ASIC audit inspections
This information sheet (INFO 224) outlines ASIC’s approach to inspecting audit firms. It covers:
- the objective and scope of our inspections
- how we inspect firms of different sizes
- how we measure and report findings
- how our findings compare with international findings
- our separate surveillances of audits
The objective of our audit firm inspections is to promote the improvement and maintenance of audit quality. We inspect audit firms as well as authorised audit companies, and work cooperatively with these firms to achieve our objective.
Our inspections focus on audits of financial reports of public interest entities prepared under the Corporations Act 2001 (Corporations Act).
Largest four national and other national and network firms
Our inspections include:
- The largest four national firms: Large firms that audit listed entities with the largest aggregate market capitalisation, and are national partnerships and members of a global network with multiple offices
- Other national and network firms: Firms with national partnerships or individual offices that audit many listed entities and are members of a national or international network.
In our inspections of these firms, we review selected key audit areas in the audit working papers for selected audit engagements.
For some of these firms we also assess whether their quality control systems:
- comply with Auditing Standard ASQC 1 Quality control for firms that perform audits and reviews of financial reports and other financial information, other assurance engagements and related services engagements
- are designed to ensure that audits are performed in accordance with auditing standards
- ensure auditors comply with the auditor independence requirements.
During our inspections, we highlight to each firm the areas where we consider that they did not obtain reasonable assurance that the financial report as a whole was free of material misstatement, and suggest remedial actions they should take. We may also raise comments in areas such as quality control and auditor independence, and matters that could affect future audits. We also issue private reports or letters to the firms outlining our findings.
We spread audit file reviews for the larger firms over time. This provides firms with the opportunity to address our findings on a timely basis.
To reflect the size and client profile of smaller firms (that is, firms that audit a limited number of listed entities and have a small number of audit partners), our inspection approach is limited to:
- reviewing the audit files related to a listed entity for compliance with the auditing standards
- holding discussions with leaders, engagement partners and other senior members of the engagement team about the audit file reviewed and certain policies and procedures relating to auditor independence and audit quality in the context of that file.
Table 1 outlines matters relevant to understanding how our findings are measured and reported.
Table 1: Matters relevant to understanding our findings
|Quality of financial reports||Our findings do not necessarily mean that there is a material misstatement in the overall financial report. Rather, in our view, the auditor did not have a sufficient basis to form an opinion on the financial report.|
|Inspection findings||Our findings are based on the objective of an audit, as set out in the auditing standards, which is to obtain reasonable assurance that the financial report as a whole is free of material misstatement.
The key audit areas that we review in our inspections remain broadly consistent, as are the key audit areas in which we report findings.
All findings from inspections of individual firms are discussed with the firm to ensure that we have fully understood all of the relevant facts and have taken into account all relevant audit work.
Our private reports to the firms inspected enable the firms to challenge our findings and to undertake remedial action.
|Subjectivity||All matters from our file reviews that are reported in our public reports are supported by findings that we reported to audit firms inspected after we reviewed selected audit files.
Our findings relate to compliance with the principles-based auditing standards. Audits necessarily involve the application of professional judgement, and there are some instances where different individuals will reach different judgements on whether the audit work performed is sufficient. The percentage measure in our public audit inspection reports does not include instances where we consider that individuals could reasonably reach different judgements. Each of our inspection findings is subject to quality review within ASIC, and discussion with the engagement partners and firms.
There are cases where auditors disagree with our findings from reviews of individual audit files. In most of these cases, the auditor asserts that the necessary work was performed but not documented, rather than disagrees with our findings about work that should have been performed or the judgements that should have been reached.
We are open to the possibility that we do not have all of the facts, that there may be differing views on the requirements of auditing standards, or differing judgements. We have extensive due process with the firms and within ASIC to address any such concerns and ensure that findings do not include matters where, for example, reasonable professionals could differ in their views.
Ultimately, the value from inspections is for ASIC to express an informed and independent view on findings from reviews of audit files.
The extent of agreement by individual engagement partners with our findings can be influenced by matters such as possible impacts on remuneration and reputation, and potential liability. These factors lead to similar levels of disagreement by engagement partners with findings by firms from their own quality reviews of audit files.
We have discussions with the largest six firms – collectively and individually – about audit methodology questions and interpretations of auditing standards. We also discuss with them the interpretation of accounting standards. Where the accounting or auditing standards are unclear, we refer these matters to the relevant international standard setter.
|Documentation versus audit evidence||If audit work is not documented, our presumption is that the work has not been performed (in the absence of evidence to the contrary). This is the same approach applied by other audit regulators and by most firms in their internal quality review programs.
We apply professional scepticism to assertions that work has been performed without any documentation. Significant testing, analysis and challenging of estimates and accounting policy choices are generally not possible without some documentation.
In addition, auditing standards require sufficient documentation so that another professional can understand the work performed and the basis for the conclusions reached.
|Remediation||Where we identify that a firm did not, in our view, obtain reasonable assurance that the overall financial report was free of material misstatement, we generally suggest that the firm should perform additional audit work for the financial period that was the subject of the audit.
Auditors have an obligation to complete their audits to support their opinions on financial reports and to undertake the audit work that has not been performed.
This ensures that the audit report is supportable and that the market can be properly informed if any material misstatements are detected.
In a number of cases, where we identify inadequate audit work, the relevant firm may perform additional audit work and then not identify material misstatements in the financial report concerned.
|Level of assurance||An audit is not intended to provide absolute assurance that there are no material misstatements in the overall financial report. That is, reasonable assurance implies a confidence level of less than 100% that a financial report is free of material misstatement. Our findings relate to instances where we consider that the auditor has not obtained reasonable assurance that the financial report as a whole is free of material misstatements.|
|Impact of risk-based approach||Our reviews of audit files do not cover all areas of an audit engagement or all subsidiaries and divisions in a group. Typically, four to six key audit areas are covered and, for groups, only one major operating component is covered.
We select audit engagements and key audit areas for review in our audit inspections using a risk-based approach. This means that we generally select some of the more complex, demanding and challenging audits, and some more significant or higher risk areas of the financial reports. However, we also include a spread of audited entities and areas outside this group.
Some have suggested that this approach could result in the percentages reported being greater than would be the case with random reviews. On the other hand, more experienced partners and staff are usually allocated to such audits, and there are generally more extensive firm reviews and consultation processes for these audits and the key audit areas. Our experience is that there can be more findings relating to smaller audit engagements for these reasons.
Our audit inspection program generally does not include cases where we have already addressed material misstatements through our financial reporting surveillance program. However, these matters may be followed up through our separate audit surveillances, the results of which are not counted in the findings in this report.
|Focus of inspections||Our inspections focus on key audit evidence and judgements.
Our file reviews concentrate on the substance of work and whether sufficient appropriate audit evidence was obtained to support the auditor’s conclusions.
|Adjustments||There will be instances where auditors detect material misstatements during the audit process and ensure these are corrected before a financial report is completed and released.
A key aspect of the auditor's role in conducting an adequate audit is to ensure that material misstatements are detected and addressed.
Due to the nature of the audit process, it can be difficult to distinguish between adjustments resulting from a company’s own processes from those resulting from the audit process.
|Key audit areas||A key audit area generally relates to a financial statement line item that we specifically select for review on an audit engagement file before commencing our review. The areas relate to:
Although we do not review every working paper on an audit file, evidence or explanations of the audit approach on other parts of the audit file are taken into account in reaching our findings. This is covered through our reviews of audit planning documents and discussion of findings with engagement partners and firms.
There is also written correspondence between ASIC and the firm on our findings, which ensures that all aspects of an audit that may be relevant to our findings are taken into account. Our comments and private reports include the firm’s responses to each individual file review finding.
|What is measured||The overall percentages of findings in our public reports relate to cases where the auditors did not obtain reasonable assurance that the financial report as a whole was free of material misstatement. This is based on our view that the auditors did not obtain sufficient appropriate audit evidence, exercise sufficient judgement or otherwise comply with auditing standards in key audit areas.
The percentages do not include other findings relating to audit quality and compliance with auditing standards, such as the adequacy of planning, obtaining an understanding of business, risk assessment, reviews and reliance on internal controls, non-substantive analytical procedures, documentation, supervision and review, auditor independence, firm quality control systems, and training of partners and staff.
The percentages also exclude findings concerning insufficient work for related party transactions, reviews for unusual journal entries, reviews of legal expenses and legal representation letters, and subsequent event reviews. In our view, findings in these areas could have resulted in material misstatements in financial reports not being detected by the auditor. Although excluded from the percentages, these remain important areas for improvement by firms.
The results of our findings in some of the areas that are excluded from the percentages are summarised separately in our public reports.
Where we consider that a risk of misstatement would not be material to the overall financial report, or where the risk that it is material to the overall financial report is remote, the finding is excluded from our percentage measure. However, it is possible that such matters could aggregate with matters relating to areas of an audit that we did not review to create a risk of material misstatement to the financial report as a whole.
|Number of procedures and findings||There may be a number of audit procedures in a key audit area. Findings are included in the percentages reported where there was only one instance of the auditor not performing an audit procedure in any given key audit area, if that meant the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement.
Where multiple separate findings in a key audit area each individually meant that separate material misstatements would not be detected, the percentages reported only include one of those occurrences. There are cases where we find more than one deficiency in a key audit area, each of which could have resulted in material misstatements not being detected.
|Other national and network firms||Although the percentage of reported findings for 'Other national and network firms' may change between public reports, we inspect different firms in each period.
The same largest four national firms are inspected in each period.
|Surveillances and investigations||ASIC is both an audit regulator and a securities regulator. In addition to audit inspections, we conduct a range of other activities that relate to the work of audit firms. These other activities include our financial reporting surveillance program, surveillances where there is a concern about a specific audit or an individual auditor, and investigations into the quality of financial reports and audits where there have been corporate failures.
Where there are known material misstatements in financial reports, the audits are not reviewed in our audit inspection program but may be the subject of our separate auditor surveillance activities. The findings and overall percentages of findings in our public reports do not include findings from any of these other activities. The outcomes of these activities are reported in separate media releases and our regular enforcement reports.
The inspection findings detailed in our public reports do not include the results of our audit surveillance activities because:
However, these other activities can inform our general areas of inspection focus and the timing of future audit firm inspections.
|Enforcement action||The objective of our inspections is to work cooperatively with audit firms to improve and maintain audit quality. We expect audit firms to make changes and to undertake work in response to our findings. However, there are some cases where findings are so serious as to warrant enforcement or similar action.|
Our findings are similar to those reported by the International Forum of Independent Audit Regulators (IFIAR).
The overall percentage of findings in our public inspection reports will differ from the findings percentage reported by IFIAR because:
- our findings are measured by reference to key audit areas reviewed whereas IFIAR measures findings by reference to audit engagements as a whole. As a result, the ASIC findings percentage will be lower that than would be the case on the IFIAR basis of measurement, and
- our findings percentage excludes certain matters that are not excluded from the IFIAR findings percentage, such as inappropriate reliance on internal controls, inadequate work on related party disclosures, and inadequate journal entry testing.
In addition to regular audit firm inspections, we review audits based on specific concerns that may lead to action against auditors. These surveillances focus on concerns with specific audits arising from complaints and other intelligence, including corporate collapses where there are questions over the adequacy of information on the financial condition and results provided in the financial report and questions over the audit.
While auditors are not responsible for the failure of companies, the audit is important for ensuring quality financial reporting so that markets, investors and other users are properly informed.
Our surveillance reviews have led to enforcement outcomes, with auditors removed from practice for varying periods or having their registration cancelled through enforceable undertakings and decisions of the Companies Auditors Disciplinary Board (CADB). These cases reinforce the need to improve audit quality and the consistency of audit execution, particularly in relation to the adequacy of audit evidence, the exercise of professional scepticism, and the use of experts and other auditors.
Results from our surveillance activities are published in individual media releases and our six-monthly public enforcement reports.
Lessons that may be relevant for auditors from our audit surveillances that have resulted in enforcement outcomes include the matters summarised in Table 4 of Report 397 Audit inspection program report for 2012–13 (REP 397).
Where can I get more information?
- INFO 183 Directors and financial reporting
- INFO 196 Audit quality: The role of directors and audit committees
- INFO 203 Impairment of non-financial assets: Materials for directors
- INFO 222 Improving and maintaining audit quality
- INFO 223 Audit quality: The role of others
- Financial reporting quiz for directors
Please note that this information sheet is a summary giving you basic information about a particular topic. It does not cover the whole of the relevant law regarding that topic, and it is not a substitute for professional advice. You should also note that because this information sheet avoids legal language wherever possible, it might include some generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances may be taken into account when determining how the law applies to you.
This is Information Sheet 224 (INFO 224), issued on 29 June 2017. Information sheets provide concise guidance on a specific process or compliance issue or an overview of detailed guidance.