ASIC financial reporting and audit surveillances
This is Information Sheet 224 (INFO 224). It outlines ASIC’s approach to financial reporting and audit surveillances (collectively called ‘surveillances’).
The objective of our financial reporting and audit surveillance program is to promote confident and informed participation by investors and consumers in the financial system.
Our aim is to improve the quality of financial reporting to ensure financial reports have been prepared in accordance with the law. We also aim to promote the improvement and maintenance of audit quality.
We regulate all entities that are required to lodge financial reports with ASIC. This includes ASX-listed entities, unlisted entities and proprietary companies. We also regulate registered company auditors and authorised audit companies.
The scope of our financial reporting and audit surveillance program changed when ASIC implemented a new integrated and targeted approach, which took effect from November 2022. All ASIC audit file reviews are now described as ‘audit surveillances’. ASIC documents issued before the end of November 2022 that used the terms ‘audit firm inspection’ and ‘audit inspection’ should be read as using the term ‘audit surveillance’.
This surveillance approach recognises the importance of the financial reporting chain and emphasises the accountability for the quality of the financial report and audit execution of key stakeholders such as:
- financial report preparers
- directors (including audit committees) and
There is a strong link between problems in a financial report and problems with the quality of audit work undertaken on the financial report.
Problems found by ASIC with financial reports and their audits will be communicated directly to companies and auditors, enabling them to take action to improve financial reporting and audit quality.
When we have concerns that financial information could be materially misstated, or where disclosures have significant deficiencies, we will ask companies to make changes to their financial reports or enhance disclosure.
Similarly, we ask audit firms to remediate findings from our audit surveillances, including developing actions to address thematic findings across audit files.
ASIC will also consider appropriate enforcement action against companies, directors and auditors in more severe cases.
We use a risk-based approach to regularly review the annual and interim financial reports of listed companies and other public interest entities. Our reviews monitor compliance with the Corporations Act 2001 (Corporations Act) and Australian Accounting Standards. We also review financial reports identified through complaints and other intelligence.
ASIC periodically highlights focus areas for the financial reporting and audit surveillance program.
Our audit surveillances of audit files cover firms that audit the financial reports of listed entities and other public interest entities.
In our audit surveillances we review key areas of selected files to monitor compliance with the Corporations Act and Australian Auditing Standards. We may also assess key aspects of an audit firm’s quality control systems for financial report audits. This can be based on reviews of a firm’s system of quality management or evidence from audit files.
ASIC’s surveillance program:
- uses refined risk-based targeting to make better use of internal and externally available data, see Figure 1
- selects financial reports identified as higher risk for review irrespective of the audit firm
- focuses our audit surveillances on the key audit areas primarily relating to the most significant findings from the financial report reviews, and
- results in a public report that includes both thematic findings from financial report and audit surveillances and a summary of individual audit findings.
Text version of Figure 1: Financial reporting and audit surveillance approach
Financial reporting and audit targeting is driven by continuous intelligence. A financial report review can lead to a financial report surveillance, and both can result in financial reporting findings. All of these can all lead to an audit surveillance which in turn can initiate financial reporting reviews or surveillances.
Surveillance focus areas – Periodically we update the market about the specific areas of focus for our financial reporting and audit surveillances. Our focus areas are relevant to all stakeholders in the financial reporting chain and may include key financial areas, new or changed accounting standards, and market and economic impacts.
Risk-based targeting – We select company financial reports to review based on criteria reflecting our focus areas and current market, accounting and disclosure issues. Some companies may be included in the surveillance as a result of reports to ASIC and other intelligence.
We routinely select audit files for surveillance where a change has been made to financial information or the financial report or where we have concerns that a financial report may have a risk of material misstatement. We may also select an audit file for surveillance when conducting a joint review with an international regulator, see Figure 2.
Text version of Figure 2: Components of risk-based targeting
Our data-led targeting for both ASX-listed and large unlisted entities is informed by our focus areas and a range of market data; current market, accounting and disclosure issues; and ASIC intelligence.
We use market data, such as an entity’s market capitalisation and its reported financial information, and relevant ASX announcements to perform financial analysis and identify ratios and trends that highlight potential risks with a financial report. This analysis allows us to focus on higher risk entities that trigger multiple targeting criteria that are aligned with our areas of focus.
In addition to the analysis of market data, we also consider ASIC intelligence, such as reports of misconduct by external parties and reports received from auditors under their company law reporting obligations.
Financial reporting surveillances
Financial report reviews – We review financial reports to determine compliance with the recognition, measurement and disclosure requirements of the accounting standards and with relevant parts of the Corporations Act. We consider any areas of potential non-compliance and assess their materiality. Our review covers all other information accompanying the financial report.
Financial report surveillances – Where our financial reporting reviews indicate areas at risk of a potential material misstatement or inadequate disclosure, we may contact the company requesting information clarifying the disclosure and/or the accounting treatment used.
Each financial reporting surveillance is categorised as:
- Open – inquiries with entities under surveillance are ongoing. For some open surveillances, changes have been agreed or are expected to be made but future financial reports or financial information is not yet due for lodgement.
- Closed – no further action following consideration of the response and information provided by the company
- Findings – company amended its current or subsequent financial report or financial information following our inquiries and we issued a media release.
Our audit surveillances concentrate on the substance of the audit work and whether sufficient appropriate audit evidence was obtained to support the auditor’s conclusions.
Generally, we identify key audit areas for review, based on the financial reporting areas of concern. Our audit surveillances do not cover all areas of an audit engagement or all subsidiaries and divisions in a group. Our surveillances do not cover other information accompanying the financial report, although it is expected auditors read this information for consistency with the financial report.
All findings from surveillances of individual audit files are discussed with the auditor to ensure we have fully understood all relevant facts and have taken into account all relevant audit work.
Following our audit surveillance:
- we advise the audit firm in a written comment form about the areas where we consider the auditor did not obtain reasonable assurance that the financial report as a whole was free of material misstatement
- we ask the firm in their written response to identify and commit to remedial actions to address our findings, and
- if we are not satisfied with the audit firm’s response to our findings, we will challenge the adequacy of the proposed remedial actions for both individual audits and overall firm action plans.
Findings from our audit surveillances do not necessarily mean that the financial reports audited were in fact materially misstated. Rather we consider the auditor did not comply with the requirements of some of the auditing standards and therefore did not have a sufficient basis to support their opinion on the financial report.
Note: Audits are not intended to provide absolute assurance that there are no material misstatements in the overall financial report. That is, reasonable assurance implies a confidence level of less than 100% that a financial report is free of material misstatement.
Audit findings that in our view are not currently a risk of material misstatement may be reported to the auditor, and in some cases to company directors. These are issues that could lead to a future audit finding or where the firm or company needs to improve its current processes and practices to avoid a future risk of material misstatement.
Where we have questions or concerns about an audit firm’s quality controls or auditor independence, we raise these with the firm and include any such findings in the public financial reporting and audit surveillance report.
We directly communicate findings from our audit surveillances to company directors in accordance with Regulatory Guide 260 Communicating findings from audit files to directors, audit committees or senior managers (RG 260). We also may communicate any other matter we consider should be drawn to the attention of the directors of the audited entity.
Surveillance Program Public Report
We set out the findings from our financial reporting and audit surveillances in an annual public report and expect company directors (including audit committees) and auditors to constructively discuss our findings and take action to improve financial reporting and audit quality.
More detail on our surveillance processes can be found below.
Consideration of other related information
When performing our surveillances, we also consider other information such as ASX announcements, investor presentations, media reports and the operating and financial review, which forms part of the directors’ report.
Application of the accounting and auditing standards necessarily involves professional judgement and there are some instances where different individuals will reach different judgements.
The surveillance findings outlined in our public financial reporting and audit surveillance report do not include instances where we consider that individuals could reasonably reach different judgements.
Directors and preparers of financial reports should document how they have determined their accounting policies, with a particular focus on areas that have significant estimation uncertainty and judgement. This documentation should be provided to auditors to assist with the audit process. It can also be provided to ASIC if the company is contacted as part of a financial reporting surveillance. If there is no supporting documentation, our presumption is that the work has not been performed (in the absence of evidence to the contrary). Significant testing, analysis and challenging of estimates and accounting policy choices are generally not possible without some documentation.
Auditing standards require sufficient documentation so that another professional can understand the work performed and the basis for the conclusions reached.
Auditors have an obligation to document their audit work to support their opinions on financial reports.
This ensures that the audit report is supportable and that the market can be properly informed if any material misstatements are detected.
Our surveillances are subject to quality review by a second experienced ASIC reviewer. An ASIC Senior Manager also oversees each surveillance.
Where required, there is consultation with relevant specialists within ASIC.
ASIC review processes and the form of communication with an auditor may differ where ASIC is considering enforcement action.
Key audit areas
A key audit area is an area of an audit selected for review by ASIC on a risk basis that is generally related to a financial statement line and requires significant audit effort.
Key audit areas often correspond to a section of the audit file. They typically involve separate risks, business characteristics, systems and processes, and distinct audit procedures.
We consult an independent external panel on the method of classifying and reporting aggregate findings from our audit surveillances, with the panel considering our overall methodology and approach.
As part of its review process, the panel discusses and tests ASIC’s conclusions on a sample of our audit findings. For each of these findings, we provided the panel with an anonymised comment form which includes the firm’s detailed response to our findings.
The panel also reviews and provides feedback on the public financial reporting and audit report including the analysis, presentation and conclusions on our surveillance findings.
The panel has three members who have extensive qualifications and experience in business, accounting and audit, and are considered independent of the audit firms and professional accounting bodies.
Consistency with international findings – audit surveillances
Our audit surveillance findings are consistent with those reported in the annual ‘Survey of Audit Inspection Findings’ of audit regulators who are members of the International Forum of Independent Audit Regulators (IFIAR).
- discussed our methodology for classifying findings with other regulators and the approach to particular types of findings, and
- conducted joint surveillances with international regulators.
Our financial reporting and audit surveillances may lead to enforcement action against companies, directors and auditors. In addition to our risk-based targeting, surveillances can arise from indications of more significant concerns based on complaints and other intelligence, including corporate collapses where there are questions over the adequacy of information on the financial condition and results provided in the financial report and questions over the audit.
Enforcement outcomes that may result from our financial reporting and audit surveillances include:
- action against directors and executives of companies where there have been breaches of directors’ duties, or
- auditors being referred to the Companies Auditors Disciplinary Board (CADB) and removed from practice for varying periods, having their registration cancelled, or entering into enforceable undertakings
- civil and/or criminal action for failing to comply with the audit requirements of the Corporations Act.
Our enforcement actions relating to misconduct underway or finalised are included in ASIC’s Enforcement update reports which are available on our website.
- INFO 183 Directors and financial reporting
- INFO 196 Audit quality – The role of directors and audit committees
- INFO 203 Impairment of non-financial assets: Materials for directors
- INFO 222 Improving and maintaining audit quality
- INFO 223 Audit quality – The role of others
Please note that this information sheet is a summary giving you basic information about a particular topic. It does not cover the whole of the relevant law regarding that topic, and it is not a substitute for professional advice. You should also note that because this information sheet avoids legal language wherever possible, it might include some generalisations about the application of the law. Some provisions of the law referred to have exceptions or important qualifications. In most cases your particular circumstances may be taken into account when determining how the law applies to you.
This information sheet was updated in November 2023.