Balancing compliance with technology

SMSF auditing is becoming more about reducing audit time without increasing audit risk in an environment that demands keener professional scrutiny, scepticism and regulatory compliance.

This dilemma threatens the professional application of audit and the early warning reliance placed on it by the ATO.    

The SMSF regime is evolving as never before

SMSF accountants and administrators are rushing to embrace cloud-based computer systems that use electronic data feeds to provide more efficient ways to meet their own clients’ expectations of real time access to their funds’ information. They too are facing the same pressures to reduce, or at least contain, the prices they charge for fund administration.

An offshoot of many of these emerging accounting systems is the provision of pre-populated audit programs that purportedly enable auditors to complete their audits at the “press of a button” in real time. Obviously, sceptical auditors will question the ability to meet Australian Auditing Standards if these audit programs simply use the same source documentation as the financial accounts they generate. And what about risk analysis, auditing standards and compliance checks? Do we rely on a computer to give us this assurance as well as comply with the standards?

SMSF auditors are obviously seeking ways in which we can increase the productivity of our audits, but we cannot forget the professional standards we have pledged to adhere to.

Let’s revisit some of the main applicable Australian Auditing Standards:

• ASA 102 – Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements

SMSF auditors are required to be totally independent in respect of their audits, among other ethical requirements such as the applicable requirements of APES 110 – Code of Ethics for Professional Accountants.

• ASA 220 – Quality Control for an Audit of a Financial Report and Other Historical Financial Information

This standard addresses the need for QC at the engagement level that provides reasonable assurance that the audit complies with the audit standards, and the audit team is fully competent and has the expected technical capabilities, also bringing in the requirements of ASQ1.

• ASA 200 – Overall Objectives of the Independent Auditor and the Conduct of an Audit

This standard brings in the proper planning of the audit, professional scepticism and judgement as well as obtaining sufficient evidence to reduce audit risk to enable the auditor to draw reasonable conclusions to support the audit opinion.

• ASA 230 – Audit Documentation

Regulations require that the auditor can support the audit with appropriate evidential documentation in a properly constructed audit workpaper file that must be securely retained for at least seven years. 

• ASA 240 – The Auditor’s Responsibility to Consider Fraud in an Audit of a Financial Report

ASA 240 requires that auditors must assess the risks of material misstatement of the financial report due to fraud, evidence the assessed risks – including professional scepticism, discussions – about fraud with the audit team, and implement trustee processes to prevent fraud and procedures to test for fraud.

• ASA 250 - Consideration of Laws and Regulations in an Audit of a Financial Report

The auditor must obtain appropriate audit evidence regarding compliance with laws and regulations applicable to the SMSF being audited as well as test for instances of non-compliance with other laws and regulations.

• ASA 300 – Planning an Audit of a Financial Report

ASA 300 requires that the auditor must adequately plan and scope the audit including undertaking an appropriate risk identification and assessment, determining materiality levels, considering controls and systems as well as independence, obtaining client acceptance via an engagement letter, allocating staffing and resources to conduct and review the audit, and determining how the audit opinion will be arrived at, and fully document this audit plan.

• ASA 315 – Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

ASA 315 is one of the main standards that requires full assessment and documentation of the risks of material misstatement and the audit testing that has been implemented to detect risk, and is pivotal to the audit and is concurrent with

• ASA 320 – Materiality in Planning and Performing an Audit

ASA 320 really talks about how much work the auditor must do in order to arrive at a sustainable opinion. To what extent can we rely on a computer program to enable this?

I welcome and embrace the increasingly efficient electronically data-fed programs just as fund administrators must, but we are required to maintain our professional scepticism about the information they contain and arrive at our opinion after having performed our testing in accordance with our standards and our own audit programs.

 Our programs need to be written with the standards as the hero and must contain post-testing conclusions in accordance with the expectations of the standards. We must be able to tailor our pro-forma audit programs to cater for different SMSFs. One program will seldom fit all funds.

As part of our risk analysis, we must assess the quality and integrity of the fund’s administrator or accountant, and the systems and controls they use in administrating the fund and producing its financial statements and members’ records.

As many SMSFs invest in wrap accounts and IDPSs, we must consider how much we can rely on the information contained in their reports. At the very least, we should obtain GS 007 reports from the independent auditors of these products, and assess and document the extent to which we can rely on these reports. 

All of this must take place before we even start our audit of the financial statements and test compliance with SIS and the regulations.

The ATO and ASIC expect us to perform our audits in accordance with our professional obligations which includes adherence with all applicable standards. They won’t tolerate us cutting corners and putting ourselves or our clients at risk.

If in doubt, at the very least, compulsory reading should include GS 009 Auditing Self-Managed Superannuation Funds issued by the Audit and Assurance Standards Board. 

Chris Malkin, senior consultant, Baumgartner Super