The quality of financial reports is key to confident and informed markets and investors.
The Australian Securities and Investments Commission (ASIC) conducts audit surveillances to promote the improvement and maintenance of audit quality.
ASIC’s surveillances focus on audits of financial reports of public interest entities prepared under the Corporations Act 2001 (Cth).
This article explores ASIC’s audit surveillances, the surveillance process, and how it measures and reports findings.
ASIC’s audit surveillances
ASIC conducts audit surveillances on the six largest national firms and other firms auditing financial reports of listed and public interest entities, including authorised audit companies. This involves ASIC:
- Reviewing crucial audit areas and assessing audit firm quality control systems.
- After review, advising the audit firm on areas where reasonable assurance that the financial report was free of material misstatement was not obtained, requesting remedial actions.
- Communicating negative findings directly to the audited entity’s directors.
- Addressing quality control and independence concerns with the firm.
- Publishing findings in a public report.
ASIC’s surveillance process and how it measures and reports findings
ASIC outlines how it measures and reports the findings in its public audit surveillance reports, and covers key aspects of its surveillance process. This information is summarised below.
- Quality of financial reports – ASIC’s findings do not imply a material misstatement in the overall financial report. Instead, ASIC forms a belief that the auditor lacked enough evidence to form an opinion on the financial report.
- Surveillance findings – ASIC’s findings align with the core audit objective: to ensure there are no significant errors in the overall financial report. The key areas it reviews remain consistent over time.
- Subjectivity – Disagreements with ASIC’s findings can result from various factors, such as different judgements on whether the audit work performed was sufficient, possible impacts on remuneration and reputation, and potential liability.
- Documentation versus audit evidence – Undocumented audit work typically implies it hasn’t been done, in line with industry practice. ASIC views claims of work performed but not documented with scepticism, as proper documentation is essential for transparency and compliance with auditing standards.
- Remediation – Firms must do extra audit work when reasonable assurance is lacking in the financial report. Auditors must complete their audits diligently, ensuring report reliability and market transparency. Sometimes, additional work may not uncover significant misstatements.
- Level of assurance – An audit provides reasonable, but not absolute, assurance that the financial report is free of significant misstatements. ASIC’s findings relate to cases where it believes this reasonable assurance has not been achieved.
- Risk-based approach – ASIC’s audit surveillance selection process is based on risk assessment. It typically chooses complex, demanding, and challenging audits, along with high-risk areas of financial reports.
- Focus of surveillances – ASIC’s surveillances center on critical audit evidence and judgments. It reviews audit files to assess the quality of work and the adequacy of audit evidence gathered to support the auditor’s conclusions.
- Adjustments – Auditors are vital in finding and fixing major errors in financial reports before release, even though distinguishing between errors originating from the company’s internal procedures and those resulting from the audit process can be challenging.
- Key audit areas – A key audit area is a high-risk section of an audit that gets special attention from ASIC. It involves distinct risks, business aspects, systems, and procedures.
- What is measured? – Negative findings occur when the auditor can’t reasonably ensure the financial report’s overall accuracy regarding material misstatements. Negative findings do not include findings on understanding the business, risk assessment, and other internal aspects, which could result in material misstatements in financial reports not being detected by the auditor.
- Number of procedures and findings – Negative findings occur when an auditor misses a critical audit procedure in a key area, possibly leading to material misstatements. Even one such instance is reported as a negative finding, and if there are multiple, they’re combined as one key audit area with negative findings.
- Other national and network firms – The frequency of negative findings reported for firms outside the largest six firms may vary in public reports because ASIC assesses different firms in each period. It typically reviews audit files at each of the largest six firms every 12 months until June 30th.
- Enforcement action – ASIC may consider whether to take enforcement action in connection with a negative audit surveillance finding.
- ASIC process to settle findings – Audit surveillances focus on critical audit evidence and judgments. Findings are discussed with the audit firm and reviewed by a second experienced examiner. Draft comments and reports allow firms to challenge findings and take corrective action. Different processes apply if enforcement action is considered.
- External panel – ASIC consults with an external panel to help measure and report its surveillance findings. The panel discusses complex findings, but audit firms’ identities remain confidential. The panel doesn’t review working papers or engage with auditors. ASIC makes decisions on findings without disclosing panel discussions to audit firms.
- Consistency with foreign audit regulators – ASIC’s audit surveillance findings align with those of foreign audit regulators. ASIC has collaborated with these regulators, sharing its classification methodology for findings and its approach to specific types of findings. Additionally, it has carried out joint surveillances with international regulators.
ASIC’s separate surveillances of audits
In addition to regular risk-based audit surveillances, ASIC reviews audits based on specific concerns that may lead to enforcement action against auditors. Its surveillance reviews have led to enforcement outcomes, with auditors removed from practice for varying periods or having their registration cancelled.
Key takeaways
ASIC’s audit surveillances are crucial for maintaining financial reporting quality. It focuses on critical evidence, standards adherence, and remediation. Collaboration with global regulators and external panels enhances these efforts. ASIC also takes enforcement action when necessary, ensuring market confidence.
