New Zealand audit quality monitoring report: a discussion

Intro:
Hello, and welcome to the CPA Australia podcast. Your weekly source for accounting education, career and leadership discussion.

Claire Grayston:
Welcome to this CPA Australia podcast on the findings in the New Zealand financial market authority's audit quality monitoring report for 2020. And we'll also discuss the FMA's updates to Audit quality - a director's guide.

Claire Grayston:
I'm Claire Grayston, CPA Australia's policy advisor for audit and assurance. And joining me to discuss the FMA's findings is Jacco Moision, manager for audit at the FMA. Thank you for joining us Jacco.

Jacco Moision:
Thank you, Claire.

Claire Grayston:
So let's get started. What are your overall findings of non-compliant audits?

Jacco Moision:
Yeah, of course we were always of the view that things can improve. So this year we had seven out of the 20 audit files that we considered noncompliant. That is still quite a high number, but what we find encouraging to see is the number of findings on each of these audits is decreasing over time. And also what we have measured this year in the report, is that we make a comparison where we do a risk based selection and where we select it on a non-risk basis. Where we've seen that we select on a risk basis, it's a higher chance of the audit file fails, which seems to indicate that we select the right audit files to look at. But it's also encouraging, where it's normal risk basis, that most of these audits are actually done quite well by the audit firms.

Claire Grayston:
Yeah. So that not non-risk based selection is a bit more statistical then.

Jacco Moision:
Yes. I would say it is a bit more statistical, but if you get really a university professor, they will debunk that it's really statistical, but yeah, it's a bit more on a random basis than a risk based selection.

Claire Grayston:
Yeah. Great. So, with the noncompliant files that you identified, did those result in actual misstatements, in the financial statements?

Jacco Moision:
Yeah, that's sometimes difficult to say because that's not always the objective of the FMA. In some cases we have identified that there was some material misstatements. In this year's selection, that was just one audit file. In the other ones it's a bit hard to say, because we don't go back to the entity. We don't see the original audit evidence, or in some cases we are basically unable to assess if there was a material misstatement. So if a stock-take goes completely wrong yeah, then we can't redo that part of the work. So we can't assess if there was a material misstatement in that case or not. And what we also see is sometimes, okay, we might've thought that it didn't have a material impact, but two years later we find out actually when someone else takes over the audit and reassess an accounting treatment, that it was actually incorrect and that it would have led to a material misstatement at that time.

Claire Grayston:
Yeah. So really short of redoing the audit in those cases, you can't be certain what the impact would be.

Jacco Moision:
That's correct.

Claire Grayston:
So the level of findings that you've had has been relatively stable for several years, but you did mention already that you consider that audit quality is improving. So how could that be?

Jacco Moision:
Yeah. There are two things to that. One is we review in cycles, so we review different firms in different years. So although you see that for the last two or three years, it's quite similar. If you compare it to the cycles before that, we definitely see a decrease from the previous cycle. So that is in one case hopeful. And the other one that I mentioned earlier is the number of findings per file decrease. So for us, that's encouraging to see that there is actually an improvement within the files. Where we previously had maybe two or three areas that failed into one audit file, it might now be one particular issue. It's still a failure of a file, but it's an improvement from the two or three areas that we would have seen before.

Claire Grayston:
Great. So that improvement that you're seeing, what kind of initiatives have been effective, do you think in achieving those improvements in audit quality?

Jacco Moision:
I think it's depending on each of the firms. Sometimes it was a one off issue, so then it's hard to see, okay, what the firm has done to improve that. I think where we've seen some really good improvements on the systematic issues is where the firm has done a really good root cause analysis to identify where the issue occurred, followed by changing some of their templates or procedures in the audit software, provide additional training on that area and then reviewing by doing their own monitoring, if it has improved. And in some instances we have seen that audit firms still noted that there was a particular area of noncompliance and then redid the process again, and then you really see a improvement in a particular area. So one of the areas where we focused on last year and the years before were four key areas like journal entry testing of related parties. We definitely see an improvement in those areas, where the quality of the documentation on the audit file has improved by performing some of these procedures.

Claire Grayston:
And there's a role for the directors and the audit committees in this quest, if you like, to improve audit quality isn't there? So what actions can directors and audit committees make to ensure that a high quality audit is being provided? Jacco Moision:
Yeah, first of all, I want to promote the other report that you mentioned, Claire, is the audit guide for directors, which is I think, a must read for directors to get an insight on how they can contribute to audit quality. But secondly, also our annual monitoring report is a report that has a lot of references on how directors can contribute to certain areas. I think we are quite unique in that respect that a lot of audit regulators don't have the mandate or don't have the responsibility to also look at the quality of financial statements and we are a securities regulator, so we combine that effort in our report where we on one hand tell the auditors what they can improve, but on the other hands, the directors.

Jacco Moision:
So where I think the directors should really focus on is the quality of the fund manager information provided by management, and then how that is presented to the auditor. I think directors should also ask specifically to auditors on how their control environment is working, and where there are deficiencies, what those deficiencies are in those controls. We often see, for example, that auditors have in the years before, identified controls deficiencies, they have not been addressed by the directors and then after two or three years, they basically give up and say, "Why should I repeat what I've had in my previous reports?" However, we believe that's not helpful. There should be a push by the auditors to the directors to actually provide a better control environment, which would lead to better quality audits.

Claire Grayston:
Yeah. So really following up on those management letters that auditors issue privately to the company at the end of their engagement.

Jacco Moision:
Yes, that's correct.

Claire Grayston:
So which areas have you identified in the report, which auditors and their clients need to focus on to improve audit quality?

Jacco Moision:
Yeah, this year, we have mainly three areas where we want people to focus on. It doesn't necessarily mean that other areas are not important, but we don't want to repeat ourselves year on year in these reports, so we generally focus on the most significant areas. This year, you would have seen, Claire, that we have made some changes again to our report. And on page seven of our report, we actually summarise all the areas that we have reviewed in an audit file and how many times, and where we have seen findings that have led to insufficient audit evidence or other noncompliance areas. So we generally try to focus on the areas that feature the most in those schedules as well.

Jacco Moision:
So for this year, we focus on audit firms' quality control systems, and how they can contribute to the overall audit quality of an audit file. We continue to focus on auditor independence, and you might have some questions later though, on that, and the adequacy of financial statements, presentation and disclosure, which we found very important as well, where people will focus quite a lot of times on the numbers in the financial statements, but not necessarily on the required disclosure and what that means for investors.

Claire Grayston:
So a bit more of that narrative disclosure and paying attention to the consistency with the numbers, would you say?

Jacco Moision:
Yeah. And I think it's way more important now in the current environment with COVID-19, where I think entities have to make bigger assumptions and there is a lot more uncertainty. The number itselves might not really tell you a particular value. It's more the disclosure around how sensitive are some of these assumptions made and what would happen if you don't get it right. And how much would that impact your results or your value in the balance sheet?

Claire Grayston:
Yeah. So in addition to those three areas of focus that you've just talked us through, the report notes some recurring areas of concern that have come up in previous years. Would you like to explain what those are and how auditors can address those?

Jacco Moision:
Yeah, we already mentioned, I think two of them. One is the area of accounting estimates. We found that's still a very important area where we expect auditors to focus on. I think the quality of the documentation has improved in these areas, but we still sometimes don't see enough evidence, that supports the view that the entity has been taking in the area of accounting estimates. Another one is the auditor's response to fraud risk. We've noted a couple of issues in that area, but a lot of them come back to okay, understanding the controls environment around fraud risks, but also specifically okay, where auditors do journal entry testing on how they execute those procedures, how they link to risks between the journal entries that they are willing to test or want to test and how they then test them.

Claire Grayston:
And Jacco, if I could just jump in there, I can see quite clearly from the table you were talking about earlier, where you've broken down the findings into areas reviewed on page seven of the report, the broad risks that you mentioned and risk assessment, do jump out as areas that you had quite a lot of findings.

Jacco Moision:
Yeah, that's correct. Actually, with fraud risk, we thought that it was in none of the audit files led to insufficient audit evidence, but it is an area I think, where there's a lot of international focus on, and if you don't detect a fraud that was quite visible, I think a lot of questions will be asked to the auditors, and finally, a recurring theme is the related party transactions. Again, that occurred in nine out of the 20 audit files. So it's almost 50%. Again, it's just making sure, okay, that you understand the process an entity performs in identifying related parties and how they then check if there were any transactions with these related parties.

Jacco Moision:
And what we've seen, for example, in a lot of these areas, regardless if they have good controls or very bad controls, the auditor performs the same procedures. And in a lot of cases, we think it's not sufficient enough to actually identify related parties. So they might not be checking the Companies Office website with links between directors and other entities, or also that they don't really look into the transactions if they have been completely recorded in the financial statements.

Claire Grayston:
So just moving on to some other areas that you looked at this year, I noticed that you took a closer look at audits of peer to peer lending services in the period. So what did you find in this area?

Jacco Moision:
Overall, these audits were compliant. Our purpose for including this topic in our report, is more to inform the wider public, what value the audit of financial statements for these peer to peer lenders provide. For example, on the balance sheet of peer to peer lenders, you don't see the original loans between the two parties, so therefore there is no assessment formed by the auditor if a party can actually repay the loan. The only thing that is visible, is the receipt of the commission on this particular loan. Therefore, it might not really derive a lot of value for people using the peer to peer lending services. So they should maybe look to some other comfort regarding peer to peer lending services of how they handle client money or what controls they have set up to actually vet some of these lenders.

Claire Grayston:
Yeah, it's a really, really interesting observation Jacco, as to where the reporting framework meets needs, and where it might fall short because of the type of nature of the industry. So obviously we've been very much preoccupied and dominated by COVID-19 pandemic this year, and it's had a significant impact on entities as well as the way auditors work. Mostly though, that impact has been seen since 31st of March 2020 year ends, which are prevalent in New Zealand. So what do you think the FMA will be looking at when you come to review audit files for entities which have experienced a prolonged impact of the pandemic during this current year?

Jacco Moision:
So yeah, our reviews itselves will not significantly change. However, there will be two areas that will change. Is first of all, entities that are severely impacted by COVID-19 are likely to have a higher chance of being selected in our quality reviews. And then secondly, when we look at these specific audits, of course, we will maybe focus on a few different key areas where we would normally look at. So a going concern might feature quite high on that list, but also things like impairment of assets or expected credit losses, valuations may become way more sensitive. So that's probably the areas that we will be looking at. And maybe we will focus less on other areas where we would normally look at, like revenue or some other more material balances in the financial statements.

Claire Grayston:
Thanks. So another issue that's been arising globally has been the provision of non-assurance services to audit clients. And this has been a significant concern, particularly in Australia and in the UK where there's been inquiries undertaken, encompassing the conflicts of interest that can arise from providing those services. Do you have any of the same concerns about these non-assurance services being provided in New Zealand?

Jacco Moision:
I think over the last couple of years, we have noted a significant improvement in the application of the independent standards by audits here in New Zealand. So our concern therefore is mainly when the audit is subject to some other issues that the provision of non-assurance services or the independence becomes a talking point that discredits the overall view of the profession, which we believe is not really helpful for a discussion to have at that time. So to avoid all that perception issues, we suggest that both ourselves, but also the auditor general that are quite vocal about these things, that the auditor and directors very carefully consider what impact the provision of other services might have on the overall view that an independent audit is performed. So we don't really see that there is a direct link between independence and bad auditing. It's definitely the perception issue, which we would like to avoid.

Claire Grayston:
Yes. So you're asking entities to take care and look at those areas, but I do see in your report, I mean, the non-assurance services are relatively low, particularly compared to other jurisdictions.

Jacco Moision:
Yes. And we have seen that decrease over time as well. It's static between 2019 and 2020, but we definitely see a decrease in that.

Claire Grayston:
So we also see firms and their clients are increasingly using technological tools and some of those are developed by some of the firms. So how do you think the provision of technology to an audit client could or does create a threat, particularly where it's a product rather than a service? So we talk about non-assurance services, but these are arguably products. Can they cause concern?

Jacco Moision:
Yeah. The reason why we have included that in that report is that we know that often it's not just the product being sold, but attached to that is also a service. So what if the product is not working, who's going to help you out with that? That's where we see that the audit firm then might have another team that is actually helping the client in getting the tool up and running and actually might in that respect, make some decisions as well. Also, if a product is provided for, let's say an artificial intelligence tool, that delivers information that is then later included in financial statements, as an auditor there, you can't really assess the effectiveness of that tool, if you had developed it yourself. So that creates a conflict as well.

Claire Grayston:
Now we spoke before about the director's role and audit committee's role in supporting or improving audit quality. And I note that the FMA has updated the guide for directors, Audit quality - a director's guide, which covers a wide range of matters from tenders selecting new auditors, engaging the auditor in non-assurance services that we just spoke about, evaluating their independence, preparing and managing the audit and so forth. Can you highlight any areas that have been specifically revised this year?

Jacco Moision:
I have to admit Claire, we haven't changed much this year. So the main changes are in the useful resources at the back of the report, where we try to make sure that these remain relevant, and there are new things coming out all the time. So we want to make sure that when the directors pick up this report, that they have the most up-to-date and most relevant information to go through.

Claire Grayston:
So you'll just keep reviewing and updating that every year to make sure it's completely current.

Jacco Moision:
Yeah, that's correct. And we also look at new developments. So when we see things happening in Australia, in the UK, we start thinking and saying, "Hey, is this something a director should think about?" And although it might not be law here in New Zealand, they should take it into account when they are evaluating, for example, their relationship with their audit firm.

Claire Grayston:
So talking about things that have been happening elsewhere, I note that the parliamentary joint committee inquiry in Australia into the regulation of auditing in Australia have now issued their final report. And essentially that report confirms the 10 recommendations that they made earlier in the year, back in February. Do you expect any impacts on the New Zealand market if the Australian government accepts those recommendations, such as the introduction of internal controls regime, tighter prohibitions and greater transparency over non-assurance services provided to audit clients or mandatory audit tendering?

Jacco Moision:
Yeah, maybe a point to make in the first instance, as an audit regulator, we don't set policies or laws. And therefore our role with these changes is a consulting one, with other agents responsible for setting the rules and regulations. I think you've picked out the three most significant points in the report. And we have a lot of discussions with ASIC on an ongoing basis. So at least once a month I'm talking to Doug Niven as well on these developments.

Jacco Moision:
I briefly try to focus on the three points that you have mentioned. So the first one is the internal controls reporting. This will be the most interesting one, as we have a large number of trans-Tasman multinationals, like for example, the big banks. So we will be working closely with ASIC to see what the rules are. In Australia, for example, do these rules include the New Zealand subsidiaries and how are we going to check the compliance with that? But also for the dual listed entities that we have for entities that might be incorporated here in New Zealand, but have a sole listing on the ASX, or where they are dual listed for big companies, like a2 Milk. So that will be an interesting development to follow.

Jacco Moision:
When we look at the tighter prohibition and transparency of non-assurance services, I think some of these things will change with the implementation of the international standards on independence that are subject to change at the moment. And we also see our local standard setter and the auditor general being very active in this space. So we expect that the provision for other services will decrease significantly and will I think reduce to almost zero in upcoming years.

Jacco Moision:
And then the mandatory audit tendering, although not required in New Zealand, we have recently seen a number of large entities that changed auditor. And we like to believe that this is a result of our communication in publications, like the auditor guide of directors and our corporate governance handbook, where we don't set a requirement for tendering, but we recommend directors to reconsider their long standing association with an audit firm on a regular basis, without mentioning a specific timeframe.

Claire Grayston:
You note in the report, the scrutiny of audits in other jurisdictions and the reforms arising from the UK inquiries, which are still being determined in large part, but are essentially introducing to start with, operational separation of audit and non-audit services. Do you think such reforms would be relevant or necessary in New Zealand or perhaps feed down in due course?

Jacco Moision:
Good question, Claire. The FMA monitors these developments through our membership of FER. This provides us with a possibility to directly engage with the regulators, such as the FIC in this case. And what we try to do in those discussions, Claire, is to get a better understanding for the reasons of implementing these measures and the effect that they may have on audit quality. I think at this moment, it's too early to say that the spread of firms will have a significant impact on audit quality or how the wider cycle this group will look at the independence of audit firms as a result of that. So where you still have the same brand names, you're in the same building, you print things on the same letterhead, do people really understand that there is a split between the audit side of the firm and the rest of the firm? So that will be the interesting things that we will look at to see if that's then necessarily in New Zealand, if the perception may not change, even if you make that more legal split.

Claire Grayston:
At least Jacco, for in New Zealand, as we said before, the provision of non-assurance services to audit clients is quite low, and you're predicting that that will fall even further. So the threat, I guess, diminishes.

Jacco Moision:
Yeah. That's another way to look at it and say, "Okay, if we all agree not to deliver these services anymore, is it then still needed to have that split?" And that split might've been done, for a different reason as well, to make sure that audits get the right attention within the firm. Again, we don't have any signs that audits don't get the right attention here in New Zealand, by the leadership of the firm or by other parts of the firm.

Claire Grayston:
Well, thank you very much for your observations Jacco, and listeners can use the links in the page for the podcast to your audit quality monitoring report and to Audit quality - a director's guide, and read in a lot more detail around the topics that we've talked about today. So thank you very much for your time Jacco.

Jacco Moision:
Thank you Claire.

Outro:
Thanks for listening to the CPA Australia podcast. For more information on today's episode, please visit the show notes at www.cpaaustralia.com.au/podcast. Never miss an episode by subscribing to our podcast on Apple Podcasts, Spotify or Stitcher.