Allison Henry, vice president of professional and technical standards with the Pennsylvania Institute of CPAs and a speaker at the Foundation for Accounting Education's Employee Benefits Conference on June 4, said that the major disruptions brought about by the global pandemic mean that auditors must be both diligent and creative if they wish to preserve audit quality.

The crisis has completely changed the audit environment, she said, meaning that auditors cannot rely on things that may have worked before, whether they are procedures that won't work in a remote audit, or data that may no longer be applicable. This is the case even if previous audits worked out well.

"I know some of you are sitting back saying your 2019s are fantastic, that the internal controls are great, that there was no fraud being committed. But you're performing these audits in 2020, and you would be missing some significant risks, subsequent events, potentially if you were to just ignore what's going on in 2020," she said.

For just one example, she said auditors must figure out how they will evaluate company culture if all they can do is have video conferences with the client. While some firms might say this isn't a concern because they've been auditing this one client for 15 years and knows all about it, "you also have to think about how this might impact you taking on new audits for new clients."

Data access is another. Henry said she's heard from individuals saying they haven't been able to get access to payroll records, but she said "there's just no other option" if the auditor wants to complete the engagement. Some have been able to make due with copies of the data, but even in that case, "there should be a heightened level of skepticism surrounding the authenticity of those documents, and where they come from and if they are secure."

Outside audit fundamentals such as these, she has also observed independence issues due to the offering of non-attest services, especially in the context of PPP loans. She said she has heard reports of auditors helping clients fill in the application and even signing it themselves, which, she said, is a major independence breach regardless of one's motivations in doing so.

"I know there are some out there saying. 'I'll be the savior and go help this client, and they need this money' and sign the application. But really, stand back and think about what it is you're signing," she said.

Henry added that doing so can prevent the firm from doing further audit work for that client, such as in the case of Economic Injury Disaster Loans, which can potentially require a review engagement.

The offering of these non-attest services, too, have problems unto themselves. Over the course of peer reviews, she has seen engagement letters and representation letters not properly tailored to the client; not all non-attest services being properly evaluated for whether they represent an independence violation; non-attest services being added at a later date; the firm failing to document that management is aware of its responsibilities in the audit; and failure to note whether a documentation issue is due to independence impairments.

She also noted that auditors should pay special attention to the client's internal controls this year as well, considering "the pace and magnitude of change." For instance, workforce changes, particularly furloughs, could present new internal control risks, as can delayed filing deadlines, liquidations, or even extra overtime for the employees that are still around. Even if these things don't necessarily present fraud risks, she noted that it's important to ensure that whatever changes companies make to adapt to the pandemic be in accordance with the plan document.

Of course, she added that auditors should be especially wary of fraud risks, noting that 25 percent of fraud is due to personal financial circumstances. In this time of economic tumult, the incentives and the opportunities to commit fraud are especially elevated. Henry acknowledged that auditors making fraud inquiries rely a lot on body language and facial expressions, and both of those can be tough to read in a remote engagement. In a virtual environment, she said, tone at the top becomes very important, and so she advised that auditors focus there. On the one hand, auditors might see some clients aggressively communicating a commitment to ethics and taking active steps to prevent fraud. On the other, they might see clients not so concerned about this.

"If no one is looking, and management is turning a blind eye, there could be significant pressures and incentives for fraud this year. That's the purpose of my focus, not only on 2019 internal controls, but what's going on now. It's critical," she said.

This is all part of the overall imperative to ensure that while these may be strange times, auditors cannot forget their core commitments and ethical standards. While the difficulties of conducting an engagement might be seen by some as a reason to be more lax, she asserted that it is times like these when audit quality is more important than ever.

"It's not just about completing the grid, its' about understanding the clients, the entity, the internal controls, the fraud risks, and taking all those risk areas in the financial statements ... all the assertions, including the presentation and disclosure, and evaluating all of that at the relevant financial statement and assertion levels," she said.