A Day in the Life of the SAR Auditor
Everyone professionally involved in the provision of legal services will, by now, have been affected to some degree by the SRA‘s major changes over the past couple of years. We, as auditors, are no exception and have been busy completing the first year’s compliance reviews for our clients based on the changed SRA Accounts Rules in November 2015. Most of our solicitor clients have noticed the difference in our visits, in our approach and the emphasis on our findings.
We thought it would be interesting to share how our audit life has changed…..
Before we can plan for the main review, we will come and talk to the relevant personnel, usually the COFA and cashiers, sometimes fee earners.
Procedures, systems, and in particular internal controls, will be documented in detail, covering everything from client files, bank accounts, every type of receipt and withdrawal of client monies, to the firm’s software, methods and maintenance of transactions and documentation, including security. From this information, we can make an initial assessment as to the controls in place to protect client monies and the risk to them and the firm.
Since we have been able to throw away the old SRA audit work programmes, our approach is now fully risk based. We have in mind “safeguarding client monies” and the work that we plan to do targets specifically at this objective. But we are able to plan in the specifics of the client firm which creates much more value if the detailed work that we undertake.
Reconciliations and client bank accounts, client files including receipts and payments, transfers and funds held in different types of accounts, will be core areas of the review. The depth of the review will be determined by our risk assessment at the interim visit.
Our risk assessment will direct us to the number of files to be reviewed, the actual file selection, and the audit work to be completed on that file.
The Accountant’s Report (AR1) has had a few radical make-overs, and there is now only a limited amount of information given in the form. The SRA is only interested in significant or material breaches of the Rules and weaknesses in controls. Should none be found an AR1 does not need filing with the SRA, but must still be retained by the firm.
Where our findings are not considered significant or material to be reported on the AR1, we will still provide a Management Report which include our recommendations on how to prevent minor issues becoming reportable and pick up on any best practice improvements.
Because our work is now based upon the systems and controls of the firm under review, rather than on the SRA’s checklist, we are finding that our results are generating much more value to our clients identifying where any risks lie and where controls may not be working.