Audit inspection and surveillance programs
ASIC has responsibility for the surveillance, investigation and enforcement of the financial reporting and auditing requirements of the Corporations Act.
Audit firm inspections and auditor surveillances are key compliance tools aimed at educating and influencing behaviour of registered company auditors and audit firms.
ASIC's audit inspection program reviews compliance with audit quality and auditor independence requirements. Registered company auditors and firms are required to comply with the Corporations Act and follow all auditing standards and other requirements that are relevant to each engagement.
All auditors, not only those auditing listed entities, need appropriate systems and processes in place to enable them to conduct independent and high quality audits. ASIC commenced an audit inspection program in 2004-05.
ASIC’s audit inspection program commenced after the passing of the Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (CLERP 9).
The objective of audit inspection program is to promote high quality external audits of financial reports under Chapter 2M of the Corporations Act and raise the standard of conduct in the auditing profession. This helps to ensure that users can have a greater confidence in financial reports. A strong audit profession helps maintain and promote confidence and integrity in Australia's capital markets.
The purpose of the inspection program is not to benchmark the firms. ASIC's inspection focuses on audit quality and promoting compliance with the requirements of the Corporations Act, Auditing Standards and Professional and Ethical Standards.
Audit firms to be inspected are selected based on a number of criteria, with an emphasis on firms auditing publicly listed or public interest entities. The inspection program captures all firms including smaller firms (see below for more about smaller firms).
International cooperation of audit regulators
With auditing moving beyond national borders, there is a need for effective global auditor oversight. ASIC has sought to minimise the regulatory burden on Australian audit firms by seeking arrangements with other international audit oversight bodies with the intention of conducting work either jointly with them or on their behalf.
The Public Company Accounting Oversight Board (PCAOB) of the United States of America has a responsibility to monitor compliance of Australian auditors with the Sarbanes-Oxley Act 2002. In 2007, ASIC entered into an arrangement with the PCAOB to conduct joint audit inspections and has been doing so since this time. Download a copy of the agreement
The European Commission has in January 2011 recognised the equivalence of the audit oversight system in Australia. European Union audit regulators can now enter into cooperative arrangements with ASIC, in order to rely on ASIC's audit firm inspections carried out on Australian audit firms that audit Australian companies listed in Europe or Australian subsidiaries of European companies. Read our advisory
ASIC and the Canadian Public Accountability Board (CPAB) have entered into a protocol to cooperate in the oversight of auditors. Given the global nature of capital markets, CPAB and ASIC recognize the need for mutual cooperation in carrying out their respective auditor oversight responsibilities. The Protocol contains procedures for the conduct of inspections, the exchange of auditor workpapers and inspection reports and other forms of cooperation as required. The Protocol envisages that audit inspections may be carried out jointly, thereby reducing the impact on the firms concerned. Download a copy of the protocol
- ASIC and the Commission de Surveillance du Secteur Financier of Luxembourg (the CSSF) have entered into a memorandum of understanding and a data protection framework in order to cooperate in the oversight of auditors. Given the global nature of capital markets, the CSSF and ASIC recognise the need for mutual cooperation in carrying out their respective auditor oversight responsibilities. The Memorandum of Understanding contains procedures for the exchange of information, including audit working papers and information relating to inspections and allows for other forms of cooperation as required. Download a copy of the MOU
ASIC continues to work towards arrangements with other audit oversight bodies to maximise cross-border recognition opportunities and establish regulatory cooperation arrangements.
The audit inspection process is designed to gain an understanding of key elements of quality control set out in:
ASA 220 Quality Control for Audits of Historical Financial Information (from 1 July 2006)
APES 320 Quality Control for Firms (from 1 July 2006 including revisions to the standard since)
ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information and Other Assurance Engagements (from 1 January 2010); and
ASA 220 Quality Control for an Audit of a Financial Report and Other Historical Financial Information (from 1 January 2010).
ASIC's review of audit files focuses on the substance of work and on whether sufficient appropriate audit evidence is on the engagement file to support the conclusions reached in relation to the auditor's key decisions and significant judgements. ASIC brings to the attention of the auditor and the audit firm's leadership instances of non-compliance and considers if further regulatory action is necessary for instances of non-compliance.
Our inspections are structured to cause minimal disruption to a firm, while ensuring that we discharge our responsibilities. The key steps involved in an audit inspection of larger firms are shown below:
The inspection planning process is important as it lays the foundation for executing the inspection in an efficient and effective manner. ASIC focuses on gaining an understanding of the structure and governance arrangements of the audit firm and information about its key clients. The planning process consists of meeting with the firm to discuss the inspection process and issuing notices requesting information from the firm that relates to audit quality and auditor independence.
ASIC reviews the notice material produced by the audit firm before commencing its onsite inspection. ASIC selects a number of the firm's audit clients based on risk, and reviews the audit work papers while onsite. During the onsite phase, ASIC conducts interviews with audit firm personnel holding key leadership positions and staff, in order to clarify and confirm the audit quality and auditor independence policies and practices in place at the firm.
ASIC prepares a private and confidential report for the firm inspected describing the inspection process, observations and findings and suggested remedial actions. The firm's responses to our observations and findings are included in the final report.
ASIC also periodically publishes the results of the inspections for the audit firms in an omnibus public report. This report does not identify the firm or their clients. This report aims to better inform interested stakeholders of the key observations and findings from our inspection program.
You can view and download a copy of the audit inspection public reporting and accompanying media releases issued to date.
The FRC is responsible for providing broad oversight of the process for setting accounting and auditing standards as well as monitoring the effectiveness of auditor independence requirements in Australia. Under a memorandum of understanding that ASIC has with the FRC, ASIC is required to provide a confidential report annually to the FRC on Auditor Independence matters. ASIC utilises its observations and findings through its audit inspection and surveillance programs and other specific projects to report to the FRC on these matters.
Audit inspections of smaller firms
For smaller firms our inspection approach is limited to conducting a review of aspects of one audit file for compliance with the firm's audit methodology and applicable auditing standards. We also hold discussions with the leaders and engagement partner about the engagement file reviewed and certain policies and procedures relating to auditor independence and audit quality employed by the firm.
Smaller firm reviews are mainly conducted at our offices, with on-site activities limited to discussions with firm personnel at the commencement and the completion of the inspection.
Auditor surveillances generally arise through complaints from the public to ASIC or through media reports and intelligence from other areas of ASIC, for example the financial reporting surveillance program, where queries are raised about the performance of an auditor or the nature of the audit report.
If ASIC has queries or potential concerns, the auditor is contacted to clarify and respond to the matters of potential concern. Depending on the response received ASIC may review the audit work papers and records to assess compliance with the Corporations Act, Australian Auditing Standards, and professional and ethical standards.
If after this review ASIC finds the auditor's conduct to be deficient, it has the power to pursue regulatory outcomes ranging from imposing licence conditions on the auditor, agreeing on an enforceable undertaking or referral to the Companies Auditors Disciplinary Board.