Prior to commencing the audit, the auditor performs a number of preliminary activities to gain confidence that undertaking the audit is appropriate from a client and ethical point of view. ASA 300 requires the auditor, prior to beginning an audit engagement, to:

1. perform procedures required by ASA 220 regarding the acceptance and continuance of the client relationship and the specific audit engagement;
2. evaluate compliance with relevant ethical requirements relating to the audit engagement, including independence, in accordance with ASA 220; and
3. establish an understanding of the terms of engagement, as required by ASA 210.

These steps are outlined below.

Acceptance and Continuance Procedures

Under the Auditing Standards and ASAE 3000, the auditor accepts or continues an engagement only when the auditor has no reason to believe that relevant ethical requirements, including independence, will not be satisfied.

For an initial audit, where there has been a change of auditor, the auditor communicates with the previous auditor in accordance with the relevant ethical requirements to ensure that there is no impediment or restriction in accepting and conducting the audit. The new auditor seeks permission from the trustee^[43] to communicate with the previous auditor.

Ethical Requirements

In accordance with ASA 102, ASA 200 and ASAE 3000, the auditor is required to comply with relevant ethical requirements relating to audit and assurance engagements. For the purposes of GS 009 these include the applicable requirements of the Code.^[44] The Code provides a conceptual framework that specifies an approach to identify threats to compliance with the fundamental principles, evaluate the threats identified and address the threats by eliminating or reducing them to an acceptable level.^[45]

The fundamental principles of ethics comprise:^[46]

1. integrity;
2. objectivity;
3. professional competence and due care;
4. confidentiality; and
5. professional behaviour.

The fundamental principles of ethics establish the standard of behaviour expected of the auditor when performing the SMSF audit and compliance engagement.

Under ASA 220 and ASAE 3100, the auditor accepts an engagement only when the auditor is satisfied that they, and, if applicable, the engagement team, have met the relevant ethical requirements.

The auditor ensures that they possess, or, if applicable, the engagement team conducting the audit collectively possesses, the appropriate capabilities, competence and time to conduct the audit in accordance with the Auditing Standards, applicable Standards on Assurance Engagements and legislative requirements. Capabilities and competence are developed through a variety of means, including professional education, training, practical experience and coaching and mentoring by more experienced staff. Under the SISA^[47] the auditor is required to comply with competency standards set out by ASIC.^[48] In addition, meeting the applicable competency requirements of their professional bodies will assist SMSF auditors to maintain the competence, knowledge, skills and capabilities necessary to perform SMSF audits satisfactorily.

Under ASA 250, the auditor obtains a general understanding of the legal and regulatory environment applicable to the SMSF. A sound and current knowledge of superannuation legislation, including the SISA and SISR, relevant taxation legislation and ATO Rulings, Determinations and Interpretative Decisions, is necessary for the auditor to meet this requirement.

Independence

ASA 220 requires the engagement partner to form a conclusion on compliance with the independence requirements that apply to the audit engagement. ASAE 3100 requires compliance with the fundamental ethical principles on compliance engagements, for which the concept of independence is integral. The SISA^[49] and the SISR^[50] require the auditor to comply with the auditor independence requirements prescribed by the Code.^[51]

Independence comprises:^[52]

1. independence of mind - the state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity, and exercise objectivity and professional scepticism; and
2. independence in appearance - the avoidance of facts and circumstances that are so significant that a reasonable and informed third party would be likely to conclude that a firm’s, or an audit or assurance team member’s, integrity, objectivity or professional scepticism has been compromised.

Independence enables the auditor to act with integrity, to be objective and to maintain an attitude of professional scepticism and is mandatory^[53] for auditors undertaking the audit of a SMSF.

The Independence Standards in Parts 4A and 4B of the Code set out requirements and application material on how to apply the conceptual framework in the Code to maintain independence when performing audits, reviews or other assurance engagements.

When assessing independence, the auditor:^[54]

1. identifies any threats to compliance with the fundamental principles (and independence);
2. evaluates whether the identified threats are at an acceptable level; and
3. addresses any identified threats that are not at an acceptable level by:
   1. eliminating the circumstances, including interests or relationships, that are creating the threats;
   2. applying safeguards where available and capable of being applied, to reduce the threats to an acceptable level; or
   3. declining or ending the engagement.

Identifying threats to the fundamental principles (and independence) requires an understanding by the auditor of the facts and circumstances, including any professional activities, interests and relationships that might compromise compliance with the fundamental principles. The existence of certain conditions, policies and procedures established by the profession, legislation, regulation or the firm that enhance the auditor acting ethically might also help identify threats. Threats will fall into one or more of the following categories:^[52]

1. Self-interest threat;
2. Self-review threat;
3. Advocacy threat;
4. Familiarity threat; and
5. Intimidation threat.

Threats to compliance with the fundamental principles (and independence) must be evaluated by the auditor as to whether the threats are at an acceptable level, being a level at which the auditor, using the reasonable and informed third party test, would likely conclude that the auditor complies with the fundamental principles. The consideration of qualitative and quantitative factors is relevant as is the combined effect of multiple threats. The conditions, policies and procedures referred to in paragraph 42 might be relevant factors in evaluating the level of threats and examples include:^[52]

• Corporate governance requirements.
• Educational, training and experience requirements for the profession.
• Effective complaint systems which enable the member and the general public to draw attention to unethical behaviour.
• An explicitly stated duty to report breaches of ethics requirements.
• Professional or regulatory monitoring and disciplinary procedures.

In evaluating threats to independence the auditor considers the nature of the SMSF, the range of services provided to the audit client and the relationships the auditor and the audit team have with the SMSF’s trustee, financial adviser, accountants, administrator, actuary and any other person or organisation involved with the management or operation of the SMSF.

Depending on the facts and circumstances, a threat might be addressed by eliminating the circumstances creating the threat. However, in some situations the only way to address the threat is to decline or end the engagement, as the circumstances that created the threat cannot be eliminated and safeguards are not capable of being applied to reduce the threat to an acceptable level. Safeguards are actions, individually or in combination, taken by the auditor to effectively reduce threats to an acceptable level.^[52]

As outlined in Section 8.4 of the Independence Guide – Fifth Edition, May 2020 (Independence Guide) the following scenarios involving SMSFs would always result in independence requirements being breached. In each of these cases, it would be expected that an auditor would decline the audit engagement:

1. an auditor cannot audit a SMSF where the auditor, their staff or their firm has prepared the financial statements for the SMSF unless it is a routine or mechanical service;^[55]
2. an auditor cannot audit their own or an immediate family member’s SMSF;^[56]
3. an auditor cannot audit the SMSF where a partner within their own firm is a member/trustee of that SMSF;^[57] and
4. an auditor cannot audit the SMSF where they have a business relationship with a member/trustee of the SMSF.^[58]

In addition, an auditor should not audit the SMSF where a relative or a related party of the auditor is a member/trustee of that SMSF or where the auditor has a close personal relationship. Where an audit team member on the audit of a SMSF has a close family member (parent, child or sibling who is not an immediate family member) that is a member and trustee of that SMSF, a reasonable and informed third party would likely conclude that a self-interest threat to independence is not at an acceptable level and must be addressed.^[59]

A firm (or network firm) must not assume a management responsibility for an audit client.^[60] If the firm’s staff make management decisions for the SMSF, which may occur if the firm is providing administrative services to the SMSF, there are no safeguards available to the firm to reduce the self-review threat to an acceptably low level. As such, the firm would need to withdraw from either the administration or the audit engagement.

A firm (or network firm) must not provide to a SMSF any accounting and bookkeeping services, including preparing the financial statements that the firm will be auditing or financial information which forms the basis of such financial statements, unless:^[61]

1. the services are of a routine or mechanical nature; and
2. the firm addresses any threats created by providing such services that are not at an acceptable level.

Assisting an audit client in the preparation of accounting records or financial statements will create a self-review threat when those records and financial statements are subsequently audited by the same firm. Such services are prohibited unless they are of a routine or mechanical nature, meaning the services require little or no professional judgement (e.g. posting transactions coded by the SMSF trustee(s), posting SMSF trustee approved entries to the trial balance or preparing the financial statements based on a trial balance approved by the SMSF trustee(s)). However, even if the service is routine or mechanical, a reasonable and informed third party would conclude that threats to independence are not at an acceptable level and would need to be addressed. The threats might be addressed by applying safeguards if they are available and capable of being applied, such as:^[62]

• Using professionals who are not audit team members to perform the service.
• Having an appropriate reviewer, who was not involved in providing the service, review the audit work or service performed.

If the auditor cannot eliminate the circumstances creating the threats or apply safeguards to reduce the self-review threat to an acceptable level, they must decline the engagement.

Provision of taxation return preparation services to a SMSF which is also an audit client does not usually create a threat to independence. However, other tax services including tax calculations for the purpose of preparing the accounting entries, tax planning and other tax advisory services, tax services involving valuations or assistance in the resolution of tax disputes, may create threats to independence that need to be addressed and some services are prohibited by the Code.^[63]

Provision of financial advice to a SMSF which is also an audit client of the same firm will likely create self-interest and self-review threats that need to be addressed. Further guidance is provided in Section 8.5 of the Independence Guide.

Where the audit firm or an individual partner is unduly reliant on the audit fees from a particular group of SMSFs, such as those SMSFs referred by a single referral source, the concern about the possibility of losing the referrals may create self-interest or intimidation threats. In evaluating and addressing these threats, appropriate safeguards may include diversifying the client base to spread the source of revenue so that the potential for undue influence is removed and the audit firm establishing policies and procedures around engagement quality control reviews.^[64] These policies may include contracting of suitably qualified external persons or other firms^[65] to review files prepared by the audit firm to confirm appropriate audit opinions are being issued and are supported by sufficient appropriate audit evidence that is appropriately documented. If the circumstances creating the threats cannot be eliminated and appropriate safeguards are not available or capable of being applied to reduce threats to an acceptable level, the auditor may need to terminate or decline some of the engagements. Further guidance in relation to these types of arrangements are addressed in Section 8.5 of the Independence Guide.

Reciprocal auditing arrangements create threats to independence and are a concern to both the ATO and to ASIC. The following scenarios are drawn from Section 8.5 of the Independence Guide:^[66]

1. Where two auditors conduct the audit of each other’s personal SMSFs – the auditors cannot eliminate the circumstances creating the threats to independence and there are no safeguards available or capable of being applied to reduce threats to independence to an acceptable level. As such, the respective engagements must be declined.
2. Self-interest, familiarity and intimidation threats to independence also arise where two professional accountants who are also SMSF auditors, prepare the accounts for a number of SMSFs and enter into an arrangement to audit each other’s SMSF clients. Where this arrangement represents a large proportion of the total fees of the firm(s), a reasonable and informed third party would consider the threats to independence are not at an acceptable level and would need to be addressed. In this case, the auditors cannot eliminate the circumstances creating the threats to independence. To reduce this threat to independence to an acceptable level, safeguards for auditors could include:
   • spreading these referrals to a number of different SMSF auditors;
   • having an appropriate reviewer, who did not take part in the audits, conduct a review of the audits; or
   • engaging an external quality control reviewer or consultant concerning key audit judgments.

If the circumstances creating the threats cannot be eliminated, and if appropriate safeguards are not available or capable of being applied, each auditor must decline the engagements and end the reciprocal arrangement.

In situations in which no safeguards are available or capable of being applied to reduce the threats to an acceptable level, the only possible actions are to eliminate the activities or interest creating the threat, or to refuse to accept or continue the audit engagement.^[67]

The Independence Guide, Chapter 8 specifically addresses the independence requirements in the Code in a SMSF’s context and provides a number of practical scenarios about how the conceptual framework in the Code can be applied to those scenarios.

Professional Judgement and Scepticism

ASA 200 requires the auditor to plan and perform an audit exercising professional judgement, and with an attitude of professional scepticism. In exercising professional scepticism, auditors apply an attitude that includes a questioning mind, remaining alert to conditions which may indicate possible misstatement due to error or fraud, and critically assessing audit evidence.

Quality Control

Under ASA 220 and ASAE 3100, the engagement partner implements procedures to ensure quality control systems are applied to both the financial audit and compliance engagement including:

• Taking responsibility for overall quality on the financial audit and compliance engagement.
• Considering whether members of the engagement team have complied with relevant ethical requirements.
• Forming a conclusion on compliance with relevant independence requirements.
• Ensuring that requirements in relation to acceptance and continuance of client relationships and specific audit engagements have been followed and that conclusions reached are objective, appropriate and have been adequately documented.
• Assigning audit engagement teams which possess collectively the appropriate capabilities, competence and time to perform the engagements in accordance with AUASB Standards and regulatory and legal requirements.
• Directing, supervising and performing the audit engagement in accordance with AUASB Standards and regulatory and legal requirements.
• Issuing an auditor’s report that is appropriate in the circumstances and supported by sufficient appropriate audit evidence that is appropriately documented.
• Consulting appropriately on difficult or contentious matters both within the engagement team and with others within or outside the firm and documenting and implementing agreed conclusions.
• Monitoring quality adequately against firm and professional standards, including the Auditing Standards and ASAEs.

Agree the Terms of Engagement

Under ASA 210, the auditor is required to agree the terms of the audit engagement in writing with the SMSF trustee prior to conducting the audit. This is usually in the form of an engagement letter to the trustee. ASA 210 provides guidance on the principal contents of an engagement letter.

The trustee is required to appoint the auditor at least 45 days prior to the date that the SMSF annual return is due to be lodged.^[68] Either the trustee may be involved in the selection and appointment of the auditor or the SMSF’s accountants, administrators or financial planners may assist with the sourcing and recruitment of an auditor for the SMSF. In either case, the trustee approves the appointment in writing before the audit commences, usually by signing the engagement letter and indicating their approval in a trustee minute. The engagement letter is between the auditor and the trustee of the SMSF and not the auditor and the party referring the engagement, such as the accountant or administrator.

For a SMSF audit engagement, the engagement letter ordinarily:

• describes the objective and scope of the financial audit and compliance engagement, including the sections and regulations of SISA and SISR against which the auditor will be reporting;
• identifies the responsibilities of the auditor;
• identifies the responsibilities of the trustee, including:
  • establishing and maintaining an adequate internal control structure;
  • preparing the SMSF’s financial report;
  • keeping the records of the SMSF secure and for the statutory time periods;
  • conducting the affairs of the SMSF in compliance with all relevant provisions of SISA, SISR and the fund’s governing rules throughout the year;
• sets out the reporting requirements of the auditor, including those imposed by sections 129 and 130 of the SISA; and
• includes a notice to the trustee that the audit records and auditor’s work may be subject to review by the professional body of which the auditor is a member, ASIC or the ATO.

ASA 210 does not require engagement letters to be issued every year. However, on recurring audits, the auditor considers whether it is appropriate to confirm the terms of the engagement in writing due to the circumstances of the engagement, including when there is:

• a revision of the terms of the engagement;
• an indication that the trustee misunderstands the objective and scope of the audit;
• a change in trustee;
• a significant change in the nature or size of the SMSF; or
• significant changes in the SISA, SISR or other regulatory requirements, such as changes to the requirements to be reported on in the approved form auditor’s report or ACR.

An example engagement letter is attached as Appendix 1 of this Guidance Statement.