Auditor’s Responsibilities

19

The professional obligations of approved SMSF auditors under the SISA[24] are to:

  1. complete the continuing professional development requirements prescribed by the regulations;[25]
  2. hold a current policy of professional indemnity insurance;[26]
  3. comply with:
    1. any competency standards[27] ASIC determines; and
    2. any standards issued by the AUASB (unless not considered applicable to the audit of that particular SMSF); under:
      • section 336 of the Corporations Act 2001; or
      • section 227B of the Australian Securities and Investments Commission Act 2001; and
  4. comply with the auditor independence requirements produced by the Accounting Professional & Ethical Standards Board (APESB) and set out in APES 110 Code of Ethics for Professional Accountants (including Independence Standards) (the Code); as prescribed by the regulations.[28]

20

In addition, approved SMSF auditors may be subject to competency requirements, for the audit of SMSFs, by virtue of their membership of a professional body. For example, members of CPA Australia, Chartered Accountants Australia and New Zealand (CA ANZ) and the Institute of Public Accountants (IPA) are required to comply with competency requirements[29] when accepting and conducting SMSF audits. These include requirements to hold a practising certificate, maintain appropriate professional indemnity insurance, complete minimum continuing professional development in the audit of SMSFs and ensure staff have appropriate knowledge and experience and are properly supervised. Auditors are to ensure that they are up-to-date and compliant with any applicable competency requirements imposed by their professional bodies in accepting and conducting SMSF audits.

21

The auditor is required under the SISA to:

  1. provide an auditor’s report on the SMSF’s operations for the year to the trustee in the approved form,[30] no longer than 28 days after the trustee of the fund has provided all documents relevant to the preparation of the report to the auditor;[31]
  2. report in writing to the trustee, if the auditor forms the opinion in the course of, or in connection with the performance of, the audit of the SMSF, that:
    1. any contraventions of the SISA or SISR may have occurred, may be occurring or may occur in relation to the SMSF (section 129 of the SISA); or
    2. the financial position of the SMSF may be, or may be about to become, unsatisfactory (section 130 of the SISA); and
  3. report in writing, within 28 days, to the ATO[32] using the approved form auditor/actuary contravention report (ACR) and instructions (ACR instructions),[33] if the auditor forms the opinion in the course of, or in connection with the performance, of the audit of a SMSF, that:
    1. it is likely that a contravention may have occurred, may be occurring or may occur, of the requirements of the SISA or SISR, specified by the ATO in the ACR, which meet the tests specified in the ACR instructions (section 129 of the SISA); or
    2. the financial position of the SMSF may be, or may be about to become, unsatisfactory (section 130 of the SISA).

22

The auditor may also provide information in the ACR to the ATO about the SMSF or a trustee of the SMSF, if the auditor considers it will assist the ATO in performing its functions under the SISA and SISR (section 130A of the SISA).

23

The approved form auditor’s report, issued by the ATO, is divided into two parts:

  1. Part A: Financial report, which requires the auditor to express an opinion on the financial report, based on the audit, conducted “in accordance with Australian Auditing Standards”; and
  2. Part B: Compliance report, which requires the auditor to express an opinion on compliance with sections and regulations of the SISA and SISR specified in the ATO approved form auditor’s report based on the compliance engagement, conducted “in accordance with applicable Standards on Assurance Engagements”.

In addition, the ATO approved form auditor’s report requires the auditor to include a statement in the auditor’s report that they have complied with the independence requirements prescribed by the SISR and the competency standards set by ASIC.[34]

Conduct the Financial Audit and Compliance Engagement in Accordance with ASQC 1

24

ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and related Services Engagements establishes requirements and provides application and other explanatory material regarding the firm’s responsibilities for its system of quality control for audits and reviews of financial reports and other financial information, and other assurance engagements.

Conduct the Financial Audit in Accordance with Australian Auditing Standards

25

The auditor complies with all of the requirements in each of the Auditing Standards relevant to the financial audit in determining the audit procedures to be performed in conducting an audit in accordance with the Auditing Standards. The key Auditing Standards which are relevant to the conduct of the financial audit of a SMSF include, but are not limited to:

  1. ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements requires the auditor to comply with relevant ethical requirements, including those pertaining to independence.
  2. ASA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Auditing Standards requires the auditor to:
    1. comply with the relevant ethical requirements, including those pertaining to independence, relating to financial report audit engagements;
    2. comply with all Auditing Standards relevant to the audit;
    3. plan and perform an audit of a financial report by exercising professional judgement;
    4. plan and perform an audit with professional scepticism recognising that circumstances may exist that cause the financial report to be materially misstated; and
    5. obtain reasonable assurance about whether the financial report as a whole is free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial report is prepared, in all material respects, in accordance with an applicable financial reporting framework.
  3. ASA 210 Agreeing the Terms of Audit Engagements requires the terms of the audit engagement to be agreed with the fund trustee, in an audit engagement letter or other suitable form of written agreement.  On recurring audits, the auditor assesses whether circumstances require the terms of the audit engagement to be revised and whether there is a need to remind the fund trustee of the existing terms of the audit engagement.  The auditor obtains the trustee’s acknowledgement that their responsibilities under the SISA and the SISR include the preparation of financial reports and records, establishing and maintaining internal controls, particularly those preventing and detecting fraud and error, and providing the auditor with any information, explanations and assistance required for the audit.  This includes determining whether the financial reporting framework to be applied in the preparation of the financial report is appropriate.
  4. ASA 220 Quality Control for an Audit of a Financial Report and Other Financial Information requires the engagement partner to:
    1. remain alert, through observation and making enquiries as necessary, for evidence of non‑compliance with relevant ethical requirements by members of the engagement team, throughout the audit engagement;
    2. form a conclusion on compliance with the independence requirements that apply to the audit engagement;
    3. be satisfied that appropriate procedures regarding the acceptance and continuance of client relationships and audit engagements have been followed, and determine that conclusions reached in this regard are appropriate;
    4. be satisfied that the engagement team, and any auditor’s experts who are not part of the engagement team, collectively have the appropriate competence and capability to perform the audit engagement;
    5. take responsibility for the direction, supervision and performance of the audit engagement; and
    6. take responsibility for the auditor’s report being appropriate in the circumstances.
  5. ASA 230 Audit Documentation requires preparation of documentation that is[35]:
    1. sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the nature, timing and extent of the audit procedures performed to comply with the Auditing Standards and applicable legal and regulatory requirements;
    2. sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the results of the audit procedures performed, the audit evidence obtained, significant matters arising during the audit, the audit conclusion reached thereon and significant professional judgements made in reaching those conclusions.

For example:

  • Rental income received from a non-arm’s length arrangement is tested and the auditor’s conclusions are recorded in the working papers.
  • Where the auditor’s conclusions rely on their professional judgement, the working papers can provide appropriate documentation as to the methodology and/or reasoning that led to the conclusion.
  • The use of a ‘completion memorandum’ as a summary of the conduct of the audit and how the opinion was formed.
  1. assembled in an audit file on a timely basis (ordinarily not more than 60 days) after the date of the auditor’s report.

Audit file retention is not mandated; however, paragraph 58[36] of ASQC 1 establishes a period of time for the retention of documentation for the system of quality control that is sufficient to enable the firm to monitor the design, implementation and operation of the firm’s system of quality control, or for a longer period if required by law or regulation.  

  1. ASA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of a Financial Report requires the auditor to consider the risks of material misstatements in the financial report due to fraud.[37]
  2. ASA 250 Consideration of Laws and Regulations in an Audit of a Financial Report requires the auditor to obtain a general understanding of the legal and regulatory framework applicable to the entity, how the entity is complying with that framework, perform further audit procedures to help identify instances of non‑compliance with those laws and regulations that may have a material effect on the financial report and obtain sufficient appropriate audit evidence regarding compliance with those laws and regulations generally recognised to have a direct effect on the determination of material amounts and disclosures in the financial report.
  3.  
  4. ASA 250 is relevant due to the requirement for a SMSF to have an annual financial report audit and a compliance engagement. Where non-compliance with the SISA or the SISR is identified, the auditor is required under ASA 250 to assess the impact, if any, on the financial report.
  5.  
  6. Compliance breaches identified as a result of the financial audit are reported to the ATO for regulatory action. If, in the opinion of the auditor, the breach could result in the material misstatement of the financial report, they may consider modifying their opinion on the audit of the financial report – Part A qualification. This is in addition to any modification of the opinion in respect of the Compliance Engagement – Part B qualification.
  • An example of a compliance breach that may cause a material misstatement of the SMSF’s financial report is where there is a breach of the in-house asset (IHA) rules. A review of the rectification plan to determine the impact, if any, on the financial report will be necessary, for the auditor to determine whether to modify their opinion.
  1. ASA 260 Communication with Those Charged with Governance requires the auditor to determine the appropriate person(s) within the entity’s governance structure with whom to communicate, usually the trustee in the audit of a SMSF, and communicate with them, on a timely basis, the responsibilities of the auditor in relation to the financial report audit, an overview of the planned scope and timing of the audit, significant qualitative aspects of the entity’s accounting practices, significant findings from the audit, and auditor independence. The auditor may also consider issuing a management letter, or some form of audit completion document, to the trustee. The management letter may be used to inform the trustee of any section 129 SISA contraventions identified during the audit that did not meet the reporting criteria for the lodgement of an auditor/actuary contravention report.
  2.  
  3. The auditor communicates directly with the trustee, rather than indirectly, for example through, the referring accountant. The auditor has a direct responsibility to the trustee and should not seek to rely on the representations of other parties.[38]
  1. ASA 265 Communicating Deficiencies in Internal Control to Those Charged with Governance and Management requires the auditor to communicate appropriately to those charged with governance and management, deficiencies in internal control that the auditor has identified during the audit and that, in the auditor’s professional judgement, are of sufficient importance to merit their respective attentions.  Regardless of whether or not the auditor has relied on internal controls, deficiencies in internal controls identified during the audit may still need to be communicated with the trustee of the fund.
  2. ASA 300 Planning an Audit of a Financial Report requires the auditor to perform preliminary engagement activities including evaluation of their own compliance with relevant ethical requirements, including independence, to establish and document an overall audit strategy that sets the scope, timing and direction of the audit, that guide the development of the audit plan and that plans the nature, timing and extent of direction and supervision of the engagement team members and review of their work.
  3. ASA 315 Identifying and Assessing the Risks of Material Misstatement requires the auditor to obtain an understanding of the SMSF and its environment, including its internal controls, to provide a basis for the identification and assessment of risks of material misstatement at the financial report and assertion level.
  4. ASA 320 Materiality in Planning and Performing an Audit requires the auditor to determine materiality for the financial report as a whole when determining the overall audit strategy, and to determine performance materiality for purposes of assessing the risks of material misstatement and determining the nature, timing and extent of further audit procedures.
  5. ASA 330 The Auditor’s Responses to Assessed Risks requires the auditor to design and implement overall responses to address the assessed risks of material misstatement at the financial report level and design and perform further audit procedures whose nature, timing and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.  Further audit procedures may comprise only substantive procedures or, when reliance is placed on the operating effectiveness of controls to reduce substantive testing, include tests of controls.
  6. ASA 402 Audit Considerations Relating to an Entity Using a Service Organisation requires the auditor to determine whether the service organisation’s activities are of significance to the SMSF and relevant to the audit and, if so, the auditor is required to obtain a sufficient understanding of the SMSF and its environment to identify and assess the risks of material misstatement and design further audit procedures in response to the assessed risk.  The auditor may need to obtain evidence of the operating effectiveness of the service organisation’s controls and may use a report of a service organisation auditor to provide that evidence.

Guidance Statement GS 007 Audit Implications of the Use of Service Organisations for Investment Management Services (GS 007)

Part A of GS 007 provides guidance to a ‘user auditor’ on the application of ASA 402 in respect of investment management services.[39]

GS 007 provides guidance for the preparation, and use as audit evidence, of two types of reports on controls – ‘type 1’ and ‘type 2’, stating that a type 1 report may be used by the auditor in applying ASA 315 to audit planning, whereas a type 2 report on controls may also be used by the auditor in responding to assessed risks in accordance with ASA 330.

A type 2 report on controls, containing an unmodified opinion, ordinarily provides the user auditor with sufficient appropriate audit evidence as to the reliability of controls over the investment management services provided by the service organisation to the user entity and, accordingly, may enable the user auditor to reduce the extent of substantive testing that might otherwise have been necessary with respect to the balances or transactions subject to those services. A type 2 report on controls does not eliminate the need for substantive procedures altogether, as ASA 330 requires the auditor, irrespective of the assessed risk of material misstatement, to design and perform substantive procedures for each material class of transactions, account balance and disclosure.

ASAE 3402 Assurance Reports on Controls at a Service Organisation

ASAE 3402 is the standard applied by an auditor of a service organisation that is engaged to provide an assurance report on controls. Reports prepared in accordance with ASAE 3402 are capable of providing appropriate evidence under ASA 402. The standard provides for the issuance of either type 1 or type 2 report on controls. Only type 2 reports on controls are capable of providing reasonable assurance that the control objectives within the organisation were achieved throughout the reporting period.

Data feeds may be used by investment management providers as well as by other entities, such as financial institutions and share registries, for the transfer of information required for the preparation of a SMSF’s financial report.  Typically, this results in the source documentation being retained by the service organisation and, therefore, additional audit consideration regarding the planning, testing and forming of an opinion may be required.

In using a type 2 service auditor’s assurance report on controls, issued in accordance with ASAE 3402, the auditor considers the professional competence of the service auditor, the nature and content of the report, the scope of the work performed and whether the nature, timing and extent of the tests of controls and results that are relevant, provide sufficient appropriate audit evidence about the operating effectiveness of those controls to support the assessed risks of material misstatement.

  1. ASA 450 Evaluation of Misstatements Identified during the Audit requires the auditor to determine whether the overall audit strategy and audit plan needs to be revised if the nature of identified misstatements and the circumstances of their occurrence indicate that other misstatements may exist that, when aggregated with misstatements accumulated during the audit, could be material or approaches materiality determined in accordance with ASA 320.
  2. ASA 500 Audit Evidence requires the auditor to design and perform audit procedures that are appropriate in the circumstances of the engagement, for the purpose of obtaining sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion.  It requires the auditor to consider the relevance and reliability of the information to be used as audit evidence which includes the documentation of their testing and how the results may impact the audit opinion.
  3. ASA 502 Audit Evidence – Specific Considerations for Litigation and Claims requires the auditor to design and perform audit procedures to identify litigation and claims which may give rise to a risk of material misstatement, and that they are accounted for and disclosed in accordance with the applicable financial reporting framework.  For a SMSF, material legal matters may include: the divorce of a member which may threaten the liquidity of the SMSF, an ATO investigation into the trustee or legal action commenced by the SMSF against the SMSF’s administrators or investment managers, each of which may have a material effect on the financial report.
  4. ASA 505 External Confirmations requires the auditor to request external confirmations where they are considered necessary to obtain sufficient appropriate audit evidence.
  5. ASA 510 Initial Audit Engagements – Opening Balances requires the auditor to obtain sufficient appropriate audit evidence about whether the opening balances contain misstatements that materially affect the current period’s financial report, by determining whether the prior period closing balances have been correctly brought forward and that appropriate accounting policies are applied consistently.
  6. ASA 520 Analytical Procedures deals with the requirements relating to the use of substantive analytical procedures.  Furthermore, the standard requires the auditor to design and perform analytical procedures near the end of the audit that assist the auditor when forming an overall conclusion as to whether the financial report is consistent with the auditor’s understanding of the SMSF.
  7. ASA 530 Audit Sampling requires that, when audit sampling is used, the auditor, in designing the sample, considers the purpose of the procedure and the characteristics of the population from which the sample will be drawn, and to evaluate whether the results of the sample provide a reasonable basis for concluding on the population.
  8. ASA 540 Auditing Accounting Estimates and Related Disclosures requires the auditor to obtain sufficient appropriate audit evidence that accounting estimates, including fair value accounting estimates, and related disclosures are reasonable and are in accordance with the applicable financial reporting framework, which is chosen by the trustee in the case of a SMSF.  The requirements and guidance in ASA 540 are particularly relevant to the audit of trustees’ valuations, which are common in SMSFs.  Regulation 8.02B of the SISR requires SMSF assets to be valued at market value.
  9. ASA 550 Related Parties requires the auditor to design and perform audit procedures to obtain sufficient appropriate audit evidence that all related party relationships and transactions have been identified and have been appropriately recorded and disclosed[40] in the financial report.
  10. ASA 560 Subsequent Events requires the auditor to perform audit procedures designed to obtain sufficient appropriate audit evidence that all events up to the date of the auditor’s report have been identified, and if material, are properly disclosed and accounted for.
  11. ASA 570 Going Concern requires the auditor to consider the appropriateness of use of the going concern assumption in the preparation of the financial report.
  12. ASA 580 Written Representations requires the auditor to request written representations from management that they are responsible for the preparation of the financial report in accordance with the applicable reporting framework and other statutory reporting requirements, that they have provided the auditor with all relevant information and access, and that all transactions have been recorded and reflected in the financial report.  In the case of a SMSF, these representations are obtained from the trustee.
  13. ASA 620 Using the Work of an Auditor’s Expert requires the auditor, when using the work of an auditor’s expert, to obtain sufficient appropriate audit evidence that such work is adequate for the purposes of the audit and to evaluate the competence, capabilities and objectivity of the auditor’s expert.
  14. ASA 700 Forming an Opinion and Reporting on a Financial Report requires the auditor to form an opinion on whether the financial report is prepared, in all material respects, in accordance with the applicable financial framework, and to express the opinion in an auditor’s written report.
  15. ASA 705 Modifications to the Opinion in the Independent Auditor’s Report requires the auditor to modify the auditor’s report when it is not possible to issue an unmodified audit opinion.  The circumstances may dictate that, due to a conflict, a significant uncertainty, a limitation of scope or a lack of sufficient appropriate audit evidence, it is not possible to issue an unqualified audit opinion.  In these circumstances, ASA 705 requires the auditor to issue either a qualified opinion, a disclaimer of opinion or an adverse opinion.  The decision regarding whether the type of modified opinion is appropriate, depends on both the nature of the matter and the auditor’s judgement about the pervasiveness of the effects or possible effects of the matter on the financial report.
  16. ASA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report contains the requirements of how the emphasis of matter paragraph or other matter paragraph are to be presented in the auditor’s report.
  17. ASA 710 Comparative Information – Corresponding Figures and Comparative Financial Reports requires the auditor to determine whether the financial report includes the comparative information required by the applicable financial reporting framework and whether such information is appropriately classified.
  18. ASA 800 Special Considerations – Audits of Financial Reports Prepared in Accordance with Special Purpose Frameworks specifies the requirements for the auditor’s report on special purpose financial reports which, for SMSFs, is reflected in the ATO approved form auditor’s report issued by the ATO.[41] Auditors’ reports for SMSFs include an Emphasis of Matter paragraph drawing attention to the note in the financial report which describes the basis of accounting.[42] 

Conduct the Compliance Engagement in Accordance with Applicable Standards on Assurance Engagements

26

ASAE 3100 Compliance Engagements, which is to be read in conjunction with ASAE 3000 Assurance Engagements Other Than Audits or Reviews of Historical Financial Information, is applicable to the conduct of the compliance engagement of SMSFs. For example, ASAE 3100 requires the auditor to:

  • Comply with applicable Standards on Assurance Engagements.
  • Comply with the fundamental ethical principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour.
  • Implement quality control procedures.
  • Meet acceptance and continuance requirements.
  • Agree the terms of the engagement in writing.
  • Plan the compliance engagement so that it will be performed effectively.
  • Consider materiality and identify areas where the risks that may cause material non-compliance with the compliance requirements are likely to arise when planning and performing the compliance engagement.
  • Respond to the risks identified and use as a basis for designing and performing appropriate assurance procedures.
  • Obtain sufficient appropriate evidence on which to base the conclusion and evaluate the impact on the conclusion of any compliance breaches noted.
  • Consider the effect of events up to the date of the compliance report.
  • Prepare, on a timely basis, documentation that is sufficient and appropriate to provide a basis for the auditor’s conclusion and evidence that the engagement was performed in accordance with ASAE 3000 and ASAE 3100.
  • Form a conclusion about the subject matter information, which for a SMSF is compliance in all material respects with the SISA and SISR requirements specified in the approved form auditor’s report.

27

Since ASAE 3100 is to be read in conjunction with ASAE 3000, where specific application and other explanatory guidance is contained in ASAE 3000 and only referenced in ASAE 3100, this Guidance Statement makes direct reference to ASAE 3000. Although Auditing Standards (ASAs) do not apply to compliance engagements, they may provide helpful guidance in the conduct of a compliance engagement.

28

ASAE 3402 provides for assurance reports on controls which, if available from a service organisation used by a SMSF, may be relevant to the conduct of the financial audit of that SMSF. ASAE 3402 deals with assurance engagements undertaken by an auditor to provide an assurance report for use by user entities and their auditors, on the controls at a service organisation that provides a service to user entities, that is likely to be relevant to user entities’ internal controls as they relate to financial reporting. It complements ASA 402, in that reports prepared in accordance with this standard are capable of providing appropriate evidence under ASA 402. Refer further to paragraph 141-147.

24

See section 128F of the SISA.

25

See regulation 9A.04 of the SISR.

26

See regulation 9A.05 of the SISR.

27

See ASIC Class Order CO 12/1687 Competency Standards for approved SMSF auditors.

28

See regulation 9A.06 of the SISR.

30

See section 35C of the SISA.

31

See regulation 8.03 of the SISR.

32

While the SISA (sections 129 and 130) requires reporting as soon as practicable after forming the opinion, it is the ATO’s practice to require lodgement within 28 days of signing the auditor’s report.

33

Completing the Auditor/actuary contravention report (instructions) (NAT 11299) and Auditor/actuary contravention report (ACR) (NAT 11239). See: www.ato.gov.au/Super

34

ASIC class order CO 12/1687.

35

The ATO has published a Checklist for SMSF Auditors which is designed to assist SMSF Auditors to understand what the ATO ordinarily considers sufficient and appropriate audit documentation for a SMSF financial report audit.

36

See ASQC 1 paragraph 58, which states the period of documentation should be sufficient to permit those performing monitoring procedures to evaluate the firm’s system of quality control, or for a longer period if required by law or regulation.

37

Due to the few persons generally involved in the operation of a SMSF, there is ordinarily limited segregation of duties, which may impact on the auditor’s assessment of fraud risk, as trustees, administrators or advisers may have an ability to override controls. SMSFs are not afforded the same level of protection as APRA regulated funds, for which provision is made, in certain circumstances, for members to be compensated for losses incurred in the event of fraud.

38

Cam & Bear Pty Ltd v McGoldrick [2018] NSWCA 110 and Ryan Wealth Holdings Pty Ltd v Baumgartner [2018] NSWSC 1502.

39

Investment management services may include WRAP platforms, custodial asset management, management accounts - Separately Managed Account (SMA) or an Individually Managed Account (IMA). A WRAP or Wrap Service is an administrative or reporting service whereby investments are consolidated, managed or held by a custodian. WRAPs combine reporting on investments including bank accounts, listed securities, managed funds, insurance and superannuation which are held within the portfolio.

40

As the majority of SMSFs operate under the special purpose framework, they may elect not to comply with the disclosure requirements of AASB 124 Related Party Disclosures.

41

In rare circumstances where the SMSF is required to prepare a GPFR the auditor refers to the requirements in ASA 700 Forming an Opinion and Reporting on a Financial Report.

42

See ASA 800, paragraph 14.