Revenue Recognition Issues
ASC 606 was implemented by many firms this past year, and peer reviewers reported one of the top issues related to ASC 606 is determining whether ASC 606 was applied correctly.
Peer reviewers have seen increased problems around how firms identify both performance obligations and relevant contracts. For example, suppose a client has variable consideration based on achievement of certain sales volumes. In that case, auditors must consider whether those volumes were met in 2020 and whether it was a realistic amount. Also, consider any performance obligations, for example, services such as free delivery. Auditors need to determine appropriate transaction price allocations.
Another issue can occur when clients believe there is no material impact of ASC 606 to their entity and continue applying ASC 605. Auditors need to have considered any analysis the client conducted to determine there was no material impact. Further, auditors should analyze that determination themselves and note their analysis within audit workpapers. Without evidence and documentation, an assumption of no material impact can present a challenge during peer review.
Top Challenges in Risk Assessment
For years, peer reviewers have reported that too many audits fail to conform with AICPA Risk Assessment Standards. According to Carl Mayes, common challenges around risk assessment include: understanding internal controls, addressing significant risks, and identifying assertion level risks.
Auditors need to assume and accept that each client has internal controls. Too often, the assumption is made that clients (especially small businesses) lack internal controls. But this is rarely true. Auditors need to check whether internal client controls were properly designed and implemented. If the auditor intends to test controls and rely on them in lieu of performing further procedures, make sure the controls were operating effectively during the period of reliance.
Significant risks can include fraud risks, management overrides, revenue recognition, and any additional risks identified due to changes in accounting or other factors unique to a specific client. Two significant risks found with nearly every client are management override and revenue recognition. It's essential to identify each client's specific risks, then understand controls relative to each risk and perform appropriate testing to reduce risk to a low level.
Another risk assessment mistake involves assessing risk at the account level instead of drilling down to the assertion level. Procedures performed in an audit should be linked back to a financial statement assertion, and the linkages should be documented.
Focus on Engagement Acceptance and Emerging Attest
Challenges around both engagement acceptance and emerging attest concern the need for firms to be certain they have the competency and expertise to conduct certain types of audits or audit different types of entities. For example, there's been rapid growth in System Organization Control (SOC) engagements—perhaps as much as a 1 billion dollar market. Before firms perform those services, they need to make sure professionals understand the industry and the attest standards and have the competency to perform the service well.
