with the audit of subsidiaries, of larger groups because what you often see is the same system being used. And if you take something like SAP, then that is a very, very complicated system that needs to be understood, and that is often very, very poorly. Done or almost. 

Overlooked. And there's a comment back to, oh, well the group auditor have looked at this, who's, you know, one of the big four or something like that. And it's really quite inappropriate. And for me, that's still a worrying area.  

Gemma Archer: I, I agree. And I think with, I think the it element of this has become. Quite challenging, as we say, for particularly for smaller firms with smaller clients that sort of fall into that more complex category. 

 I do often see considerations around it at the sort of overarching level, but I think sometimes the fundamental question of, well, how complex is this? IT environment isn't really being answered on the file. So we might see lots of information about access controls around antivirus, around cybersecurity, which are all. 

You know, good and important, you know, for our risk assessment. But when it comes to the crunch in terms of essentially how complex is the environment, that data that ends up in our financial statements is passing through, that's the bit that's not really always being answered. And really that should be coming out through the systems notes at a sort of transactional level. 

But I'm not sure that it always is. So yeah it's a really interesting area and I'm not sure I have the answer to it actually, which. Probably a bit frustrating for our listeners in a sense, but  

Jenny Faulkner: Yeah. Well, I, I think it's good to know that we, you know, that the answers aren't always clear. Going back to things aren't black and white, audit is gray. 

Gosh, that makes it sound boring as well. I don't mean gray in that sense, obviously, I find it thoroughly interesting. It's, it's, it's my passion at the end of the day. One thing that, that I did want to just pick your brains on a little bit is obviously we had the revisions twice at 3, 1 5 at the same time. 

We had revisions twice at two 40. Was there anything in particular that came out of the quality control reviews that you were doing recently?  

Gemma Archer: So I touched on this and I think the ICAW mentioned this in their monitoring report as well, which is around fraud risk assessment. And what we come across quite often when we are doing file reviews is, issues where there are perhaps different groups in terms of management and those charged with governance. Management obviously are the people that the auditors are dealing with on a day-to-day basis. And in many SMEs, they're also the people that are charged with governance. So from a fraud perspective, your conversations are quite easy, but increasingly we are raising comments around. 

Problems with documenting that you've actually had appropriate conversations with those charged with governance regarding fraud and making sure that actually the. Different questions that you should be asking have been asked to the right people. Often firms will simply talk to whoever their contact for the audit is and not properly document the fact that they've ha they've spoken to a director, or they'll send the planning letter off to the directors and then. 

Not really demonstrate that's been two-way communication, which it does need to be. So I think on, in that sort of space, it's really something that firms need to probably get a bit more proactive about when dealing with their clients.  

Jenny Faulkner: And I think it, it'd be fair to say that if you're dealing in the not-for-profit sector as an auditor, then this is very much a problem area. 

 That's separate. Not, not the separation itself being a problem, but the communication between the auditor and those two different groupings management and those charge with governance. Absolutely needs to be addressed and the questions are slightly different. So it's, you know, absolutely imperative that those those conversations are had, I'm gonna use the word conversation there. 

Yeah. Two way communication to me. Maybe I'm a little old fashioned, but. That means having a conversation with somebody. I, I suppose technically it could mean asking on an email and getting a response back on an email. Yes. I'm not naive to that, but if I was still in practice. I'd want to be speaking to people around fraud. 

I wanna see the, ideally, if possible, face-to-face or maybe on a Zoom or a teams call. I think you need to see the whites of people's eyes to get a feel as to whether there's anything going on in relation to fraud. But as I say, maybe that's just my sort of slightly old fashioned way of auditing, or maybe it's just my professional skepticism kicking in. 

Is there anything else on fraud? I mean, one thing that I used to find frustrating, I mean, I still review every now and then, but not nowhere near at the same, you know, the same number of reviews that you do, Gemma. But one thing that I still get frustrated with is in relation to, into, I suppose, the team meeting and partner lad, but. 

Getting that, what I think of as a brainstorming session as to where fraud. Can occur within the business. And actually, if you do this in the right way, I always think of it as do it in your team. Get your junior members of the team to think of, of new and inventive ways that they can that they could foresee fraud arising. 

And then when you are talking with management. Those charge group governance, if they're different, taking that conversation and having another conversation with them, have you thought about X, Y, Z? How do you protect your business against that? You, are you seeing similar things? I  

Gemma Archer: am. And I think, again, it's one of those things that comes down to documentation and, and I accept that. 

Documenting exactly what has gone on in a meeting that you've had, particularly in a meeting that may have, you know, been a bit of a brainstorming session and you might have gone off at a few different tangents can be quite challenging, but often what I'm writing on my file review reports is I've read the minutes or I've read the agenda for the team meeting and I'm not really getting a sense of. 

What level of discussion there was. All I'm really seeing is a rehash of what's on the planning section of the file. And what I'd like to see is you know, well actually we, we as a team thought about. This is what the client does, and these are the ways in which we think that fraud could be perpetrated, for example. 

And it doesn't just have to be fraud risk that we're thinking about there. Obviously fraud risk is something we must discuss, but it might also be that from those discussions you come up with other audit risks that you hadn't previously thought about. But. Again, I think that, I think this one is often in the documentation. 

Or the meeting has been a little bit sort of cursory. We do sometimes get questions come to us around, well, what happens if the RI can't attend that meeting? And obviously that shouldn't be happening 'cause that meeting should be led by the ri. But there are obviously situations where that might be unavoidable. 

 Yeah.  

Jenny Faulkner: Okay, so we've talked quite a lot around planning there, so perhaps let's move on. Are there any other sort of common findings that came out? So. We,  

Gemma Archer: we still, I, we still sort of talk about this and, and ICAW picked this up as well in their monitoring reports which was around analytical procedures. 

Now, I dunno about you, Jenny, but when I was training and coming through the ranks in practice, I seemed to remember that every audit update I went to, they spent a. Good half an hour talking about how rubbish we were at doing substantive analytical reviews. And I have to say, I felt like that's gone a little bit quieter in recent years, perhaps, because there's been more changes and things. 

So it was actually quite pleasing to see on the ICW. Monitoring report that they'd pulled out. This, that actually predictive sort of substantive analytical procedures in areas that are highly predictive is a really strong source of audit evidence. But it does need to be done properly. And what comes through on our own file reviews is often that firms will do. 

Some variance analysis or apply some sort of quite generic changes in their sort of proof in totals or their an substantive analytical reviews and don't really sort of think about the fact that's actually providing. Supposed to be providing audit evidence. It always seems a little bit sort of flimsy and a little bit sort of like, oh, we've got to do something, so let's have a go. 

Rather than actually thinking about what do we know about this client and what are the variables that affect what we are dealing with here? Other things that I sort of often pick up on, analytical reviews around things like disaggregation. Often the review, the analytical procedure is done at too high a level. 

It's a little bit too global, and sometimes it needs to be broken down into smaller areas. But remember, once you start breaking it down into smaller areas, you need to start thinking about having a lower tolerance level for errors. So, you need to sort of plan that in, in the right way. But we, we often put pool firms up on it in relation to taking reduction on in sample sizes for substantive analytical procedures, when actually those don't really support those deductions. 

Jenny Faulkner: I, I found it really interesting when I was reading the I-C-A-W-Q-A-D monitoring report that they had them as two separate areas and actually they're, they're one and the same. There is, you know, it's, yes. Analytics aren't necessarily done very well, and it's that. Ah, the auditor taking too much reliance from the work that they've done in order to impact sampling. 

And whether in some ways I think that point on sampling holds across various other things. So, certainly when I'm talking to our midair firms who are applying data analytics it's that understanding of, well. How much assurance can we take from these other procedures, these other substantive procedures that we're potentially doing? 

And are we comfortable reducing our sample size therein? And as long as it's documented and it's understood, then I think we, we, we tend to get quite comfortable quite quickly around sampling in those types of circumstances. The analytical review then whilst you were talking, I just had some sort of you know, back memory of probably around 14, 13, 12 years ago when I started at Meia and I used to teach a lot of the graduates sort of training early careers programs. 

And I wrote, every corner is swept clean. 'cause that's what we always used to teach. And for those who've perhaps never been on one, one of my. See as early career courses. What we mean by that is expectation calculation, investigation, substantiation, and conclusion. All of that is needed to document your analytical review under ISA five 20. 

Which then allows you to be taking assurance over those populations or, or, or, or transactions. And yet, you know, absolutely right. Getting all of that documented down is, is perhaps not what we've done as well as it should be. But I'll say that in very hush voice. Okay. We've already spoken for quite a long time. 

So in the interests of perhaps pulling things together, I would perhaps like to talk about two more things. I know we talked about gain concern earlier, but I would like to touch upon, I suppose, the end part of the process in a little bit more detail. And I know we've spoken about it before but I would look to just pick up on an element of sort of narrative reporting and disclosures on that front and also. 

Audit reports themselves. And I know we've spoken lots about audit reports. We did meet the experts not that long ago, it feels like, around that which was really, really interesting and, and firm as well. And then very briefly, perhaps to finish off, we could spend a minute or two just talking about quality management as well. 

Gemma Archer: Yeah. So,  

Jenny Faulkner: yeah, sorry you go.  

Gemma Archer: So on narrative reporting, generally speaking, we see problems on narrative reporting when firms start, oh, sorry. When clients audit clients start to move up the size criteria because obviously there's not. A huge amount in terms of narrative report reporting for smaller firms. 

But once you start to become medium and need a strategic reports, or once you start to get into sort of some of the large company disclosures, and there's a little bit more to do perhaps around streamlined energy and carbon reporting or around Section 1 7 2 and promoting the success of the company often we come across issues where. 

Have been omitted. What that often indicates to us is that there hasn't been a thorough enough review of the financial statements prior to issue. So, often sets of accounts will be casted make sure they add up, make sure things cross reference. If there are numbers in the director's report or the strategic report, they'll be ticked across to the financial statements and often. 

More often than not, you know, disclosure checklists are completed. But as soon as I find an error in some narrative reporting or indeed elsewhere in a set of financial statements, I go to the disclosure checklist to see what's being done. And it's usually there that the problem has arisen because either someone has. 

Ticked the thing as having been done when clearly it hasn't. Or they've ticked the, oh, this isn't applicable box, because perhaps it was ticked in the prior year where it wasn't. And so I think what's really important to stress here is that there needs to be appropriate review of the financial statements at a senior enough level to identify those kinds of issues. 

So there needs to be manager and ri review of those financial statements to make sure that we are not that we are not just doing, if you like the mechanics checking, we're actually, you know, getting in. Included everything that should be included in those financial statements.  

Jenny Faulkner: Yeah, and I think what's really interesting, and you probably could tell that I was trying to dovetail into the audit report here because, you know, people get this wrong. 

What, what are the implications on audit reports and what problems do we see on audit reports? Yeah, so  

Gemma Archer: audit reports often. I'll be quite frank. It often is, feels like the, as a record file reviewer, you were the first person to read that audit report. So there is. And I think this is starting to dissipate because of the changes that we had a few years ago that require some tailored wording to be included around irreg irregularity due to fraud or error. 

But there is a sort of mentality that audit reports are standard text, so we probably don't need to spend that much time each year reading it and checking it. Now, if I was an ri I would be reading that line by line every year and checking, but actually we've included everything. Because if you think about it, if you, if you're dealing with that in a year where you've gone from being small to medium or medium to large, for example, there could be in some cases. 

Primary statements that you haven't included before that you now need to include? So, cashflow is a, is a good one. You might have included a cashflow because you are no longer small and that needs to be referred to in your audit report, but also wording changes from time to time. So we do still come across audit reports that have the old. 

Going concern wording in them. Not very often I have to say, but we do still come across the odd one or two where clearly the audit report has just been rolled forward and no one's gone through and updated that. And on the irregularity side of things. We do see firms that have obviously thought about putting standard text in for what they do on every audit assignment, and sometimes it won't be relevant. 

So there's no point saying we, we've reviewed the board minutes. If your client doesn't keep board minutes, for example. That's a very basic one, but. Certainly we do see things like that from time to time, so it's really critical that we're picking that up. If you've got things like qualifications. 

Generally speaking qualifications because they're quite rare in, most firms tend to be dealt with quite well. But nevertheless, there's a an important consideration around not just getting the wording of the qualification right, but thinking about. Other areas of the audit report that might be affected. 

So for example those matters on which we're required to report under the company's act, for example. So yeah, sometimes we do see errors with things like that, but I would say that is rarer than some of the other more. If you like, silly mistakes that people make with their audit reports simply because they didn't give it a read through. 

Yeah.  

Jenny Faulkner: And I think from my perspective, you know, in, in preparation for our chat today, one of the things I had a quick look at was, when we give degrade reports and the reasons for those degrade reports, I was just looking in and thinking, are we still saying that the majority of those degrades really are, are being driven by a problem with the audit report? 

And I think in most instances that it's one of the certainly the biggest contributory factor in degrade. So, just as a word of warning. To firms. Really, this is your final document. This is your end result. Please our eyes, read your audit reports before you sign them. Do make sure that it's the right audit report. 

Even with the simplistic things of, with the right client name of it. 'cause we do see that to of mistake every now and then with the right primary statements in it, giving the right opinion, explaining what procedures have been done. They're absolutely all such important or important bits. And if you are not dealing with a corporate, so perhaps. 

A charity, then Absolutely making sure that the right legislation is being referred to. If you are dealing with anything more complicated like cross border charities, then that becomes even more important.  

Gemma Archer: And I think just to pick up on what you said around gradings there. When I was having a look through, when I was doing sort of quality control and the like, it's true that the majority of degrades we give are for very, very specific things. 

So they're either for an issue with the audit report or they are for material misstatement in the financial statements or equivalent where something has. Gone wrong in terms of understanding what needed to be done, if you like WI or how something needed to be treated. It's actually relatively rare for us as a business to see or to give a D grade for. 

Pervasive poor audit work. Yeah. Most of the degrades we give are because there has been one or two, or even three on occasion things that have gone wrong that has led to essentially the wrong audit opinion being given. 

Jenny Faulkner: Absolutely, completely and utterly agree with that. Okay. So I'm just sort of clocking through my head. 

We've obviously talked about pretty much everything that we find here at Mercia. I'm thinking back to the QAD monitoring review. I think we've pretty much covered everything that they've covered. The only area, I suppose, is around experts and service organizations. They highlighted that as a particular issue Now. 

I know that that is an issue that we see time in time again, whether it be property valuations share valuations investments, always confuses. Firms, I find, I know. Is it an investment manager? Is it a service organi? Well, you know, is it a service organization? Is it an expert? Tends to perhaps get people a little bit confused, so, oh, don't think we need to say too much today, but if you aren't sure on this, give us a call and we're happy to discuss it with you using our TQ service, or perhaps come onto one of our audit courses where we're talking about issues like that. 

There was one final thing that I did want to just ask you a final question on really, which was around quality management. Because that did have a little bit of information in the ICAW monitoring review. Now here at Merc we have a huge pool of file reviews who go out and do hot and cold reviews as part of their daily basis. 

We have a. Subset of reviewers who do our quality management reviews. I always find that when I'm doing quality management reviews, they're probably the most interesting days I ever have. But that's maybe because I think I just like to be a little bit of a nosy parker. And so get into the weeds of all those different bits and pieces in quality management. 

Do you wanna just give our listeners a little bit of an overview as to what you found interesting from the ICOD? I-C-E-W-Q-A-D review.  

Gemma Archer: Yeah, so the, the ICAW monitoring report was actually relatively positive about quality management. So they recognized the investment both in time and resource of having to implement IS QM one and the relevant whole firm procedures. 

And they were actually sort of, quite. Pragmatic, I think in what they said about smaller firms. So they recognize that small firms may not need to have sort of overly formal, complex, extensively documented procedures or systems. And they also recognize that there are products such as Mercia's, very own quality management manual that are out there to sort of help firms and, guide them through that process quite successfully. And successfully was the word that the monitoring report used. So, I think we are still, and is it three years now? IS Qm one has been in, we continue even now to get. Questions and queries and requests for reviews from firms who haven't really started on their journey to IS QM one, and perhaps what focuses their mind is the fact that they get a regulator visit and suddenly realize that they perhaps ought to have done something. 

So what I would say, if you are listening to this and thinking. SQM one. What's that? Do have a look at our website. Do get in touch with us. We can help and we can point you in the right direction. But just  

Jenny Faulkner: do something. I think you're absolutely right. There are still some firms out there who haven't done anything. 

But conversely, I think there are quite a lot of firms out there who did something right at the beginning. They did their risk assessment and perhaps they are filling out the annual evaluation piece. Putting their signature on that bit of paper, but are they doing the bit in the middle, that monitoring and remediation piece? 

Perhaps We're involved, perhaps we're doing some cold file reviews. So you, they think that's it. They've ticked the box. But that isn't it. They've got to identify what the trends are. They've got to get to those root cause analysis of what issues are coming up. And it isn't just what are the issues coming from the cold file reviews, it's what are the issues from, from the whole system of quality management. 

And that's sometimes, for me, is an area that gets forgotten about. So. Exactly the same as what you just said though. If anybody needs any help, wants any help, then obviously contact Meia. We have got a specialist team of those who review the quality management standards and, and help firms overcome the, the issues that they have. 

I think we've hit a really nice time to perhaps conclude today's session. I found it incredibly interesting and helpful. It's certainly made me smile at numerous times to think. Oh, that bit's changed, but that bit hasn't. And I'll just say documentation one more time because I think that is the crux of a lot of it. 

 And perhaps that reminder for our eyes, get involved in fraud conversations, lead fraud conversations. Read your audit report. And hopefully. After listening to today's session our firms, our customers have got a better idea as to what the common problems are, whether they sit in the common bucket or not. 

 And hopefully some ideas as to what they could do to improve. Thank you so much for your thoughts today, though, Gemma, as always, it's been an absolute pleasure. Thank you, and goodbye everyone.