ASIC finds auditor independence breaches increasing
Auditor independence and conflict of interest obligations have been highlighted as an area of concern in a new report from ASIC.
Report 817 Building trust: Auditor compliance with independence and conflict of interest obligations (REP 817) follows Australian Securities and Investments Commission (ASIC) action against several auditors and audit firms identified as likely to be in breach of their obligations.
It found that multiple auditors from audit firms of all sizes were unable to effectively demonstrate compliance with independence and conflict of interest obligations.
REP 817 is the second report from ASIC’s expanded program of work to improve financial report and audit quality. It follows Report 816 Accounting for your super: ASIC’s review into the financial reporting and audit of super funds.
It highlights that ASIC is particularly concerned to ensure auditors are vigorously testing information on investments, including asset valuations, especially when those assets are impaired or valuations are under pressure.
ASIC commissioner Kate O’Rourke said the failure of these auditors to report breaches to ASIC, including of the longstanding prescriptive independence obligations, is concerning.
“Auditor independence is fundamental to audit quality and integrity. A strong focus on independence not only builds trust, it also fosters more rigorous challenge in the audit process, thereby enhancing the preparation of high-quality financial information,” she said.
In REP 817, ASIC identified likely breaches of the prescriptive independence requirements for almost one-third of the 48 auditors that were the subject of its review.
Nine auditors were unable to demonstrate how they met the rotation requirements in relation to the audits of 14 listed clients. Additionally, five auditors held relationships in relation to six clients that are explicitly prohibited under the Corporations Act because they are considered inherently non-independent.
These auditors were from small- to medium-sized audit firms or practising as individual auditors.
The regulator stated that drivers for these breaches included gaps in the systems, lack of policies and procedures to track and support compliance with obligations, carelessness in compliance practices and a lack of quality control, and a lack of engagement with or understanding of their obligations.
“The high number of likely breaches of the prescriptive independence requirements is particularly disappointing. These requirements are unambiguous and longstanding and have also been the subject of previous ASIC compliance work and enforcement action,” it said.
Furthermore, the report identified gaps in how many auditors approached and documented compliance with their general independence requirements, including how they considered potential threats to independence.
It stated that many auditors adopted a narrow, “tick-box” approach to compliance by focusing on prescriptive requirements and guidance. It also found that some auditors demonstrated limited consideration of independence in appearance, and some did not consider changing facts and circumstances before and during an audit.
“Some auditors relied on inadequate or inappropriate safeguards, and many auditors could not show how they considered certain threats to independence in their documentation,” the report said.
“The design of policies, procedures and systems that auditors rely on contributed to these gaps. We saw these gaps with auditors from audit firms of any size and those practising as individual auditors.”
Examples of potential threats highlighted included some auditors not sufficiently considering, or failing to document, revenue received from providing non-audit services.
This was as much as five times that from audit services, with non-audit fees exceeding audit fees over multiple years.
It also found long associations between auditors and clients up to 36 years and multiple factors suggesting current and past relationships between auditors and officeholders of clients, as well as a combination of potential threats to independence arising from non-audit service, long association and relationships.
ASIC said that after making audit firms aware of these breaches, many stated they were making changes.
For example, some smaller firms informed ASIC that, as a result of its inquiries, they were revising independence policies and procedures and introducing quality checks and other oversight mechanisms, while larger audit firms said they were setting higher expectations around documentation and refining processes such as consultation with independence experts to introduce greater consistency.
“These changes are welcome, but they are not enough. We urge all auditors and audit firms – whether they were included in this review or not – to act on the findings in this report and strengthen and deepen their approach to independence in line with our calls to action,” the report said.