speech

ASIC’s Financial Reporting and Audit Surveillance Program

Speech by ASIC Commissioner Kate O’Rourke at the CA ANZ Audit Conference 2024, 16 May 2024.

Published 16 May 2024

Headshot of Kate O'Rourke

Check against delivery

Acknowledgment of Country & Introduction

Good morning, everyone. Thank you for the invitation to speak here today.

Before I begin, I’d like to acknowledge the Gadigal people of the Eora Nation, the Traditional Owners and Custodians of the land from which I am making this address today – Sydney.

I pay my respects to their Elders – past, present and emerging. I extend that respect to Aboriginal and Torres Strait Islander people here today.

I am here today to provide you with an overview of ASIC’s critical financial reporting and audit surveillance work, which supports our unwavering commitment to promote confident and informed participation in the financial system. I will prioritise topics that I think would be top of mind for you. I will touch upon ASIC’s audit findings from the 2022 – 2023 surveillance program before giving an overview of our focus areas for the June 2024 reporting period.

I will also share with you some preliminary observations from our recent review of a number of audit firm’s implementation of AQSM1.

Following this, I will speak briefly about one of the biggest changes to financial reporting and disclosure standards in recent times – the Government’s proposed mandatory climate reporting reforms. I’d like to make some observations about how ASIC is proposing to support them.

If time permits, I look forward to answering your questions.

ASIC’s Financial Reporting and Audit Surveillance Program

Overview of ASIC’s financial reporting and audit surveillance program

It goes without saying that ASIC is and always will be committed to strong oversight of auditors and enhancing the integrity and quality of financial reporting and auditing in Australia. We do this through our proactive surveillance of financial reports and audits, and our pursuit of enforcement action where it is appropriate. We believe this is important to upholding public trust and confidence in our financial system.

As you know, we take an integrated approach to our financial reporting and audit surveillances. This approach provides an end-to-end view of financial reporting and audit across the financial reporting chain which we believe results in a better overview of the financial reporting eco-system.

We follow a risk-based approach to target financial reports for review, taking into account a range of market data, reported financial information, relevant ASX announcements and other ASIC intelligence, such as reports of misconduct by external parties and reports received from auditors under their company law reporting obligations.

Our financial report targeting then informs our selection of audit files to be reviewed. We now routinely select audit files where a change has been made to financial information or the financial report or where we have concerns that a financial report may have a risk of material misstatement. In some instances, we select audit files based on other internal or externally available data.

Which brings me to the topic of transparency. We know that transparency is important. Our financial reporting and audit program maintains transparency in three ways:

Firstly, by including in our public report a summary of the thematic findings from our surveillance of financial reports as well as a summary of individual findings from our audit surveillances for all firms (on a no names basis). This provides greater prominence to all audit findings.
Secondly, by reporting findings from our audit surveillance to the directors of companies and the auditors to encourage constructive dialogue between the company and auditor to improve financial reporting and audit quality.
Thirdly, we maintain transparency by issuing media releases naming companies where they make material changes to their financial information in subsequent financial reports or other information after an ASIC enquiry.

We published our first report under the new integrated program on 18 October 2023. We plan to publish our next report on our financial reporting and audit surveillances in October.

Findings from the 2022-23 surveillance program

Financial reporting

I would now like to share some of our findings from the 2022-2023 surveillance program.

Last year we reviewed 180 financial reports. The majority of the companies whose financial reports we reviewed were in the top 500 of the ASX by market capitalisation and mostly in the materials and software and services industries.

These reviews resulted in ASIC contacting 55 entities with enquiries covering 93 issues. From these 55 surveillances, 25 entities made adjustments to previously released financial information after we raised concerns with their financial report.

Our 2023 report details findings in a number of areas, including:

insufficient disclosure of material business risks in the operating and financial review, and
impairment of assets and revenue recognition and other financial report disclosures.

I will briefly touch upon these as these findings are important.

Operating and financial review

The majority of findings from our financial reporting surveillances were in relation to the Operating and Financial Review (OFR). We contacted 33 entities to communicate our concerns on the adequacy of their disclosures, particularly in relation to strategies and prospects, and material business risks. Following our surveillances, 19 of these entities made additional or improved disclosures.

Many entities still need to significantly improve the information they report in the OFR for the benefit of investors and other users. Entities that are of particular risk are those that are newly listed, regularly raise funds, or have more complex business models.

Impairment and asset values

We also had 20 surveillances where we contacted entities about their impairment testing, mainly of goodwill and other intangible assets. Three entities made impairment adjustments following our surveillances.

It is important that directors (including members of audit committees) question the need for, and adequacy of, asset impairment and the adequacy of related disclosures.

Revenue recognition

We also had 14 surveillances where we contacted entities about their recognition of revenue including disclosure of accounting policies. Following these surveillances, three of these entities made adjustments to either their revenue recognition or disclosure of their accounting policy.

Auditing

I will now turn to our audit surveillance findings.

Auditors play an important role as the principal external check on a company’s financial report and, as key gatekeepers, are uniquely positioned to determine whether there has been a contravention of the Corporations Act. The key focus areas for last year’s surveillance program were:

Impairment of non-financial assets and asset values;
Revenue and receivables;
Inventory and cost of goods sold;
Provisions; and
Investments and financial instruments.

During the surveillance period, we reviewed 15 audit files across 11 audit firms. We reported findings to directors of 11 companies and nine audit firms. In six of the 15 audit surveillances we had both audit and financial reporting findings.

As a result of our financial reporting and audit surveillances, adjustments totalling $215 million were made to previously released financial information.

We continue to have the largest number of audit findings on impairment of non-financial assets and the audit of revenue and receivables.

For example, we had seven findings relating to impairment of non-financial assets. Deficiencies identified included:

not testing whether key assumptions in cash flow models are reasonable or supported by independent evidence;
accepting valuation methodologies that may not have been appropriate or reliable;
not properly considering indicators of impairment;
not confirming existence of and rights to digitals assets; and
not adequately testing capitalised expenditure.

Additionally, we had six findings relating to revenue and receivables testing. They included:

failing to test that revenue transactions occurred and were recorded accurately;
failing to identify a material misstatement;
assessing risk of material misstatement as lower than appropriate;
failing to understand the nature of the revenue cycle; and
not sufficiently reviewing the work of an overseas auditor.

International Forum of Independent Audit Regulators (IFIAR) survey

ASIC’s audit findings are not unique. In fact, regulators of auditors internationally have made similar findings.

ASIC is currently a member of the International Forum of Independent Audit Regulators, where we collaborate with other audit regulators on audit quality and regulatory practice.

In March 2024, IFIAR released its twelfth annual survey of inspection findings arising from its member regulators’ individual inspections of audit firms affiliated with the six largest global audit firm networks. Similar to ASIC, IFIAR noted the area with the highest level of findings was accounting estimates, including fair value measurement followed by internal control testing and adequacy of financial report presentation and disclosure.

Both ASIC and IFIAR encourage audit firms to make continued efforts to enhance audit quality to reduce the number of audits with findings.

ASIC’s stakeholder engagement

Our involvement with IFIAR is just one example of ASIC’s stakeholder engagement in action. We have a comprehensive stakeholder engagement program that sees us undertaking both international and domestic engagement so that we can deepen our understanding of emerging issues and risks in the financial reporting and audit industry, and collaborate with other regulators and government agencies to improve the quality of financial reporting and audit.

On the international front, ASIC is also a board member of the International Organisation of Securities Commissions (IOSCO) and the IOSCO Sustainable Finance Taskforce, We also engage with international accounting and audit standard setters on issues such as sustainable finance and digital financial reporting.

Domestically, we regularly liaise with professional accounting bodies and audit firms to discuss emerging accounting and auditing issues. Importantly, we also undertake ongoing and regular engagement with the AASB, the AUASB, the Financial Reporting Council, the Council of Financial Regulators and the Australian Institute of Company Directors on a broad range of issues related to financial reporting and audit including sustainable finance.

Focus areas for financial reporting and auditors

Which brings me now to what will be ASIC’s focus areas for the June 2024 reporting period.

Through our proactive surveillance program, ASIC will continue to focus on asset values, adequacy of provisions, subsequent events and disclosures.

This year we will expand our surveillance program to include:

previously grandfathered companies –large proprietary companies that were previously exempt from lodging their financial reports with ASIC are now included in ASIC’s integrated financial reporting and audit surveillance program. These companies were first required to lodge financial statements for financial year ended 30 June 2023 and we reviewed a small number (10) for our 2023-24 surveillance program. This has resulted in one material correction so far, with Southern Steel Group Pty Ltd amending its financial statements where we identified a failure to comply with accounting standards. In 2024-25 we plan to review a larger number of financial reports of these previously grandfathered companies.
registrable superannuation entities (RSEs) (superannuation trustees) – for the first time, they are required to lodge their audited financial reports with ASIC. The financial reports must be lodged within three months of their 2023-24 financial year and the audited financial reports must comply with the relevant accounting standards. From 1 July 2023, RSE auditors must comply with the auditor obligations under Chapter 2M of the Corporations Act. ASIC will include RSE financial reports in its financial reporting and audit surveillance program.

To complement our financial reporting and audit surveillance program, we will also undertake a review of the compliance by auditors with ethical and independence standards.

Separately, ASIC encourages entities with material climate-related risks to report voluntarily in line with the recommendations of the Taskforce on Climate-related Financial Disclosures (TCFD) and avoid misleading statements. We also encourage entities to prepare for the proposed introduction of mandatory climate reporting. The first tier of companies is proposed to report under the new legislation for financial years commencing from 1 January 2025.

Improving financial reporting and audit quality

One of the key aspects of the redesign of our surveillance program will be to look beyond the ongoing issues identified in our audit file reviews to consider the root causes of these issues… for example, looking at governance, risk, culture and compliance practices that may raise independence and ethics issues. To address this, we have brought in the team that looked closely at these very problems within Australia’s banks following the Financial Services Royal Commission, who will be working closely with our audit surveillance team.

In light of this, we recently conducted a scoping exercise to determine what this review will focus on. This exercise looked at how a number of audit firms have implemented quality requirements under the ASQM1 framework, given their first ASQM1 evaluation was due for reporting by 15 December 2023.

Despite being a very limited review, it highlighted a number of areas for concern which span across risk, governance and compliance practices at audit firms. I will briefly share some of our observations with you now:

First, we observed significant variability as to how firms chose to implement the ASQM1 framework. Some firms have adopted a “minimum compliance” approach by limiting the application of quality management to a single business division. We expected firms to see the framework as an opportunity to uplift quality controls across a number of business divisions – not just within audit and assurance. We encourage firms to embrace the spirit of the ASQM1 objectives by applying quality management requirements firm-wide instead of seeing the framework as merely a tick-box exercise in compliance.
Second, we saw in some cases a lack of sophistication and suitability of tools used to manage quality. For example, some firms relied on Excel spreadsheets or reverted to existing tools deployed for audits in order to record and monitor quality findings. Better practice would be to establish dedicated quality management tools that align with ASQM1 requirements, and establish one ‘source of truth’ to ensure proper records are kept and reported.
Third, we observed that some firms have limited domestic guidance around how to measure and classify the severity of findings and deficiencies, and a lack of objectivity in assessments. While “professional judgement” has a part to play, the absence of clear guidance risks producing inconsistent and subjective conclusions.
Further, we saw examples of firms taking a hurried approach to remediation of findings and deficiencies in order to achieve a favourable conclusion before the reporting deadline. We urge firms to take the time necessary to roll out considered and comprehensive action plans that adequately address the root cause and fully rectify the issues at hand. End-to-end action plans are critical to the ongoing success of ASQM1 as they may prevent potential further deficiencies from arising.
Finally, from a governance and oversight perspective, ASIC urges firms to be transparent in reporting to executive management and the relevant committees around deficiencies and their associated action plans. This includes communicating the original rating of a deficiency in addition to the point-in-time rating to ensure broader design gaps are being identified and systems operate as effectively as possible. In addition, there should be ample opportunity for debate and challenge when it comes to making final determinations.

ASIC is currently considering how these observations will shape our forthcoming surveillance program for FY25. In the meantime, we encourage firms to prioritise having robust systems of quality management in place given the integral roles these play in ensuring foundational trust in financial markets. While ASIC acknowledges that embedding quality management systems is an iterative process that involves continual uplift of existing systems and procedures, we consider that firms have a lot of work to do before they are considered to have achieved operational effectiveness.

Sustainable finance

ASIC’s involvement in sustainable finance

As our Chair Joe Longo recently said, while the shift to sustainable finance may constitute a once-in-a-generation transformation, the fundamental underlying principles of accuracy and transparency are not new.

Sustainability-related claims and information, like any other, must be founded on reasonable grounds, be accurate and be able to be substantiated. It is essential that entities avoid misrepresenting their sustainability or green credentials.

To date, we have issued 17 greenwashing-related infringement notices totalling $230,000 and obtained 40 corrective disclosure outcomes. We won our first greenwashing civil penalty action against Vanguard Investments (regarding the misapplication of ESG investment screens) and have two other civil penalty proceedings underway in the Federal Court.

ASIC previously received funding in the 2023-2024 MYEFO to support enforcement of climate disclosure standards and the Government recently confirmed that ASIC will receive funding in the 2024-2025 Budget for greenwashing enforcement.

We will continue to monitor the market for misleading claims by entities. It is critical that we combat greenwashing to support trust in sustainable finance-related products and services.

Climate-related disclosure

ASIC supports the introduction of a mandatory, internationally aligned climate reporting regime.

If the Government’s proposed reforms are passed, ASIC will be responsible for administering the mandatory climate reporting regime.

We understand that there will obviously be a period of transition as industry works to build the capability required to meet these new obligations. ASIC acknowledges the capability uplift that will be required across the financial sector and is supportive of the Government’s phased approach to the implementation of the disclosure and assurance requirements.

ASIC will also develop and publish information resources on the new sustainability reporting obligations as well as a new regulatory guide outlining our approach to relief from those obligations, and interaction of the regime with existing legal and regulatory requirements.

Preparation for the proposed mandatory climate reporting requirements

Entities should start putting into place the systems, processes and governance practices that will be required to meet the new climate reporting requirements. We also encourage auditing and accounting firms to ensure that any systems and processes adopted are sufficiently agile to incorporate additional sustainability topics in future years (i.e. beyond climate-related financial disclosures).

Entities should not be waiting until the climate-related financial disclosure requirements are mandated and the Australian Accounting Standards Board finalises its Australian climate standards based on those issued by the ISSB.

ASIC considers that those entities reporting under the TCFD will be well placed to report under any future mandatory reporting regime. This is particularly the case since the ISSB’s standards are founded on the four pillars of the TCFD framework.

While companies may continue to use the voluntary TCFD framework, it may also be useful for them to begin engaging with the ISSB standards through the report preparation process to test and/or assess capabilities, data availability and requirements against the new standard. This will help inform the company of future requirements.

Conclusion

In closing, I’d like to drive home the importance of ASIC’s financial reporting and audit surveillance program and, of course, the critical role you play in strengthening our financial ecosystem.

For the Australian economy to continue to flourish, it needs a strong, steady foundation from which to build public trust and confidence in the integrity of our financial system.

For this reason, ASIC is firmly committed to leveraging its surveillance and enforcement activities to ensure consumers and investors are equipped with the information they need to confidently participate in the financial system.