Once my audit director asked us to think about what we were doing instead of just checking the boxes, doing the same old thing, year-after-year. When the meeting ended, several veteran members of the team formed a circle and grumbled. One of them was bold enough to trumpet, “I was hired to audit. I wasn’t hired to think! I’m outta here!” And outta there he was just a few short months later.
You may want to get outta here, too, when you read the GAGAS exposure draft published on January 30, 2023.
The GAO wants us to think about audit quality
Never one to take the easy route and just check the box, the GAO has been requiring us for decades to think about a variety of audit-related issues. Now they are asking us to think hard about another area: audit quality.
When the GAO asks us to think, they run auditors through a three-step process I like to call the ‘trifecta’ – it’s much quicker than saying ‘conceptual framework!’ The three steps are:
- Gain an understanding of the subject
- Decide what is important about the subject
- Respond to what is important
You do it all the time, albeit not formally
You’ve likely performed the trifecta every day of your life, so don’t let the formality of the GAO’s standards in the 2023 exposure draft intimidate you. Each day, you must understand what’s possible before you can choose and then act on what’s important to you.
Your personal application of the three-step thinking process can be applied to simple choices (like deciding where to have lunch) as well as to the bigger choices (like whether to get a new job because the proposed audit standards are driving you crazy).
GAO uses the three-step process throughout the standards
The GAO also realizes auditors need to make choices and asks auditors to formally apply the trifecta to planning an audit, designing our audit to detect fraud and assessing auditor independence. Now they propose applying the trifecta to audit quality control.
Check out these quotes from the 2023 exposure draft:
2023 GAGAS Exposure Draft 5.04 GAGAS establishes a risk-based approach to designing, implementing, and operating the system of quality management in an interconnected and coordinated manner. This risk-based approach involves the following:
- Establishing the desired outcomes relative to the components of the system of quality management (referred to as quality objectives).
- Identifying and assessing risks to achieving the quality objectives (referred to as quality risks).
- Designing and implementing responses to address quality risks.
See the three-step process in there?
So, instead of just going through the motions on audit quality control and checking off the QC boxes, the GAO wants you to think about where you are most vulnerable to an audit quality breakdown. Typical of the GAO, they also want you to document your thought process.
Were you hired to think?
If you were hired to audit and not hired to think and want to say something about this unpleasant turn of events, you have until April 28 to let your feelings be known. Notice I did not mention thoughts… because those are generated by thinking!
There is a lot more to say about the exposure draft, and you know I’ll be saying it in future blog posts. Stay tuned!