In recent years, ASIC has dealt with a number of audit failures where financial reports did not properly inform the market as to the poor or declining financial condition of entities.
In addition to regular audit firm inspections, ASIC reviews audits based on specific concerns that may lead to action against auditors. These reviews reinforce the need to improve both audit quality and the consistency of audit execution, particularly in relation to the adequacy of audit evidence, the exercise of professional scepticism and the use of experts and other auditors.
Lessons for auditors from these reviews include:
1. Complex groups
Groups may have a significant number of entities with complex financial and operational interrelationships. Entities may be controlled, subject to significant influence or owned by common individuals. Some entities may not present audited financial reports. Auditors should understand the reasons for a complex group and the financial and operational interrelationships between group entities. Auditors should identify, assess and respond to risks and apply appropriate scepticism in auditing group entities.
2 .Different auditors in group
Before accepting an engagement, auditors should understand why group entities have different auditors. Where management restricts communications between the auditors, additional work may be required. An auditor must gain assurance on financial information of subsidiaries, associates and joint arrangements, and should consider reviewing work of their auditors with regard to any risks or concerns.
3. Related parties
Auditors must identify the existence and terms of related-party transactions, including those on non-arm’s length terms. Auditors should assess the risk of unidentified related parties, the effectiveness of controls to detect transactions, the impact of transactions, the recoverability of investments or receivables, and the ability of related parties to provide any necessary financial support. Additional work on the existence or value of underlying assets may be necessary particularly where parties or assets are located overseas, where there are no audited financial reports or the party is audited by another firm.
4. Foreign operations and assets
The work of auditors of foreign operations and investments may need increased review. It may be necessary to obtain direct audit evidence of the existence and value of underlying assets and operations. Cultural differences may affect the reliability of audit evidence in some countries.
5. Management integrity
Where there is reason to doubt the integrity of management, an auditor should respond to the risk of material misstatements by increasing the nature and extent of audit procedures and applying heightened scepticism.
6. Dominant CEOs
Dominant CEOs may override controls or compromise corporate governance. Risks or concerns may not be properly disclosed to, or considered by, the directors. Accounting policies, valuations and other estimates may be inappropriate or disclosures inadequate. The auditor may also have insufficient access to information or officers. Auditors should apply heightened scepticism and challenge and corroborate management representations with other evidence.
7. Client mismatch
Smaller audit firms must ensure they have the necessary expertise to audit larger, more complex entities and be mindful of circumstances where their independence may be perceived to be compromised by dependence on audit fees. Auditors should be able to consult on complex transactions and issues and have access to expert advice on accounting treatments, asset valuations and other estimates.
8. Business models
Where there is rapid growth internally or from acquisitions, additional attention may be needed on the recoverability of any assets acquired, the treatment of start-up costs, the company’s ability to manage and integrate new businesses, and the ability to meet borrowing commitments and loan covenants.
9. Lending risk
Some property developer and debenture issuer auditors did not understand the risk of impairment of loans receivable, apply sufficient professional scepticism or perform adequate audit work. Debt may pay above market rates and equity may be minimal. Some property developers inappropriately capitalised interest, fees and commissions paid to related parties.
10. Going concern
There have been cases where an entity has failed shortly after the auditor gave an unmodified opinion on its financial report or gave an emphasis of matter when a qualified opinion should have been issued. Auditors need to be sceptical of optimistic cash flows and growth assumptions, as well as the ability to meet loan covenants and commitments.
11. Accounting treatments and estimates
Auditors need to apply appropriate scepticism in considering accounting treatments and estimates. This includes revenue recognition, expense deferral, off-balance sheet exposures and the classification of assets and liabilities between current and non-current. The reasonableness of assumptions used in impairment testing should be challenged, including where cash flow estimates have not been met in the past, cash flows are negative or net asset values exceed the entity’s market capitalisation.
12. Special purpose financial reports
In determining compliance with accounting standards, the auditor must consider whether classification as a non-reporting entity is appropriate with regard to financial report users. For example, financial reports of internal group investment vehicles may be used by investors in the entities that fund those vehicles. Financial instrument, related party and consolidated information may be necessary to understand underlying risks, exposures and performance.