Building confidence in external audit

The recommendations of the Parliamentary Joint Committee (PJC) on Corporations and Financial Services inquiry into the regulation of auditing in Australia capture the key elements of CPA Australia’s submission and oral evidence.

The recommendations, if implemented by the Australian Government, have the capacity to elevate confidence in external audit and reinforce its relevance.

However, there are two important caveats: changes will come at a cost, and they must start at the entity, not the audit.

The PJC sought to address, head on, issues that have at times dogged the audit profession and led to bad press.

A positive shift could result if the government, as suggested in the PJC’s final report, implements the recommendations with pragmatic thresholds and workable timeframes, staged to not shock the post-COVID-19 economy.

Far-reaching reforms

Most of the PJC’s recommended reforms will result in greater transparency and improved perceptions of audit quality, rather than necessarily a fundamental change in how audits are conducted.

However, the PJC also made two significant proposals, which, although costly to implement, have the capacity to bridge the expectation gap by tackling stakeholders’ greatest concerns: fraud and unexpected corporate collapse.

The first proposal is the introduction of an internal controls reporting regime, under which an entity assesses and reports on the effectiveness of its internal controls framework for financial reporting, which is then assured by an external auditor.

The second is a formal review of the sufficiency and effectiveness of reporting in relation to the prevention and detection of fraud and management’s assessment of going concern.

The PJC sought to address, head on, issues that have at times dogged the audit profession and led to bad press. A positive shift could result if the government, as suggested in the PJC’s final report, implements the recommendations with pragmatic thresholds and workable timeframes, staged to not shock the post-COVID-19 economy.

An internal controls reporting regime provides a robust basis for accurate and reliable financial reporting. It is also a key means of preventing fraud and error, and providing a good basis for management’s assessment of going concern.

Enhancements to management’s going concern assessment need to be explored, along with clearer audit requirements, which standard-setters are already working on.

Thought leadership and innovation are needed to find more direct and effective ways of preventing and detecting fraud. Responsibility lies firstly with entities in managing fraud risks, which could be addressed by implementing and reporting on entities’ risk management frameworks.

Compliance with an appropriate framework could be assured to provide confidence in its effectiveness. In addition, technology will increasingly play a key role in fraud prevention and detection, which can be leveraged by both entities and auditors. This work will need to be underpinned by an in-depth knowledge and understanding of fraud risks and red flags.

What is the role of regulators and standard-setters?

The changes that the regulators and standard-setters are tasked with should be relatively low cost as they involve greater transparency regarding work that is already being undertaken or clarification of non-assurance service prohibitions.

The largest six network firms in Australia pre-emptively published their individual Australian Securities and Investments Commission (ASIC) inspection reports in 2019.

ASIC also published the largest four firms’ reports, which the PJC has recommended be legislatively required. However, caution is needed in interpreting those findings, since ASIC targets the highest-risk areas, and so the outcomes cannot be extrapolated to all audits as a statistical measure of audit quality.

The PJC has called for a review of ASIC’s audit inspection program, including reporting of the severity of findings. To date, ASIC has been reluctant to rate its findings, as the impact of the shortcomings it identifies is difficult to assess unless fraud or errors are subsequently identified.

Nevertheless, from 2019, ASIC has published a report on audit quality measures, which provides material financial report restatements following issues raised by an ASIC inspection. For the year ended 30 June 2020, restatements ran at 3 per cent of audits inspected.

Arguably, this added transparency potentially points to the severity of audit failings, although there is no perfectly accurate measure.

The PJC also called for clearer identification of prohibited non-assurance services (NAS). Likewise, it asked for clearer disclosure of fees for audit, related assurance and NAS in financial reports, to align with the Code of Ethics for Professional Accountants.

A welcome move is mandatory lodgement of digital financial reports to enable data analysis and comparability between entities. As ASIC has accepted digital reports in XBRL format for 10 years, and more recently iXBRL, without any uptake, an impetus is clearly needed for entities to lodge in this way.

Other PJC-recommended low-cost reforms targeted at boosting confidence in auditors’ independence include extending the auditor’s declaration to confirm that no prohibited non-audit services have been provided, barring audit partners from being incentivised for selling NAS to an audited entity, as well as disclosure of auditor tenure in financial reports.

Audit tendering

In its submission to the PJC, CPA Australia noted that, while audit firm rotation may improve stakeholders’ perception of auditor independence, research has shown that longer tenure is associated with quality, while early years of a tenure are associated with lower audit quality.

In Australia, which has a relatively small capital market comprising companies geographically widely spread, mandatory firm rotation could result in some companies facing difficulties in finding a suitable auditor with the appropriate specialisations in required locations.

These concerns were heeded by the PJC in recommending “if not why not” audit tendering every 10 years rather than mandatory rotation.

This creates a transparent process rather than a “set and forget” appointment.

What next?

The PJC has provided a balanced and reasonable starting point for government reform, while highlighting the threshold and timing issues, which will need to be carefully navigated to avoid unintended consequences.

The PJC noted that “the thrust of the committee’s interim report was directed at the auditing of large complex entities” and recognised the challenges of post-COVID-19 economic recovery.