CPA Australia's Quality Review Program has revealed the most common ways members have been found to have breached the auditing standards. Many of the breaches found are the result of a lack of documentation, as per ASA 230, providing the necessary evidence that required procedures have been performed.
1. ASA 315 Identifying and Assessing the Risks of Material Misstatements through Understanding the Entity and its Environment
- No evidence that the auditor performed assessments of risk of material misstatements at the financial report and assertion levels.
- No evidence that the auditor obtained an understanding of the client's internal controls.
- No documentation on the client's file to provide evidence of the analytical procedures, observation and inspection procedures, and enquiries of management that should have been performed by the auditor as part of their risk assessment procedures.
2. Superannuation Industry (Supervision) Act 1993
- The Member did not confirm that the trustees had been maintaining the minutes books as required by section 103.
- The Member did not confirm that the financials at least included Statement of Financial Position, Operating Statement and Notes the Financials nor verify with the trustees that they have maintained the accounting records as required by section 35B.
- The Member did not do the risk assessment procedures to ensure that the fund is solvent as required by section 130.
- The Member did not perform the verification procedures to ensure that the trustees had not entered into any contract or do anything that would prevent or hinder the trustee performing or exercising the trustees functions or powers as required by section 52(2)(e).
3. ASA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Auditing Standards
- The auditor is not independent of the engagement performed. This is particularly relevant to Members who audit self-managed superannuation funds, where they prepare the financial accounts of the funds they are auditing. This breach can also give rise to other reported breaches, particularly APES 110.290. For more guidance on the requirements of independence please refer to the Independence guide (PDF) released by the Joint Accounting Bodies as well as the relevant standards as they apply.
- The auditor has represented compliance with the Australian Auditing Standards in the auditor's report when in fact they have been found not to be fully compliant.
4. ASA 300 Planning an Audit of a Financial Report
- No evidence that an audit plan or strategy existed for engagements reviewed.
- Inadequate audit plan for the specific engagement.
- The audit plan or strategy had not been updated from previous audits to reflect changes in direction and scope of the engagement.
- Not documenting on file if any significant changes were made.
5. ASA 230 Audit Documentation
- No working papers at all in the client file.
- Not having any documented evidence, or sufficient documented evidence, to enable an experienced auditor having no previous connections with the audit, to understand the logic and conclusions made.
6. ASA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of a Financial Report
- No evidence on the client's file that the auditor had performed any procedures assessing and considering fraud in relation to the audit engagement.
- No evidence on the client file that the auditor's procedures included testing management’s ability to override controls.
7. ASA 330 The Auditor's Responses to Assessed Risks
- No evidence that the auditor determined the overall responses to assessed risks at the financial report level.
- No evidence that the auditor designed or performed further audit procedures in response to assessed risk at the assertion level.
8. ASA 580 Written Representations
- There were no management representations obtained at all on file.
- Client's signature could not be evidenced on the management representation letter contained within the file, therefore not providing the necessary evidence that management accept their responsibilities.
- The management representation letter didn't contain all the written representations required from management in relation to fraud as listed by ASA 240 paragraph 39.
9. ASAE 3100 Compliance Engagements
- Member has not complied with the ethical requirements of Independence.
- There was no documented evidence that quality control procedures relevant to the engagement being performed.
- There was no evidence that the engagement was planned.
- The member hasn't agreed the terms of engagement.
10. ASA 320 Materiality in Planning and Performing an Audit
- No evidence that the Member considered materiality and its relationship with audit risk.
- No evidence to demonstrate the amounts and factors considered to determine materiality for the financial report as whole as well as materiality levels for particular classes of transactions, account balances or disclosures, performance materiality and any revisions to these as the audit progressed.