Technical / Revised auditing standards will mean more questions for NHS finance teams

There are well known challenges. The IFRS 16 leasing standard is finally adopted. The implications of the Health and Care Act 2022 mean multiple sets of part-year accounts for commissioning organisations. And, finally, NHS bodies that employ staff who are members of a local government pension scheme have struggled to get the information they need to finalise their accounts, even now.

There will, no doubt, be other unexpected issues that arise between now and next summer. However, there is one other area of change that finance teams need to be aware of. Two UK international auditing standards (ISAs) have been substantially revised and come into force for audits of accounts for periods beginning on or after 15 December 2021. For NHS bodies, this is the 2022/23 annual accounts and, although auditors will be most affected, NHS finance teams will feel the impact as well.

Part of the reason for the changes is to enhance auditors’ professional scepticism. The standards now make explicit reference to auditors ‘not being biased’ towards obtaining corroborative audit evidence. In addition they should also not exclude contradictory evidence.

While the changes reflect best practice that may already be in place, there is no doubt that NHS bodies will face more questions from their auditors, particularly to understand the basis for estimates and judgements and evidence to support decisions made by finance teams.

ISA 315 – Identifying and assessing the risks of material misstatement – revisions are designed to drive a more robust and consistent risk identification and assessment. The standard introduces five new inherent risk factors, a spectrum of risk and the requirement to assess inherent and control risks separately. It also includes a number of new requirements related to understanding and assessing risk.

These include the new requirement for the auditor to consider all the audit evidence they have gathered from performing risk assessment procedures to determine whether they have sufficient understanding of the risks of material misstatement. This assessment should include all evidence including any that is contradictory.

This may change the type of work the auditors undertake and may mean that some of this work is done earlier in the audit, as the risk assessment process informs the design of audit procedures.

ISA 315 also requires auditors to understand NHS bodies’ use of IT, the related risks and the system of internal control addressing those risks. This may mean there will be extra audit work on IT systems and direct and indirect controls.

The second revised standard is ISA 240 – The auditor’s responsibilities relating to fraud in an audit of financial statements. The amendments clarify that the evaluation of whether a fraud is material should consider qualitative as well as quantitative factors. It also emphasises the role of the auditor to obtain reasonable assurance about whether the accounts are free from material misstatement due to fraud.

The standards require auditors to investigate inconsistent responses to their inquiries as well as those that appear implausible.

There are also new requirements to make inquiries of those who deal with fraud raised by employees or other parties. This is to determine whether the engagement team requires specialised skills or knowledge to investigate further if there is cause to believe that a record or document may not be authentic.

Finally, a revised version of ISA 220 – Quality management for an audit of financial statements – comes into force for audits of accounts of periods starting on or after 15 December 2022. For NHS bodies, this is 2023/24. But early adoption of the standard is allowed, so audit firms may decide to adopt it early or at least start to change procedures in readiness for adoption.

This standard assigns some audit procedures and actions directly to the engagement lead. The increased involvement of the most senior member of the audit team could change audit procedures and will increase review time.

It is essential that auditors and finance teams liaise early in the audit planning process to understand the impact of the new requirements.

Debbie Paterson is the HFMA’s senior technical manager