Section II―Audit Considerations Relating to Financial Instruments
Certain factors may make auditing financial instruments particularly challenging. For example:
- It may be difficult for both management and the auditor to understand the nature of financial instruments and what they are used for, and the risks to which the entity is exposed.
- Market sentiment and liquidity can change quickly, placing pressure on management to manage their exposures effectively.
- Evidence supporting valuation may be difficult to obtain.
- Individual payments associated with certain financial instruments may be significant, which may increase the risk of misappropriation of assets.
- The amounts recorded in the financial report relating to financial instruments may not be significant, but there may be significant risks and exposures associated with these financial instruments.
- A few employees may exert significant influence on the entity’s financial instruments transactions, in particular where their compensation arrangements are tied to revenue from financial instruments, and there may be possible undue reliance on these individuals by others within the entity.
These factors may cause risks and relevant facts to be obscured, which may affect the auditor’s assessment of the risks of material misstatement, and latent risks can emerge rapidly, especially in adverse market conditions.
Professional scepticism is necessary to the critical assessment of audit evidence and assists the auditor in remaining alert for possible indications of management bias. This includes questioning contradictory audit evidence and the reliability of documents, responses to inquiries and other information obtained from management and those charged with governance. It also includes being alert to conditions that may indicate possible misstatement due to error or fraud and considering the sufficiency and appropriateness of audit evidence obtained in light of the circumstances.
Application of professional scepticism is required in all circumstances, and the need for professional scepticism increases with the complexity of financial instruments, for example with regard to:
- Evaluating whether sufficient appropriate audit evidence has been obtained, which can be particularly challenging when models are used or in determining if markets are inactive.
- Evaluating management’s judgements, and the potential for management bias, in applying the entity’s applicable financial reporting framework, in particular management’s choice of valuation techniques, use of assumptions in valuation techniques, and addressing circumstances in which the auditor’s judgements and management’s judgements differ.
- Drawing conclusions based on the audit evidence obtained, for example assessing the reasonableness of valuations prepared by management’s experts and evaluating whether disclosures in the financial report achieve fair presentation.
See ASA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Accounting Standards, paragraph 15.
The auditor’s focus in planning the audit is particularly on:
- Understanding the accounting and disclosure requirements;
- Understanding the financial instruments to which the entity is exposed, and their purpose and risks;
- Determining whether specialised skills and knowledge are needed in the audit;
- Understanding and evaluating the system of internal control in light of the entity’s financial instrument transactions and the information systems that fall within the scope of the audit;
- Understanding the nature, role and activities of the internal audit function;
- Understanding management’s process for valuing financial instruments, including whether management has used an expert or a service organisation; and
- Assessing and responding to the risk of material misstatement.
ASA 300 Planning an Audit of a Financial Report deals with the auditor’s responsibility to plan an audit of a financial report.
Understanding the Accounting and Disclosure Requirements
ASA 540 requires the auditor to obtain an understanding of the requirements of the applicable financial reporting framework relevant to accounting estimates, including related disclosures and any regulatory requirements. The requirements of the applicable financial reporting framework regarding financial instruments may themselves be complex and require extensive disclosures. Reading this Guidance Statement is not a substitute for a full understanding of all the requirements of the applicable financial reporting framework. For example, Australian Accounting Standards require consideration of areas such as:
- Hedge accounting;
- Accounting for “Day 1” profits or losses;
- Recognition and derecognition of financial instrument transactions;
- Own credit risk; and
- Risk transfer and derecognition, in particular where the entity has been involved in the origination and structuring of complex financial instruments.
Understanding the Financial Instruments
The characteristics of financial instruments may obscure certain elements of risk and exposure. Obtaining an understanding of the instruments in which the entity has invested or to which it is exposed, including the characteristics of the instruments, helps the auditor to identify whether:
- Important aspects of a transaction are missing or inaccurately recorded;
- A valuation appears appropriate;
- The risks inherent in them are fully understood and managed by the entity; and
- The financial instruments are appropriately classified into current and non-current assets and liabilities.
Examples of matters that the auditor may consider when obtaining an understanding of the entity’s financial instruments include:
- To which types of financial instruments the entity is exposed.
- The use to which they are put.
- Management’s and, where appropriate, those charged with governance’s understanding of the financial instruments, their use and the accounting requirements.
- Their exact terms and characteristics so that their implications can be fully understood and, in particular where transactions are linked, the overall impact of the financial instrument transactions.
- How they fit into the entity’s overall risk management strategy.
Inquiries of the internal audit function and the risk management function, if such functions exist, and discussions with those charged with governance may inform the auditor’s understanding.
In some cases, a contract, including a contract for a non-financial instrument may contain a derivative. Some financial reporting frameworks, including Australian Accounting Standards, permit or require such “embedded” derivatives to be separated from the host contract in some circumstances. Understanding management’s process for identifying, and accounting for, embedded derivatives will assist the auditor in understanding the risks to which the entity is exposed.
When such a person’s expertise is in auditing and accounting, regardless of whether the person is from within or external to the firm, this person is considered to be part of the engagement team and is subject to the requirements of ASA 220 Quality Control for an Audit of a Financial Report and Other Historical Financial Information. When such a person’s expertise is in a field other than accounting or auditing, such person is considered to be an auditor’s expert and the provisions of ASA 620 Using the Work of an Auditor’s Expert apply. ASA 620 explains that distinguishing between specialised areas of accounting or auditing, and expertise in another field, will be a matter of professional judgement, but notes the distinction may be made between expertise in methods of accounting for financial instruments (accounting and auditing expertise) and expertise in complex valuation techniques for financial instruments (expertise in a field other than accounting or auditing).
A key consideration in audits involving financial instruments, particularly complex financial instruments, is the competence of the auditor. ASA 220 requires the engagement partner to be satisfied that the engagement team, and any auditor’s experts who are not part of the engagement team, collectively have the appropriate competence and capabilities to perform the audit engagement in accordance with professional standards and applicable legal and regulatory requirements and to enable an auditor’s report that is appropriate in the circumstances to be issued. Further, relevant ethical requirements require the auditor to determine whether acceptance of the engagement would create any threats to compliance with the fundamental principles, including the professional competence and due care. Paragraph 79 below provides examples of the types of matters that may be relevant to the auditor’s considerations in the context of financial instruments.
See ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements.
Accordingly, auditing financial instruments may require the involvement of one or more experts or specialists, for example, in the areas of:
- Understanding the financial instruments used by the entity and their characteristics, including their level of complexity. Using specialised skills and knowledge may be needed in checking whether all aspects of the financial instrument and related considerations have been captured in the financial statements, and evaluating whether adequate disclosure in accordance with the applicable financial reporting framework has been made where disclosure of risks is required.
- Understanding the applicable financial reporting framework, especially when there are areas known to be subject to differing interpretations, or practice is inconsistent or developing.
- Understanding the legal, regulatory, and tax implications resulting from the financial instruments, including whether the contracts are enforceable by the entity (for example, reviewing the underlying contracts), may require specialised skills and knowledge.
- Assessing the risks inherent in a financial instrument.
- Assisting the engagement team gather evidence to support management’s valuations or to develop a point estimate or range, especially when fair value is determined by a complex model; when markets are inactive and data and assumptions are difficult to obtain; when unobservable inputs are used; or when management has used an expert.
- Evaluating information technology controls, especially in entities with a high volume of financial instruments. In such entities information technology may be highly complex, for example when significant information about those financial instruments is transmitted, processed, maintained or accessed electronically. In addition, it may include relevant services provided by a service organisation.
The nature and use of particular types of financial instruments, the complexities associated with accounting requirements, and market conditions may lead to a need for the engagement team to consult with other accounting and audit professionals, from within or outside the firm, with relevant technical accounting or auditing expertise and experience, taking into account factors such as:
- The capabilities and competence of the engagement team, including the experience of the members of the engagement team.
- The attributes of the financial instruments used by the entity.
- The identification of unusual circumstances or risks in the engagement, as well as the need for professional judgement, particularly with respect to materiality and significant risks.
- Market conditions.
ASA 220, paragraph 18(b), requires the engagement partner to be satisfied that members of the engagement team have undertaken appropriate consultation during the course of the engagement, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm.
Understanding Internal Control
ASA 315 establishes requirements for the auditor to understand the entity and its environment, including its internal control. Obtaining an understanding of the entity and its environment, including the entity’s internal control, is a continuous, dynamic process of gathering, updating and analysing information throughout the audit. The understanding obtained enables the auditor to identify and assess the risks of material misstatement at the financial statement and assertion levels, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement. The volume and variety of the financial instrument transactions of an entity typically determines the nature and extent of controls that may exist at an entity. An understanding of how financial instruments are monitored and controlled assists the auditor in determining the nature, timing and extent of audit procedures. The Appendix describes controls that may exist in an entity that deals in a high volume of financial instrument transactions.
Understanding the Nature, Role and Activities of the Internal Audit Function
In many large entities, the internal audit function may perform work that enables senior management and those charged with governance to review and evaluate the entity’s controls relating to the use of financial instruments. The internal audit function may assist in identifying the risks of material misstatement due to fraud or error. However, the knowledge and skills required of an internal audit function to understand and perform procedures to provide assurance to management or those charged with governance on the entity’s use of financial instruments are generally quite different from those needed for other parts of the business. The extent to which the internal audit function has the knowledge and skill to cover, and has in fact covered, the entity’s financial instrument activities, as well as the competence and objectivity of the internal audit function, is a relevant consideration in the external auditor’s determination of whether the internal audit function is likely to be relevant to the overall audit strategy and audit plan.
Areas where the work of the internal audit function may be particularly relevant are:
- Developing a general overview of the extent of use of financial instruments;
- Evaluating the appropriateness of policies and procedures and management’s compliance with them;
- Evaluating the operating effectiveness of financial instrument control activities;
- Evaluating systems relevant to financial instrument activities; and
- Assessing whether new risks relating to financial instruments are identified, assessed and managed.
Work performed by functions such as the risk management function, model review functions, and product control, may also be relevant.
Understanding Management’s Methodology for Valuing Financial Instruments
Management’s responsibility for the preparation of the financial report includes applying the requirements of the applicable financial reporting framework to the valuation of financial instruments. ASA 540 requires the auditor to obtain an understanding of how management makes accounting estimates and the data on which accounting estimates are based. Management’s approach to valuation also takes into account the selection of an appropriate valuation methodology and the level of the evidence expected to be available. To meet the objective of a fair value measurement, an entity develops a valuation methodology to measure the fair value of financial instruments that considers all relevant market information that is available. A thorough understanding of the financial instrument being valued allows an entity to identify and evaluate the relevant market information available about identical or similar instruments that should be incorporated into the valuation methodology.
Assessing and Responding to the Risks of Material Misstatement
Overall Considerations Relating to Financial Instruments
ASA 540 explains that the degree of estimation uncertainty affects the risk of material misstatement of accounting estimates. The use of more complex financial instruments, such as those that have a high level of uncertainty and variability of future cash flows, may lead to an increased risk of material misstatement, particularly regarding valuation. Other matters affecting the risk of material misstatement include:
- The volume of financial instruments to which the entity is exposed.
- The terms of the financial instrument, including whether the financial instrument itself includes other financial instruments.
- The nature of the financial instruments.
See ASA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report for requirements and guidance dealing with fraud risk factors.
Incentives for fraudulent financial reporting by employees may exist where compensation schemes are dependent on returns made from the use of financial instruments. Understanding how an entity’s compensation policies interact with its risk appetite, and the incentives that this may create for its management and traders, may be important in assessing the risk of fraud.
Difficult financial market conditions may give rise to increased incentives for management or employees to engage in fraudulent financial reporting: to protect personal bonuses, to hide employee or management fraud or error, to avoid breaching regulatory, liquidity or borrowing limits or to avoid reporting losses. For example, at times of market instability, unexpected losses may arise from extreme fluctuations in market prices, from unanticipated weakness in asset prices, through trading misjudgements, or for other reasons. In addition, financing difficulties create pressures on management concerned about the solvency of the business.
Misappropriation of assets and fraudulent financial reporting may often involve override of controls that otherwise may appear to be operating effectively. This may include override of controls over data, assumptions and detailed process controls that allow losses and theft to be hidden. For example, difficult market conditions may increase pressure to conceal or offset trades as they attempt to recover losses.
Assessing the Risk of Material Misstatement
The auditor’s assessment of the identified risks at the assertion level in accordance with ASA 315 includes evaluating the design and implementation of internal control. It provides a basis for considering the appropriate audit approach for designing and performing further audit procedures in accordance with ASA 330, including both substantive procedures and tests of controls. The approach taken is influenced by the auditor’s understanding of internal control relevant to the audit, including the strength of the control environment and any risk management function, the size and complexity of the entity’s operations and whether the auditor’s assessment of the risks of material misstatement include an expectation that controls are operating effectively.
The auditor’s assessment of the risk of material misstatement at the assertion level may change during the course of the audit as additional information is obtained. Remaining alert during the audit, for example, when inspecting records or documents may assist the auditor in identifying arrangements or other information that may indicate the existence of financial instruments that management has not previously identified or disclosed to the auditor. Such records and documents may include, for example:
- Minutes of meetings of those charged with governance; and
- Specific invoices from, and correspondence with, the entity’s professional advisors.
Factors to Consider in Determining Whether, and to What Extent, to Test the Operating Effectiveness of Controls
An expectation that controls are operating effectively may be more common when dealing with a financial institution with well-established controls, and therefore controls testing may be an effective means of obtaining audit evidence. When an entity has a trading function, substantive tests alone may not provide sufficient appropriate audit evidence due to the volume of contracts and the different systems used. Tests of controls, however, will not be sufficient on their own as the auditor is required by ASA 330 to design and perform substantive procedures for each material class of transactions, account balance and disclosure.
Entities with a high volume of trading and use of financial instruments may have more sophisticated controls, and an effective risk management function, and therefore the auditor may be more likely to test controls in obtaining evidence about:
- The occurrence, completeness, accuracy, and cut-off of the transactions; and
- The existence, rights and obligations, and completeness of account balances.
In those entities with relatively few financial instrument transactions:
- Management and those charged with governance may have only a limited understanding of financial instruments and how they affect the business;
- The entity may only have a few different types of instruments with little or no interaction between them;
- There is unlikely to be a complex control environment (for example, the controls described in the Appendix may not be in place at the entity);
- Management may use pricing information from third-party pricing sources to value their instruments; and
- Controls over the use of pricing information from third-party pricing sources may be less sophisticated.
When an entity has relatively few transactions involving financial instruments, it may be relatively easy for the auditor to obtain an understanding of the entity’s objectives for using the financial instruments and the characteristics of the instruments. In such circumstances, much of the audit evidence is likely to be substantive in nature, the auditor may perform the majority of the audit work at year-end, and third-party confirmations are likely to provide evidence in relation to the completeness, accuracy, and existence of the transactions.
In reaching a decision on the nature, timing and extent of testing of controls, the auditor may consider factors such as:
- The nature, frequency and volume of financial instrument transactions;
- The strength of controls, including whether controls are appropriately designed to respond to the risks associated with an entity’s volume of financial instrument transactions and whether there is a governance framework over the entity’s financial instrument activities;
- The importance of particular controls to the overall control objectives and processes in place at the entity, including the sophistication of the information systems to support financial instrument transactions;
- The monitoring of controls and identified deficiencies in control procedures;
- The issues the controls are intended to address, for example, controls related to the exercise of judgements compared with controls over supporting data. Substantive tests are more likely to be effective than relying on controls related to the exercise of judgement;
- The competency of those involved in the control activities, for example whether the entity has adequate capacity, including during periods of stress, and ability to establish and verify valuations for the financial instruments to which it is exposed;
- The frequency of performance of these control activities;
- The level of precision the controls are intended to achieve;
- The evidence of performance of control activities; and
- The timing of key financial instrument transactions, for example, whether they are close to the period end.
Designing substantive procedures includes consideration of:
- The use of analytical procedures ―While analytical procedures undertaken by the auditor can be effective as risk assessment procedures to provide the auditor with information about an entity’s business, they may be less effective as substantive procedures when performed alone. This is because the complex interplay of the drivers of the valuation often masks any unusual trends that might arise.
- Non-routine transactions―Many financial transactions are negotiated contracts between an entity and its counterparty (often known as “over the counter” or OTC.) To the extent that financial instrument transactions are not routine and outside an entity’s normal activities, a substantive audit approach may be the most effective means of achieving the planned audit objectives. In instances where financial instrument transactions are not undertaken routinely, the auditor’s responses to assessed risk, including designing and performing audit procedures, have regard to the entity’s possible lack of experience in this area.
- Availability of evidence―For example, when the entity uses a third-party pricing source, evidence concerning the relevant financial statement assertions may not be available from the entity.
- Procedures performed in other audit areas―Procedures performed in other financial statement areas may provide evidence about the completeness of financial instrument transactions. These procedures may include tests of subsequent cash receipts and payments, and the search for unrecorded liabilities.
- Selection of items for testing―In some cases, the financial instrument portfolio will comprise instruments with varying complexity and risk. In such cases, judgemental sampling may be useful.
ASA 315, paragraph 6(b), requires the auditor to apply analytical procedures as risk assessment procedures to assist in assessing the risks of material misstatement in order to provide a basis for designing and implementing responses to the assessed risks. ASA 520 Analytical Procedures, paragraph 6, requires the auditor to use analytical procedures in forming an overall conclusion on the financial report. Analytical procedures may also be applied at other stages of the audit.
For example, in the case of an asset-backed security, in responding to the risks of material misstatement for such a security, the auditor may consider performing some of the following audit procedures:
- Examining contractual documentation to understand the terms of the security, the underlying collateral and the rights of each class of security holder.
- Enquiring about management’s process of estimating cash flows.
- Evaluating the reasonableness of assumptions, such as prepayment rates, default rates and loss severities.
- Obtaining an understanding of the method used to determine the cash flow waterfall.
- Comparing the results of the fair value measurement with the valuations of other securities with similar underlying collateral and terms.
- Reperforming calculations.
Although the purpose of a test of controls is different from the purpose of a test of details, it may be efficient to perform both at the same time by, for example:
- Performing a test of controls and a test of details on the same transaction (for example, testing whether a signed contract has been maintained and whether the details of the financial instrument have been appropriately captured in a summary sheet; or
- Testing controls when testing management’s process of making valuation estimates.
Paragraphs 11–12 and 22–23 of ASA 330 establish requirements when the auditor performs procedures at an interim period and explains how such audit evidence can be used.
After assessing the risks associated with financial instruments, the engagement team determines the timing of planned tests of controls and substantive audit procedures. The timing of planned audit procedures varies depending on a number of factors, including the frequency of the control operation, the significance of the activity being controlled, and the related risk of material misstatement.
While it is necessary to undertake most of the audit procedures in relation to valuation and presentation at the period end, audit procedures in relation to other assertions such as completeness and existence can usefully be tested at an interim period. For example tests of controls may be performed at an interim period for more routine controls, such as IT controls and authorisations for new products. Also, it may be effective to test the operating effectiveness of controls over new product approval by gathering evidence of the appropriate level of management sign-off on a new financial instrument for an interim period.
Auditors may perform some tests on models as of an interim date, for example, by comparing the output of the model to market transactions. Another possible interim procedure for instruments with observable inputs is to test the reasonableness of the pricing information provided by a third-party pricing source.
Areas of more significant judgement are often tested close to, or at, the period end as:
- Valuations can change significantly in a short period of time, making it difficult to compare and reconcile interim balances with comparable information at the balance sheet date;
- An entity may engage in an increased volume of financial instrument transactions between an interim period and year-end;
- Manual journal entries may only be made after the end of the accounting period; and
- Non-routine or significant transactions may take place late in the accounting period.
Procedures Relating to Completeness, Accuracy, Existence, Occurrence and Rights and Obligations
Many of the auditor’s procedures can be used to address a number of assertions. For example, procedures to address the existence of an account balance at period end will also address the occurrence of a class of transactions, and may also assist in establishing proper cut-off. This is because financial instruments arise from legal contracts and, by verifying the accuracy of the recording of the transaction, the auditor can also verify its existence, and obtain evidence to support the occurrence and rights and obligations assertions at the same time, and confirm that transactions are recorded in the correct accounting period.
Procedures that may provide audit evidence to support the completeness, accuracy, and existence assertions include:
- External confirmation of bank accounts, trades, and custodian statements. This can be done by direct confirmation with the counterparty (including the use of bank confirmations), where a reply is sent to the auditor directly. Alternatively this information may be obtained from the counterparty’s systems through a data feed. Where this is done, controls to prevent tampering with the computer systems through which the information is transmitted may be considered by the auditor in evaluating the reliability of the evidence from the confirmation. If confirmations are not received, the auditor may be able to obtain evidence by reviewing contracts and testing relevant controls. External confirmations, however, often do not provide adequate audit evidence with respect to the valuation assertion though they may assist in identifying any side agreements.
- Reviewing reconciliations of statements or data feeds from custodians with the entity’s own records. This may necessitate evaluating IT controls around and within automated reconciliation processes and to evaluate whether reconciling items are properly understood and resolved.
- Reviewing journal entries and the controls over the recording of such entries. This may assist in, for example:
- Determining if entries have been made by employees other than those authorised to do so.
- Identifying unusual or inappropriate end-of-period journal entries, which may be relevant to fraud risk.
- Reading individual contracts and reviewing supporting documentation of the entity’s financial instrument transactions, including accounting records, thereby verifying existence and rights and obligations. For example, an auditor may read individual contracts associated with financial instruments and review supporting documentation, including the accounting entries made when the contract was initially recorded, and may also subsequently review accounting entries made for valuation purposes. Doing so allows the auditor to evaluate whether the complexities inherent in a transaction have been fully identified and reflected in the accounts. Legal arrangements and their associated risks need to be considered by those with suitable expertise to ensure that rights exist.
- Testing controls, for example by reperforming controls.
- Reviewing the entity’s complaints management systems. Unrecorded transactions may result in the entity’s failure to make a cash payment to a counterparty, and may be detected by reviewing complaints received.
- Reviewing master netting arrangements to identify unrecorded instruments.
These procedures are particularly important for some financial instruments, such as derivatives or guarantees. This is because they may not have a large initial investment, meaning it may be hard to identify their existence. For example, embedded derivatives are often contained in contracts for non-financial instruments which may not be included in confirmation procedures.
Valuation of Financial Instruments
Financial Reporting Requirements
Fair presentation financial reporting frameworks often use fair value hierarchies, for example those used in Australian Accounting Standards. This usually means that the volume and detail of the required disclosures increases as the level of measurement uncertainty increases. The distinction between the levels in the hierarchy may require judgement.
The auditor may find it useful to obtain an understanding of how the financial instruments relate to the fair value hierarchy. Ordinarily, the risk of material misstatement, and the level of audit procedures to be applied, increases as the level of measurement uncertainty increases. The use of level 3, and some level 2, inputs from the fair value hierarchy may be a useful guide to the level of measurement uncertainty. Level 2 inputs vary from those which are easily obtained to those which are closer to level 3 inputs. The auditor evaluates available evidence and understands both the fair value hierarchy and the risk of management bias in management’s categorisation of financial instruments in the fair value hierarchy.
In accordance with ASA 540, the auditor considers the entity’s valuation policies and methodology for data and assumptions used in the valuation methodology. In many cases, the applicable financial reporting framework does not prescribe the valuation methodology. When this is the case, matters that may be relevant to the auditor’s understanding of how management values financial instruments include, for example:
- Whether management has a formal valuation policy and, if so, whether the valuation technique used for a financial instrument is appropriately documented in accordance with that policy;
- Which models may give rise to the greatest risk of material misstatement;
- How management considered the complexity of the valuation of the financial instrument when selecting a particular valuation technique;
- Whether there is a greater risk of material misstatement because management has internally developed a model to be used to value financial instruments or is departing from a valuation technique commonly used to value the particular financial instrument;
- Whether management made use of a third-party pricing source;
- Whether those involved in developing and applying the valuation technique have the appropriate skills and expertise to do so, including whether a management’s expert has been used; and
- Whether there are indicators of management bias in selecting the valuation technique to be used.
Assessing the Risk of Material Misstatement Related to Valuation
When evaluating whether the valuation techniques used by an entity are appropriate in the circumstances, and whether controls over valuation techniques are in place, the factors considered by the auditor may include:
- Whether the valuation techniques are commonly used by other market participants and have been previously demonstrated to provide a reliable estimate of prices obtained from market transactions;
- Whether the valuation techniques operate as intended and there are no flaws in their design, particularly under extreme conditions, and whether they have been objectively validated. Indicators of flaws include inconsistent movements relative to benchmarks;
- Whether the valuation techniques take account of the risks inherent in the financial instrument being valued, including counterparty creditworthiness, and own credit risk in the case of valuation techniques used to measure financial liabilities;
- How the valuation techniques are calibrated to the market, including the sensitivity of the valuation techniques to changes in variables;
- Whether market variables and assumptions are used consistently and whether new conditions justify a change in the valuation techniques, market variables or assumptions used;
- Whether sensitivity analyses indicate that valuations would change significantly with only small or moderate changes in assumptions;
- The organisational structure, such as the existence of an internal department responsible for developing models to value certain instruments, particularly where level 3 inputs are involved. For example, a model development function that is involved in assisting in pricing deals is less objective than one which is functionally and organisationally segregated from the front office; and
- The competence and objectivity of those responsible for the development and application of the valuation techniques, including management’s relative experience with particular models that may be newly developed.
The auditor (or auditor’s expert) may also independently develop one or more valuation techniques to compare its output with that of the valuation techniques used by management.
The auditor’s risk assessment process may lead the auditor to identify one or more significant risks relating to the valuation of financial instruments, when any of the following circumstances exist:
- High measurement uncertainty related to the valuation of financial instruments (for example, those with unobservable inputs).
- Lack of sufficient evidence to support management’s valuation of its financial instruments.
- Lack of management understanding of its financial instruments or expertise necessary to value such instruments properly, including the ability to determine whether valuation adjustments are needed.
- Lack of management understanding of complex requirements in the applicable financial reporting framework relating to measurement and disclosure of financial instruments, and inability of management to make the judgements required to properly apply those requirements.
- The significance of valuation adjustments made to valuation technique outputs when the applicable financial reporting framework requires or permits such adjustments.
Where the auditor determines that the high estimation uncertainty related to the valuation of complex financial instruments gives rise to a significant risk, ASA 540 requires the auditor to perform substantive procedures and evaluate the adequacy of the disclosure of their estimation uncertainty. See ASA 540, paragraphs 11, 15 and 20.
For accounting estimates that give rise to significant risks, in addition to other substantive procedures performed to meet the requirements of ASA 330, ASA 540 requires the auditor to evaluate the following:
- How management has considered alternative assumptions or outcomes, and why it has rejected them, or how management has otherwise addressed measurement uncertainty in making the accounting estimate;
- Whether the significant assumptions used by management are reasonable; and
- Where relevant to the reasonableness of the significant assumptions used by management, or the appropriate application of the applicable financial reporting framework, management’s intent to carry out specific courses of action and its ability to do so.
As markets become inactive, the change in circumstances may lead to a move from valuation by market price to valuation by model, or may result in a change from one particular model to another. Reacting to changes in market conditions may be difficult if management does not have policies in place prior to their occurrence. Management may also not possess the expertise necessary to develop a model on an urgent basis, or select the valuation technique that may be appropriate in the circumstances. Even where valuation techniques have been consistently used, there is a need for management to examine the continuing appropriateness of the valuation techniques and assumptions used for determining valuation of financial instruments. Further, valuation techniques may have been selected in times where reasonable market information was available, but may not provide reasonable valuations in times of unanticipated stress.
The susceptibility to management bias, whether intentional or unintentional, increases with the subjectivity of the valuation and the degree of measurement uncertainty. For example, management may tend to ignore observable marketplace assumptions or data and instead use their own internally-developed model if the model yields more favourable results. Even without fraudulent intent, there may be a natural temptation to bias judgements towards the most favourable end of what may be a wide spectrum, rather than the point in the spectrum that might be considered to be most consistent with the applicable financial reporting framework. Changing the valuation technique from period to period without a clear and appropriate reason for doing so may also be an indicator of management bias. Although some form of management bias is inherent in subjective decisions relating to the valuation of financial instruments, when there is intention to mislead, management bias is fraudulent in nature.
Developing an Audit Approach
In testing how management values the financial instrument and in responding to the assessed risks of material misstatement in accordance with ASA 540, the auditor undertakes one or more of the following procedures, taking account of the nature of the accounting estimates:
- Test how management made the accounting estimate and the data on which it is based (including valuation techniques used by the entity in its valuations).
- Test the operating effectiveness of the controls over how management made the accounting estimate, together with appropriate substantive procedures.
- Develop a point estimate or a range to evaluate management’s point estimate.
- Determine whether events occurring up to the date of the auditor’s report provide audit evidence regarding the accounting estimate.
Many auditors find that a combination of testing how management valued the financial instrument, and the data on which it is based, and testing the operating effectiveness of controls, will be an effective and efficient audit approach. While subsequent events may provide some evidence about the valuation of financial instruments, other factors may need to be taken into account to address any changes in market conditions subsequent to the balance sheet date. If the auditor is unable to test how management made the estimate, the auditor may choose to develop a point estimate or range.
As described in Section I, to estimate the fair value of financial instruments management may:
- Utilise information from third-party pricing sources;
- Gather data to develop their own estimate using various techniques including models; and
- Engage an expert to develop an estimate.
Management often may use a combination of these approaches. For example, management may have their own pricing process but use third-party pricing sources to corroborate their own values.
Audit Considerations When Management Uses a Third-Party Pricing Source
Management may make use of a third-party pricing source, such as a pricing service or broker, in valuing the entity’s financial instruments. Understanding how management uses the information and how the pricing service operates assists the auditor in determining the nature and extent of audit procedures needed.
The following matters may be relevant where management uses a third-party pricing source:
- The type of third-party pricing source – Some third-party pricing sources make more information available about their process. For example, a pricing service often provides information about their methodology, assumptions and data in valuing financial instruments at the asset class level. By contrast, brokers often provide no, or only limited, information about the inputs and assumptions used in developing the quote.
- The nature of inputs used and the complexity of the valuation technique – The reliability of prices from third-party pricing sources varies depending on the observability of inputs (and accordingly, the level of inputs in the fair value hierarchy), and the complexity of the methodology for valuing a specific security or asset class. For example, the reliability of a price for an equity investment actively traded in a liquid market is higher than that of a corporate bond traded in a liquid market that has not traded on the measurement date, which, in turn, is more reliable than that of an asset-backed security that is valued using a discounted cash flow model.
- The reputation and experience of the third-party pricing source – For example, a third-party pricing source may be experienced in a certain type of financial instrument, and be recognised as such, but may not be similarly experienced in other types of financial instruments. The auditor’s past experience with the third-party pricing source may also be relevant in this regard.
- The objectivity of the third-party pricing source – For example, if a price obtained by management comes from a counterparty such as the broker who sold the financial instrument to the entity, or an entity with a close relationship with the entity being audited, the price may not be reliable.
- The entity’s controls over the use of third-party pricing sources – The degree to which management has controls in place to assess the reliability of information from third-party pricing sources affects the reliability of the fair value measurement. For example, management may have controls in place to:
- Review and approve the use of the third-party pricing source, including consideration of the reputation, experience and objectivity of the third-party pricing source.
- Determine the completeness, relevance and accuracy of the prices and pricing-related data.
- The third-party pricing source’s controls – The controls and processes over valuations for the asset classes of interest to the auditor. For example, a third-party pricing source may have strong controls around how prices are developed, including the use of a formalised process for customers, both buy and sell side, to challenge the prices received from the pricing service, when supported by appropriate evidence, which may enable the third-party pricing source to constantly correct prices to more fully reflect the information available to market participants.
Possible approaches to gathering evidence regarding information from third-party pricing sources may include the following:
- For level 1 inputs, comparing the information from third-party pricing sources with observable market prices.
- Reviewing disclosures provided by third-party pricing sources about their controls and processes, valuation techniques, inputs and assumptions.
- Testing the controls management has in place to assess the reliability of information from third-party pricing sources.
- Performing procedures at the third-party pricing source to understand and test the controls and processes, valuation techniques, inputs and assumptions used for asset classes or specific financial instruments of interest.
- Evaluating whether the prices obtained from third-party pricing sources are reasonable in relation to prices from other third-party pricing sources, the entity’s estimate or the auditor’s own estimate.
- Evaluating the reasonableness of valuation techniques, assumptions and inputs.
- Developing a point estimate or a range for some financial instruments priced by the third-party pricing source and evaluating whether the results are within a reasonable range of each other.
- Obtaining a service auditor’s report that covers the controls over validation of the prices.
Some pricing services may provide reports for users of its data to explain their controls over pricing data, that is, a report prepared in accordance with ASAE 3402 Assurance Reports on Controls at a Service Organisation. Management may request, and the auditor may consider obtaining, such a report to develop an understanding of how the pricing data is prepared and evaluate whether the controls at the pricing service can be relied upon.
Obtaining prices from multiple third-party pricing sources may also provide useful information about measurement uncertainty. A wide range of prices may indicate higher measurement uncertainty and may suggest that the financial instrument is sensitive to small changes in data and assumptions. A narrow range may indicate lower measurement uncertainty and may suggest less sensitivity to changes in data and assumptions. Although obtaining prices from multiple sources may be useful, when considering financial instruments that have inputs categorised at levels 2 or 3 of the fair value hierarchy, in particular, obtaining prices from multiple sources is unlikely to provide sufficient appropriate audit evidence on its own. This is because:
- What appear to be multiple sources of pricing information may be utilising the same underlying pricing source; and
- Understanding the inputs used by the third-party pricing source in determining the price may be necessary in order to categorise the financial instrument in the fair value hierarchy.
In some situations, the auditor may be unable to gain an understanding of the process used to generate the price, including any controls over the process of how reliably the price is determined, or may not have access to the model, including the assumptions and other inputs used. In such cases, the auditor may decide to undertake to develop a point estimate or a range to evaluate management’s point estimate in responding to the assessed risk.
Audit Considerations When Management Estimates Fair Values Using a Model
Paragraph 13(b) of ASA 540 requires the auditor, if testing management’s process of making the accounting estimate, to evaluate whether the method of measurement used is appropriate in the circumstances and the assumptions used by management are reasonable in light of the measurement objectives of the applicable financial reporting framework.
Whether management has used a third-party pricing source, or is undertaking its own valuation, models are often used to value financial instruments, particularly when using inputs at levels 2 and 3 of the fair value hierarchy. In determining the nature, timing and extent of audit procedures on models, the auditor may consider the methodology, assumptions and data used in the model. When considering more complex financial instruments such as those using level 3 inputs, testing all three may be a useful source of audit evidence. However, when the model is both simple and generally accepted, such as some bond price calculations, audit evidence obtained from focusing on the assumptions and data used in the model may be a more useful source of evidence.
Testing a model can be accomplished by two main approaches:
- The auditor can test management’s model, by considering the appropriateness of the model used by management, the reasonableness of the assumptions and data used, and the mathematical accuracy; or
- The auditor can develop their own estimate, and then compare the auditor’s valuation with that of the entity.
Where valuation of financial instruments is based on unobservable inputs (that is, level 3 inputs), matters that the auditor may consider include, for example, how management supports the following:
- The identification and characteristics of marketplace participants relevant to the financial instrument.
- How unobservable inputs are determined on initial recognition.
- Modifications it has made to its own assumptions to reflect its view of assumptions marketplace participants would use.
- Whether it has incorporated the best input information available in the circumstances.
- Where applicable, how its assumptions take account of comparable transactions.
- Sensitivity analysis of models when unobservable inputs are used and whether adjustments have been made to address measurement uncertainty.
In addition, the auditor’s industry knowledge, knowledge of market trends, understanding of other entities’ valuations (having regard to confidentiality) and other relevant price indicators informs the auditor’s testing of the valuations and the consideration of whether the valuations appear reasonable overall. If the valuations appear to be consistently overly aggressive or conservative, this may be an indicator of possible management bias.
Where there is a lack of observable external evidence, it is particularly important that those charged with governance have been appropriately engaged to understand the subjectivity of management’s valuations and the evidence that has been obtained to support these valuations. In such cases, it may be necessary for the auditor to evaluate whether there has been a thorough review and consideration of the issues, including any documentation, at all appropriate management levels within the entity, including with those charged with governance.
When markets become inactive or dislocated, or inputs are unobservable, management’s valuations may be more judgemental and less verifiable and, as result, may be less reliable. In such circumstances, the auditor may test the model by a combination of testing controls operated by the entity, evaluating the design and operation of the model, testing the assumptions and data used in the model, and comparing its output to a point estimate or range developed by the auditor or to other third-party valuation techniques.
ASA 540, paragraph 13(d), describes requirements when the auditor develops a range to evaluate management’s point estimate. Valuation techniques developed by third parties and used by the auditor may, in some circumstances be considered the work of an auditor’s expert and subject to the requirements in ASA 620.
See, for example, paragraph 15 of ASA 540 for requirements relative to the auditor’s evaluation of management’s assumption regarding significant risks.
It is likely that in testing the inputs used in an entity’s valuation methodology, for example, where such inputs are categorised in the fair value hierarchy, the auditor will also be obtaining evidence to support the disclosures required by the applicable financial reporting framework. For example, the auditor’s substantive procedures to evaluate whether the inputs used in an entity’s valuation technique (that is, level 1, level 2 and level 3 inputs) are appropriate, and tests of an entity’s sensitivity analysis, will be relevant to the auditor’s evaluation of whether the disclosures achieve fair presentation.
Evaluating Whether the Assumptions Used by Management Are Reasonable
An assumption used in a model may be deemed to be significant if a reasonable variation in the assumption would materially affect the measurement of the financial instrument. Management may have considered alternative assumptions or outcomes by performing a sensitivity analysis. The extent of subjectivity associated with assumptions influences the degree of measurement uncertainty and may lead the auditor to conclude there is a significant risk, for example in the case of level 3 inputs.
Audit procedures to test the assumptions used by management, including those used as inputs to models, may include evaluating:
- Whether, and if so, how, management has incorporated market inputs into the development of assumptions, as it is generally preferable to seek to maximise the use of relevant observable inputs and minimise unobservable inputs;
- Whether the assumptions are consistent with observable market conditions, and the characteristics of the financial asset or financial liability;
- Whether the sources of market-participant assumptions are relevant and reliable, and how management has selected the assumptions to use when a number of different marketplace assumptions exist; and
- Whether sensitivity analyses indicate that valuations would change significantly with only small or moderate changes in assumptions.
See paragraphs A77 to A83 of ASA 540 for further considerations relative to evaluating the assumptions used by management.
The auditor’s consideration of judgements about the future is based on information available at the time at which the judgement is made. Subsequent events may result in outcomes that are inconsistent with judgements that were reasonable at the time they were made.
In some cases, the discount rate in a present value calculation may be adjusted to account for the uncertainties in the valuation, rather than adjusting each assumption. In such cases, an auditor’s procedures may focus on the discount rate, by looking at an observable trade on a similar security to compare the discount rates used or developing an independent model to calculate the discount rate and compare with that used by management.
Audit Considerations When a Management’s Expert Is Used by the Entity
As discussed in Section I, management may engage a valuation expert to value some or all of their securities. Such experts may be brokers, investment bankers, pricing services that also provide expert valuation services, or other specialised valuation firms.
Paragraph 8 of ASA 500 contains requirements for the auditor when evaluating evidence from an expert engaged by management. The extent of the auditor’s procedures in relation to a management’s expert and that expert’s work depend on the significance of the expert’s work for the auditor’s purposes. Evaluating the appropriateness of a management’s expert’s work assists the auditor in assessing whether the prices or valuations supplied by the management’s expert provide sufficient appropriate audit evidence to support the valuations. Examples of procedures the auditor may perform include:
- Evaluating the competence, capabilities and objectivity of the management’s expert for example: their relationship with the entity; their reputation and standing in the market; their experience with the particular types of instruments; and their understanding of the relevant financial reporting framework applicable to the valuations;
- Obtaining an understanding of the work of the management’s expert, for example by assessing the appropriateness of the valuation technique(s) used and the key market variables and assumptions used in the valuation technique(s);
- Evaluating the appropriateness of that expert’s work as audit evidence. At this point, the focus is on the appropriateness of the expert’s work at the level of the individual financial instrument. For a sample of the relevant instruments, it may be appropriate to develop an estimate independently (see paragraphs 136 to 137 of this Guidance Statement on developing a point estimate or range), using different data and assumptions, then compare that estimate to that of the management’s expert; and
- Other procedures may include:
- Modelling different assumptions to derive assumptions in another model, then considering the reasonableness of those derived assumptions.
- Comparing management’s point estimates with the auditor’s point estimates to determine if management’s estimates are consistently higher or lower.
Assumptions may be made or identified by a management’s expert to assist management in valuing its financial instruments. Such assumptions, when used by management, become management’s assumptions that the auditor needs to consider in the same manner as management’s other assumptions.
Developing a Point Estimate or Range
An auditor may develop a valuation technique and adjust the inputs and assumptions used in the valuation technique to develop a range for use in evaluating the reasonableness of management’s valuation. Paragraphs 106 to 135 of this Guidance Statement may assist the auditor in developing a point estimate or range. In accordance with ASA 540, if the auditor uses assumptions, or methodologies that differ from management’s, the auditor shall obtain an understanding of management’s assumptions or methodologies sufficient to establish that the auditor’s range takes into account relevant variables and to evaluate any significant differences from management’s valuation. The auditor may find it useful to use the work of an auditor’s expert to evaluate the reasonableness of management’s valuation.
In some cases, the auditor may conclude that sufficient evidence cannot be obtained from the auditor’s attempts to obtain an understanding of management’s assumptions or methodology, for example when a third-party pricing source uses internally developed models and software and does not allow access to relevant information. In such cases, the auditor may not be able to obtain sufficient appropriate audit evidence about the valuation if the auditor is unable to perform other procedures to respond to the risks of material misstatement, such as developing a point estimate or a range to evaluate management’s point estimate. ASA 705 describes the implications of the auditor’s inability to obtain sufficient appropriate audit evidence.