ASIC audit surveillances

This is Information Sheet 224 (INFO 224). It outlines ASIC’s approach to audit surveillances.

It includes:

Surveillance objective and scope

We discontinued using the terms ‘audit firm inspection’ and ‘audit inspection’ at the end of November 2022. All ASIC audit file reviews are now described as ‘audit surveillances’. ASIC documents issued before the end of November 2022 that used the terms ‘audit firm inspection’ and ‘audit inspection’ should be read as using the term ‘audit surveillance’.

The objective of our audit surveillances is to promote the improvement and maintenance of audit quality.

Our surveillances focus on audits of financial reports of public interest entities prepared under the Corporations Act 2001 (Corporations Act).

The quality of financial reports is key to confident and informed markets and investors. The objective of the independent audit is to provide confidence in the quality of financial reports.

Audit surveillances are one of the activities we undertake to promote financial reports that provide useful and meaningful information so users of those reports can make informed decisions about the allocation of scarce resources. The quality of the financial report is supported by the quality of the independent audit.

We ask firms to remediate findings from our audit surveillances, including developing actions to address thematic findings across audit files. We will also consider appropriate enforcement action in more severe cases.

Our surveillances

Our audit surveillances generally cover the largest six national firms, and other firms that audit the financial reports of listed entities and other public interest entities. For this purpose, firms include authorised audit companies.

In our surveillances we review key audit areas in the audit working papers for selected audit engagements. We may also assess key aspects of audit firm quality control systems over audits of financial reports. This is based on direct reviews of the design and operation of those systems or evidence from audit files.

Following our review of an audit file:

  • we advise the audit firm about the areas where we consider the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement
  • we ask the firm to identify and commit to remedial actions to address our findings, and
  • where we are not satisfied with the audit firm’s response to our findings, we will challenge the adequacy of the proposed remedial actions for both individual audits and overall firm action plans.

We will directly communicate negative findings from our reviews of audit files and certain other matters to the directors of the audited entity: see Regulatory Guide 260 Communicating findings from audit files to directors, audit committees or senior managers (RG 260).

Where we have queries or concerns about an audit firm’s quality controls or auditor independence, we raise these with the firm. We may also issue reports or letters to some or all of the larger firms inspected summarising our findings for each 12-month period to 30 June.

We spread audit surveillances for the larger firms throughout each year rather than reviewing a large number of files at an individual firm at one time. This provides those firms with the opportunity to address our findings on a timely basis.

We set out the findings from our audit surveillances in a public report which may include the proportion of key audit areas reviewed where we considered the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement. We do this to facilitate understanding of the extent of our findings and the importance of audit firms addressing the underlying root causes of those findings.

Our surveillance process and how we measure and report findings

Table 1 outlines how we measure file review findings and report the findings in our public audit surveillance reports. The table also covers key aspects of our surveillance process.

Table 1: Our surveillance findings and process

Area

Our approach

Quality of financial reports

Our findings do not necessarily mean that there is a material misstatement in the overall financial report. Rather, in our view, the auditor did not have a sufficient basis to form an opinion on the financial report.

Surveillance findings

Our findings are based on the objective of an audit, as set out in the auditing standards – which is to obtain reasonable assurance that the financial report as a whole is free of material misstatement.

The key audit areas that we review in our surveillances are generally broadly consistent from period to period, as are the key audit areas where findings are reported.

Subjectivity

The findings from our audit surveillances concern an auditor’s compliance with the principles-based auditing standards.

Audits necessarily involve the application of professional judgement, and there are some instances where different individuals will reach different judgements on whether the audit work performed was sufficient. The negative findings outlined in our public audit surveillance reports do not include instances where we consider that individuals could reasonably reach different judgements.

There are cases where auditors disagree with our findings from reviews of individual audit files. In most of these cases, the auditor asserts that the necessary work was performed but not documented, rather than disagreeing with our findings about work that should have been performed or the judgements that should have been reached.

We are open to the possibility that we do not have all the facts, that there may be differing views on the requirements of auditing standards, or differing judgements. We have extensive due process with the firms and within ASIC to address any such concerns and ensure that findings do not include matters where, for example, reasonable professionals could differ in their views.

Ultimately, the value from surveillances is for ASIC to express an informed and independent view on findings from reviews of audit files.

Disagreement by auditors with our findings can be influenced by matters such as possible impacts on remuneration and reputation, and potential liability. These factors lead to similar levels of disagreement by auditors with findings in their firm’s own quality reviews of audit files.

We may have discussions with the largest six firms – collectively and individually – about audit methodology questions and interpretations of both accounting and auditing standards. Where the standards are unclear, we refer these matters to the relevant international standard setter. We also inform the Auditing and Assurance Standards Board of areas where domestic guidance may be appropriate.

Documentation versus audit evidence

If audit work is not documented, our presumption is that the work has not been performed (in the absence of evidence to the contrary). This is the same approach applied by other audit regulators and by most firms in their internal quality review programs.

We apply professional scepticism to assertions that work has been performed but not documented by the auditor. Significant testing, analysis and challenging of estimates and accounting policy choices are generally not possible without some documentation.

Auditing standards require sufficient documentation so that another professional can understand the work performed and the basis for the conclusions reached.

Remediation

Where we identify that a firm did not, in our view, obtain reasonable assurance that the overall financial report was free of material misstatement, we expect the firm to perform additional audit work for the financial period that was the subject of the audit. We also ask firms to identify remedial actions from root cause analysis for thematic findings across audit files.

Auditors have an obligation to complete their audits to support their opinions on financial reports and to undertake the audit work that has not been performed.

This ensures that the audit report is supportable and that the market can be properly informed if any material misstatements are detected.

In a number of cases where we identify inadequate audit work, the relevant firm may perform additional audit work and not identify material misstatements in the financial report concerned.

Level of assurance

An audit is not intended to provide absolute assurance that there are no material misstatements in the overall financial report. That is, reasonable assurance implies a confidence level of less than 100% that a financial report is free of material misstatement. Our findings relate to instances where we consider that the auditor has not obtained reasonable assurance that the financial report as a whole is free of material misstatements.

Risk-based approach

Our reviews of audit files do not cover all areas of an audit engagement or all subsidiaries and divisions in a group. Generally, one to three key audit areas are identified for review and, for groups, only one major operating component is covered.

We select audit engagements and key audit areas for review in our audit surveillances using a risk-based approach. This means that we generally select some of the more complex, demanding and challenging audits, and some more significant or higher risk areas of the financial reports.

Some have suggested that this approach could result in the findings reported being greater than would be the case with random reviews. On the other hand, more experienced partners and staff are usually allocated to such audits, and there are generally more extensive firm reviews and consultation processes for these audits and the key audit areas.

Focus of surveillances

Our surveillances focus on key audit evidence and judgements.

Our file reviews concentrate on the substance of work and whether sufficient appropriate audit evidence was obtained to support the auditor’s conclusions.

Adjustments

There will be instances where auditors detect material misstatements during the audit process and ensure these are corrected before a financial report is completed and released.

A key aspect of the auditor’s role in conducting an adequate audit is to ensure that material misstatements are detected and addressed.

Due to the nature of the audit process, it can be difficult to distinguish between adjustments resulting from a company’s own processes and those resulting from the audit process.

Key audit areas

A key audit area is an area of an audit selected for review by ASIC on a risk basis. It is generally a section of the audit work (or closely related sections of the audit work) that would require significant audit effort and that is distinct from other audit areas.

Key audit areas often correspond to a section of the audit file. They typically involve separate risks, business characteristics, systems and processes, and distinct audit procedures.

Although we do not review every working paper on an audit file, evidence or explanations of the audit approach on other parts of the audit file are taken into account in reaching our findings. This is covered through our reviews of audit planning documents and discussion of findings with engagement partners and firms.

What is measured?

Negative findings are cases where in our view the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement.


Negative findings do not include findings on audit planning, understanding the business, risk assessment, reliance on internal controls, non-substantive analytical procedures, supervision and review, auditor independence, firm quality control systems, training of partners and staff, related party transactions, journal entry testing, reviews of legal expenses and legal representation letters, and subsequent event reviews. In our view, findings in these areas could have resulted in material misstatements in financial reports not being detected by the auditor. However, these can be important areas for improvement by firms.

Where we consider that a risk of misstatement would not be material to the overall financial report, or where the risk that it is material to the overall financial report is remote, the finding is not classified as a negative finding.

Number of procedures and findings

There may be a number of audit procedures in a key audit area. Negative findings are reported where there was only one instance of the auditor not performing an audit procedure in any given key audit area, if that meant the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement.

Where there are multiple separate negative findings in a key audit area, that is reported as one key audit area with negative findings.

Other national and network firms

The level of reported negative findings for firms outside the largest six firms may change between public reports – we inspect different firms in each period.

We may review audit files at each of the largest six firms in each 12-month period to 30 June.

Enforcement action

We may consider whether to take enforcement action in connection with a negative audit surveillance finding. 

ASIC process to settle findings

Our audit surveillances focus on key audit evidence and judgements.

Our file reviews concentrate on the substance of audit work conducted and whether sufficient appropriate audit evidence was obtained to support the auditor’s conclusions.

All findings from surveillances of individual audit firms are discussed with the firm to ensure we have fully understood all relevant facts and have taken into account all relevant audit work.

Our audit surveillances are subject to quality review by a second experienced reviewer who also attends key meetings with the relevant firm to discuss any findings.

An ASIC Senior Manager also oversees each surveillance. Where the Senior Manager overseeing a surveillance is not also the quality reviewer, that Senior Manager provides a further level of review of the findings. There is consultation with relevant experts within ASIC.

Findings are discussed with the audit partner and generally with the firm’s audit quality team.

Our draft comment forms on individual file reviews and drafts of our 12-monthly reports to surveilled audit firms enable those firms to challenge our preliminary findings and to undertake remedial action addressing those findings. In some cases, firms may escalate concerns with findings for review by ASIC’s Chief Accountant.

ASIC review processes and the form of communication with an auditor may differ where ASIC is considering enforcement action.

External panel

We consult with an external panel on the method of measuring and reporting aggregate findings from our surveillances.

The panel also discusses the conclusions reached on a small number of our more challenging surveillance findings where significant judgement is required. The identities of the audit firms and audited entities are not provided to the panel. It is not the panel’s role to review audit working papers or engage with the auditor. The panel is provided with the auditor’s written response to our findings. ASIC makes the decisions on individual findings, and audit firms are not made aware of which matters were discussed by the panel.

Consistency with foreign audit regulators

The findings reported from our audit surveillances are consistent with those reported by foreign audit regulators. We have:

  • discussed our methodology for classifying findings with other regulators and the approach to particular types of findings
  • conducted joint surveillances with international regulators.

Comparison with international findings

The areas and nature of our findings are similar to those reported in the annual surveys of audit inspection findings of audit regulators who are members of the International Forum of Independent Audit Regulators (IFIAR).

Our public surveillance reports present findings on a different basis to that used by IFIAR because:

  • our findings are measured by reference to key audit areas reviewed whereas IFIAR measures findings by reference to audit engagements as a whole. The overall level of key audit areas with findings related to the number of key audit areas reviewed will be lower than the overall level of engagements with findings relative to the number of engagements reviewed, and
  • our findings exclude certain matters that are not excluded from the IFIAR findings, such as inappropriate reliance on internal controls, inadequate work on related party disclosures and inadequate journal entry testing.

Our separate surveillances of audits

In addition to regular risk-based audit surveillances, we review audits based on specific concerns that may lead to enforcement action against auditors. These surveillances often arise from indications of more significant concerns with an audit based on complaints and other intelligence, including corporate collapses where there are questions over the adequacy of information on the financial condition and results provided in the financial report and questions over the audit.

While auditors are not responsible for the failure of companies, the audit is important for ensuring quality financial reporting so that markets, investors and other users are properly informed.

Our surveillance reviews have led to enforcement outcomes, with auditors removed from practice for varying periods or having their registration cancelled through enforceable undertakings and decisions of the Companies Auditors Disciplinary Board (CADB). These cases reinforce the need to improve audit quality and the consistency of audit execution, particularly in relation to the adequacy of audit evidence, the exercise of professional scepticism, and the use of experts and other auditors.

Results from our surveillance activities are published in individual media releases and our reports on enforcement activity.

Lessons that may be relevant for auditors from our audit surveillances that have resulted in enforcement outcomes include the matters summarised in Table 5 of Report 397 Audit inspection program report for 2012–13 (REP 397).

Where can I get more information?

  • INFO 183 Directors and financial reporting
  • INFO 196 Audit quality: The role of directors and audit committees
  • INFO 203 Impairment of non-financial assets: Materials for directors
  • INFO 222 Improving and maintaining audit quality
  • INFO 223 Audit quality: The role of others

Important notice

Please note that this information sheet is a summary giving you basic information about a particular topic. It does not cover the whole of the relevant law regarding that topic, and it is not a substitute for professional advice. You should also note that because this information sheet avoids legal language wherever possible, it might include some generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances may be taken into account when determining how the law applies to you.

Information sheets provide concise guidance on a specific process or compliance issue or an overview of detailed guidance.

This information sheet was issued on 11 January 2023.

What's new

More releases on financial reporting and audit

Last updated: 09/03/2023 02:57