Audit in Australia is governed by a regulatory framework comprised of legislation, standards, regulatory and professional bodies, and disciplinary boards (Figure 2.1). Chapter 2M of the Corporations Act 2001 (Corporations Act) sets out the comprehensive legislative requirements for financial reporting and auditing, including that all public companies and large proprietary companies provide audited annual financial reports to the Australian Securities and Investments Commission (ASIC).
The Corporations Act explicitly mandates that financial reports and audits comply with the accounting and auditing standards, and delegates the creation and maintenance of these standards to the Australian Accounting Standards Board (AASB) and Australian Auditing and Assurance Standards Board (AUASB) respectively.
Chapter 9 of the Corporations Act establishes a scheme for the regulation of registered company auditors (RCAs), requiring that prospective auditors meet extensive conditions relating to education, experience, competency and integrity in order to be registered, and to maintain registration, with ASIC. Only RCAs (hereafter referred to simply as 'auditors') can perform audits under the Corporations Act. Persons or entities eligible to be appointed as the auditor of a company are an individual, an audit firm, or an authorised audit company.
The Corporations Act also sets out general and specific requirements relating to auditor independence to address conflicts of interest in relation to an audited body. These requirements are outlined in detail later in this chapter.
Figure 2.1: Overview of Australia's financial reporting framework
Source: The Treasury, Submission 15, p. 6.
The statutory bodies responsible for developing standards and monitoring and enforcing the financial reporting requirements of the Corporations Act are created under the Australian Securities and Investments Commission Act 2001 (ASIC Act). As illustrated in Figure 2.1, these bodies include ASIC, the Financial Reporting Council (FRC), AASB, AUASB, and the Companies Auditors Disciplinary Board (CADB). The regulatory roles and responsibilities of each of these statutory bodies are outlined below. The role of the
non-statutory body, the Accounting Professional and Ethical Standards Board (APESB), and audit committees are also summarised.
As the conduct regulator for Australia's corporate and capital markets, ASIC is responsible for assessing compliance with the financial reporting and audit requirements of the Corporations Act, and for taking enforcement action where appropriate. ASIC also has responsibility for the registration of company auditors, cancelling registration at the request of an auditor, and consenting to an auditor's resignation as the auditor of an individual public company.
Where an individual auditor is found to have contravened the Corporations Act, ASIC considers whether to refer the auditor's conduct to CADB, use an enforceable undertaking, or undertake civil or criminal litigation where circumstances warrant.
Financial Reporting Council
The FRC is the statutory advisory body responsible for overseeing the effectiveness of Australia's financial reporting framework. The FRC's role includes the oversight and setting of the broad strategic direction of the AASB and AUASB. However, the FRC is not able to direct that accounting and auditing standards be set in a particular way. Under its remit, the FRC also provides strategic advice to ASIC and the government on matters regarding the quality of audit in Australia and related effects on the wider financial reporting framework.
It is important to note that the FRC in Australia and the Financial Reporting Council in the United Kingdom (UK), while of the same name, are very different bodies with distinct roles. Ms Kate O'Rourke, Principal Adviser, Consumer and Corporate Policy Division at the Treasury, outlined the key differences:
in the UK, the FRC is responsible for regulation, standard setting and enforcement.
in Australia, the standard setting and advisory bodies (including the FRC) exist separately from the legislative framework, and separate from ASIC which is responsible for regulatory oversight and enforcement.
AASB and AUASB
The AASB and AUASB are independent standard-setting bodies. Primarily, their respective responsibilities are to develop, issue and maintain Australian Accounting Standards and Australian Auditing Standards (ASAs) under sections 334 and 336 the Corporations Act. Accounting and auditing standards made under the Corporations Act are legislative instruments under the Legislative Instruments Act 2003. That is, they are legally enforceable.
The statutory functions of the AASB and AUASB under the ASIC Act also allow for the formulation of standards for other purposes. For example, the AUASB's standards on assurance engagements establish requirements for undertaking and reporting on assurance engagements of non-financial information.
ASAs and other pronouncements issued by the AUASB are sector and framework neutral, and therefore applicable to private for-profit,
not-for-profit, and public entities. ASAs are also principles-based, encouraging auditors to exercise professional judgement and scepticism in conducting the audit function as well as allowing for modification as necessary.
In line with the strategic direction from the FRC, ASAs are consistent with the standards developed by the international standards setting boards of the International Federation of Accountants. Specifically, ASAs are based on the standards issued by the International Auditing and Assurance Standards Board (IAASB). The international standards on auditing set by the IAASB are well-recognised and generally accepted worldwide.
Companies Auditors Disciplinary Board
CADB's primary function is to act as an independent, administrative disciplinary body for auditors registered by ASIC under the Corporations Act. On application from ASIC or the Australian Prudential Regulation Authority (APRA), and if satisfied that an auditor does not comply with the matters set out in section 1292 of the Corporations Act, CADB may impose a sanction on an auditor, including to either cancel or suspend the auditor's registration under the RCA scheme.
Accounting Professional and Ethical Standards Board
Established in 2006, the APESB is a not-for-profit, independent body. The APESB's members comprise the three largest professional accounting bodies in Australia—CPA Australia, Chartered Accountants Australia and New Zealand and the Institute of Public Accountants—who also fund and appoint members to the Board. The primary purpose of the APESB is to develop, issue and maintain professional and ethical pronouncements for the Australian accounting and auditing professions.
The APESB's pronouncements include APES 110 Code of Ethics for Professional Accountants (including Independence Standards) (Code of Ethics). Auditing Standard ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements (ASA 102) requires auditors to comply with the ethical requirements in the APES 110 Code of Ethics. Accordingly, auditors are legally obliged to comply with the Code of Ethics for audits performed of entities subject to the Corporations Act.
While not required by the Corporations Act, the Australian Securities Exchange (ASX) Listing Rules mandate that entities in the S&P All Ordinaries Index (that is, the largest 500 entities by market capitalisation) have an audit committee. Those entities included in the S&P/ASX 300 Index must also comply with the ASX's best-practice recommendations in relation to the composition and operation of the audit committee.
Audit committees are established by a company's board of directors as
a sub-committee and its powers are delegated by the board. While not set out in legislation, an audit committee is responsible for overseeing an entity's financial reporting, as well as its internal control and risk management systems. With regard to external audit functions, an audit committee's oversight role usually includes running the tender process, setting the audit fee, ensuring that auditor independence requirements are met, and engaging with the auditor regarding financial reporting matters and risks.
Auditors must fulfil certain duties in performing the audit of a financial report under the Corporations Act. An auditor must report to shareholders whether they are of the opinion that a company's financial report is in compliance with accounting standards, and that it gives a true and fair view of the financial positon and performance of the company. If the auditor forms an opinion that a financial report does not comply with an accounting standard, the auditor's report must quantify the effect of this non-compliance on the financial report.
The auditor of an entity is required to sign the auditor's report in both their own name and the name of their firm. Specifically, subsection 324AB(3) of the Corporations Act stipulates:
A report or notice that purports to be made or given by a firm appointed as auditor of a company or registered scheme is not taken to be duly made or given unless it is signed by a member of the firm who is a registered company auditor both:
(b)in his or her own name.
Auditors are legally obliged to apply reasonable care and skill in performing the audit function. Broadly, to maintain their registered status, an auditor must comply with the relevant requirements set out in the Corporations Act (including the obligation to continuously maintain fitness and propriety at all times), ASAs, and APESB pronouncements.
Detecting fraud and misconduct
Under the auditing standards issued by the AUASB, a key objective of an auditor in conducting an audit of a financial report is to obtain reasonable assurance about whether the financial report as a whole is free from material misstatement, whether due to fraud or error. In forming this opinion, the auditor has responsibility to consider and assess the risk of material misstatement in the financial report due to fraud or non-compliance with laws and regulations.
Auditing Standard ASA 240 The Auditor's Responsibility Relating to Fraud in an Audit of a Financial Report (ASA 240) contains specific requirements of auditors in relation to identifying material misstatement due to fraud, including that an auditor respond appropriately to fraud or suspected fraud identified during the audit. ASA 240 requires auditors to maintain professional scepticism in considering the risk of material misstatement due to fraud; however, it recognises that it is not always possible to detect every instance of fraud, for example where collusion is involved. ASA 240 also states that 'the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management'.
Auditing Standard ASA 250 Consideration of Laws and Regulations in an Audit of a Financial Report (ASA 250) deals with an auditor's responsibility to consider
non-compliance with laws and regulations. ASA 250 explicitly states that, owing to the inherent limitations of an audit, 'the auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance with all laws and regulations'.
The Corporations Act makes no explicit reference to any responsibility of auditors with respect to fraud.
Reporting contraventions to ASIC
Auditors are required to report contraventions or suspected contraventions of the Corporations Act to ASIC, including where they identify fraud or misconduct. Specifically, section 311 of the Corporations Act mandates that an auditor must report to ASIC if, during the course of an audit, the auditor is aware of circumstances that:
the auditor has reasonable grounds to suspect amount to a significant contravention of the Corporations Act; or
amount to an attempt, in relation to the audit, by any person to unduly influence, coerce, manipulate or mislead a person involved in the conduct of the audit; or
amount to an attempt, by any person, to otherwise interfere with the proper conduct of the audit.
An entity's financial reports are prepared on the assumption that the entity is a going concern; that is, that the entity will continue its operation for the foreseeable future. Australian Accounting Standards require that, when preparing financial statements, management must make an assessment of the entity's ability to continue as a going concern. If management is aware of any material uncertainties related to events or conditions that may cast significant doubt on the entity's ability to continue as a going concern, then management must disclose those uncertainties.
Auditing Standard ASA 570 Going Concern (ASA 570) deals with an auditor's responsibilities in the audit of an entity's financial report relating to going concern and the associated implications for the auditor's report. ASA 570 requires that auditors evaluate and conclude, based on the audit evidence obtained, the appropriateness of management's assessment of the entity's ability to continue as a going concern.
Key Audit Matters
In December 2016, auditors' responsibilities were expanded under the ASAs with the introduction of the requirement that an auditor communicate key audit matters in the auditor's report. Auditing Standard ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report (ASA 701) addresses the auditor's judgement as to what to communicate in the auditor's report as well as the form and content of such information. ASA 701 explains:
The purpose of communicating key audit matters is to enhance the communicative value of the auditor's report by providing greater transparency about the audit that was performed. Communicating key audit matters provides additional information to intended users of the financial report ('intended users') to assist them in understanding those matters that, in the auditor's professional judgement, were of most significance in the audit of the financial report of the current period.
Auditor independence requirements
Auditor independence is fundamental to performing a high quality audit and, in turn, to enhancing users' confidence and trust in a company's financial report. Auditor independence comprises two elements, independence of mind and independence in appearance. As explained by the Australian National Audit Office, these dimensions of independence refer to:
…a state of mind where professional judgment is not compromised by bias, conflict of interest or undue influence. An auditor must be independent, and be seen to be independent, for their opinions, findings, conclusions, judgements and recommendations to be impartial and viewed as impartial by reasonable and informed third parties.
The independence of an auditor may be impaired by a number of factors and situations that result in a conflict of interest. These include the provision of non-audit services to an audited entity, long-standing associations between an auditor and audited entity, and the existence of certain relationships that are considered non-independent.
The last significant reforms to auditor independence requirements in Australia were introduced by the Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (commonly called CLERP 9). CLERP 9 implemented a number of obligations for auditors under the financial reporting provisions of the Corporations Act aimed at strengthening auditors' capacity to act independently and to exercise objective and impartial judgment when conducting an audit.
Independence provisions under the Corporations Act
The Corporations Act contains general auditor independence requirements for dealing with conflict of interest situations, as well as specific requirements relating to relationships between auditors and the entities they audit.
Under the general auditor independence requirements of the Corporations Act, an auditor contravenes the independence provisions if:
they engage in audit activity in relation to an audited body at a particular time; and
a 'conflict of interest situation' existed in relation to the audited body at that time; and
they are aware that the conflict of interest situation existed at that time; and
they did not, as soon as possible after becoming aware, take all reasonable steps to ensure that the conflict of interest situation ceased to exist.
A conflict of interest situation is defined under the Corporations Act as:
For the purposes of sections 324CA, 324CB and 324CC, a conflict of interest situation exists in relation to an audited body at a particular time if, because of circumstances that exist at that time:
the auditor, or a professional member of the audit team, is not capable of exercising objective and impartial judgment in relation to the conduct of the audit of the audited body; or
a reasonable person, with full knowledge of all relevant facts and circumstances, would conclude that the auditor, or a professional member of the audit team, is not capable of exercising objective and impartial judgment in relation to the conduct of the audit of the audited body.
In other words, the definition in the Corporations Act sets out three elements to a conflict of interest situation. Firstly, it focuses attention not only on the position of the auditor, but also on the position of each professional member of the audit team. The reason for doing so is that a conflict of interest situation affects the capacity to exercise objective and impartial judgement, and therefore applies to everyone in the audit team who exercises professional judgement or influences the outcome of the audit. Secondly, the central question is whether the person concerned is capable of exercising objective and impartial judgement in relation to the conduct of the audit. And thirdly, the objective and impartial judgement requirement is to be assessed by reference not only to the actual situation of the person concerned, but also from the perspective of a reasonable person.
The statutory provisions dealing with the general requirement for auditor independence create contraventions and criminal offences for an individual auditor, an audit company and its directors, and members of an audit firm.
In addition to the general independence requirements, the Corporations Act includes a non-exhaustive list of relationships (broadly categorised as employment relationships and financial relationships) that are treated as
non-independent and therefore explicitly prohibited.
There are also specific provisions related to the disclosure of an auditor's independence. An auditor must provide a written declaration of independence to the directors of the audited entity. The declaration, which is included in the Director's Report, states that to the best of the auditor's knowledge or belief, there have been no contraventions of the auditor independence requirements under the Corporations Act or applicable code of professional conduct.
To limit threats to auditor independence through familiarity with an audited entity, the Corporations Act also imposes strict auditor rotation requirements. Specifically, an auditor (or in the case of an audit firm or audit company, a person appointed as lead or review auditor) who has 'played a significant role' in the audit of a listed entity is prohibited from leading an audit or review of the company for more than five consecutive, or more than five out of seven successive, financial years. In other words, a 'cooling-off period' of at least two years is required.
In addition, the Corporations Act mandates a two-year waiting period before a former partner of an audit firm (or director of an audit company) can take up certain positions with the audited entity. Further, there is a mandatory
five-year waiting period before any more than one former audit partner (or director) may become an officer of the audited body.
Auditors that perform audits on ten or more significant entities, including listed entities and authorised deposit-taking institutions, are required under the Corporations Act to publish an annual Transparency Report. The Transparency Report discloses information relating to an auditor's independence practices, including an audit firm's system of quality control for audits and reviews of financial reports and other financial information and other assurance engagements, as required by the auditing standards (see below).
Australian Auditing Standards
Australian Auditing Standards of particular relevance to auditor independence include:
ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements (ASQC 1)—which contains specific requirements applicable to audit firms with regard to managing independence, including that audit firms must have policies and procedures designed to provide it with reasonable assurance that the firm and its staff maintain independence.
ASA 220 Quality Control for an Audit of a Financial Report and Other Historical Financial Information (ASA 220)—which requires the engagement partner to form a conclusion on compliance with independence requirements that apply to the audit engagement, as well as the specific steps the partner must take in reaching this conclusion.
APESB Code of Ethics
Supplementary to the provisions of the Corporations Act, extensive independence requirements for auditors are also contained in the APESB's APES 110 Code of Ethics and apply to all audits conducted in accordance with the ASAs (see paragraph 2.16). As noted earlier, the Code of Ethics is legally enforceable because ASA 102 essentially incorporates APES 110 to give it legal effect.
Similar to the auditing standards issued by the AUASB, the Code of Ethics is based on the International Code of Ethics for Professional Accountants (including International Independence Standards) issued by the International Ethics Standards Board for Accountants (IESBA). The APESB recently issued a restructured Code of Ethics, effective from 1 January 2020, to ensure the pronouncement meets global best practice.
Unlike the prescriptive requirements relating to auditor independence under the Corporations Act, the Code of Ethics framework is largely
principles-based, and requires auditors to apply professional judgement when assessing professional or ethical issues that may arise in performing the audit function. However, the Code of Ethics also contains specific provisions to address key threats to auditor independence, including where an auditor wants or is requested to provide non-audit services to an audit client, whether other assurance or non-assurance services.
For example, in relation to the provision of non-audit services to a Public Interest Entity, the Code of Ethics explicitly prohibits the provision of other assurance services that would involve the auditor assuming management responsibilities or that have a material impact on the financial statements of the audited entity. In particular, the following assurance services cannot be provided to an audited entity:
Performing accounting and bookkeeping services.
Serving as general counsel.
Promoting, dealing in, or underwriting client's shares.
Negotiating for the client.
Recruiting directors/officers or senior management who would have significant influence over financial statements.
The Code of Ethics largely reflects the Corporations Act requirements with regard to audit partner rotation requirements, including imposing a
'cooling-off period'. However, to ensure alignment with the international standards issued by the IESBA, the cooling-off period for engagement partners of listed or APRA-regulated entities has recently increased under the Code of Ethics to three years, and will increase to five years from 31 December 2023.
Additional independence requirements for auditors apply with respect to the provision of insolvency services. The Code of Ethics prohibits a firm from providing audit and insolvency services to the same client. Under the Code, a firm must refuse to perform, or must withdraw from, the audit engagement if a partner or employee of the firm were to serve as an officer (including management of an administration) of an audit client. This requirement is an Australian specific prohibition that has been in force since March 1998.
Further, the APESB has a standard on insolvency services, APES 330 Insolvency Services (APES 330). According to the APESB, the 'independence requirements in APES 330 will effectively prohibit most circumstances of firms providing insolvency services for an individual or entity that is a client of a bank in circumstances where that bank is also an audit client of the firm'.