2021 the Horizon for Auditors

Over the next four years significant changes are being made to Australian Auditing Standards.

The key amendments to Auditing and Ethical Standards applicable to Australian auditors are:

2021	2022	2023
First year application of ASA540 (revised)	ISQM1 to be in place system by 15 December 2022	First year of implementing and quality under ISQM1
First year application of ASA 500 (revised)	Readiness for ASA 315 (revised)	First year of ISQM2
ASRE 2410 (revised)		First year of ASA 200 (revised)
APES 305 (revised)		First year of ASA 315 (revised)

A challenging horizon ahead for auditors

The audit profession has come under significant pressure in recent years, having to audit new and complex accounting standards against a background of increasing criticism from regulators globally and an increasingly litigious environment.

The IAASB have released a series of revised auditing standards (ASA 540, ASA 500 and ASA 315) to improve audit quality, emphasizing the need for auditors to apply professional skepticism. Concurrently, the IAASB has introduced a new standard in respect of quality management for audit firms (ISQM1).

The fundamental requirements of an audit, being to obtain sufficient appropriate audit evidence to opine whether the financial report is free of material misstatement, has not been changed or been enhanced. Nor has the requirement to understand the entity and the environment it operates in, so as to identify the risk of material misstatement through error or fraud. The revised auditing standards will however make it clearer for reviewers, regulators, and litigators to identify when the auditor has failed to properly identify risk and failed to obtain sufficient audit evidence.

Auditing and ethical standard changes applicable for 2021

The following new and revised pronouncements have application to annual financial reporters with a year-ending on or after 31 December 2020:

ASA 540 (revised) Auditing Accounting Estimates and Related Disclosures

The IAASB and AUASB have issued a revised version of ASA 540.

Accounting estimates are one of the key areas challenging auditors and have become even more problematic in recent years with the introduction of AASB 9, 15 and 16. Accounting estimates in respect of goodwill impairment, net realizable value of inventory, bad debt provisions and revenue recognition are major areas of ASIC surveillance and restatement. Errors in accounting estimates commonly form the subject of litigation against directors and auditors.

The amendments center on:

• Identifying risk of material misstatement arising from accounting estimates
• Distinguishes inherent risk from control risk in respect of accounting estimates
• Sets out that inherent risk is impacted by complexity, subjectivity and estimation risk
• Requires consideration as to how management have considered estimation risk
• Requires auditor to “stand back” and to consider and evaluate evidence that both supports and contradicts management’s estimate
• Emphasizes professional skepticism as a response to management bias
• Emphasizes work required around disclosure of accounting estimates
• Sets out that when testing how management has arrived at an accounting estimate an auditor needs to consider the method, assumptions, and data upon which the estimate is based.

Practical implications

Correctly applying ASA 540 (revised) requires a change in the auditor’s mindset, how they perform and document their risk analysis in respect of management estimates, what audit evidence they obtain and how they interpret that evidence.

If the auditor determines risk arising from management estimates can be reduced by the controls that are in place to manage that risk, then auditors will have to identify those controls and perform work to obtain sufficient appropriate audit evidence that those controls are adequate to address the risk.

The standard is explicit in its requirement for the auditor to consider whether management have appropriately considered estimation risk, and if not, to request that management adjust their estimate. This will in turn, expose the auditor to greater scrutiny if it is determined by the regulator or litigator that the estimates in the financial statements did not reflect estimation risk.

ASA 540 (revised) explicitly requires the auditor to stand back and consider all audit evidence in respect of an accounting estimate, including evidence that contradicts management’s estimate. This may prove problematic for some auditors, who may have in the past focused their attention on obtaining audit evidence that corroborated managements estimate.

ASA 500 (revised) Audit Evidence

ASA 500 was revised as a result ASA 540 (revised) and Introduces the definition of External Information Sources. An auditor is required to distinguish information from an External Information Source from that of a management expert and to evaluate whether External Information Sources is relevant and reliable for the purposes of audit evidence.

The revised standard explicitly requires consideration of whether the information was prepared for a wide range of users or for the client, and whether the client was in a position to influence the information provided from the external source.

Practical implications

Careful consideration will be required as to whether information from a third party to support a management estimate represents relevant and reliable audit evidence, and whether it can be concluded it is free from potential bias.

ASRE 2410 (revised) Review of a Financial Report Performed by the Independent Auditor of the Entity

The auditor’s review report has been reordered so that the conclusion comes first, followed by a basis for conclusion. The auditor is required to report a material uncertainty related to going concern under the heading “Material Uncertainty Related to Going Concern” instead of an “Emphasis of Matter”.

Practical implications

The review conclusion has changed! Auditors that issue a review opinion in the old format will be clearly signaling that they are not up to date with current auditing standards.

APES 305 (revised) Terms of Engagement

The. revised standard is effective for engagements commencing on or after 1 July 2021 with early adoption permitted. The revisions require specific considerations and communications where the auditor will outsource elements of the audit.

Practical implications

It is becoming increasingly common for audit firms to outsource elements of their audit, including set up of audit files, completion of disclosure checklists etc. These arrangements will have to be fully disclosed to the client. Such disclosure may raise questions from the client around data and cyber security arrangements with the outsource provider.

ISQM1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements

ISQM1 was issued by the IAASB in December 2020 and requires that auditors implement a quality management system by 15 December 2022.

The objective of ISQM1 is for the audit firm to have reasonable assurance that:

• The firm and its staff have fulfilled their responsibilities in accordance auditing and ethical standards and in accordance with other professional and legal requirements; and
• Reports issued by the firm are appropriate.

The audit firm is required to design and implement a risk assessment process to establish quality objectives, identify and assess quality risks and to design and implement responses to address identified risks.

ISQM1 sets out that an audit firm’s system of quality management must address the following eight components:

1. The firm’s risk assessment process;
2. Governance and leadership;
3. Relevant ethical requirements;
4. Acceptance and continuance of client relationships and specific engagements;
5. Engagement performance;
6. Resources;
7. Information and communication; and
8. The monitoring and remediation process.

Practical implications

Auditors need to start the design of their quality management system as early as possible, it is not something that should be left to the second half of 2022!

ISQM1 if implemented properly, will in many cases highlight deficiencies in an audit firm’s quality management, including failures to:

• Demonstrate how the firm is committed to quality in respect of its partners and staff;
• Demonstrate how the firm ensures its partners and staff possess the appropriate technical knowledge to perform an audit of the required quality;
• Demonstrate how partners and staff have access to appropriate accounting and auditing technical resources; and
• Demonstrate how the firm has effectively handled breaches in audit quality.

2022 Another challenging year on the horizon

2022 will involve an audit firm implementing ISQM1 by 15 December 2022 and preparing to implement ASA 315 (revised).

ISQM1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements

ISQM1 will need to be implemented by 15 December 2022.

Practical implications

Audit firms need to determine as soon as possible, their plan and timeline for implementing ISQM1.

This plan must include:

• The individual and team who are responsible for implementation;
• A realistic time frame for implementation, considering peak audit workloads, staff turnover, training requirements and the need to rectify deficiencies.

The firm’s quality management plan will form the basis for future inspections by regulators and professional bodies. Therefore, a robust and well considered plan is crucial.

2023 The year you test your quality management system

2023 will see the audit firm test its quality management system for compliance with ISQM1 and implement the revised ASA 220 Quality Control for an Audit of a Financial Report and Other Historical Financial Information and the new standard ISQM2 Engagement Quality Reviews.

ISQM1 Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements

2023 will be the first full year audit firms apply ISQM1, which require audit firms to:

• Continually monitor the appropriateness of the firm’s quality risk management for changing risks and conditions;
• Evaluate the performance of the audit firm’s leadership;
• Evaluate and conclude whether the system of quality management is achieving its objectives (to be performed annually); and
• Take further action if the conclusion on whether the system of quality management is achieving its objectives is unsatisfactory.

Practical implications

The ongoing compliance with ISQM1 should not be underestimated, audit firm’s are required to test their quality management system at least annually.

The audit firm will have clearly failed to comply with the requirements of ISQM1 if:

• An annual review of the effectiveness of the audit firm’s quality management system is not performed; and
• Appropriate actions are not taken for weaknesses identified in the annual review.

ISQM2 Engagement Quality Reviews

ISQM2 is effective for audit and review engagements of financial statements for periods beginning on or after 15 December 2022, applying to half year reviews for 30 June 2023 and full year audits 31 December 2023.

ISQM 2, Engagement Quality Reviews, addresses:

• The appointment and eligibility of the EQ reviewer; and
• The EQ reviewer’s responsibilities relating to the performance and documentation of an EQ review.

The changes introduced in ISQM 2 are intended to:

• Extend the scope of engagements subject to an engagement quality (EQ) review (in addition to audits of financial statements of listed entities);
• Strengthen the eligibility criteria for an individual to be appointed as an EQ reviewer; and
• Enhance the EQ reviewer’s responsibilities relating to the performance (including the nature, timing and extent of procedures) and documentation of the EQ review.

ISQM2 requires an EQ review for:

• Audits of financial statements of listed entities;
• Audits or other engagements for which an EQ review is required by law or regulation; and
• Audits or other engagements for which the firm determines that an EQ review is an appropriate response to address one or more quality risk(s).

The EQ reviewer must have:

• An understanding of professional standards, applicable legal and regulatory requirements and of the firm’s policies or procedures relevant to the engagement;
• Knowledge of the entity’s industry;
• An understanding of, and experience relevant to, engagements of a similar nature and complexity;
• An understanding of the responsibilities of the engagement quality reviewer in performing and documenting the engagement quality review;
• Sufficient time;
• Appropriate authority;
• Comply with relevant ethical requirements, including threats to objectivity and independence; and
• Comply with provisions of relevant laws and regulations.

Practical Implications

The introduction goes hand in hand with application of ISQM1 and ASA220 revised. Audit firms will need to carefully determine whether their EQ reviewers:

• Have the appropriate skills and experience for each engagement to which they are assigned;
• Have the appropriate authority; and
• Are given sufficient time.

An interesting inclusion is that ISQM2 permits the use of suitably qualified external EQ reviewers and the use of assistants.

ASA 220 (revised) Quality Management for an Audit of Financial Statements

ASA 220 (revised) is effective for audit and review engagements of financial statements for periods beginning on or after 15 December 2022, applying to half year reviews for 30 June 2023 and full year audits 31 December 2023.

The revisions to ASA 220 continue the drive for quality set out in ASA 540 (revised) and ASA 315 (revised), emphasizing the importance of professional skepticism, and requiring enhanced documentation of the auditor’s judgments. It also is fully in line with ISQM1 and ISQM2.

ASA 220 (revised) makes it clear that it is the engagement partner’s overall responsibility to manage and achieve quality on the engagement and this is achieved through the engagement partner having sufficient and appropriate involvement throughout the audit engagement.

ASA 220 (revised)) sets out that the Engagement partner is responsible for:

• managing and achieving quality at the engagement level; and
• determining the nature, timing and extent of direction, supervision, and review.

The engagement partner is required to be satisfied that their involvement has been sufficient and appropriate to provide the basis for taking overall responsibility.

Practical implications

The revisions to ASA 220, require the audit partner to be appropriately involved in all phases of the audit and for there to be evidence of this. For those audit partner that typically have a “hands off” approach or are simply too stretched, delegating significant work to their senior managers, this revised standard together with ISQM1 requires a change to their business model.

2023 The Year to apply ASA 315 (revised) Identifying and Assessing the Risks of Material Misstatement

ASA 315 (revised) is operative for financial reporting periods commencing on or after 15 December 2021, applicable to audits of 31 December 2022 and 30 June 2023 year ends.

The standard has been revised to respond to challenges and issues with the current ASA 315. The revised requirements focus on ‘what’ needs to be done, and the application material enhanced, modernized, and reorganized to describe ‘why’ and ‘how’ procedures are to be undertaken.

ASA 315 (revised) is very much aligned to the changes contained within ASA 540 (revised) and includes similar new concepts and definitions. ASA 315 (revised) sets out:

• There is a spectrum of inherent risk;
• Inherent risk factors that must be considered by auditors;
• The requirement to perform separate assessments of inherent risk and control risk;
• Consideration of ‘significant classes of transactions, account balances and disclosures’ and ‘relevant assertions’;
• Introduces a new definition of ‘significant risk’ being those risks close to the upper end of the spectrum of risk;
• Requires the auditor to ‘stand-back’ to evaluate the completeness of significant classes of transactions, account balances and disclosures at the end of the risk assessment process; and
• Where the auditor does not contemplate testing the operating effectiveness of controls, the risk of material misstatement is the same as the assessment of inherent risk.

Practical implications

Revisions to ASA 315 are in response to dissatisfaction by audit regulators as to how auditors identify and address risk. Whilst the basic objective of the audit has not changed, ASA 315 (revised) is very prescriptive as to how risk identification should take place, emphasizing the requirement to link risk to assertions and the need to apply an appropriate level of professional skepticism.

ASA 315 (revised) is very much in line with ASA 540 (revised) that came into force in 2021, so the key changes in respects of the risk of material arising from management’s accounting estimates should not come as a surprise to auditors in 2023.

Some good news for Auditors

For Auditors, although 2021 heralds a new era of complexity and a drive for quality, the good news is that the accounting changes in 2021 are minimal which we discuss in our article “2021 the horizon for Accountants”.