ASIC audit inspections

This information sheet (INFO 224) outlines ASIC’s approach to inspecting audit firms. It includes:

Inspection objective and scope

The objective of our audit firm inspections is to promote the improvement and maintenance of audit quality.

Our inspections focus on audits of financial reports of public interest entities (PIEs) prepared under the Corporations Act 2001 (Corporations Act).

The quality of financial reports is key to confident and informed markets and investors. The objective of the independent audit is to provide confidence in the quality of financial reports.

Audit inspections are one of the activities we undertake to promote financial reports that provide useful and meaningful information so users of those reports can make informed decisions about the allocation of scarce resources. The quality of the financial report is supported by the quality of the independent audit. In addition to our audit firm inspections, we also conduct separate financial report surveillances.

We ask firms to remediate findings from our audit file reviews, including developing actions to address thematic findings across audit files. Under our ‘why not litigate?’ approach, we will also consider appropriate enforcement action in more severe cases.

Our inspections

Our audit firm inspections cover the largest six national firms, and other firms that audit the financial reports of listed entities and other PIEs. For this purpose, firms include authorised audit companies.

In our inspections we review key audit areas in the audit working papers for selected audit engagements. We also assess key aspects of audit firm quality control systems over audits of financial reports. This is based on direct reviews of the design and operation of those systems or evidence from audit files.

Following our review of audit files:

  • we advise the audit firm about the areas where we consider the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement
  • we ask the firm to identify and commit to remedial actions to address our findings, and
  • where we are not satisfied with the audit firm’s response to our findings, we will challenge the adequacy of the proposed remedial actions for both individual audits and firm action plans.

Where we have queries or concerns about an audit firm’s quality controls or auditor independence, we raise these with the firm. We also issue reports or letters to each of the larger firms inspected summarising our findings for each 12-month period to 30 June.

We spread audit file reviews for the larger firms throughout each year rather than reviewing a large number of files at one time. This provides those firms with the opportunity to address our findings on a timely basis.

We set out the findings from our audit inspections in a public report which includes statistics showing the proportion of key audit areas reviewed where we considered the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement. We do this to facilitate understanding of the extent of our findings and the importance of audit firms addressing underlying root causes of those findings.

Our inspection process and how we measure and report findings

Table 1 outlines how we measure file review findings and report the findings in our public audit inspection reports. The table also covers key aspects of our inspection process.

Table 1: Our inspection findings and process

Area

Our approach

Quality of financial reports

Our findings do not necessarily mean that there is a material misstatement in the overall financial report. Rather, in our view, the auditor did not have a sufficient basis to form an opinion on the financial report.

Inspection findings

Our findings are based on the objective of an audit, as set out in the auditing standards – which is to obtain reasonable assurance that the financial report as a whole is free of material misstatement.

The key audit areas that we review in our inspections are broadly consistent from period to period, as are the key audit areas where findings are reported.

Subjectivity

The findings from our audit file reviews concern an auditor’s compliance with the principles-based auditing standards.

Audits necessarily involve the application of professional judgement, and there are some instances where different individuals will reach different judgements on whether the audit work performed was sufficient. The percentage measure in our public audit inspection reports does not include instances where we consider that individuals could reasonably reach different judgements.

There are cases where auditors disagree with our findings from reviews of individual audit files. In most of these cases, the auditor asserts that the necessary work was performed but not documented, rather than disagreeing with our findings about work that should have been performed or the judgements that should have been reached.

We are open to the possibility that we do not have all the facts, that there may be differing views on the requirements of auditing standards, or differing judgements. We have extensive due process with the firms and within ASIC to address any such concerns and ensure that findings do not include matters where, for example, reasonable professionals could differ in their views.

Ultimately, the value from inspections is for ASIC to express an informed and independent view on findings from reviews of audit files.

Disagreement by auditors with our findings can be influenced by matters such as possible impacts on remuneration and reputation, and potential liability. These factors lead to similar levels of disagreement by auditors with findings in their firm’s own quality reviews of audit files.

We have discussions with the largest six firms – collectively and individually – about audit methodology questions and interpretations of both accounting and auditing standards. Where the standards are unclear, we refer these matters to the relevant international standard setter.

Documentation versus audit evidence

If audit work is not documented, our presumption is that the work has not been performed (in the absence of evidence to the contrary). This is the same approach applied by other audit regulators and by most firms in their internal quality review programs.

We apply professional scepticism to assertions that work has been performed but not documented by the auditor. Significant testing, analysis and challenging of estimates and accounting policy choices are generally not possible without some documentation.

Auditing standards require sufficient documentation so that another professional can understand the work performed and the basis for the conclusions reached.

Remediation

Where we identify that a firm did not, in our view, obtain reasonable assurance that the overall financial report was free of material misstatement, we ask the firm to perform additional audit work for the financial period that was the subject of the audit. We also ask firms to identify remedial actions from root cause analysis for thematic findings across audit files.

Auditors have an obligation to complete their audits to support their opinions on financial reports and to undertake the audit work that has not been performed.

This ensures that the audit report is supportable and that the market can be properly informed if any material misstatements are detected.

In a number of cases where we identify inadequate audit work, the relevant firm may perform additional audit work and then not identify material misstatements in the financial report concerned.

Level of assurance

An audit is not intended to provide absolute assurance that there are no material misstatements in the overall financial report. That is, reasonable assurance implies a confidence level of less than 100% that a financial report is free of material misstatement. Our findings relate to instances where we consider that the auditor has not obtained reasonable assurance that the financial report as a whole is free of material misstatements.

Risk-based approach

Our reviews of audit files do not cover all areas of an audit engagement or all subsidiaries and divisions in a group. Typically, three to four key audit areas are covered and, for groups, only one major operating component is covered.

We select audit engagements and key audit areas for review in our audit inspections using a risk-based approach. This means that we generally select some of the more complex, demanding and challenging audits, and some more significant or higher risk areas of the financial reports.

Some have suggested that this approach could result in the percentages reported being greater than would be the case with random reviews. On the other hand, more experienced partners and staff are usually allocated to such audits, and there are generally more extensive firm reviews and consultation processes for these audits and the key audit areas.

Focus of inspections

Our inspections focus on key audit evidence and judgements.

Our file reviews concentrate on the substance of work and whether sufficient appropriate audit evidence was obtained to support the auditor’s conclusions.

Adjustments

There will be instances where auditors detect material misstatements during the audit process and ensure these are corrected before a financial report is completed and released.

A key aspect of the auditor’s role in conducting an adequate audit is to ensure that material misstatements are detected and addressed.

Due to the nature of the audit process, it can be difficult to distinguish between adjustments resulting from a company’s own processes from those resulting from the audit process.

Key audit areas

A key audit area generally relates to a financial statement line item that we specifically select for review on an audit engagement file before commencing our review. The areas relate to financial statement line items that are significant and considered higher risk due to factors such as the need for judgement or estimation, or other key audit procedures that historically have been problematic.

Although we do not review every working paper on an audit file, evidence or explanations of the audit approach on other parts of the audit file are taken into account in reaching our findings. This is covered through our reviews of audit planning documents and discussion of findings with engagement partners and firms.

What is measured?

The overall percentages of findings in our public reports relate to cases where the auditors did not obtain reasonable assurance that the financial report as a whole was free of material misstatement. In our view, the auditors did not obtain sufficient appropriate audit evidence, exercise sufficient judgement or otherwise comply with auditing standards in key audit areas.

The percentages do not include findings on audit planning, understanding the business, risk assessment, reliance on internal controls, non-substantive analytical procedures, supervision and review, auditor independence, firm quality control systems, training of partners and staff, related party transactions, journal entry testing, reviews of legal expenses and legal representation letters, and subsequent event reviews. In our view, findings in these areas could have resulted in material misstatements in financial reports not being detected by the auditor. However, these can be important areas for improvement by firms.

Where we consider that a risk of misstatement would not be material to the overall financial report, or where the risk that it is material to the overall financial report is remote, the finding is excluded from our percentage measure.

Number of procedures and findings

There may be a number of audit procedures in a key audit area. Findings are included in the percentages reported where there was only one instance of the auditor not performing an audit procedure in any given key audit area, if that meant the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement.

Where multiple separate findings in a key audit area each individually meant that separate material misstatements would not be detected, the percentages reported only include one of those occurrences. There are cases where we find more than one deficiency in a key audit area, each of which could have resulted in material misstatements not being detected.

Other national and network firms

The percentages of reported findings for firms outside the largest six firms may change between public reports – we inspect different firms in each period.

The same largest six firms are inspected in each period.

Surveillances and investigations

In addition to audit firm inspections, we conduct financial reporting surveillances and undertake audit surveillances where there is a concern about a specific audit or auditor.

Where there are known material misstatements in financial reports, identified in our financial reporting surveillances or other activities, the relevant audit area is excluded from review in our audit inspections. We still ask firms to undertake root cause analysis and take appropriate remedial actions. These matters may also be the subject of a separate auditor surveillance and possible enforcement action.

The findings and overall percentages of findings in our public audit firm inspection reports do not include matters arising from any of these auditor surveillance or enforcement activities.

The outcomes of these activities are reported in separate media releases and reports on enforcement activity. The outcomes of surveillance and enforcement activity may inform our general areas of inspection focus and the timing of future audit firm inspections.

Further information on our audit surveillances appears in a separate section of this information sheet below.

Enforcement action

The objective of our inspections is to improve and maintain audit quality. We expect audit firms to make changes and to undertake work in response to our findings. We consider whether to take enforcement action to achieve a broader deterrent.

ASIC inspection staff

ASIC’s Financial Reporting and Audit team (FR&A) conducts our audit inspection work. Team members have an average of 15 years’ audit experience. We also continue to use experienced retired audit partners from the largest firms to conduct some audit file reviews.

ASIC process to settle findings

Our audit file inspections focus on key audit evidence and judgements.

Our file reviews concentrate on the substance of audit work conducted and whether sufficient appropriate audit evidence was obtained to support the auditor’s conclusions.

All findings from inspections of individual audit firms are discussed with the firm to ensure we have fully understood all relevant facts and have taken into account all relevant audit work.

Our audit file reviews are subject to quality review by a second experienced reviewer who also attends key meetings with the relevant firm to discuss any findings. There is consultation with relevant experts within FR&A and findings are discussed with the audit partner and manager, the firm’s audit quality team and other relevant audit firm partners and staff.

Our draft comment forms on individual file reviews and drafts of our 12-monthly reports to each of the inspected audit firms enable those firms to challenge our preliminary findings and to undertake remedial action addressing those findings. Firms may escalate concerns with findings for review within FR&A.

We consult with an external review panel on the method of measuring and reporting aggregate findings from our inspections. The panel has considered our measurement and reporting methodology and agrees with our approach. The panel also discusses the conclusions reached on a small number of our more challenging inspection findings where significant judgement is required – and generally concurs with our findings.

Consistency with foreign audit regulators

The findings reported from our audit file reviews are consistent with those reported by foreign audit regulators. We have:

  • seconded staff from foreign audit regulators
  • discussed our methodology for classifying findings with other regulators
  • conducted joint inspections with international regulators
  • had peer regulators review the classification of our findings, and
  • conducted case studies with other regulators.

Comparison with international findings

Our findings are similar to those reported by the International Forum of Independent Audit Regulators (IFIAR).

The overall percentage of findings in our public inspection reports will differ from the findings percentage reported by IFIAR because:

  • our findings are measured by reference to key audit areas reviewed whereas IFIAR measures findings by reference to audit engagements as a whole. As a result, the ASIC findings percentage will be lower than would be the case on the IFIAR basis of measurement, and
  • our findings percentage excludes certain matters that are not excluded from the IFIAR findings percentage, such as inappropriate reliance on internal controls, inadequate work on related party disclosures and inadequate journal entry testing.

Our separate surveillances of audits

In addition to regular audit firm inspections, we review audits based on specific concerns that may lead to action against auditors. These surveillances focus on concerns with specific audits arising from complaints and other intelligence, including corporate collapses where there are questions over the adequacy of information on the financial condition and results provided in the financial report and questions over the audit.

While auditors are not responsible for the failure of companies, the audit is important for ensuring quality financial reporting so that markets, investors and other users are properly informed.

Our surveillance reviews have led to enforcement outcomes, with auditors removed from practice for varying periods or having their registration cancelled through enforceable undertakings and decisions of the Companies Auditors Disciplinary Board (CADB). These cases reinforce the need to improve audit quality and the consistency of audit execution, particularly in relation to the adequacy of audit evidence, the exercise of professional scepticism, and the use of experts and other auditors.

Results from our surveillance activities are published in individual media releases and our reports on enforcement activity.

Lessons that may be relevant for auditors from our audit surveillances that have resulted in enforcement outcomes include the matters summarised in Table 4 of Report 397 Audit inspection program report for 2012–13 (REP 397).

Where can I get more information?

Important notice

Please note that this information sheet is a summary giving you basic information about a particular topic. It does not cover the whole of the relevant law regarding that topic, and it is not a substitute for professional advice. You should also note that because this information sheet avoids legal language wherever possible, it might include some generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances may be taken into account when determining how the law applies to you.

This is Information Sheet 224 (INFO 224), issued on 12 December 2019. Information sheets provide concise guidance on a specific process or compliance issue or an overview of detailed guidance.

What's new

More releases on financial reporting and audit

Last updated: 12/12/2019 12:27