ASIC audit firm inspections: timely heads-up for smaller firms

This article was current at the time of publication.

The Australian Securities and Investments Commission (ASIC) has released the findings of its annual audit firm inspections. 

For the 12 months to 30 June 2022, ASIC reviewed 146 key audit areas across 45 audit files (39 ASX listed and 6 unlisted entities) audited by the largest six firms. 

Although there is a slight upswing in negative findings (36 per cent from 32 per cent last year), for the first time the report includes two case studies of good practice in the audit of revenue, audit of asset values, and impairment of non-financial assets – areas with historically large numbers of negative findings.

ASIC also released a separate report on Root Cause Analysis this year.  

The purpose of the root cause analysis report is to give auditors guidance on how to improve their processes. 

ASIC expects all audit firms – if not already doing so – to:

• identify root causes of negative findings from internal quality reviews of audits, its audit inspections, and material changes to audited financial reports
• develop and implement action plans to address identified root causes
• monitor and revise action plans to ensure they are effective.

Areas for improvement

ASIC Chief Accountant Douglas Niven says that while many smaller firms have faced resource pressures due to the pandemic, restrictions on travel into Australia, and lower staff retention rates, there is still an expectation that they perform the work necessary to support their audit opinions on financial reports.

“While some audits we review are well executed in accordance with the auditing standards, others do not comply,” Niven says.

“ASIC identifies similar findings in reviewing audit files of both larger and smaller firms, particularly with regards to the audit of revenue and asset values. There can also be findings on risk assessment and the basic execution of audits.

“It’s important that all firms, whether inspected by ASIC or not, consider the findings in our audit inspection report and whether there is a need to improve their audits.”

In its latest report, ASIC identified forecast cash flows (38 per cent), other key assumptions (21 per cent), and expense capitalisation (17 per cent) as concerns with the audit of asset values and impairment of non-financial assets.

For the audit of revenue, issues contributing to high levels of negative findings were tests of details (37 per cent), internal controls work (20 per cent), and risk assessment procedures (19 per cent).

Focus on remedial strategies

Niven says it’s essential that auditors adopt strategies to mitigate any pressures on company financial reporting and audit firm resources.

“To minimise deadline pressures, audits should be planned well in advance, adherence to timetables monitored and any anticipated delays addressed,” he advises.

Notably, this includes agreeing on timetables with management for delivering records, analyses, and draft financial reports, as well as performing audit work before year-end where possible. 

“For example, changes to the financial report format, new accounting treatments, and accounting for complex transactions should be considered before year-end,” Niven notes. 

“Other strategies, such as virtual secondments of staff from other locations or secondments from other firms, may also assist. Where possible, reporting deadlines for different audited entities should be staggered.”

Auditing and Assurance Standards Board (AUASB) Chair Bill Edge adds: “Revenue and receivables, and asset values and impairment are areas likely to be relevant for all audits, regardless of an entity’s size or complexity.

“Smaller firms must consider whether they are performing sufficient and appropriate work in these areas. 

“Smaller entities are also likely to have fewer complex balances and transactions – namely, fewer revenue streams and less complex asset valuations – so it’s important to make sure audit procedures are planned effectively and targeted at the audit risk.”

The RCA imperative

Edge says in terms of being able to implement the right remedial actions to improve audit quality and being up to speed with conducting objective, thorough and timely root cause analysis , firms still lagging will need to act fast.

Indeed, the new Auditing Standard ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements requires all audit firms to have systems of quality management designed and implemented by 15 December 2022, and the evaluation of the implemented system to be performed within by 15 December 2023. 

As CPA Australia’s Audit and Assurance Lead, Policy & Advocacy, Tiffany Tan, notes, all firms – regardless of size – are going to have to perform root cause analysis as mandated by ASQM 1.

“Root cause analysis will be a major component of meeting the requirement of evaluating the effectiveness of the design and implementation of the quality management system.” Tan advises. 

However, root cause analysis is not a new concept. 

“CPA Australia and CAANZ in conjunction with the Big Six firms issued guidance several years ago on how to perform effective root cause analysis,” Edge notes.

Keys to better practice

Further, according to a new report from New Zealand’s Financial Markets Authority (FMA), many firms have already prioritised root cause analysis through improved record keeping with accounting estimates and increased scepticism around entities’ financial statements.

“Over the last year we have seen audit firms make significant investments in their audit quality functions and software,” says FMA Acting Director of Capital Markets Paul Gregory.

ASIC’s recent Root cause analysis: Audit firm thematic review also identifies many existing good practices such as the inclusion of a wide range of audit file sources for root cause analysis and maintaining the independence of root cause analysis teams.

Although the report is based on findings from the Big Six, Niven emphasises that “root cause analysis is scalable between firms [of all sizes]”.

“How firms manage their client engagement and the quality of the audit hinge heavily on root cause analysis,” Tan continues. 

“In the past, there was no clear requirement for firms to consider what’s gone wrong and how to improve the processes going forward. Although most firms would have done it for best practice on a voluntary basis, with the new Auditing Standard ASQM 1, there is now clear expectation of accountability to the firm or the partner on the quality of audit.”

Tan says it’s vital for audit firms regardless of size or client type to maintain the same quality as bigger players, and that necessitates full compliance with ASQM 1. 

All firms, she warns, are now operating in a more complex business environment with decreasing resources, increasing time pressures, and growing fraud risk.

Despite auditor rotation requirements under the Corporations Act 2001, complacency borne of client familiarity can become an issue.

Tan welcomes acknowledgment from ASIC that company directors are ultimately responsible for the quality of their financial reports but says this does not change the auditor’s responsibility for a quality audit.

ASIC has put forward a series of better practice recommendations, including:

• broadening the audit files on which root cause analysis is conducted
• better use of audit quality indicators and audit milestones data in determining the real root causes of quality findings
• conducting real-time reviews on future audits following root cause analysis