You do not have to look far to see what can go wrong when audits fail.
In a sanction ruling issued on 15 April, the Independent Regulatory Board for Auditors (IRBA) permanently disqualified former KPMG audit partner Nhlanhla Sipho Malaba after finding him guilty of eight counts of improper conduct linked to audits of VBS Mutual Bank, Spectramed, and the Industrial Development Corporation.
The ruling records that fictitious loans and deposits drove the VBS scheme, and the audit failed to detect them despite clear deficiencies in underlying data and controls. The result was a fraud estimated at about R2.3 billion.
Read: IRBA bans VBS audit partner, hits him with R10.8m penalties
At its core, auditing exists to safeguard trust – in financial reporting, in institutions, and in the broader financial system. When audits are done properly, they provide assurance that information can be relied on; when they are not, that trust is weakened.
IRBA’s 2025 Public Inspections Report on Audit Quality offers a broader view of how audits are being performed across the profession. Covering inspections conducted during the 2024/25 cycle, it points to a mixed picture. Although firms are making incremental progress in strengthening systems of quality management, audit execution remains inconsistent, with recurring deficiencies continuing to undermine overall audit quality.
The report is intended to inform dialogue, sharpen oversight, and drive improvement in areas that matter most to the public interest. Improving audit quality, it suggests, will require more than isolated fixes – it depends on stronger systems, better judgement, and more consistent execution, supported by leadership, oversight, and accountability.
How to read the findings
IRBA’s inspection results are deliberately targeted, and that context is essential when interpreting what the report does – and does not – say.
Inspections are risk-based and focused on higher-risk audits, public interest entities, and areas of recurring concern. They are designed to identify pressure points, not to provide a representative view of audit quality across the profession.
IRBA chief executive Imre Nagy emphasised that this distinction is critical. High-quality audits, he said, are fundamental to trust in financial reporting, particularly in times of economic pressure.
“Because our inspections are intentionally risk focused, the outcomes show where pressure points exist and where sustained attention is required. They do not describe the average audit.”
The inspections covered firm-wide systems of quality management, individual engagements, and targeted thematic reviews. In total, 25 firms were inspected, with 20 firm-level reports issued, alongside a range of engagement-level and thematic findings.
IRBA’ director for inspections, Ntlambi Gulwa, cautioned that year-on-year movements should be interpreted carefully, because changes can reflect shifts in inspection focus and coverage rather than underlying trends.
Overall findings
Over a six-year period, inspection outcomes have fluctuated, reflecting the targeted nature of the process. The latest cycle, however, shows a deterioration at engagement level.
Only 28% of inspected audit engagements met the required standards, down from about 45% in the previous year. This decline was accompanied by an increase in findings where:
- audit opinions were not appropriately supported;
- there were fundamental breaches of the IRBA Code; and
- audit evidence was insufficient or inappropriate.
According to the report, these results point to weaknesses in audit execution and raise questions about how effectively firm-level quality management systems are translating into consistent performance.
Deficiencies continue to arise in areas requiring significant professional judgement and scepticism, particularly in complex, high-risk audits. Weaknesses in how audit evidence is obtained, challenged, and documented remain a recurring concern.
The report also highlights the growing use of advanced technologies, including data analytics and artificial intelligence. Although these tools can enhance analysis, inspections point to gaps in how firms understand, govern, and integrate them into audit processes.
The findings relate only to inspected audits and should not be extrapolated across the profession. They do, however, indicate where risks and weaknesses are concentrated.
The overall picture is mixed. Firms are strengthening systems of quality management, but recurring deficiencies – particularly in judgement-intensive areas and in the use of technology – continue to affect audit quality in practice.
Systems improving – but not yet translating into outcomes
The adoption of the International Standards on Quality Management (ISQM 1 and 2), effective from December 2022, is beginning to reshape how firms approach audit quality.
The report notes that many firms have invested in training, strengthened leadership accountability, and enhanced monitoring and remediation processes, reflecting a more structured approach at a firm level.
However, implementation remains uneven.
In some cases, systems were not fully embedded, risk assessment processes were weak, and responses to identified risks were inadequate. As a result, improvements at a firm level are not consistently reflected in engagement-level outcomes.
This gap points to a disconnect between how audit quality is managed and how audits are executed in practice.
Judgement-intensive areas remain a weak point
A consistent theme across inspections is that deficiencies arise in areas requiring significant professional judgement and scepticism.
These include revenue recognition, accounting estimates, going concern assessments, journal entries, and financial statement disclosures – areas that rely on evaluating complex information and challenging management assumptions.
The report finds that judgement is often not adequately demonstrated or supported. Inspectors identified weaknesses in audit evidence, the level of challenge applied to management, and the documentation of conclusions.
Gulwa noted that these issues are most evident in high-risk audits.
“In many cases, judgements may have been made, but the audit documentation does not clearly demonstrate how alternatives were considered, how contradictory evidence was evaluated, or how conclusions were reached.”
This makes it difficult to assess whether sufficient professional scepticism was applied.
Recurring issues include:
- insufficient testing of key assumptions;
- inadequate evaluation of estimates;
- limited consideration of contradictory evidence; and
- weak linkage between risks and audit responses.
The report signals the need for a more disciplined and transparent approach, with clearer documentation and stronger evidence of how conclusions are reached.
Technology brings new risks alongside new capabilities
The report highlights the growing use of advanced technologies, including data analytics and artificial intelligence.
Although these tools can enhance audit quality, their use is not always matched by the necessary skills, governance, and oversight.
Inspections identified gaps, including:
- limited understanding of IT environments;
- inadequate testing of system-generated information;
- weak integration of IT into audit procedures; and
- insufficient oversight of tools and outputs.
These shortcomings raise concerns about the reliability of audit evidence derived from automated systems.
Gulwa added that technology does not replace judgement.
“The integration of advanced technologies… is transforming the audit landscape… [but] it is imperative that firms adopt robust governance and ethical oversight to mitigate these risks and ensure the reliability of their audits.”
The report points to the need for stronger technical expertise, better governance, and clearer accountability for technology-driven audit processes.
Deficiencies point to deeper, systemic issues
Across inspections, recurring deficiencies point to broader weaknesses in how audit quality is managed and executed.
These include ineffective engagement quality reviews, weak risk assessment processes, gaps in skills and supervision, and shortcomings in professional scepticism. Issues were also identified in monitoring, independence safeguards, and audit documentation.
In some cases, firms had not implemented effective systems of quality management at all, raising concerns about governance and oversight.
Taken together, these findings suggest that deficiencies are not isolated, but reflect deeper, systemic challenges across both firm-level systems and audit execution.
What needs to change
The report does not prescribe a formal action plan, but it signals where improvement is needed.
Addressing deficiencies requires more than fixing isolated findings. Firms are expected to identify root causes and implement meaningful remediation, rather than relying on short-term or “tick-box” solutions.
The report highlights the need for more effective implementation of quality management systems under ISQM 1 and ISQM 2, with stronger leadership accountability, better monitoring, and closer alignment between firm-level systems and engagement-level execution.
At an engagement level, professional judgement and scepticism must be clearly demonstrated. Inspectors continue to find that documentation does not adequately show how conclusions are reached, particularly in high-risk areas.
Targeted improvements are also needed in recurring problem areas, including revenue recognition, estimates, going concern, and IT controls.
Monitoring processes must be strengthened to ensure deficiencies are identified and addressed effectively. Firms are also expected to invest in skills and supervision, particularly in complex and technology-driven areas.
Independence and ethics remain key areas of concern, requiring stronger safeguards and more consistent application.
Finally, IRBA emphasises that audit quality is a shared responsibility. Audit committees are expected to play a more active role in challenging auditors and holding firms accountable.
Improving audit quality will require sustained effort, stronger systems, and more consistent execution across the profession.
