Audit radar for 2012 and beyond

Public interest entities

APES 110 Code of Ethics for Professional Accountants was recently amended to clarify the definition of a public interest entity (PIE) and imposes stricter auditor independence requirements, such as partner rotation. The amendments take effect from 1 January 2013.

A public interest entity (PIE) is:

• a listed entity, or

• an entity defined by regulation or legislation as a public interest entity; or for which the audit is required by regulation or legislation to be conducted in compliance with the same independence requirements that apply to the audit of listed entities. Such regulation may be promulgated by any relevant regulator, including an audit regulator.

Firms must also determine whether to treat additional entities, or certain categories of entities, as PIEs because such entities have a large number and wide range of stakeholders. Factors to be considered include:

• the nature of the business, such as the holding of assets in a fiduciary capacity for a large number of stakeholders (eg, financial institutions, such as banks, insurance companies and pension funds)

• size

• the number of employees.

The revision states the following entities in Australia will generally satisfy the conditions as having a large number and wide range of stakeholders and are likely to be classified as PIEs:

• authorised deposit-taking institutions (ADIs) and authorised non-operating holding companies (NOHCs) regulated by the Australian Prudential Regulatory Authority (APRA) under the Banking Act 1959

• authorised insurers and authorised NOHCs regulated by APRA under Section 122 of the Insurance Act 1973

• life insurance companies and registered NOHCs regulated by APRA under the Life Insurance Act 1995

• disclosing entities as defined in Section 111AC of the Corporations Act 2001

• registrable superannuation entity (RSE) licensees, and RSEs under their trusteeship that have five or more members, regulated by APRA under the Superannuation Industry (Supervision) Act 1993

• other issuers of debt and equity instruments to the public.

Firms providing audit services need to develop a policy as to what constitutes a PIE. Some of that work has already been done as APES 110 has deemed certain entities as PIEs. Firms must then determine whether to treat additional entities, or certain categories of entities, as a PIE because they have a large number and wide range of stakeholders. In making such a determination, the firms may have regard to the definition of “public accountability” under AASB 1053 Application of Tiers of Australian Accounting Standards, or perhaps the broader definition of the “reporting entity”. Firms also need to be alert that a regulator may deem certain entities under its jurisdiction as a PIE.

The audit client base will need to be analysed applying the firm’s policy on Public Interest Entity – Identification, and audit clients identified as PIEs or not. It is in relation to the former that the firm needs to apply a higher level of audit independence under APES 110 in section 290 Independence – Audit and Review Engagements.

APES 110 was reissued in December 2010 and contained substantive amendments to audit independence in section 290 as well as in section 291 Independence – Other Assurance Engagements. Some audit practices are still coming to grips with these requirements and need to document their policies and procedures, train their partners and staff and advise their clients.

Quality audits

Last year ASIC released its 56-page Audit inspection program public report for 2009/10 which, inter alia, identified its focus areas for 2012 and beyond. The areas identified by ASIC may be helpful to audit practices to identify those parts of the practice where audit quality could be improved and audit risk reduced.

Specific areas of focus identified were:

• Audit quality and evidence: Continue to focus on whether the auditors obtained sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base their opinion. ASIC intends to challenge engagement partners on whether the evidence obtained and documented on engagement files for specific audit assertions is sufficient and appropriate and supports the significant judgements made to reach their conclusions and form their opinions.

• Professional scepticism: ASIC will review engagement files for evidence of the extent of professional scepticism exercised by engagement teams in significant judgement areas.

• Relying on the work of others: ASIC will continue to focus on areas where the auditor relies on the work performed by others to draw conclusions on which to base the audit opinion, particularly in light of revised Clarity auditing requirements.

• Audit fees and audit efficiencies: Engagement file inspections will focus on the sufficiency of the audit quality, and on firms’ acceptance and continuance processes. ASIC will focus on firms’ strategies regarding conducting audits in the most efficient to ensure that audit quality is not compromised.

Other areas of focus include:

• Corporate collapses: Any areas of deficiency in auditor conduct that may have contributed to a lack of transparency in the financial position and financial performance of an entity on a timely basis leading up to a corporate collapse.

• Understanding the client’s business model: The auditor’s understanding of the entity’s business model and risk assessment for individual engagements, and the auditor’s interaction with the audit committee to ensure that key areas of risk are included in the audit strategy.

• Clarity auditing standards: Application of the new ‘Clarity’ auditing standards, including standards that have undergone considerable change.

• Opinion shopping: Monitoring ‘opinion shopping’, particularly where there are communications with an audit firm about their views on specific accounting treatments prior to acceptance of a new engagement.

• Partner involvement: The involvement of the engagement partners and Engagement Quality Control Reviews (EQCRs) at different stages of the audit, including planning, consultations with the engagement team and reviewing key judgements and conclusions reached.

• Governance communication: The quality and extent of the auditor’s communications with governance of the entity, particularly communication of unadjusted differences and the significant audit judgement areas of going concern assessments, fair value measurement and impairment testing.

• Technical consultations: The extent of audit procedures performed and internal consultations.

• Financial statement disclosures: The audit of financial statement disclosures, to ensure that the investing public is properly informed.

• Financial reporting disclosure: Compliance with financial reporting disclosure requirements through ASIC financial reporting surveillances and targeting those entities with deficient disclosures for audit inspections.

• Suspected contraventions of the Corporations Act: The adequacy and timeliness of auditors reporting suspected contraventions of the Corporations Act under s311, s601HG and s990K.

• Audit rotation: Scrutinising compliance with the auditor rotation requirements of the Corporations Act, including EQCRs as they are required to be registered company auditors.

In preparing for the forthcoming reporting season, the audit practice should consider how it has specifically responded to the areas of audit quality identified by ASIC.

Risk management

APES 325 Risk Management for Firms sets standards for members in public practice to establish and maintain a Risk Management Framework (RMF) in their firms in respect of the provision of quality and ethical professional services. It takes effect from 1 January 2013.

APES 325 describes the broad principles by which accounting firms will have to develop their own more detailed risk management plans, and includes mandatory requirements and guidance for firms to establish, maintain, monitor and document an RMF.

An RMF must include policies and procedures that identify, assess and manage the following risks: governance, business continuity (including succession planning), business, financial, regulatory, human resources and technology. APES 325 will become the umbrella standard for risk management of audit and related standards, as well as the APES pronouncements that address non-assurance services.

Firms will need to integrate existing policies regarding service lines (eg assurance, compilations, insolvency, management consulting, forensic, taxation, valuations and APES 320 (Quality Control of Firms) into a coherent RMF. Each of the service lines will have different risks and therefore a different response may well be required to manage and mitigate those risks.

Corporations Legislation Amendment (Audit Enhancement) Bill

The Corporations Legislation Amendment (Audit Enhancement) Bill 2011 is intended to improve audit quality in Australia and deliver greater transparency and reliability. The Bill addresses audit partner rotation for listed entities; annual transparency reports for auditors who audit 10 or more listed entities, insurers or ADIs; refining the Financial Reporting Council auditor independence functions; audit deficiency notifications and reports by ASIC, and ASIC communications with corporations, registered schemes and disclosing entities concerning their audits.

It is perhaps the annual transparency report that requires the most attention. An annual transparency report will be required by audit firms conducting audits of 10 or more specified Australian entities (listed companies, listed registered schemes, authorised deposit-taking institutions (ADIs) and insurance companies). The specific content of the report will be detailed in Corporations Regulations, which are yet to be published.

While smaller firms may fall under this threshold, there may be sound business reasons to undertake transparency reporting, for example, so as not to have a competitive disadvantage in a tender, and to preserve or enhance a client relationship.

The Bill envisages that the transparency reporting disclosures will include the following:

• information about the auditor’s legal structure and ownership

• where the auditor belongs to a network, information about the network and the legal and structural arrangements in the network

• information about the auditor’s governance structure

• information about the internal quality control system of the auditor and a statement by the administrative or management body of the auditor on the effectiveness of its functioning

• details of when the last reviews of the auditor took place, showing separately audit inspections by ASIC, and quality assurance reviews by each of the professional accounting bodies

• information about the auditor’s independence practices, including details of the last internal review of independence compliance that was conducted

• the names of entities of the kinds listed in proposed subsection 332A(1) for which the auditor conducted audits under Division 3 of Part 2M.3 during the preceding calendar year

• the policy followed by the auditor concerning the minimum amount and nature of continuing or other professional education that must be undertaken by professional members of the audit team

• summary financial information for the auditor, showing total revenue, fees for Corporations Act audits and fees received from audit clients for other assurance services and other non-audit services, and

• a statement of the principles used by the auditor for determining partners’ or directors remuneration (as appropriate).

Under the Bill, ASIC is given the power to issue an audit deficiency report in relation to failure by an audit firm to comply with: the auditing standards; the audit independence requirements in the Corporations Act; any applicable code of professional conduct, or with the provisions of the Corporations Act dealing with the conduct of audits. Such reporting has implications for a firm’s risk management framework.

Conclusion

It is vital that firms providing audit services understand these developments and assess the implications in depth now. A number of these issues require significant resources to develop strategies, revise policies and procedures, train partners and staff and communicate with existing and potential clients. Failure to attend to such matters in a timely manner will place the audit practice sustainability at risk.