This Guidance Statement applies to auditors and other independent assurance practitioners, referred to as the “auditor” in this Guidance Statement, when the engagement comprises:
- A single subject grant acquittal (SSGA) achieved through a single level of assurance (reasonable or limited); or
- A multi‑scope engagement (MSE), which may include a grant acquittal, when the terms of an engagement require the auditor to address one or more of the following matters:
- More than one subject matter.
- More than one level of assurance.
- An engagement comprising both assurance and agreed‑upon procedures (where no assurance is provided).
- More than one subject matter.
Preamble
Important Note
Guidance Statements are developed and issued by the AUASB to provide guidance to auditors and assurance practitioners on certain procedural, entity or industry specific matters related to the application of AUASB Standards.
Guidance Statements are designed to provide assistance to auditors and assurance practitioners to assist them in fulfilling the objective(s) of the audit, other assurance engagement or non-assurance engagement. Accordingly, Guidance Statements refer to, and are written in the context of specific AUASB Standards; and where relevant, legislation, regulation or other authoritative publication. Guidance Statements are not aimed at providing guidance covering all aspects of the audit or other assurance, or non-assurance engagement. Further, Guidance Statements do not establish or extend the requirements under existing AUASB Standards.
Guidance Statement GS 022 Grant Acquittals and Multi-Scope Engagements is not, and is not intended to be, a substitute for compliance with the relevant AUASB Standards and auditors and assurance practitioners are required to comply with the relevant AUASB Standards when conducting an audit, other assurance engagement or non-assurance engagement.
Authority Statement
The Auditing and Assurance Standards Board (AUASB) formulates Guidance Statement GS 022 Grant Acquittals and Multi-Scope Engagements pursuant to section 227B of the Australian Securities and Investments Commission Act 2001, for the purposes of providing guidance on auditing and assurance matters, and related services engagements.
This Guidance Statement provides guidance to assist the auditor and other independent assurance practitioner to fulfil the objectives of the audit, assurance engagement or non-assurance engagement. It includes explanatory material on specific matters for the purposes of understanding and complying with AUASB Standards. The auditor and other independent assurance practitioner exercises professional judgement when using this Guidance Statement.
This Guidance Statement does not prescribe or create new requirements.
Application
1
This Guidance Statement applies to auditors and other independent assurance practitioners[1], referred to as the “auditor” in this Guidance Statement, when the engagement comprises:
- A single subject[2] grant acquittal[3] (SSGA) achieved through a single level of assurance (reasonable or limited); or
- A multi‑scope engagement (MSE), which may include a grant acquittal, when the terms of an engagement require the auditor to address one or more of the following matters:
- More than one subject matter.
- More than one level of assurance.
- An engagement comprising both assurance and agreed‑upon procedures (where no assurance is provided).
- More than one subject matter.
2
Engagements described in paragraph 1(b) necessitate compliance with the requirements of different reporting frameworks and different AUASB Standards and may therefore involve:
- Evaluation against different criteria, including reporting frameworks;
- The auditor developing a tailored single-form multi-scope auditor’s report; and/or
- Reporting requirements prescribed by regulators or other relevant parties.
This Guidance Statement is not intended for use by internal auditors, whether employed or engaged by an entity.
Financial performance and financial position, or compliance with requirements, are each an example of a single subject matter.
See definition at paragraph 22(c).
Introduction
Objective
4
The purpose of this Guidance Statement is to assist auditors in exercising professional judgement in applying the AUASB Standards to a selection of practical application issues that may arise in either a SSGA or a MSE. (Ref: Table 1)
5
Table 1: Practical Application Issues Addressed in this Guidance Statement
Part |
Issues |
Paragraphs |
A |
Clarifying engagement mandates that are unclear and/or defined in out‑dated terms. |
32-41 |
B |
Addressing engagements where the required scope includes a subject matter(s) that is not able to be assured, or is difficult to assure. |
42-47 |
C |
Obtaining evidence when an entity delegates tasks to a third party. |
48-49 |
D |
Determining the auditor’s reporting responsibilities and identifying users of the auditor’s report |
50-64 |
E |
Addressing prescribed reporting, including where requirements may differ from AUASB Standards. |
65-70 |
F |
Addressing prescribed scopes and/or procedures. |
71-76 |
G |
Performing a SSGA or a MSE concurrently with the audit of a general purpose financial report (GPFR) or a special purpose financial report (SPFR). |
77-82 |
H |
Determining the extent of statutory work, if any, that can be used in the performance of a SSGA or a MSE, when the SSGA or MSE reporting periods differ from the statutory audit. |
83-87 |
I |
Planning, performing and reporting on a SSGA or a MSE when not the auditor of the entity’s annual financial report. |
88-90 |
J |
Setting materiality levels. |
91-104 |
K |
Auditing or reviewing overhead, labour cost and other expense allocations in a grant acquittal, including the sufficiency and appropriateness of audit/review evidence. |
105-109 |
L |
Determining the nature and extent of substantive procedures, including the use of sampling. |
110 |
M |
Concluding and reporting appropriately. |
111-126 |
6
Detailed guidance on these issues is provided at the paragraph references above and in the Appendices.
The Nature of Engagements – Grant Acquittals
8
The AUASB Framework for Assurance Engagements provides information on the nature of assurance and non-assurance engagements.[4]
9
A grant acquittal as described in paragraph 1(a), is where the auditor is required to report a single level of assurance on only one subject matter. Examples of documentation a grant recipient may provide include:
- A statement of grant income and expenditure.
- A statement of compliance with the terms of the grant agreement.
- A statement with respect to the design and operating effectiveness of internal controls relating to grant monies.
10
Ordinarily, the applicable AUASB Standard for a SSGA is easily identified. For example, the relevant AUASB Standards for the examples listed at paragraph 9 are:
- A statement of grant income and expenditure would be audited and reported on in accordance with ASA 805[5].
- A compliance statement would be audited and reported on in accordance with ASAE 3100[6].
- A statement on controls would be audited and reported on in accordance with the requirements of ASAE 3150[7].
The Nature of Engagements - Multi-scope
11
For purposes of this Guidance Statement, where any engagement, including a grant acquittal, comprises the elements described in paragraphs 1(b) and 2, it is a MSE. Each different element of a MSE, whether different subject matters or level of assurance is considered as a separate section of the engagement.
12
Examples of a MSE include:
- A grant acquittal where the grant agreement might call for independent assurance over historical financial information, such as a statement of grant income and expenditure, as well as assurance over compliance with the terms of the grant agreement.
- A special purpose audit where management requests the auditor to audit the cash statement of the company’s social club and the related internal controls, agree employee leave taken to employee records (an agreed-upon procedures engagements) and provide limited assurance as to whether leave balances are calculated in accordance with corporate policy.
- The requirements of the Australian Taxation Office in relation to self-managed superannuation funds – where reasonable assurance is given over historical financial information and over compliance with legislation over a period of time[8].
- An Annual Prudential Reporting Engagement undertaken pursuant to Australian Prudential Regulation Authority (APRA) Prudential Standard LPS 310 Audit and Related Matters - where the Regulator requires reasonable assurance over the annual return and limited assurance over the existence of, and compliance with, internal controls.[9]
- A financial licensee’s obligations to lodge an annual report with Australian Securities and Investments Commission (ASIC) – where the Regulator requires, inter alia, reasonable assurance over financial information and the operation of internal controls; limited assurance over statements made by the licensee; and a mixture of reasonable and limited assurance over compliance (over a period of time) with the requirements of the relevant Class Orders. In addition, the Regulator prescribes the form and content of the auditor’s report (Form FS71)[10].
13
Appendix 3 provides further information about these examples.
Specific Issues
14
The AUASB recognises that a SSGA and a MSE may give rise to specific issues, including:
- Determining which AUASB Standards and requirements are relevant, and how to apply them.
- Planning and performing the engagement effectively and efficiently to address multiple objectives.
- Reporting appropriately in compliance with:
- Relevant AUASB Standards; and
- Engagement mandates.
- Demands for the use of prescribed auditor’s reports that are not in accordance with the AUASB frameworks.
- Difficulties in conducting a MSE that comprises assurance, where professional judgement is exercised; and agreed-upon procedures, where no professional judgement is exercised.
15
Reporting appropriately may cause particular difficulties when the auditor seeks to combine statements, opinions, conclusions and sometimes factual findings in a single tailored auditor’s report. [Ref: paragraphs 50 onwards.]
AUASB Standards
16
This Guidance Statement refers to the requirements and approaches contained in the AUASB Standards by way of addressing a selection of common practical application issues. (Ref: Table 1)
17
In conducting a SSGA or a MSE, the auditor is required to comply with the relevant requirements in the relevant AUASB Standards. The auditor’s understanding of the composition of the engagement and user requirements is necessary in determining which AUASB Standards and requirements are relevant.
18
The auditor exercises professional judgement in appropriately applying the relevant AUASB Standards where the engagement mandate is to provide reasonable or limited assurance. The auditor applies their professional capabilities and competence in carrying out agreedupon procedures. The principles described in this Guidance Statement are intended to assist the auditor in applying the AUASB Standards.
19
The relevant requirements of the AUASB’s Standards are to be applied, regardless of the entity’s size, legal form, activities or the nature of the engagement, when:
- The terms of the engagement require the auditor to comply with, and report in accordance with, AUASB Standards;
- A prescribed auditor’s report requires the auditor to state that the engagement has been conducted in compliance with AUASB Standards; or
- A member of an Australian professional accounting body is required to comply with APES 210 Conformity with Auditing and Assurance Standards.
20
The AUASB’s assurance Standards are to be applied in the context of the AUASB Framework for Assurance Engagements.
21
Where the MSE comprises both assurance and non-assurance requirements:
- The relevant AUASB Auditing Standards, Standards on Review Engagements and Standards on Assurance Engagements are applied to the assurance sections of the MSE;
- ASRS 4400[11] is applied to the non-assurance section(s) of the MSE; and
- Any other applicable requirements that may exist in other Standards, legislation, regulation or contract are applied as relevant.
See Appendix 2.
See ASA 805 Special Considerations—Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement.
See ASAE 3100 Compliance Engagements.
See ASAE 3150 Assurance Engagements on Controls.
See GS 009 Auditing Self-Managed Superannuation Funds.
See GS 017 Prudential Reporting Requirements for Auditors of a Life Company.
See GS 003 Audit and Review Requirements for Australian Financial Services Licensees under the Corporations Act 2001.
See ASRS 4400 Agreed-upon Procedures Engagements to Report Factual Findings.
Definitions
22
For the purposes of this Guidance Statement the following words and phrases have the meanings attributed below:
22(a)
Criteria - the benchmarks used to measure or evaluate the underlying subject matter. An applicable financial reporting framework is an example of “criteria”.
22(b)
Engagement risk - the risk of expressing inappropriate opinions and/or conclusions when the subject matter is materially misstated, including when the subject matter has material deficiencies or deviations or is materially non-compliant.
22(c)
Grant acquittal - a requirement of a funding agreement and is performed by the recipient of the funding (the responsible party). An acquittal can take a number of forms such as financial reports/statements, written reports, documentation of activities performed and attestations/declarations by the funding recipient. Some funding agreements require independent assurance in relation to the acquittal, or parts thereof. In this Guidance Statement, “grant acquittal” relates to the auditor’s engagement under the funding agreement.
22(d)
Mandate - the requirement, documented or otherwise, for an independent auditor to conduct an audit, other assurance engagement, agreed-upon procedures engagement or combination thereof. Mandates may be prescribed in legislation or regulation; or may be specified by contract or agreement.
22(e)
Prescribed procedures - procedures that are to be performed by the auditor in accordance with the prescribed requirements of a statutory authority, a contract or other applicable mandate.
22(f)
Prescribed report - the form and/or content of the auditor’s report is prescribed by a statutory authority, by the terms of a contract or by other applicable mandate.
22(g)
Subject matter information - the outcome of the measurement or evaluation of an underlying subject matter against the relevant criteria. [Examples include financial reports, compliance plans and attestations/declarations by responsible parties]
23
The meanings of other words and phrases used in this Guidance Statement are those included in the AUASB pronouncements and which are also reproduced in the AUASB Glossary.
Summary of the Auditor’s Approach to a SSGA and a MSE
24
The fundamental principles and concepts applied to all audits and other engagements are to be applied equally to a SSGA and a MSE, including:
- The exercise of professional judgement and professional scepticism;
- Compliance with quality control and ethical requirements;
- Assessment of the appropriateness of subject matter and suitability of the criteria; and
- Materiality, risk assessment, sufficient appropriate evidence to obtain the level of assurance required and sufficient appropriate documentation.
25
To illustrate the progressive approach to be adopted in conducting a SSGA and a MSE, Table 2 lists the main phases and steps in an assurance engagement under the AUASB Standards.
Table 2: The Main Phases and Steps in a SSGA and a MSE for an Assurance Engagement
Main Phases |
Steps in an Assurance Engagement |
Documentation and Quality Control [12] |
Accepting |
|
Documented in accordance with the requirements of the relevant AUASB Standards; and
|
Planning |
|
|
Performing |
|
|
Reporting |
|
For specific details of the approach and steps involved in an assurance engagement, refer to the relevant AUASB Standards - Australian Auditing Standards, Standards on Review Engagements and Standards on Assurance Engagements.
Quality control and documentation requirements are found in the AUASB Standards comprising: the Australian Auditing Standards, Standards on Review Engagements, Standards on Assurance Engagements and Standards on Related Services. They include, but are not limited to, ASQC 1Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements; ASA 220 Quality Control for an Audit of a Financial Report and Other Historical Financial Information; ASA 230 Audit Documentation; ASAE 3000 Assurance Engagements Other than Audits or Reviews of Historical Financial Information and ASRS 4400.
Addressing Practical Application Issues
Introduction
26
This section of GS 022 provides guidance to auditors on addressing a selection of the practical application issues that may arise in a SSGA or a MSE. (Ref: Table 1)
Overall Strategy for Responding to Issues
27
The most effective approach auditors can adopt to address practical application issues regarding a SSGA and a MSE, is comprehensive planning through:
- Considering separately the engagement mandates, user needs and objectives for each of the different sections of the engagement in order to clearly identify the distinct scoping requirements and relevant AUASB Standards (Ref: Appendix 9);
- Communicating with relevant parties to clarify uncertainties and resolve issues; and
- Establishing detailed and efficient strategies and plans only when there is clarity about each section of the engagement(s).
Preconditions
28
Under the AUASB Standards, the preconditions for each assurance aspect of the MSE engagement are established. In order to determine whether the preconditions for an assurance engagement are present, the auditor:
- Determines whether the subject matter is appropriate, including whether it is auditable;
- Determines whether the criteria are suitable including whether the reporting framework(s) is acceptable; and
- Obtains agreement from management that it accepts responsibility for: the preparation of the entity’s reports (subject matter information), internal control and providing the auditor with information and access to personnel.
Terms of Engagement
29
The practical issues discussed below are considered and resolved by the auditor in the context of the auditor’s obligations under the AUASB Standards and relevant ethical standards[13] to confirm the terms of the engagement in writing. Each SSGA and/or separate section of a MSE is included in the engagement letter.
30
The engagement letter is a contract which is required on all engagements conducted by an auditor.[14] The requirement for an engagement letter is not conditional on the timing of appointment; clarity of mandates and reporting requirements; or the level of fees and costs. However, where law or regulation prescribes the terms of engagement in sufficient detail; and management acknowledges and understands its responsibilities, the auditor need not record the terms in a written agreement.
31
Appendix 4 provides examples of MSE engagement letters.
Practical Issues and Guidance
A. Unclear Engagement Mandates [Ref: Table 1]
32
The key to an effective and efficient approach is for the auditor to consider of each SSGA and/or section of a MSE as a separate engagement in its own right and therefore requiring its own planning, performance and discrete file, or section of a file, containing supporting evidence.
33
An entity may request a SSGA or a MSE without appropriate articulation of the engagement requirements. Auditors clarify the requirements, purpose and other relevant preliminary details, for each SSGA or discrete section of a MSE prior to accepting the engagement. The auditor’s engagement objectives and responsibilities can only be apparent when the engagement mandates are properly understood.
34
The auditor obtains a thorough understanding of all mandates, establishes whether the preconditions are present, clarifies management’s (the responsible party’s) responsibilities and identifies the broad engagement scope/objectives before accepting the engagement, agreeing to the terms in writing or proceeding with the engagement.
35
Of importance to the auditor is clarity about the suitability of criteria, including the acceptability of the reporting framework (if applicable) and management’s acceptance of its responsibility to report under that framework. As auditors do not provide new information about the entity in the auditor’s report, it is important for management to disclose the applicable reporting framework, particularly when it is a special purpose framework.
For example: Management is responsible for presentation and disclosure of an accounting policies note to accompany a grant income and expenditure statement identifying whether a cash or accruals basis of accounting has been used. Such disclosure may be additional to a prescribed or recommended financial statement.
36
An entity may approach the auditor of the entity’s annual financial report at the completion of that audit with a request to conduct a SSGA or MSE. Regardless of the timing of such a request, the auditor needs to ensure the terms of the engagement are agreed to in writing.
37
In obtaining that understanding, auditors are mindful of the threats to effectiveness and efficiency in conducting the engagement as well as potential for non-compliance with AUASB Standards. Planning and performing assurance procedures, and agreed-upon procedures if applicable, are undertaken with an appropriate understanding of the various mandates directing the engagement and establishing that the relevant preconditions required by the AUASB Standards are present.
38
The expected reporting requirements or available reporting options of the SSGA or MSE are an important part of understanding the engagement mandates. See paragraphs 50-70 for further discussion on reporting.
39
Where engagement mandates are defined in outdated terms, such as is the case in some legislation, regulation or longstanding contracts, the auditor may communicate with the relevant regulator or parties to the contract (the users). The auditor’s objective is to clarify user expectations regarding the engagement scope and reporting requirements. Such clarification reconciles out-dated terms with current AUASB frameworks. The auditor may:
- Determine that an “Other Matter” paragraph in the auditor’s report would be an appropriate way to communicate changes in terminology from that used in the engagement mandate to that used in the AUASB Standards; and
- Seek legal advice when appropriate and possibly seek amendment to the terms of the engagement.
40
The auditor reconciles user expectations with the auditor’s capabilities under the legislative environment and the AUASB Standards. In some circumstances, it may be necessary for the auditor to inform users of any relevant restrictions imposed on the auditor so as to reach agreement on the auditor’s responsibilities regarding the engagement. In such cases, it may be appropriate for the auditor to include in the auditor’s report, additional explanatory detail regarding the restriction(s). An “Other Matter” paragraph may be used for such additional material.[15]
41
When an auditor is not confident of meeting user expectations or delivering appropriately in accordance with AUASB Standards, against the engagement mandate; or is unable to resolve the issue through other means, including additional explanation in the auditor’s report, the auditor declines the engagement unless prevented from doing so by law or regulation. Refer paragraphs 47 and 69 for options when the auditor is not able to decline the engagement.
B. Subject Matter(s) Not Able to be Assured, or Difficult to be Assured (Ref: Table 1)
42
In certain circumstances, an engagement mandate may seek assurance on a subject matter that is unable to be assured, or very difficult to be assured, such as an entity’s future ability to generate a specified level of unencumbered cash or its ability to fund a future project in part or whole. The auditor’s inability to provide assurance ordinarily arises because the subject matter is not appropriate or that the criteria against which to measure or evaluate that subject matter is not suitable[16]. Furthermore, the responsible party may not be required to provide the subject matter information, such as an attestation statement (e.g. solvency declaration), to the auditor (a direct engagement).
43
The auditor may consider:
- Identifying the specific reasons why some or all of the engagement requirements are unable to be achieved;
- Communicating with the relevant regulator or parties to the contract (the users) to determine the precise expectations of the users;
- Communicating with the responsible party to confirm their responsibilities regarding the engagement and to understand their expectations and the subject matter information they intend to provide to the auditor;
- Determining whether users would accept an alternative engagement, for example:
- An agreed upon procedures engagement; or
- Assurance over an alternative subject matter.
- For example: Although an auditor may be unable to assure an entity’s future ability to generate a specified level of unencumbered cash or fund a future project, the auditor could undertake a reasonable, or limited, assurance engagement over the historical levels of unencumbered cash and/or the reasonableness of the underlying assumptions used to determine the entity’s business plans, budgets and forecasts. This may be sufficient for the users to form their own conclusion as to the entity’s future abilities. Ordinarily, such assurance work would not necessitate a full audit of the entity’s previous or current financial report and would not constitute the provision of limited assurance over prospective information;
- Exploring effective alternative solutions that may resolve the issue of dealing with matters that may be unable to be assured;
- Evaluating whether:
- A disclaimer of opinion over certain subject matter is an appropriate option; or
- Additional explanation in the auditor’s report can mitigate possible misunderstanding as to what has not been assured and the reasons for the auditor’s inability to assure the particular subject matter, that may be presented in an “Other Matter” paragraph in the auditor’s report; or
- When alternative arrangements are unable to be made, determining whether the auditor is able to decline or withdraw from the engagement under relevant laws/regulations.
44
In communicating with users, it would be necessary for the auditor to inform the relevant parties of the reasons why the auditor is unable to assure a particular subject matter. When a mutual understanding is achieved, the auditor may be able to reach agreement on the auditor’s responsibilities regarding the SSGA or MSE and the effect on the auditor’s report. Any such agreement is committed to writing so as to comply with AUASB Standards and to avoid any misunderstanding.
45
If the auditor concludes that a disclaimer over a specific subject matter or additional explanation in the auditor’s report are necessary to comply with the requirements of relevant AUASB Standards, but is prohibited from doing so (say because of an inflexible prescribed reporting regime); or if additional explanation is permitted, but the auditor is unable to adequately mitigate possible misunderstanding, the auditor does not include within the auditor’s report that the audit has been conducted in accordance with (the relevant) AUASB Standards. See paragraph 66.
46
When an auditor determines that the subject matter is not appropriate, the criteria is not suitable or the engagement does not have a rational purpose, the auditor declines the engagement, unless required by law or regulation to accept the engagement.
47
When in rare and exceptional circumstances, the auditor is prevented from any of the alternatives described earlier, and therefore effectively faces an inappropriate engagement, the auditor consults with relevant parties and when necessary seeks legal advice. When considered appropriate by the auditor, the auditor may:
- Issue a disclaimer of opinion on the basis of a limitation in the scope of the engagement.[17]
- Issue concurrently, a separate auditor’s report to the user(s) that complies with the auditor’s obligations under the AUASB Standards and, if applicable, refers to the prescribed report.
- Write separately to the users, referring to the auditor’s report and setting out:
- The auditor’s concerns, including, if applicable, the misleading nature of the prescribed auditor’s report, the use of which is mandated;
- The reasons for the auditor’s predicament, particularly the reporting inconsistency with the auditor’s responsibilities under the AUASB Standards and the relevant ethical requirements; and
- If applicable, the auditor’s inability to obtain evidence to the level of sufficiency and appropriateness considered necessary by the auditor to support the auditor’s conclusion as required by the prescribed reporting format.
- The auditor’s concerns, including, if applicable, the misleading nature of the prescribed auditor’s report, the use of which is mandated;
C. Obtaining Evidence from Third Parties (Ref: Table 1)
48
An entity may, in some cases, outsource to a third party some, or all, of the tasks which would be subject to audit or assurance procedures under the SSGA or MSE. For example, a portion of grant monies received may be used to engage a third party to perform procedures required under the grant agreement. Any such arrangements do not affect the requirements of the AUASB Standards or the underlying responsibilities of the auditor.
49
In the circumstances described in paragraph 48, the overriding issue for the auditor is the ability to obtain sufficient appropriate evidence in order to conclude on each of the matters in the scope of the engagement. Table 3 outlines options that may be available to the auditor in different circumstances.
Table 3: Obtaining Evidence from a Third Party
Situation |
Auditor’s Response |
The auditor is given access to the relevant records of the third party and provided with adequate explanations in relation to the work performed by the third party. |
The auditor performs the procedures, and obtains adequate explanations, considered necessary by the auditor in order to obtain sufficient appropriate evidence to conclude. |
The auditor is given access to the relevant working papers of the third party’s auditor and provided with adequate explanations in relation to the work performed by the third party’s auditor. |
The auditor uses AUASB Guidance Statement, GS 011[18] to obtain sufficient appropriate evidence with which to conclude. |
Where applicable, the auditor is permitted to request the third party’s auditor to perform the procedures considered necessary by the auditor; and to report thereon accordingly. |
The auditor instructs the third party’s auditor in accordance with the relevant AUASB Standard(s). For example, in the case of an audit of historical financial information, paragraph 2 of ASA 600[19], is applied, as appropriate, to obtain sufficient appropriate evidence with which to conclude. |
The third party is a service organisation and a report on controls under ASAE 3402[20] is available from the service organisation |
The auditor complies with the requirements of ASA 402[21] in using the report issued by the service organisation’s auditor to obtain an understanding of internal control relevant to the engagement. |
Sufficient appropriate audit evidence is not available. |
The auditor considers the effect on the auditor’s report. |
D. Determining Reporting Responsibilities (Ref: Table 1)
50
An auditor’s responsibilities and associated procedures to obtain a clear understanding of reporting responsibilities for a SSGA or a MSE are no different from those in any other engagement. The auditor obtains an understanding of the auditor’s reporting responsibilities at the acceptance and planning stages of the engagement, including whether the auditor’s report is prescribed or not prescribed.
51
The following guidance aims to illustrate the principles of reporting particularly when the auditor determines that issuance of a single-form auditor’s report, incorporating the different sections of the MSE, is most effective and efficient in the circumstances of the specific engagement.
Overview
52
When reporting on a SSGA or a MSE, the auditor’s objectives are the same as when reporting on other assurance engagements, namely to:
- Form overall opinions and/or conclusions based on evaluation of conclusions drawn from evidence obtained;
- Express overall opinions and/or conclusions clearly in a report that also describes the basis for the opinions and/or conclusions;
- Reduce engagement risk to an appropriate level;
- Establish that the auditor’s report complies with relevant AUASB Standards and other applicable reporting requirements, including when the auditor’s report
- Is modified (qualified opinion, adverse opinion, disclaimer of opinion and/or includes an emphasis of matter paragraph and/or other matter paragraph); and
- Contains supplementary reporting information such as a detailed list of minor instances of the entity’s non-compliance with specified regulation that have been identified by the auditor; and
- Determine that the auditor’s report is not misleading in the context of the specific engagement circumstances.
53
In expressing opinions and conclusions, the auditor uses the appropriate form of expression in the context of the applicable reporting framework and the relevant AUASB Standards.
For example: Where a SSGA or a MSE report comprises a special purpose financial report (SPFR) and an entity’s attestation on compliance with legislation, regulation or the terms of a contract, the auditor conforms with the reporting requirements in ASA 700[22] and ASA 800[23] regarding the SPFR; and ASAE 3000 and ASAE 3100 regarding the compliance section.
Users
54
Concurrently with procedures to understand the engagement mandates, the auditor performs procedures to identify users of the entity’s report(s) and the auditor’s report(s). Identification of users assists the auditor to determine the nature (form) of the auditor’s report(s), including:
- Whether there is a requirement to alert users of the special purpose of the entity’s report; and/or
- Whether to restrict distribution of the auditor’s report.
55
In the case of a grant acquittal or other contractual arrangement, the users are ordinarily the parties to the grant agreement or other contract. The signatories to the agreement(s) and the parties they represent, should provide a clear indication of the users.
For example: Where a grant is given to a company by a government department, the signature of the CEO, or other authorised staff, on the grant agreement, indicates that one group of users is the board of directors acting on behalf of the company that receives the grant. The signature of a government department head, authorised officer/delegate or notices within the funding agreement, indicate that the other user group is the government department providing the funds.
56
Where identification of users is not straightforward, the auditor discusses the matter with the party engaging the auditor. When such communication does not yield sufficient detail on identifying users, the auditor contacts the other party to the contractual arrangement or the regulator(s) responsible for each separate engagement mandate.
57
When communicating with users, the auditor considers whether it is appropriate to inform or remind users that auditor “independence” is a fundamental concept of audit and assurance and accordingly users do not direct the conduct of the audit.
Reporting when the Auditor’s Report(s) is not Prescribed
58
When the form and content of the auditor’s report is not prescribed by the engagement mandate, the auditor complies with the reporting requirements of the relevant AUASB Standards. The auditor may choose to:
- Provide multiple reports, separately for each subject matter and/or level of assurance;[24]
- Issue a single-form multi-scope report—a single-form report that identifies each different subject matter and level of assurance of the MSE; or
- A combination of (a) and (b). Table 4 illustrates this option where the auditor decides to issue a single-subject report addressing one subject matter and a single-form multi-scope auditor’s report covering the remaining subject matters:
Table 4: Example of auditor reporting (Ref: paragraph 58(c))
Subject Matters |
Reporting in Accordance with AUASB Standard |
First Auditor’s Report – single subject |
|
Audit of an historical financial report |
|
Second Auditor’s Report – multi-scope |
|
Audit of a single statement of grant income and expenditure |
|
Reasonable assurance on the entity’s compliance with the terms of a grant agreement |
|
Limited assurance on a statement of employee numbers required under a grant agreement |
Examples of how the auditor’s reports described above might be presented are demonstrated in Appendix 6.
59
In choosing whether to issue multiple reports or a single-form report, the auditor considers:
- any relevant requirements of the engagement mandate;
- user needs;
- the requirements of any other relevant standards; and
- reporting effectiveness and efficiency.
60
Where the auditor intends to issue a single-form MSE report, the auditor designs a unique report developed according to the circumstances which incorporates the reporting requirements of the relevant AUASB Standards, as well as any reporting mandates such as relevant requirements of a grant funding agreement.
61
In developing a unique single-form MSE report, the auditor seeks efficiency by avoiding repetition through blending similar reporting requirements when appropriate, but without blurring the different sections of the MSE.
For example: A single paragraph could be used to describe management’s responsibilities for the various subject matters, rather than several paragraphs describing management’s responsibilities for each subject matter, which may be repetitive .
Other Reporting Responsibilities
62
Auditors satisfy themselves as to whether there are any other reporting obligations under legal and regulatory requirements.
63
If the auditor considers it necessary to communicate a matter other than those that are presented or disclosed in the entity’s relevant financial or other reports that, in the auditor’s judgement, is relevant to the users’ understanding of the audit, the auditor’s responsibilities or the auditor’s report, the auditor considers use of an “Other Matter” paragraph in the auditor’s report.[25]
64
If the auditor addresses other reporting responsibilities that are in addition to the auditor’s responsibilities under the AUASB Standards, the auditor considers use of a separate section of the report titled “Report on Other Legal and Regulatory Requirements” or otherwise as appropriate.[26]
E. Prescribed Reporting [Ref: Table 1]
65
In some circumstances, the form and/or content of the auditor’s report is prescribed and in some cases, may include a prohibition on modified opinions. In such cases, the auditor compares the prescribed report with the reporting requirements of the relevant AUASB Standards. This comparison, taken together with the auditor’s ability, if any, to remedy any reporting issues, is an important part of the engagement acceptance procedures.
66
Although applicable to audits under the Australian Auditing Standards, the following extracts are consistent with requirements under ASAE 3000 and provide helpful guidance on the considerations to be applied regardless of which AUASB Standards apply:
- ASA 210 requires:[27]
In some cases, law or regulation of the relevant jurisdiction prescribes the layout or wording of the auditor’s report in a form or in terms that are significantly different from the requirements of the Australian Auditing Standards. In these circumstances, the auditor shall evaluate:
- Whether users might misunderstand the assurance obtained from the audit of the financial report and, if so,
- Whether additional explanation in the auditor’s report can mitigate possible misunderstanding.
If the auditor concludes that additional explanation in the auditor’s report cannot mitigate possible misunderstanding, the auditor shall not accept the audit engagement, unless required by law or regulation to do so. An audit conducted in accordance with such law or regulation does not comply with Australian Auditing Standards. Accordingly, the auditor shall not include any reference within the auditor’s report to the audit having been conducted in accordance with Australian Auditing Standards.
- ASA 700 requires:[28]
If the auditor is required by law or regulation of a specific jurisdiction to use a specific layout or wording of the auditor’s report, the auditor’s report shall refer to Australian Auditing Standards only if the auditor’s report includes, at a minimum, each of the following elements:
- A title;
- An addressee, as required by the circumstances of the engagement;
- An introductory paragraph that identifies the financial report audited;
- A description of the responsibility of management (or other appropriate term, see paragraph 24 of this Auditing Standard) for the preparation of the financial report;
- A description of the auditor’s responsibility to express an opinion on the financial report and the scope of the audit, that includes:
- A reference to Australian Auditing Standards and the law or regulation; and
- A description of an audit in accordance with those Standards;
- An opinion paragraph containing an expression of opinion on the financial report and a reference to the applicable financial reporting framework used to prepare the financial report (including identifying the jurisdiction of origin of the financial reporting framework that is not Australian Accounting Standards and, where applicable, Australian law or regulation);
- The auditor’s signature;
- The date of the auditor’s report; and
- The auditor’s address.
67
When an auditor determines that the prescribed reporting requirements do not align with, or conform to, the requirements of the relevant AUASB Standards, the auditor, as appropriate:
- Communicates with the relevant authority, individual or group, seeking agreement to amend the prescribed auditor’s report such that it conforms to AUASB Standards;
- Issues an alternative report that complies with the requirements of the AUASB Standards. This option is considered especially when the auditor has experience with the relevant party having accepted such alternative auditor’s reports in the past; and
- Communicates any matters described in paragraph 66 above that may be deficient in the prescribed auditor’s report, through an “Other Matter” paragraph.
68
Prescribed reporting formats may, for example, not include reference to management’s responsibilities for the preparation of the entity’s reports (financial, non-financial). In such cases, an “Other Matter” paragraph can be used to describe management’s responsibilities. When the auditor is unable to redress issues with prescribed reporting requirements by appropriate application of the principles or procedures conveyed above, the auditor declines the engagement, unless required by law or regulation to accept the engagement.
69
When the auditor is not able to decline the engagement and is prevented from amending or adding to a prescribed auditor’s report, the auditor has been prevented from exercising professional judgement as required by the AUASB Standards. Accordingly, the auditor consults with appropriate parties and when necessary seeks legal advice. When considered appropriate by the auditor, the auditor may, in the circumstances, be able to:
- Issue a modified auditor’s opinion or conclusion statement in accordance with the relevant AUASB Standards;
- Issue concurrently and preferably accompanying the prescribed auditor’s report, a separate auditor’s report to the user(s) that complies with the auditor’s obligations under the AUASB Standards and refers to the prescribed report; or
- Write separately to the user(s,) referring to the specific prescribed auditor’s report and setting out:
- The auditor’s concerns, including the misleading nature of the prescribed report;
- The form and content of a report under the relevant AUASB Standards;
- The reasons for the auditor’s predicament, particularly the reporting inconsistency with the auditor’s responsibilities under the AUASB Standards and relevant ethical requirements; and
- If applicable, the auditor’s inability to obtain evidence to the level of sufficiency and appropriateness considered necessary by the auditor to support the auditor’s conclusion as required by the prescribed reporting format.
70
Appendix 7 provides further considerations relating to prescribed auditor’s reports.
F. Prescribed Scopes and/or Procedures (Ref: Table 1)
71
In some SSGA or MSE, certain scopes and/or procedures may be prescribed by a relevant party, such as a regulator or the provider of grants.
Assurance
72
Prescribed procedures may be considered by the relevant party to be necessary to meet a specified assurance objective.
For example: In the audit guidance material[29] issued by the Department of Social Services, the Regulator sets out its expectations of the auditor and the information that auditors are expected to consider in the conduct of their audit.
73
When prescribed scopes and/or procedures are a prerequisite to a SSGA or MSE, the auditor:
- Preserves the auditor’s independence and professional judgement in determining the extent, timing and scope of audit procedures—a fundamental principle underpinning the value of independent assurance. This is achieved by the auditor determining whether the prescribed scopes and/or procedures:
- Will enable the auditor to obtain sufficient appropriate evidence to meet the auditor’s objectives; or
- Will need to be incorporated into procedures determined by the auditor as necessary to meet the auditor’s objectives; or
- Are additional to the procedures determined by the auditor to be necessary to meet the auditor’s objectives;
- Determines the auditor’s reporting responsibilities, if any, in regard to the prescribed scopes and/or procedures; and
- Assesses whether the auditor is confident that the auditor will be able to discharge their responsibilities regarding the prescribed scopes and/or procedures.
74
The auditor does not accept the engagement, unless required to by law or regulation, if the auditor is unable to meet the prescribed scopes and/or procedures. This situation may arise, for example, where the auditor’s independence will be compromised, the prescribed scope is not able to be assured or the prescribed procedures are unable to be performed.
Agreed-upon Procedures (no assurance)
75
Prescribed procedures, on the other hand, may not be considered by the relevant party as necessary to meet a specified assurance objective. Consequently, prescribed procedures are treated as agreed-upon procedures with factual findings reported accordingly. The auditor communicates this to the relevant party and ensures that the engagement letter correctly reflects how the prescribed procedures will be addressed by the auditor. In these circumstances, where the auditor intends to restructure a prescribed report, the auditor communicates this intention to the relevant parties.
Acceptance
G. Performing SSGA and MSE concurrently with the Statutory Audit (Ref: Table 1)
77
Auditors may receive a late request from the entity to perform a SSGA or a MSE, when they are conducting the statutory audit. The auditor then considers whether, and if so to what extent, audit work completed on the statutory audit can be applied to the SSGA or MSE.
78
When considering how to address the additional engagement, the auditor follows the requirements in the relevant AUASB Standards with respect to:
- Acceptance – including preconditions, agreeing terms, any additional fees and an engagement letter;
- Planning – including potential use of work completed for other purposes, such as the statutory audit;
- Performance – including a separate representation letter;[30] and
- Reporting – including the form and content of the auditor’s report(s).
79
Where any such engagements are identified at the acceptance stage of the financial report audit, the auditor considers the potential for concurrent work and plans accordingly.
80
As the mandates, objectives, users and reporting frameworks differ for each distinct subject matter, so the detailed work plans will differ. It is only at the engagement planning stage where the auditor finalises the engagement strategy and detailed plans, that using work performed on one section of the engagement for use on another, can be planned.
81
Using assurance procedures for multiple purposes can be achieved by appropriate planning, such as:
- Arranging the scope of procedures in areas that are common to the overall engagement generally and using the evidence for multiple purposes;
For example: When the auditor undertakes procedures to “understand the business” and to “assess risk”, the auditor may design procedures, performed concurrently, that appropriately address the SSGA and/or each of the distinct sections of the MSE. This approach enables the auditor to avoid returning unnecessarily to these planning stages.
- Utilising the practice of “dual-purpose” testing such as, substantive tests of detail that may be used in understanding internal controls or as evidence of the operating effectiveness of internal control; and
- Avoiding the double-handling of the entity’s records.
For example: The auditor may choose to:
- Use the same records to concurrently obtain different sample selections to perform procedures to achieve different objectives on each section of the engagement.
- Combine into one work programme, several procedures that:
- Utilise the same sample selections from the entity’s records.
- Are designed to meet different substantive test objectives for different sections of the SSGA or MSE.
- Are to be performed concurrently.
82
Where the auditor decides to adopt a concurrent approach to meet differing engagement objectives, care is taken with, in particular:
- Utilising materiality levels that are appropriate for each objective where work is performed simultaneously;
For example: To utilise a materiality level based on an entity’s annual financial statements as a whole would be inappropriate for performing tests of a specific type of expenditure in accordance with a grant contract. (See discussion on materiality at paragraphs 91-104)
- The nature of testing procedures that relate to the auditor’s specific objectives; and
For example: The results of a substantive (representative) sample from a financial population that uses a statistical method driven by the cumulative monetary amount could not be a substitute for attribute sampling seeking pre-determined confidence rates regarding the performance of internal control.
- Appropriate audit documentation supporting the different audit objectives, procedures, results and assessments. (Ref: paragraphs 86 – 87)
H. SSGA or MSE Reporting Periods Differ from the Entity’s Financial Reporting Period (Ref: Table 1)
83
The date of the annual financial report may differ from the relevant date for the other assurance requirements. This scenario does not prevent use, at least in part, of some evidence for the overlapping period; however, additional work would be necessary to achieve the planned approach for the other assurance requirements.
For example: Assuming the nature of the tests are appropriate to meet differing objectives, substantive tests performed in the annual statutory audit to (say) 30 June may be used in a SSGA or a MSE to (say) 30 September. The auditor extends the tests for the period 1 July to 30 September; however, the tests already performed in the statutory audit are efficiently used for two or more purposes.
84
When deciding on additional work to cover a period that extends beyond the work already performed, the auditor ordinarily considers matters such as:
- Whether the objectives and procedures already performed are appropriate for the additional work;
- Any significant changes that have occurred in the subject matter since the previous work was completed;
- The need to update the auditor’s risk assessment for the additional period, including any potential cut-off issues;
- The possibility and practicality of testing internal control in order to reduce substantive procedures for the extended period;
- Choosing the most appropriate substantive procedures – substantive analytical procedures versus tests of detail; and
- Other core considerations such as materiality levels and the availability of evidence.
85
Whenever the auditor seeks efficiencies through using work from other engagements, it is essential that the auditor determines that the work performed and the evaluation of that work is sufficient and appropriate to meet the objectives of the SSAG and/or each separate section of the MSE. Otherwise there will be a significant risk that the auditor will not obtain sufficient appropriate evidence to support each objective.
Documentation
86
Whenever leveraging work effort is achieved, the auditor determines that the engagement files contain appropriate documentation to support the conclusions on the SSGA and/or each distinct section of the MSE. It is not appropriate to assume that because evidence is documented in one file, or part of a file, that documentation requirements have been met for the SSGA and/or all sections of the MSE.
87
Cross referencing between files, or within the same file, may be appropriate but each file, or part of a file, should provide the requisite documentation to support the relevant conclusion. Cross-referencing or copying working papers contained in one file, or section of a file, for inclusion in another file, or part of a file, is an efficient documentation technique that enables each file, or section of a file, to be complete. Copied working papers should be properly labelled to clearly show each relevant section of the engagement, or engagement objective to which they apply. The working papers in each file, or part of a file, include evidence of review by a more senior person and, where applicable, evidence of quality assurance procedures having been performed.
I. Conducting a SSGA or a MSE when not the Auditor of the Entity’s Annual Financial Report (Ref: Table 1)
88
In the context of the approach outlined in Table 2, an auditor who is not the auditor of the entity’s annual financial report pays particular attention to the “accepting” phase of the engagement.
89
This particular focus is because the auditor may have little or no knowledge of the entity or its environment, nor will the auditor have undertaken a (recent) risk assessment, all of which are required in an audit undertaken in accordance with the AUASB Standards.
90
The following points are intended as a prompt of some of the more important considerations that an auditor, who is not the auditor of the entity’s annual financial report, may consider:
- Firm Capabilities
- The partner’s and team members’ knowledge and experience relating to the proposed SSGA and MSE. In assessing this, the engagement mandates need to be thoroughly understood;
- The firm’s ability to comply with relevant laws, professional, ethical and technical Standards as well as any other requirements stipulated in the engagement mandates; and
- The firm’s quality control policies and procedures at both firm and engagement levels.
- Engagement Acceptance and Client Relationship
- The rationale/purpose for the engagement;
- Appropriate subject matter and suitable criteria;
- Appropriate level of assurance in the circumstances;
- The availability of information necessary to perform the engagement;
- The integrity of management and/or those charged with governance (TCWG);
- Any restrictions or limitations in the scope of the engagement; and
- Any risks/threats to the auditor’s reputation or compliance with relevant laws and standards. Particular attention is paid to “independence” and any prescribed reporting and/or prescribed scope/procedures.
- Preconditions for the Assurance Engagement
- Determining whether the criteria, such as the reporting framework, to be applied by management, or TCWG, are suitable (in relation to the mandate(s) and the intended users); and
- Obtaining agreement from management/TCWG, that they acknowledge their responsibilities for:
- The preparation of reports in accordance with the relevant mandate(s);
- Such internal control as management/TCWG determine is necessary to enable the preparation of reports that are free from material misstatement; and
- Providing the auditor with:
- Access to all relevant information;
- Additional information as requested; and
- Unrestricted access to personnel.
- Agreeing the Terms of the Engagement
- The auditor agrees the terms of engagement with management, or TCWG, as appropriate.
- The terms of engagement are in writing, tailored to the circumstances, and comply with the requirements of the relevant AUASB Standards. The engagement letter clearly identifies the SSGA and the different sections of the MSE.
- Without clarity about the SSGA and the exact sections of the MSE, including the related reporting, there is a significant risk of:
- Misunderstanding between the auditor and management/TCWG; and
- The engagement team performing the engagement either ineffectively (by not fulfilling the appropriate requirements); or inefficiently (by performing unnecessary procedures).
- The various users of the entity’s reports (other than general purpose financial reports) are identified in the engagement letter and consequently, the related auditor’s report. This is particularly important where reporting is for a “special purpose”, such as an application for a licence.
- An example of an engagement letter for a MSE is set out in Appendix 4.
- Objectives
- The auditor separates the engagement into its different sections for each level of assurance and each subject matter so as to obtain a clear understanding of the specific assurance and reporting objectives for each section; and
- Of particular importance is developing preliminary objectives and strategies on how to perform procedures to gain an understanding of the entity and its environment; and how to perform appropriate risk assessment procedures.
J. Setting Materiality (Ref: Table 1)
91
The requirements and underlying concepts relating to materiality are found in the relevant AUASB Standards[31] and they apply equally to a SSGA or a MSE.
92
In determining materiality levels, auditors exercise professional judgement by considering qualitative and quantitative factors, including reasonable expectations of issues that would be likely to influence the decisions of users.
93
For assurance purposes, materiality is determined in order to establish:
- A tolerable level of misstatement, deficiency, deviation, or non-compliance in the subject matter (which may be in the entity’s reports);
- The scope of assurance work to be performed; and
- A reasonable basis for evaluating identified misstatements, deficiencies, deviations or non-compliance.
94
Given the objectives of setting materiality levels described in paragraph 93, the auditor of a SSGA or a MSE develops separate materiality levels for each section of the engagement.
Example 1: Developing Separate Materiality Levels
The entity is required to report the following to a regulator:
The engagement team may, for example, set materiality levels for this MSE, by adopting the following approach:
In setting these differing materiality levels, the engagement partner takes into consideration qualitative and quantitative factors and the risk of issuing an inappropriate report. The engagement partner is satisfied with the level of work done when opining that “…the statistical return (i.e. all its component parts) has been prepared, in all material respects, in accordance with…” See ASA 805 paragraphs 10 and A10-A14; and ASA 200[32] paragraph 2 (the auditor applies Australian Auditing Standards relevant to the audit as necessary in the circumstances of the engagement.)
|
95
A variation on the above example is where the statistical return includes financial information as well as non-financial information.
Example 1.1: Developing Separate Materiality Levels (cont’d)
The entity is required to report as described in Example 1 above. However, the statistical return comprises historical and prospective financial information; and non-financial information. The engagement team may place emphasis on qualitative factors and set multiple materiality levels for the statistical return element of the MSE, by adopting a combination of methods, for example: Non-Financial Information:
Historical Financial Information:
Prospective Financial Information:
In setting these differing materiality levels, the engagement partner takes into consideration the risk of issuing an inappropriate report. The engagement partner is satisfied with the level of work done when opining that “…the statistical return (i.e. all its component parts) has been prepared, in all material respects, in accordance with…” |
96
Whatever approach is taken in setting materiality levels, the engagement partner is required under the AUASB Standards to consider that misstatements, deficiencies, deviations or non-compliance, and omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence relevant decisions of users taken on the basis of the information.
97
In setting materiality levels, regardless of the subject matter or level of assurance, the engagement partner reduces risk to an acceptable level in the circumstances of the assurance engagement.
Exception Reporting
98
As indicated in Example 1 above, the engagement requirements may ask for reporting of all exceptions identified in the course of the engagement. The criteria for any such reporting are established during the engagement planning stage. For example, if every instance of non-compliance is to be reported to the Regulator, the auditor:
- Clarifies the exact requirements—to report all instances of non-compliance identified during the assurance engagement is not the same as designing an assurance engagement to identify all instances of non-compliance.
- Clarifies the auditor’s reporting requirements, including any prescribed reports—where the phrase: “…in all material respects…” is included in the auditor’s opinion (or conclusion).
- Clarifies whether the auditor is expected to include in the auditor’s report, all instances of non-compliance (already) reported by the entity, or whether the auditor’s report should include only those instances of non-compliance that the auditor has identified and that the entity has yet to report to the Regulator.
- Where the auditor’s responsibilities are unable to be clarified in terms of the matters set out in (a) to (c) above, the auditor communicates with the appropriate user of the auditor’s report to obtain clarification.
- Considers the principles in ASA 700 which provides for the auditor’s report to include a separate section for “Other Reporting Responsibilities.[34]
99
An auditor may be expected to report all instances of non-compliance identified during the assurance engagement. Where this is the case, the concepts of setting materiality in accordance with the relevant AUASB Standards for the purposes of performing the audit or review, remain unchanged – that is, to determine the scope of the assurance work to be performed and in forming the auditor’s opinion or conclusion. However, materiality is not used to determine the scope of reporting non-compliance because all identified instances of non-compliance must be reported (as the basis for modifying the opinion/conclusion if applicable or in a separate section of the auditor’s report).
100
Appendix 8 provides an example of reporting instances of non-compliance identified during the audit.
Materiality and Reporting
101
In certain circumstances, the audit or other assurance mandate, or a prescribed auditor’s report, may require reporting that uses precise terms such as “…is correct”. This suggests that “materiality” is not to be applied by the auditor and that the subject matter is “audited” in its entirety. Such exacting terms are misleading and are not used in the context of audit and other assurance engagements and are not in accordance with AUASB Standards, particularly the Framework for Assurance Engagements. An agreed-upon procedure engagement may be appropriate in these circumstances if the procedures can be precisely stated in the terms of the engagement.
102
The AUASB Framework for Assurance Engagements provides a structure supporting only “reasonable assurance” and “limited assurance”, not absolute assurance. This is due to factors such as:[35]
- The use of selective testing;
- The inherent limitations of internal control;
- The fact that much of the evidence available to the auditor/assurance practitioner is persuasive rather than conclusive;
- The use of professional judgement in gathering and evaluating evidence and forming conclusions based on that evidence; and
- In some cases, the characteristics of the underlying subject matter when measured or evaluated against the criteria.
103
As described in earlier sections of this Guidance Statement, the auditor communicates with the entity and the user to clarify expectations. Such communication will serve to inform all parties concerned and enable clarification of the auditor’s responsibilities under the AUASB Standards and the auditor’s objectives which in turn will drive the auditor’s procedures and ultimately the auditor’s report.
104
In these cases, communications among the relevant parties would be expected to lead to:
- An amendment to the scope of the engagement, such as the addition of agreed upon procedures which enable the auditor to report factual findings and where, if insisted upon by the user, terms like “…are correct” may not be misleading. Any such arrangement would need to be reflected in the terms of the engagement and may attract additional fees.
The auditor considers the matters discussed in paragraphs 71-76 (Section F).
- Clarification of the issues described in paragraphs 98-99.
K. Cost Allocations (Ref: Table 1)
105
In grant acquittals, it may be necessary for the auditor to obtain sufficient appropriate evidence in relation to the entity’s allocation of costs, such as overheads and labour, to the specific project(s) covered by the grant.
Ordinarily, the auditor establishes, among other things:
- What constitutes “eligible expenditure” specific to the particular grant;
- How to determine what is acceptable eligible expenditure; and
- The criteria that the entity uses to allocate expenditure to the specific project to which the grant applies.
The grant agreement may provide some of the information and definitions required, however, if this is not the case, the auditor may find relevant details in the documentation that supports the entity’s grant application.
106
The entity receiving the grant is responsible for proper accounting under the terms of the grant agreement, not the auditor. The auditor’s responsibilities are to be objective, exercise professional judgement, maintain professional scepticism and obtain sufficient appropriate evidence with which to conclude (on cost allocations).
107
The auditor considers the auditor’s understanding of the engagement mandate and its requirements, and the entity’s approach, procedures and internal control for allocating costs to the specific project/subject matter concerned. As with all aspects of a SSGA or a MSE, it is preferable to consider each section separately.
108
The auditor may adopt a full substantive approach by testing the elements and computations of the entity’s calculations. Alternatively, the auditor may choose a combination of procedures by auditing the entity’s internal control that is designed to ensure proper allocation of costs to specific projects together with supporting substantive procedures. In deciding the approach, the auditor refers to any relevant requirements that may be included in the engagement mandate.
109
However, the entity may not have consistently applied suitable criteria, or adopted a structured, or formal, approach to cost allocation. An entity may use an arbitrary approach. In such cases, the auditor:
- Assesses the suitability of the criteria used for cost allocations;
- Obtains an understanding of the entity’s methods of cost allocation;
- Assesses the efficacy of the approach used by, for example, comparison with a reasonable model developed by the auditor;
- Asks the entity to provide the base information and calculations of a reasonable model
- Develops a reasonable model that can be used to assess the reasonableness of the entity’s method(s); and
- If unable to obtain sufficient appropriate evidence to support the entity’s allocation, the auditor:
- Communicates with TCWG; and
- Considers the effect on the auditor’s report.
L. Substantive Procedures (Assurance Engagements) (Ref: Table 1)
110
Due to the nature of a SSGA or a MSE, determining the appropriate substantive procedures, including the use of sampling, and the extent of work to be performed, may present difficulties. In such cases, the auditor returns to basic principles, namely:
- Confirming any relevant requirements in the engagement mandate, such as:
- Procedures that may be necessary to assess and report on compliance with a grant funding agreement.
- Requirements to perform and report on (unspecified) tests of detail on specified categories of expenditure.
- The existence of prescribed procedures that an auditor is required to perform and report on. (Ref: paragraphs 71-75)
- Procedures considered necessary to detect and report weaknesses in internal control, or non-compliance with laws, regulations or the terms of a contract/agreement.
- Procedures considered necessary to support communications with management and TCWG.
- Considering each distinct section of the engagement to facilitate a clear understanding of:
- The relationship and relevance of each section to other sections in the MSE; and
- Specific objectives, strategies and work programs to address each specific objective in the context of materiality and reliance on (tested) internal control.
- Selecting the appropriate nature, timing, and extent of substantive procedures no differently from any other type of engagement.
- Requiring sufficient appropriate evidence with which to conclude. The extent of substantive procedures to obtain evidence can be reduced where reliance can be placed on the results of testing the design and operating effectiveness of relevant internal controls. Care is taken that control reliance is obtained only in respect of assertions addressed by controls that have been tested. Where a relevant assertion has not been addressed by a control, or a control test has failed, the extent of the auditor’s substantive procedures is increased.
- Considering use of substantive analytical procedures[36] (SAPs) may be appropriate because of the potential for efficiencies and effectiveness. SAPs are most useful in dealing with large populations and where reliable data can be used to develop sufficiently precise predictions/expectations. Analytical procedures include techniques to prove a population in total, and the use of computer-assisted techniques, such as data analytics.
- Considering alternative procedures - tests of detail. Again, the auditor considers efficiency and effectiveness in determining the nature, timing and extent of procedures.
- Clarifying, where sampling is chosen to obtain substantive evidence[37] from which to draw reasonable conclusions, the sampling objectives in order to choose the appropriate sampling approach/technique, namely:
- Representative sampling is used when the size of the population is large and the characteristics of the population are reasonably homogeneous – samples can be used appropriately to draw conclusions about the entire population.
- Samples can be selected by
- Statistical methods, which provide a structured approach to evaluating results; or
- Non-statistical methods, including judgemental selection, the results of which may, however, be difficult to evaluate in terms of drawing a conclusion on the entire population sampled.
- Stratification sampling is used when the auditor divides a population into items with different characteristics, such as those with (high) values over a particular amount and those falling below the amount.
The auditor tests all the items with a particular characteristic (such as those with high values). This type of sampling can be used in populations where the auditor can easily select and test a small number of items which account for a majority of the entire population from which they were selected.
The remaining items in the target population, having different characteristics, such as those with low values, may be subjected to representative sampling (see (i) above).
- Exercising care when intending to use substantive tests for more than one purpose.
For example: Payroll testing designed, in combination with tests of internal control, to obtain sufficient appropriate evidence for one section of a MSE, say, the audit of a financial report may not be appropriate to conclude on another section of the MSE, say, compliance with laws over a period of time.
- Obtaining, regardless of the procedures adopted by the auditor, sufficient appropriate evidence from which to draw conclusions in relation to each section of the engagement, irrespective of the level of disaggregation of that information.
Controls
- Considering testing and reporting on controls, see ASAE 3150 to reduce the level of substantive work.
Forming Conclusions
111
In order to report, the first step is for the auditor to reach an overall conclusion on the subject matter, regardless of the type of subject matter (financial or non-financial) or the level of assurance (reasonable and/or limited). This is achieved by:
- Determining whether the auditor has obtained reasonable or limited assurance, as the case may be. The auditor evaluates the conclusions drawn from the evidence obtained throughout the engagement. This evaluation is conducted by reference to the auditor’s objectives and procedures at each stage of the engagement.
- Determining the overall sufficiency and appropriateness of the evidence obtained.
- Considering the qualitative aspects of the entity’s reporting practices in forming an overall conclusion by taking into account:
- The persuasiveness of evidence obtained through the planned response to assessed risks of material misstatement, deviation, deficiency or non-compliance.
- Whether uncorrected misstatements, deviations, deficiencies or non-compliances are material (either individually or in aggregate).
- Whether the entity’s financial or other report(s) is presented or prepared, in all material respects, in accordance with the requirements of the applicable criteria/reporting framework.
- Considering, in view of the requirements of the criteria/applicable reporting frameworks, whether the entity’s report(s):
- Identifies the criteria/applicable reporting framework(s).
- Adequately discloses what is required to be disclosed;
- Reflects appropriate reporting polices applied in accordance with the applicable reporting frameworks;
- Reflects reasonable management estimates, where applicable;
- Is relevant, reliable, comparable and understandable;
- Is appropriate in presentation, structure, content and contains terminology that is appropriate; and
- Represents the underlying transactions, events and records.
112
The criteria/applicable reporting framework(s) may not require management, or TCWG, to evidence their responsibility for the entity’s reports by signing an attestation or declaration that accompanies the entity’s reports. In such circumstances, the auditor encourages management to do so on the basis that such omission renders the entity’s reports incomplete and therefore potentially ambiguous to users.
113
In circumstances where a written management attestation does not accompany the entity’s reports, such as is often the case in prescribed reporting formats, the auditor reflects on management’s acceptance of the terms of the engagement as evidenced by the engagement letter. In such cases, the auditor may utilise an “Other Matter” paragraph in the auditor’s report, to address any lack of clarity regarding responsibilities. (Ref: paragraph 67)
Expressing Opinions/Conclusions
114
Reporting responsibilities and prescribed auditor’s reports are included in the discussions on practical issues. See sections D and E.
115
In developing the auditor’s report, the auditor starts by reconfirming their understanding of the following:
Table 5: Reconfirming Reporting Requirements
|
|
Paragraph/Ref |
a |
Whether the form and content of the auditor’s report is prescribed in part or whole. |
65-70 |
b |
The reporting requirements set out in the engagement mandates. |
50-64 |
c |
User needs. |
54-57 |
d |
Other reporting responsibilities. |
62-64 |
e |
Reporting requirements set out in the relevant AUASB Standards. |
ASAs; ASREs; ASAEs; and ASRSs |
116
Ordinarily, the auditor has a level of discretion in determining the form and content of the auditor’s report within the context of the above requirements. In such cases, the auditor pays particular attention to user needs and the purpose of the engagement in addition to the requirements of AUASB Standards.
Report Content
117
The reporting requirements included in all AUASB Standards, in particular ASA 700 and ASAE 3000, contain the following basic elements of an auditor’s report in common, namely:
- The addressee/intended user.
- Identification of the subject matter information—such as a financial report, an attestation or statement of compliance or a schedule of non-financial information or the subject matter—such as specific financial information, compliance of an activity or controls over an activity;
- The criteria used in the preparation of the subject matter information or with which the subject matter will be evaluated—such as the Australian Accounting Standards, the terms of a contract, legislative or regulatory requirements or a controls framework;
- The responsibilities of those whose duty it is to prepare the subject matter information or responsibility for the subject matter;
- The auditor’s responsibilities; and
- The auditor’s opinion or conclusion.
118
Overall, the auditor determines that the auditor’s report is not misleading. (Ref: paragraphs 65-69).
Modifications
119
Modifications to an auditor’s report on a SSGA or a MSE are premised on the auditor’s obligation to communicate with users. This premise is no different to reporting on any other engagement.
120
Modifications to an auditor’s report fall into two broad categories:
- Modifications to the auditor’s opinion or conclusion, (qualifications, adverse opinions/conclusions and disclaimers of opinion/conclusions). The auditor draws attention to an issue relating to the subject matter that, in the auditor’s opinion, would render the subject matter information misleading but for the auditor’s communication; and
- Drawing attention to important information contained within the subject matter information, if applicable, (using an Emphasis of Matter paragraph) or in relation to the audit, the auditor’s responsibilities or the auditor’s report, (using an Other Matter paragraph), so as to focus users’ attention on the significance of certain information in understanding the subject matter report or statement and the auditor’s report thereon.
Other Reporting Responsibilities
122
When the auditor has reporting responsibilities in addition to the auditor’s responsibilities to report on the subject matter, the auditor communicates the relevant information using one or more paragraphs that appear after the auditor’s opinion or conclusion. This facilitates the auditor presenting information that does not affect the auditor’s opinion or conclusion.
123
The auditor determines what is required to be reported. For example, in some circumstances only “significant” compliance breaches are required to be reported – if this is the case, the auditor obtains an understanding of what constitutes “significance to users” and the relationship with matters considered “material”.
124
An example of other reporting responsibilities in a MSE is where an auditor is required to report all instances of an entity’s non-compliance with regulations. The auditor may use a “Report on Other Legal and Regulatory Requirements” paragraph for this purpose and an attached schedule or detailed report where necessary. Ordinarily, the auditor includes those matters of non-compliance already identified and reported by the entity, together with any additional instances of non-compliance, if any, that the auditor has identified during the audit.
125
In such circumstances, auditors, preparers and users alike may misinterpret the additional reporting requirements as meaning the auditor is required to perform a 100% check of the subject matter (such as continual compliance with regulations). It is the auditor’s responsibility to clarify that the auditor reports all instances of non-compliance that came to the auditor’s attention during the course of the audit – that is, the objective of the engagement is not to identify all non-compliance and the auditor plans the engagement based on the subject matter to be concluded upon.
126
An illustrative example report is provided in Appendix 8.
See ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements.
Requirements to agree the terms of engagements are found in:
- The AUASB Standards comprising: the Australian Auditing Standards, Standards on Review Engagements, Standards on Assurance Engagements and Standards on Related Services, ASA 210 Agreeing the Terms of Audit Engagements, ASRE 2400 Review of a Financial Report Performed by an Assurance Practitioner Who is Not the Auditor of the Entity, ASRE 2405 Review of Historical Financial Information Other than a Financial Report, ASRE 2410 Review of a Financial Report Performed by the Independent Auditor of the Entity, ASAE 3000 and ASRS 4400; and
- APES 305 Terms of Engagement, issued by the Accounting Professional and Ethical Standards Board.
See ASA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report, paragraph 8 for information on “Other Matter” paragraphs.
See Framework for Assurance Engagements.
See ASA 705 Modification to the Opinion in an Independent Auditor’s Report, paragraphs 9 and 10.
See GS 011 Third Party Access to Audit Working Papers.
See ASA 600 Special Consideration—Audits of a Group Financial Report (Including the Work of Component Auditors).
See ASAE 3402 Assurance Reports on Controls at a Service Organisation.
See ASA 402 Audit Considerations Relating to an Entity Using a Service Organisation.
See ASA 700 Forming an Opinion and Reporting on a Financial Report.
See ASA 800 Special Considerations- Audits of Financial Reports Prepared in Accordance with Special Purpose Frameworks.
This Guidance Statement does not address multiple auditor’s reports that individually address different subject matters and/or levels of assurance—in that case, the auditor simply complies with the reporting requirements of each applicable AUASB Standard.
See ASA 706, paragraph 8.
See ASA 700, paragraph 38.
See ASA 210 Agreeing the Terms of Audit Engagements, paragraph 21.
See ASA 700, paragraph 43.
See Appendix 5 for an example of a management representation letter for a MSE.
See ASA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Auditing Standards.
See ASAE 3450 Assurance Engagements involving Corporate Fundraisings and/or Prospective Financial Information.
See ASA 700, paragraphs 38 and 39.
See Framework for Assurance Engagements, paragraph 72.
See ASA 520 Analytical Procedures.
See ASA 530 Audit Sampling, and where relevant, the applicable ASAEs.