The results of the risk assessment procedures enable the auditor to design and perform further audit procedures to respond to the assessed risks for the compliance engagement and financial audit. The auditor determines the nature, timing and extent of audit procedures to be performed, which may be either tests of controls or substantive procedures.
ASA 500 and ASAE 3100 require the auditor in the conduct of the financial audit and compliance engagement to obtain sufficient appropriate audit evidence on which to base the auditor’s opinion. ‘Sufficiency’ is the measure of the quantity of evidence, which is affected by the risk of misstatement - the higher the risk the more evidence is likely to be required. ‘Appropriateness’ is the measure of the quality of evidence, that is, its relevance and its reliability - the higher the quality the less evidence may be required. The auditor considers the relationship between the cost of obtaining evidence and the usefulness of the information obtained. However, the degree of difficulty or expense involved is not, in itself, a valid basis for omitting an evidence gathering procedure for which there is no alternative. The auditor uses professional judgement and exercises professional scepticism in evaluating the quantity and quality of evidence, and thus its sufficiency and appropriateness, in supporting the audit opinion.
Audit evidence means all the information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based, and includes the information contained in the accounting records underlying the financial report and other information. For a SMSF, this may include:
- financial reports of investment entities, such as closely held unlisted trusts or private companies;
- for limited recourse borrowing arrangements, loan deeds showing loans are limited in recourse, holding trust deeds, extracts of bank statements showing transactions related to the arrangements (for example, payment of the initial deposit and subsequent loan repayments);
- where real property is held by the SMSF, a copy of the title deed on purchase by the SMSF, which can also be used to identify related party transactions and whether the transaction was conducted on commercial terms; for subsequent audits, evidence showing the property is held by the fund and is unencumbered; documentation to evidence the asset is recorded at market value; a copy of the lease agreement, and, in the case of residential property, evidence the tenant is not a ‘related party’; substantiation of the expenses related to the holding of the property by the SMSF; sufficient evidence of the rental receipts, which could include a summary produced by a managing real estate agent that can be mapped back to the cash transactions in the fund bank statements; and, general adherence to the terms of the lease agreement;
- copies of advice received by the trustee, where it is relevant to the SMSF’s financial position;
- asset substantiation, which may include holding statements, certificates of title, bank statements and annual investor statements issued by WRAP providers;
- income and expense substantiation, including the sampling methodology used (if not a 100 per cent of the population);
- bank statements, including opening and closing statements, as well as any other statements to evidence transactions that are unusual due to size and/or nature, include the purchase or sale of assets, the receipt or payment of material transactions, or other transactions that may not have been substantiated elsewhere; and
- trustee minutes and/or resolutions, the trustee representation letter, the fund’s investment strategy and any other relevant correspondence.
Audit evidence, which is cumulative in nature, includes evidence obtained from audit procedures performed during the course of the audit and may include evidence obtained from previous audits and other sources. Audit evidence may be held in paper and electronic form and is ordinarily provided efficiently and comprehensively, to provide the adequate documentation of the conduct of the audit and how the auditor formed their opinion. Audit evidence is generally more reliable when:
- obtained from an independent source;
- obtained directly by the auditor;
- is in documentary form;
- comprises original documents; or
- is received directly by the auditor rather than passed through other parties, especially considering the limited segregation of duties and internal controls that is often found in a SMSF.
A SMSF audit rarely involves the authentication of documentation, nor is the auditor trained as, or expected to be, an expert in such authentication. However, ASA 500 and ASAE 3000 require the auditor to consider the reliability of the information to be used as evidence, for example photocopies, facsimiles, filmed, digitised or other electronic documents which are easily altered, including consideration of controls over their preparation and maintenance where relevant. The auditor remains aware of the potential for fraud in the presentation of audit evidence. If an auditor is aware, or suspects, that any documentation has been altered or differs from expected results, then further audit procedures are applied.
Obtaining a bank confirmation is a method used to provide evidence of the existence, title and value of the cash holdings, as well as to determine whether the SMSF cash assets are subject to any form of lien or encumbrance. Guidance Statement GS 016 Bank Confirmation Requests (GS 016) provides guidance to auditors on the enquiry and confirmation methods for obtaining audit evidence regarding bank accounts and transactions.
A bank confirmation certificate is unlikely to provide the auditor with sufficient appropriate audit evidence on the completeness of the transactions that occurred during the financial year under audit. The audit file may also contain a copy of the bank reconciliation, the analytical review of the cash balances and evidence of the various transaction testing undertaken by the auditor.
As an alternate method of obtaining independent information regarding cash transactions, the auditor may request the SMSF trustee to request the financial institution to provide copies of the bank statements to the auditor at the same time as they are issued to the trustee. This can be done through the SMSF’s internet banking whereby the auditor has a personalised log-in that allows access to the SMSF bank accounts only.
If the SMSF only obtains paper statements, the trustee may request the bank to issue duplicates to the auditor; however, this may create a records management issue over time.
Data-feeds and audit evidence
The use of data-feeds for information transfer presents additional audit considerations regarding the appropriateness of the audit evidence used as the basis for the auditor’s opinion.
‘Direct-connect’ transmission, that is, an end-to-end encrypted link over a point-to-point connection, is the most secure data feed process, as the ability to intercept or manipulate data is removed. However, there may be some likelihood that transmission errors may be encountered in this environment. Therefore, it is important that the auditor understands the control environment that is supporting the data feed process. The auditor would normally request an ASAE 3402 type 2 assurance report to provide evidence of the effectiveness of the control environment, to assess if there is any material misstatement of the financial report. If no assurance report exists, the auditor may need to consider additional testing to determine the reliability of the information provided.
Where data feeds are prepared via an aggregator (‘scraped data feeds’) the auditor considers evaluating the integrity of the data. The auditor considers whether conducting their own testing of the information collected via this form of data feed will assist in obtaining appropriate audit evidence that can be included on the audit file.
Further consideration by the auditor may be necessary where the preparer of the financial report utilises manual file imports from financial institutions and the auditor may not be able to rely on the integrity of the information.
In determining whether or not to rely on electronically generated or stored audit evidence, the auditor exercises professional judgement in considering the reliability of that evidence. The auditor considers the requirements of the Auditing Standards, particularly ASA 200, ASA 315 and ASA 500, and may consider the guidance contained in paragraphs 99 to 102 above.
ASA 500 provides guidance on the substantive audit procedures which the auditor may conduct to collect appropriate evidence, which include:
- inspection of records or documents;
- inspection of tangible assets;
- re-performance; or
- analytical review procedures.
ASA 530 Audit Sampling requires the auditor to determine the appropriate means for selecting items for testing. Due to the specific nature of SMSFs and limited internal control environment, the auditor ordinarily relies on a highly substantive method of testing. This may involve examining the entire population of items that make up a class of transactions or account balance, when the population constitutes a small number of large value items or when there is a significant level of risk and other audit procedures do not provide sufficient appropriate audit evidence.
Inspection of Records or Documents
Inspection of records or documents consists of examining records or documents, whether internal or external, in paper form, electronic form, or other media. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production.
Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a share or bond. Inspection of such documents may not necessarily provide audit evidence about ownership or value and further audit evidence is sought. In addition, inspecting an executed contract may provide audit evidence relevant to the SMSF’s application of accounting policies, such as revenue recognition.
Inspection of Tangible Assets
Inspection of tangible assets consists of physical examination of the assets. Inspection of tangible assets may provide reliable audit evidence with respect to their existence, but not necessarily about the SMSF’s rights and obligations or the valuation of the assets.
Observation consists of watching a process or procedure being performed by others. Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place and by the fact that the act of being observed may affect how the process or procedure is performed.
Enquiry consists of seeking financial or non-financial information from knowledgeable persons, either within the SMSF or outside the SMSF. Enquiry is an audit procedure that is used extensively throughout the audit and often is complementary to performing other audit procedures. Enquiries may range from formal written enquiries to informal oral enquiries. Evaluating responses to enquiries is an integral part of the enquiry process.
Responses received to enquiries may provide the auditor with information not previously possessed or with corroborative audit evidence supporting the audit opinion. Alternatively, responses to enquiries may provide information that differs significantly from other information that the auditor has obtained. In all cases, the auditor evaluates the responses received to enquiries to assess whether there is a need to modify or perform additional audit procedures to support the audit opinion.
Enquiry alone ordinarily does not provide sufficient appropriate audit evidence to detect a material misstatement at the assertion level, nor sufficient evidence of the operating effectiveness of controls, therefore the auditor performs further audit procedures to obtain sufficient appropriate audit evidence.
The auditor obtains written representations from the trustee to confirm responses to oral enquiries on material matters when other sufficient appropriate audit evidence cannot reasonably be expected to exist or when the other audit evidence obtained is of a lower quality.
Confirmation, which is a specific type of enquiry, is the process of obtaining a representation of an existing condition or information directly from a third party. For example, the auditor may seek direct confirmation of cash balances with the SMSF’s bank. Confirmations are frequently used in relation to bank account and investment account balances and their components.
Recalculation consists of checking the mathematical accuracy of documents, records or account balances. Recalculation may be performed electronically, for example through the use of data analytics to check the accuracy of the summarisation of the electronic accounts, or manually, for example to recalculate account balances from primary documentation to validate the balance.
Re-performance is the auditor’s independent execution of procedures and controls that were originally performed as part of the SMSF’s operations, for example re-performing the calculation of market movement for a range of listed securities. Re-performance may be conducted either manually or through the use of data analytics.
Under ASA 520, the auditor is required to apply analytical procedures as risk assessment procedures in understanding the SMSF and its environment and in the overall review at the end of the audit.
Analytical procedures may be utilised to compare and contrast how the SMSF has performed over two or more consecutive reporting periods. Common analytical procedures include comparing balances, calculating ratios and trend analysis. Major variations, inconsistencies or other deviations may warrant further investigation, particularly where the difference is not easily understood, not explained sufficiently by the trustee or deviates from predicted amounts.
Ordinarily, an auditor considers the movement in the member balances from one period to another in the preliminary planning phase of the audit. This process identifies the movement in the balance from contributions and investment earnings as well as any reduction in balances due to benefit payments or expenses such as fees, charges or insurance premiums deducted. The auditor uses analytical review procedures to assess whether the member balances are reasonable given the overall circumstances of the SMSF.